SSHA512 Encryption and matches with spring 5

Question

I am implementing spring security with the existing LDAP where the password are SSHA512 encoded. The deprecated LdapShaEncoder supports only {SHA} and {SSHA}.

Can anyone help me implement a java SSHA512 encoder along with Spring security. Or Are there any libraries which can do the job?

import org.springframework.security.crypto.password.LdapShaPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Bean
public PasswordEncoder passwordEncoder() {
    return new LdapShaPasswordEncoder();
}

Exception:

java.lang.IllegalArgumentException: Unsupported password prefix '{SSHA512}'
    at org.springframework.security.crypto.password.LdapShaPasswordEncoder.matches(LdapShaPasswordEncoder.java:173) ~[spring-security-core-5.1.3.RELEASE.jar:5.1.3.RELEASE]
    at org.springframework.security.crypto.password.LdapShaPasswordEncoder.matches(LdapShaPasswordEncoder.java:158) ~[spring-security-core-5.1.3.RELEASE.jar:5.1.3.RELEASE]
    at org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:90) ~[spring-security-core-5.1.3.RELEASE.jar:5.1.3.RELEASE]
    at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:166) ~[spring-security-core-5.1.3.RELEASE.jar:5.1.3.RELEASE]

score 3 · Accepted Answer · answered May 03 '19 at 20:00

3

Have a look here: https://github.com/lathspell/java_test/tree/master/java_test_openldap I basically just exchanged the SHA by SHA-512 in MessageDigest.getInstance() and adjusted the prefix and length constants.

answered May 03 '19 at 20:00

lathspell

3,040
1
30
49

Thanks a lot @lathspell. You saved my day. I just had to modify your code as I had to support both SSHA and SHA-512. – maya16 May 10 '19 at 10:49
Great job, thank you – Ramzi Guetiti Jun 23 '20 at 10:26

SSHA512 Encryption and matches with spring 5

1 Answers1