src/org/cacert/gigi/util/PasswordHash.java

   1 package org.cacert.gigi.util;
   2
   3 import java.security.MessageDigest;
   4 import java.security.NoSuchAlgorithmException;
   5
   6 public class PasswordHash {
   7         public static boolean verifyHash(String password, String hash) {
   8                 String newhash = sha1(password);
   9                 boolean match = true;
  10                 if (newhash.length() != hash.length()) {
  11                         match = false;
  12                 }
  13                 for (int i = 0; i < newhash.length(); i++) {
  14                         match &= newhash.charAt(i) == hash.charAt(i);
  15                 }
  16                 return match;
  17         }
  18
  19         private static String sha1(String password) {
  20                 try {
  21                         MessageDigest md = MessageDigest.getInstance("SHA1");
  22                         byte[] digest = md.digest(password.getBytes());
  23                         StringBuffer res = new StringBuffer(digest.length * 2);
  24                         for (int i = 0; i < digest.length; i++) {
  25                                 res.append(Integer.toHexString((digest[i] & 0xF0) >> 4));
  26                                 res.append(Integer.toHexString(digest[i] & 0xF));
  27                         }
  28                         return res.toString();
  29                 } catch (NoSuchAlgorithmException e) {
  30                         throw new Error(e);
  31                 }
  32         }
  33
  34         public static String hash(String password) {
  35                 return sha1(password);
  36         }
  37 }