upd: create rate limit for account creation

[gigi.git] / src / org / cacert / gigi / util / PasswordHash.java

diff --git a/src/org/cacert/gigi/util/PasswordHash.java b/src/org/cacert/gigi/util/PasswordHash.java
index 11e4d34419c78cbc46a6591d4262cfa35ebdf1a8..4de92440dff10febe39a14ac31595c5e9e4446aa 100644 (file)
--- a/src/org/cacert/gigi/util/PasswordHash.java
+++ b/src/org/cacert/gigi/util/PasswordHash.java
@@ -1,5 +1,6 @@
 package org.cacert.gigi.util;
 
+import java.io.UnsupportedEncodingException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 
@@ -23,6 +24,9 @@ public class PasswordHash {
      *         </ul>
      */
     public static String verifyHash(String password, String hash) {
+        if (password == null || password.isEmpty()) {
+            return null;
+        }
         if (hash.contains("$")) {
             if (SCryptUtil.check(password, hash)) {
                 return hash;
@@ -45,10 +49,10 @@ public class PasswordHash {
         }
     }
 
-    private static String sha1(String password) {
+    public static String sha1(String password) {
         try {
             MessageDigest md = MessageDigest.getInstance("SHA1");
-            byte[] digest = md.digest(password.getBytes());
+            byte[] digest = md.digest(password.getBytes("UTF-8"));
             StringBuffer res = new StringBuffer(digest.length * 2);
             for (int i = 0; i < digest.length; i++) {
                 res.append(Integer.toHexString((digest[i] & 0xF0) >> 4));
@@ -57,6 +61,8 @@ public class PasswordHash {
             return res.toString();
         } catch (NoSuchAlgorithmException e) {
             throw new Error(e);
+        } catch (UnsupportedEncodingException e) {
+            throw new Error(e);
         }
     }