Skip to content

Instantly share code, notes, and snippets.

@omgitstom

omgitstom/StormpathHashTester.java

Last active January 16, 2019 17:35
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save omgitstom/9f4ef1db7540c076f4d6 to your computer and use it in GitHub Desktop.
Save omgitstom/9f4ef1db7540c076f4d6 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
StormpathHashTester.java
package com.github.omgitstom;
import org.apache.shiro.authc.credential.DefaultPasswordService;
import org.apache.shiro.crypto.hash.DefaultHashService;
import org.apache.shiro.crypto.hash.Hash;
import org.apache.shiro.crypto.hash.HashRequest;
import org.apache.shiro.crypto.hash.format.Shiro1CryptFormat;
import org.apache.shiro.util.ByteSource;
import javax.xml.bind.DatatypeConverter;
import java.util.HashMap;
import java.util.Map;
public class HashTester {
public static void main(String[] args) throws Exception {
/* Testing existing Hashes */
DefaultPasswordService passwordService = new DefaultPasswordService();
DefaultHashService service = new DefaultHashService();
HashMap <String, String> map = new HashMap<String, String>();
/*
map.put("123456", "$stormpath2$MD5$1$OWI3OTQwYjEwODEwOTdkNTcwZDY5NjQ2ZDNlNmZjNzM=$ULWTW74NXPyLYj3VfYHWrg==");
map.put("password", "$stormpath2$MD5$1$NzEyN2ZhYzdkZTAyMjJlMGQyMWYxMWRmZmY2YjA1MWI=$K18Ak0YikAFrqgglhIaY5g==");
map.put("qwerty", "$stormpath2$MD5$1$OGYyMmM5YzVlMDEwODEwZTg3MzM4ZTA2YjljZjMxYmE=$EuFAr2NTM83PrizVAYuOvw==");
map.put("monkey", "$stormpath2$MD5$1$MWI5MmI3YTNjNTRiNjRiZWQ1OWRlZjY3NzFjMjdjMjk=$6RehlZ3ANAfW9nvq/zUdpw==");
map.put("monkey", "$stormpath2$MD5$1$$0HY+2qnZvSqVFigOkETYhQ==");
map.put("123456", "$stormpath2$MD5$1$$4QrcOUm6Wau+VuBX8g+IPg==");
map.put("superpassword", "$stormpath2$MD5$1$$0eV2txzO9ZeNIh+t9PDiiQ==");
*/
//map.put("testing12", "$stormpath2$SHA-512$1$ZFhBRmpFSnEwVEx2ekhKS0JTMDJBNTNmcg==$Q+sGFg9e+pe9QsUdfnbJUMDtrQNf27ezTnnGllBVkQpMRc9bqH6WkyE3y0svD/7cBk8uJW9Wb3dolWwDtDLFjg==");
//map.put("password", "$stormpath2$SHA-512$1023$ZZvxrLs2uA8GfHA0HSmQRskIBhIzEyXaEuEq9cEcTQySeWxF2a4WZ9pxX0M8jY3Vti2hkyDFcbg3A7kbW6kohs5hqTO9oHwRqu5JEvXseblh9H9O5A5V2utdqmmSpH/xKlJ9RwYgUABWPSdXJlW+A9D98s6LJtKbGheRufP2hootwhHSrEH/5xwz1/nu0FPPhHHibwCwjybH+1TwwgkRzG2Yhih21smnI4ApAr7F1/teSo3xRLCHOtT3lw5VpjswAPRgaxIfX60+N2RsmhJuwHTxHr0JQGgc5u2SRKGnEs+pI0GaRi+w/9+Oq5+4bJ71qrz61cjdGsfWJkE8IS5+JA==$w8+U0iq75SCxxSzqfAUFuPDszvPIKFlnSYdEN25nNMKqajswfynC+xvJxSes6FK9MH+8afP369Ex2j7KVUbCZzlHNj8FBkYzjerYf1iw5RtGEHhaqWDkV4mnKqbZaxqupVHn0NdX4Kkt7kcGdcP6tJso69k+m0AOdToVvOHJVsr27g/fo3n9tGJU+EPyb1M4+scf7F5XEQH26uCb5npVLGCbcJVUHJNtCquWK7EsbRTEw8JvTkKO2xMj9eSVywia8tqbo4vkUrMIFUM9VjsezrQgGZZoGq0HhWTw01nY2REPvqmhl0sPnvZ3SyHweCcPuNJwbohp6UTaiVvmnY3lTb85Dra2cWiqwy1LO1TuZh2wMPxIez9LorDsS8GyD+hBvHclr8oKoVoq3Jl4xugAPcE5K2LgbiaQTjLVmjxNMNRk09l88uKcaHx2FpVLubqhox4NQxNAom0A3fd6CLX2+ZEKGiZIo6xGtUok1Bxz5Zs4MYvWZYOzEpF9cG2KoHqXPSFpDSwOVVe/zw5+Jvn8eqDA4kc2C+IwKh0oTcHhggyqPzw5dfZWL+6EnI+2AOhOtoThYVdN5SAZZ0oWbgxMHTiPelFIq2hyaXWszKm6FIJ6fy/3lFyo8fQpI5iQSQr9gkXj9uUf6dxhUcsVezaA2kXjCw3vMfNqY+eiv3HxWZ0=");
//map.put("password", "$stormpath2$SHA-512$1024$ZZvxrLs2uA8GfHA0HSmQRskIBhIzEyXaEuEq9cEcTQySeWxF2a4WZ9pxX0M8jY3Vti2hkyDFcbg3A7kbW6kohs5hqTO9oHwRqu5JEvXseblh9H9O5A5V2utdqmmSpH/xKlJ9RwYgUABWPSdXJlW+A9D98s6LJtKbGheRufP2hootwhHSrEH/5xwz1/nu0FPPhHHibwCwjybH+1TwwgkRzG2Yhih21smnI4ApAr7F1/teSo3xRLCHOtT3lw5VpjswAPRgaxIfX60+N2RsmhJuwHTxHr0JQGgc5u2SRKGnEs+pI0GaRi+w/9+Oq5+4bJ71qrz61cjdGsfWJkE8IS5+JA==$w8+U0iq75SCxxSzqfAUFuPDszvPIKFlnSYdEN25nNMKqajswfynC+xvJxSes6FK9MH+8afP369Ex2j7KVUbCZzlHNj8FBkYzjerYf1iw5RtGEHhaqWDkV4mnKqbZaxqupVHn0NdX4Kkt7kcGdcP6tJso69k+m0AOdToVvOHJVsr27g/fo3n9tGJU+EPyb1M4+scf7F5XEQH26uCb5npVLGCbcJVUHJNtCquWK7EsbRTEw8JvTkKO2xMj9eSVywia8tqbo4vkUrMIFUM9VjsezrQgGZZoGq0HhWTw01nY2REPvqmhl0sPnvZ3SyHweCcPuNJwbohp6UTaiVvmnY3lTb85Dra2cWiqwy1LO1TuZh2wMPxIez9LorDsS8GyD+hBvHclr8oKoVoq3Jl4xugAPcE5K2LgbiaQTjLVmjxNMNRk09l88uKcaHx2FpVLubqhox4NQxNAom0A3fd6CLX2+ZEKGiZIo6xGtUok1Bxz5Zs4MYvWZYOzEpF9cG2KoHqXPSFpDSwOVVe/zw5+Jvn8eqDA4kc2C+IwKh0oTcHhggyqPzw5dfZWL+6EnI+2AOhOtoThYVdN5SAZZ0oWbgxMHTiPelFIq2hyaXWszKm6FIJ6fy/3lFyo8fQpI5iQSQr9gkXj9uUf6dxhUcsVezaA2kXjCw3vMfNqY+eiv3HxWZ0=");
//map.put("password", "$stormpath2$SHA-512$1025$ZZvxrLs2uA8GfHA0HSmQRskIBhIzEyXaEuEq9cEcTQySeWxF2a4WZ9pxX0M8jY3Vti2hkyDFcbg3A7kbW6kohs5hqTO9oHwRqu5JEvXseblh9H9O5A5V2utdqmmSpH/xKlJ9RwYgUABWPSdXJlW+A9D98s6LJtKbGheRufP2hootwhHSrEH/5xwz1/nu0FPPhHHibwCwjybH+1TwwgkRzG2Yhih21smnI4ApAr7F1/teSo3xRLCHOtT3lw5VpjswAPRgaxIfX60+N2RsmhJuwHTxHr0JQGgc5u2SRKGnEs+pI0GaRi+w/9+Oq5+4bJ71qrz61cjdGsfWJkE8IS5+JA==$w8+U0iq75SCxxSzqfAUFuPDszvPIKFlnSYdEN25nNMKqajswfynC+xvJxSes6FK9MH+8afP369Ex2j7KVUbCZzlHNj8FBkYzjerYf1iw5RtGEHhaqWDkV4mnKqbZaxqupVHn0NdX4Kkt7kcGdcP6tJso69k+m0AOdToVvOHJVsr27g/fo3n9tGJU+EPyb1M4+scf7F5XEQH26uCb5npVLGCbcJVUHJNtCquWK7EsbRTEw8JvTkKO2xMj9eSVywia8tqbo4vkUrMIFUM9VjsezrQgGZZoGq0HhWTw01nY2REPvqmhl0sPnvZ3SyHweCcPuNJwbohp6UTaiVvmnY3lTb85Dra2cWiqwy1LO1TuZh2wMPxIez9LorDsS8GyD+hBvHclr8oKoVoq3Jl4xugAPcE5K2LgbiaQTjLVmjxNMNRk09l88uKcaHx2FpVLubqhox4NQxNAom0A3fd6CLX2+ZEKGiZIo6xGtUok1Bxz5Zs4MYvWZYOzEpF9cG2KoHqXPSFpDSwOVVe/zw5+Jvn8eqDA4kc2C+IwKh0oTcHhggyqPzw5dfZWL+6EnI+2AOhOtoThYVdN5SAZZ0oWbgxMHTiPelFIq2hyaXWszKm6FIJ6fy/3lFyo8fQpI5iQSQr9gkXj9uUf6dxhUcsVezaA2kXjCw3vMfNqY+eiv3HxWZ0=");
System.out.println("\nTesting existing Hashes");
for (Map.Entry<String, String> entry : map.entrySet()) {
System.out.println("Password " + entry.getKey() + " matched: " + testMcf(entry.getKey(), entry.getValue()));
}
/* END Testing existing Hashes */
/* Generated Hash for Testing */
String clearTextPassword = "password";
HashRequest.Builder hashRequestBuilder = new HashRequest.Builder();
//Salt
byte[] bytes = DatatypeConverter.parseBase64Binary("ks3V5ACNPn");
ByteSource source = ByteSource.Util.bytes(bytes);
//Prepare the hash request
hashRequestBuilder.setAlgorithmName("MD5");
hashRequestBuilder.setSalt("tom");
hashRequestBuilder.setIterations(1);
hashRequestBuilder.setSource(clearTextPassword);
HashRequest request = hashRequestBuilder.build();
Hash hash = service.computeHash(request);
boolean resultAgainstHash = passwordService.passwordsMatch(clearTextPassword, hash);
System.out.println("\nGenerated Hash for Testing");
System.out.println("Password Matched against Derived Hash: " + resultAgainstHash);
Shiro1CryptFormat format = new Shiro1CryptFormat();
System.out.println("Formatted Hash: " + format.format(hash).replace("$shiro1$", "$stormpath2$"));
/* END Generated Hash for Testing */
}
public static boolean testMcf(String password, String mcf){
DefaultPasswordService passwordService = new DefaultPasswordService();
DefaultHashService service = new DefaultHashService();
service.setGeneratePublicSalt(false);
passwordService.setHashService(service);
String shiroMcf = mcf.replace("$stormpath2$", "$shiro1$");
boolean match = passwordService.passwordsMatch(password, shiroMcf);
if (!match){
System.out.println("Password \"" + password + "\" doesn't match " + mcf);
}
return match;
}
}
@omgitstom
Copy link
Author

pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>com.github.sionin</groupId>
    <artifactId>stormpath-test</artifactId>
    <version>1.0-SNAPSHOT</version>

    <properties>
        <stormpath-sdk-version>1.0.RC8.6</stormpath-sdk-version>
        <jdk.target>1.7</jdk.target>
        <jdk.source>1.7</jdk.source>
    </properties>

    <dependencies>
        <dependency>
            <groupId>com.stormpath.sdk</groupId>
            <artifactId>stormpath-sdk-httpclient</artifactId>
            <version>${stormpath-sdk-version}</version>
            <scope>runtime</scope>
        </dependency>
        <!-- This next runtime dependency is only necessary if you have
             a REST API and you want to secure it with OAuth: -->
        <dependency>
            <groupId>com.stormpath.sdk</groupId>
            <artifactId>stormpath-sdk-oauth</artifactId>
            <version>${stormpath-sdk-version}</version>
            <!--<scope>runtime</scope>-->
        </dependency>
        <dependency>
            <groupId>com.stormpath.sdk</groupId>
            <artifactId>stormpath-sdk-api</artifactId>
            <version>${stormpath-sdk-version}</version>
        </dependency>
        <dependency>
            <groupId>javax.servlet</groupId>
            <artifactId>servlet-api</artifactId>
            <version>2.5</version>
        </dependency>
        <dependency>
            <groupId>org.apache.commons</groupId>
            <artifactId>commons-lang3</artifactId>
            <version>3.4</version>
        </dependency>

        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-core</artifactId>
            <version>1.2.3</version>
        </dependency>

        <dependency>
            <groupId>org.mockito</groupId>
            <artifactId>mockito-all</artifactId>
            <version>1.9.0</version>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <artifactId>maven-assembly-plugin</artifactId>
                <version>2.2-beta-5</version>
                <configuration>
                    <finalName>stormpath-test</finalName>
                    <appendAssemblyId>false</appendAssemblyId>
                    <descriptorRefs>
                        <descriptorRef>jar-with-dependencies</descriptorRef>
                    </descriptorRefs>
                    <archive>
                        <manifest>
                            <mainClass>com.github.sionin.StormpathTest</mainClass>
                        </manifest>
                    </archive>
                </configuration>
                <executions>
                    <execution>
                        <id>make-assembly</id>
                        <phase>package</phase>
                        <goals>
                            <goal>single</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
                <version>3.0</version>
                <configuration>
                    <source>${jdk.source}</source>
                    <target>${jdk.target}</target>
                </configuration>
            </plugin>
        </plugins>
    </build>


</project>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment