[jspwiki] 02/09: feat: getHash method to use SHA-256 by default

Sat, 24 Apr 2021 02:26:58 -0700 

This is an automated email from the ASF dual-hosted git repository.

juanpablo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jspwiki.git

commit d4b3d7ce490ace39c36df6f4754a189597cf7ee6
Author: samhareem <[email protected]>
AuthorDate: Wed Mar 24 18:23:10 2021 +0200

    feat: getHash method to use SHA-256 by default
---
 .../java/org/apache/wiki/auth/user/AbstractUserDatabase.java     | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git 
a/jspwiki-main/src/main/java/org/apache/wiki/auth/user/AbstractUserDatabase.java
 
b/jspwiki-main/src/main/java/org/apache/wiki/auth/user/AbstractUserDatabase.java
index c738e88..d1a2194 100644
--- 
a/jspwiki-main/src/main/java/org/apache/wiki/auth/user/AbstractUserDatabase.java
+++ 
b/jspwiki-main/src/main/java/org/apache/wiki/auth/user/AbstractUserDatabase.java
@@ -247,17 +247,18 @@ public abstract class AbstractUserDatabase implements 
UserDatabase {
     }
     
     /**
-     * Private method that calculates the salted SHA-1 hash of a given 
<code>String</code>. Note that as of JSPWiki 2.8, this method
+     * Private method that calculates the salted SHA-1 or SHA-256 hash of a 
given <code>String</code>. Note that as of JSPWiki 2.8, this method
      * calculates a <em>salted</em> hash rather than a plain hash.
      *
      * @param text the text to hash
+     * @param text the algorithm used for the hash
      * @return the result hash
      */
     protected String getHash( final String text ) {
         try {
-            return CryptoUtil.getSaltedPassword( 
text.getBytes(StandardCharsets.UTF_8 ) );
+            return CryptoUtil.getSaltedPassword( 
text.getBytes(StandardCharsets.UTF_8), SHA256_PREFIX );
         } catch( final NoSuchAlgorithmException e ) {
-            log.error( "Error creating salted SHA password hash:" + 
e.getMessage() );
+            log.error( String.format( "Error creating salted password hash: 
%s", e.getMessage() ) );
             return text;
         }
     }
@@ -267,7 +268,7 @@ public abstract class AbstractUserDatabase implements 
UserDatabase {
      *
      * @param text the text to hash
      * @return the result hash
-     * @deprecated this method is retained for backwards compatibility 
purposes; use {@link #getHash(String)} instead
+     * @deprecated this method is retained for backwards compatibility 
purposes; use {@link #getHash(String, String)} instead
      */
     String getOldHash( final String text ) {
         try {

Reply via email to