MD5 encrypted user password
package com.ai.web.util;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
public class MD5Util {
private static final String HEX_NUMS_STR="0123456789ABCDEF";
private static final Integer SALT_LENGTH = 12;
/**
* Convert hexadecimal string to byte array
* @param hex
* @return
*/
public static byte[] hexStringToByte(String hex) {
int len = (hex.length() / 2);
byte [] result = new byte [len];
char[] hexChars = hex.toCharArray();
for (int i = 0; i < len; i++) {
int pos = i * 2;
result[i] = (byte) (HEX_NUMS_STR.indexOf(hexChars[pos]) << 4
| HEX_NUMS_STR.indexOf(hexChars[pos + 1]));
}
return result;
}
/**
* Convert the specified byte array to a hexadecimal string
* @param b
* @return
*/
public static String byteToHexString(byte[] b) {
StringBuffer hexString = new StringBuffer();
for (int i = 0; i < b.length; i++) {
String hex = Integer.toHexString(b[i] & 0xFF);
if (hex.length() == 1) {
hex = '0' + hex;
}
hexString.append(hex.toUpperCase());
}
return hexString.toString();
}
/**
* Verify that the password is valid
* @param password
* @param passwordInDb
* @return
* @throws NoSuchAlgorithmException
* @throws UnsupportedEncodingException
*/
public static boolean validPassword(String password, String passwordInDb)
throws NoSuchAlgorithmException, UnsupportedEncodingException {
//Convert password in hexadecimal string format to byte array
byte[] pwdInDb = hexStringToByte(passwordInDb);
//declare the salt variable
byte[] salt = new byte[SALT_LENGTH];
// extract the salt from the password byte array held in the database
System.arraycopy(pwdInDb, 0, salt, 0, SALT_LENGTH);
//Create message digest object
MessageDigest md = MessageDigest.getInstance("MD5");
// Pass the salt data into the message digest object
md.update(salt);
//Pass the password data to the message digest object
md.update(password.getBytes("UTF-8"));
//Generate message digest for input password
byte[] digest = md.digest();
//declare a variable that holds the digest of the password message in the database
byte[] digestInDb = new byte[pwdInDb.length - SALT_LENGTH];
//Get the message digest of the password in the database
System.arraycopy(pwdInDb, SALT_LENGTH, digestInDb, 0, digestInDb.length);
// Compare whether the message digest generated based on the input password is the same as the message digest in the database
if (Arrays.equals(digest, digestInDb)) {
//The password is correct and the password matching message is returned
return true;
} else {
//Incorrect password returns a password mismatch message
return false;
}
}
/**
* Get encrypted hexadecimal form password
* @param password
* @return
* @throws NoSuchAlgorithmException
* @throws UnsupportedEncodingException
*/
public static String getEncryptedPwd(String password)
throws NoSuchAlgorithmException, UnsupportedEncodingException {
//declare the encrypted password array variable
byte[] pwd = null;
//random number generator
SecureRandom random = new SecureRandom();
//declare the salt array variable
byte[] salt = new byte[SALT_LENGTH];
// put random number into salt variable
random.nextBytes(salt);
//declare the message digest object
MessageDigest md = null;
//create message digest
md = MessageDigest.getInstance("MD5");
// Pass the salt data into the message digest object
md.update(salt);
//Pass the password data to the message digest object
md.update(password.getBytes("UTF-8"));
//Get the byte array of the message digest
byte[] digest = md.digest();
//Because the salt is to be stored in the byte array of the password, add the byte length of the salt
pwd = new byte[digest.length + SALT_LENGTH];
//Copy the bytes of the salt to the first 12 bytes of the generated encrypted password byte array to take out the salt when validating the password
System.arraycopy(salt, 0, pwd, 0, SALT_LENGTH);
//Copy the message digest to the bytes starting from the 13th byte of the encrypted password byte array
System.arraycopy(digest, 0, pwd, SALT_LENGTH, digest.length);
// Convert the encrypted password in byte array format to password in hexadecimal string format
return byteToHexString(pwd);
}
}