* The password that should result in the given hash.
* @param hash
* The hash to verify the password against.
- * @return <ul>
+ * @return
+ * <ul>
* <li><code>null</code>, if the password was valid</li>
* <li><code>hash</code>, if the password is valid and the hash
* doesn't need to be updated</li>
* </ul>
*/
public static String verifyHash(String password, String hash) {
+ if (password == null || password.isEmpty()) {
+ return null;
+ }
if (hash.contains("$")) {
if (SCryptUtil.check(password, hash)) {
return hash;
}
}
- private static String sha1(String password) {
+ public static String sha1(String password) {
try {
MessageDigest md = MessageDigest.getInstance("SHA1");
byte[] digest = md.digest(password.getBytes("UTF-8"));