#35: refactored how byte[] are converted into Strings

Password4j · Apr 14, 2021 · ee141bc · ee141bc
1 parent 6c7685c
commit ee141bc
Show file tree

Hide file tree

Showing 8 changed files with 17 additions and 11 deletions.
diff --git a/src/main/java/com/password4j/Argon2Function.java b/src/main/java/com/password4j/Argon2Function.java
@@ -353,7 +353,7 @@ private Hash internalHash(CharSequence plainTextPassword, byte[] salt, CharSeque
         {
             salt = SaltGenerator.generate();
         }
-        String theSalt = new String(salt, Utils.DEFAULT_CHARSET);
+        String theSalt = Utils.fromBytesToString(salt);
         initialize(password, salt, Utils.fromCharSequenceToBytes(pepper), null, blockMemory);
         fillMemoryBlocks(blockMemory);
         byte[] hash = ending(blockMemory);
@@ -366,7 +366,7 @@ private Hash internalHash(CharSequence plainTextPassword, byte[] salt, CharSeque
     public boolean check(CharSequence plainTextPassword, String hashed)
     {
         Object[] params = decodeHash(hashed);
-        return check(plainTextPassword, hashed, new String((byte[]) params[5]), null);
+        return check(plainTextPassword, hashed, Utils.fromBytesToString((byte[]) params[5]), null);
     }
 
     @Override
@@ -376,7 +376,7 @@ public boolean check(CharSequence plainTextPassword, String hashed, String salt,
         if (salt == null)
         {
             Object[] params = decodeHash(hashed);
-            theSalt = new String((byte[]) params[5]);
+            theSalt = Utils.fromBytesToString((byte[]) params[5]);
         }
         else
         {

diff --git a/src/main/java/com/password4j/CompressedPBKDF2Function.java b/src/main/java/com/password4j/CompressedPBKDF2Function.java
@@ -182,7 +182,7 @@ private String getSaltFromHash(String hashed)
         String[] parts = getParts(hashed);
         if (parts.length == 5)
         {
-            return new String(Utils.decodeBase64(Utils.fromCharSequenceToBytes(parts[3])));
+            return Utils.fromBytesToString(Utils.decodeBase64(Utils.fromCharSequenceToBytes(parts[3])));
         }
         throw new BadParametersException("`" + hashed + "` is not a valid hash");
     }

diff --git a/src/main/java/com/password4j/HashBuilder.java b/src/main/java/com/password4j/HashBuilder.java
@@ -72,7 +72,7 @@ public HashBuilder addSalt(String salt)
      */
     public HashBuilder addRandomSalt()
     {
-        this.salt = new String(SaltGenerator.generate());
+        this.salt = Utils.fromBytesToString(SaltGenerator.generate());
         return this;
     }
 
@@ -94,7 +94,7 @@ public HashBuilder addRandomSalt(int length)
         }
         else
         {
-            this.salt = new String(SaltGenerator.generate(length));
+            this.salt = Utils.fromBytesToString(SaltGenerator.generate(length));
         }
         return this;
     }

diff --git a/src/main/java/com/password4j/PBKDF2Function.java b/src/main/java/com/password4j/PBKDF2Function.java
@@ -147,7 +147,7 @@ protected static String toString(String algorithm, int iterations, int length)
     public Hash hash(CharSequence plainTextPassword)
     {
         byte[] salt = SaltGenerator.generate();
-        return hash(plainTextPassword, new String(salt));
+        return hash(plainTextPassword, Utils.fromBytesToString(salt));
     }
 
     @Override

diff --git a/src/main/java/com/password4j/SCryptFunction.java b/src/main/java/com/password4j/SCryptFunction.java
@@ -250,7 +250,7 @@ public Hash hash(CharSequence plainTextPassword, String salt)
 
     private Hash internalHash(CharSequence plainTextPassword, byte[] salt)
     {
-        String stringedSalt = new String(salt, Utils.DEFAULT_CHARSET);
+        String stringedSalt = Utils.fromBytesToString(salt);
         try
         {
             byte[] derived = scrypt(Utils.fromCharSequenceToBytes(plainTextPassword), salt, derivedKeyLength);
@@ -387,7 +387,7 @@ else if (resources > 16777215 / parallelization)
             {
                 byte[] xyArray = new byte[256 * resources];
                 byte[] vArray = new byte[128 * resources * workFactor];
-                byte[] intensiveSalt = PBKDF2Function.internalHash(new String(passwd).toCharArray(), salt, Hmac.SHA256.name(), 1,
+                byte[] intensiveSalt = PBKDF2Function.internalHash(Utils.fromBytesToString(passwd).toCharArray(), salt, Hmac.SHA256.name(), 1,
                         8 * parallelization * 128 * resources).getEncoded();
 
                 for (int i = 0; i < parallelization; ++i)
@@ -396,7 +396,7 @@ else if (resources > 16777215 / parallelization)
                 }
 
                 return PBKDF2Function
-                        .internalHash(new String(passwd).toCharArray(), intensiveSalt, Hmac.SHA256.name(), 1, 8 * dkLen)
+                        .internalHash(Utils.fromBytesToString(passwd).toCharArray(), intensiveSalt, Hmac.SHA256.name(), 1, 8 * dkLen)
                         .getEncoded();
             }
         }

diff --git a/src/main/java/com/password4j/SystemChecker.java b/src/main/java/com/password4j/SystemChecker.java
@@ -35,7 +35,7 @@ public class SystemChecker
 {
     private static final String TO_BE_HASHED = "abcDEF123@~# xyz+-*/=456spqr";
 
-    private static final String SALT = new String(SaltGenerator.generate());
+    private static final String SALT = Utils.fromBytesToString(SaltGenerator.generate());
 
     private static final int WARMUP_ROUNDS = 20;
 

diff --git a/src/main/java/com/password4j/Utils.java b/src/main/java/com/password4j/Utils.java
@@ -215,6 +215,11 @@ static long[] fromBytesToLongs(byte[] input)
         return v;
     }
 
+    static String fromBytesToString(byte[] input)
+    {
+        return new String(input, DEFAULT_CHARSET);
+    }
+
     static long littleEndianBytesToLong(byte[] b)
     {
         long result = 0;

diff --git a/src/test/com/password4j/PasswordTest.java b/src/test/com/password4j/PasswordTest.java
@@ -27,6 +27,7 @@
 import org.junit.Assert;
 import org.junit.Test;
 
+import java.nio.charset.Charset;
 import java.security.SecureRandom;
 import java.util.List;
 import java.util.Random;