Re: [I] [Question] Can shiro 2.0 + use shiro 1 's hash Algorithm, such as "SHA-256" ? [shiro]

Wed, 03 Jan 2024 19:53:47 -0800 


sam2099 commented on issue #1022:
URL: https://github.com/apache/shiro/issues/1022#issuecomment-1876273782

   @lprimak  Thanks very much !
   
   In our old system with shiro1, We set iterations as 1, salt as null; such as 
password is "123456789o", saved encryptPassword is 
"$shiro1$SHA-256$1$$jZae727K08KaOmKSgOaGzww/XVqGr/PKEgIMkjrcbJI=". now we need 
authenticat with shiro 2, code as below:
   
   ```java
       @Test
       void encryptPassword() {
           DefaultPasswordService passwordService = new PasswordService();
           passwordService.setHashFormat(new Shiro1CryptFormat());
           System.out.println(passwordService.encryptPassword("123456789o"));
   
           System.out.println(passwordService.passwordsMatch("123456789o", 
"$shiro1$SHA-256$1$$jZae727K08KaOmKSgOaGzww/XVqGr/PKEgIMkjrcbJI="));
       }
   
       private final static class PasswordService extends 
DefaultPasswordService {
           @Override
           protected HashRequest createHashRequest(ByteSource plaintext) {
               return new HashRequest.Builder().setSource(plaintext)
                       
.setAlgorithmName(Sha256Hash.ALGORITHM_NAME).addParameter("SimpleHash.iterations",
 1)
                       .build();
           }
       }
   ```
   
   result Exception  
   ```java
   [main] WARN  o.a.shiro.crypto.hash.SimpleHash - Cannot recreate a hash using 
the same parameters.
   java.lang.IllegalArgumentException: Argument for byte conversion cannot be 
null.
        at 
org.apache.shiro.lang.codec.CodecSupport.toBytes(CodecSupport.java:203)
        at 
org.apache.shiro.crypto.hash.SimpleHash.toByteSource(SimpleHash.java:247)
        at 
org.apache.shiro.crypto.hash.SimpleHash.convertSaltToBytes(SimpleHash.java:233)
        at org.apache.shiro.crypto.hash.SimpleHash.<init>(SimpleHash.java:202)
        at 
org.apache.shiro.crypto.hash.SimpleHash.matchesPassword(SimpleHash.java:280)
        at 
org.apache.shiro.authc.credential.DefaultPasswordService.passwordsMatch(DefaultPasswordService.java:108)
        at 
org.apache.shiro.authc.credential.DefaultPasswordService.passwordsMatch(DefaultPasswordService.java:169)
   
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to