MD5 encrypted user password
package com.ai.web.util; import java.io.UnsupportedEncodingException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.util.Arrays; public class MD5Util { private static final String HEX_NUMS_STR="0123456789ABCDEF"; private static final Integer SALT_LENGTH = 12; /** * Convert hexadecimal string to byte array * @param hex * @return */ public static byte[] hexStringToByte(String hex) { int len = (hex.length() / 2); byte [] result = new byte [len]; char[] hexChars = hex.toCharArray(); for (int i = 0; i < len; i++) { int pos = i * 2; result[i] = (byte) (HEX_NUMS_STR.indexOf(hexChars[pos]) << 4 | HEX_NUMS_STR.indexOf(hexChars[pos + 1])); } return result; } /** * Convert the specified byte array to a hexadecimal string * @param b * @return */ public static String byteToHexString(byte[] b) { StringBuffer hexString = new StringBuffer(); for (int i = 0; i < b.length; i++) { String hex = Integer.toHexString(b[i] & 0xFF); if (hex.length() == 1) { hex = '0' + hex; } hexString.append(hex.toUpperCase()); } return hexString.toString(); } /** * Verify that the password is valid * @param password * @param passwordInDb * @return * @throws NoSuchAlgorithmException * @throws UnsupportedEncodingException */ public static boolean validPassword(String password, String passwordInDb) throws NoSuchAlgorithmException, UnsupportedEncodingException { //Convert password in hexadecimal string format to byte array byte[] pwdInDb = hexStringToByte(passwordInDb); //declare the salt variable byte[] salt = new byte[SALT_LENGTH]; // extract the salt from the password byte array held in the database System.arraycopy(pwdInDb, 0, salt, 0, SALT_LENGTH); //Create message digest object MessageDigest md = MessageDigest.getInstance("MD5"); // Pass the salt data into the message digest object md.update(salt); //Pass the password data to the message digest object md.update(password.getBytes("UTF-8")); //Generate message digest for input password byte[] digest = md.digest(); //declare a variable that holds the digest of the password message in the database byte[] digestInDb = new byte[pwdInDb.length - SALT_LENGTH]; //Get the message digest of the password in the database System.arraycopy(pwdInDb, SALT_LENGTH, digestInDb, 0, digestInDb.length); // Compare whether the message digest generated based on the input password is the same as the message digest in the database if (Arrays.equals(digest, digestInDb)) { //The password is correct and the password matching message is returned return true; } else { //Incorrect password returns a password mismatch message return false; } } /** * Get encrypted hexadecimal form password * @param password * @return * @throws NoSuchAlgorithmException * @throws UnsupportedEncodingException */ public static String getEncryptedPwd(String password) throws NoSuchAlgorithmException, UnsupportedEncodingException { //declare the encrypted password array variable byte[] pwd = null; //random number generator SecureRandom random = new SecureRandom(); //declare the salt array variable byte[] salt = new byte[SALT_LENGTH]; // put random number into salt variable random.nextBytes(salt); //declare the message digest object MessageDigest md = null; //create message digest md = MessageDigest.getInstance("MD5"); // Pass the salt data into the message digest object md.update(salt); //Pass the password data to the message digest object md.update(password.getBytes("UTF-8")); //Get the byte array of the message digest byte[] digest = md.digest(); //Because the salt is to be stored in the byte array of the password, add the byte length of the salt pwd = new byte[digest.length + SALT_LENGTH]; //Copy the bytes of the salt to the first 12 bytes of the generated encrypted password byte array to take out the salt when validating the password System.arraycopy(salt, 0, pwd, 0, SALT_LENGTH); //Copy the message digest to the bytes starting from the 13th byte of the encrypted password byte array System.arraycopy(digest, 0, pwd, SALT_LENGTH, digest.length); // Convert the encrypted password in byte array format to password in hexadecimal string format return byteToHexString(pwd); } }