Skip to content

Feat added overloads for encodeNonNullPassword and matchesNonNull for users who would prefer to avoid passing passwords as String #18360

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
PrittSpadeLord wants to merge 2 commits into
base: main
Choose a base branch
from
+34 −1
Open

Feat added overloads for encodeNonNullPassword and matchesNonNull for users who would prefer to avoid passing passwords as String #18360

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8367910
Feat added overloads for encodeNonNullPassword and matchesNonNull for…
PrittSpadeLord Dec 24, 2025
95820f5
remove .idea
PrittSpadeLord Dec 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 34 additions & 1 deletion crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,24 @@ protected String encodeNonNullPassword(String rawPassword) {
return Argon2EncodingUtils.encode(hash, params);
}

protected String encodeNonNullPassword(char[] rawPassword) {
byte[] salt = this.saltGenerator.generateKey();
byte[] hash = new byte[this.hashLength];
// @formatter:off
Argon2Parameters params = new Argon2Parameters
.Builder(Argon2Parameters.ARGON2_id)
.withSalt(salt)
.withParallelism(this.parallelism)
.withMemoryAsKB(this.memory)
.withIterations(this.iterations)
.build();
// @formatter:on
Argon2BytesGenerator generator = new Argon2BytesGenerator();
generator.init(params);
generator.generateBytes(rawPassword, hash);
return Argon2EncodingUtils.encode(hash, params);
}

@Override
protected boolean matchesNonNull(String rawPassword, String encodedPassword) {
Argon2EncodingUtils.Argon2Hash decoded;
Expand All @@ -143,7 +161,22 @@ protected boolean matchesNonNull(String rawPassword, String encodedPassword) {
return constantTimeArrayEquals(decoded.getHash(), hashBytes);
}

@Override
protected boolean matchesNonNull(char[] rawPassword, String encodedPassword) {
Argon2EncodingUtils.Argon2Hash decoded;
try {
decoded = Argon2EncodingUtils.decode(encodedPassword);
}
catch (IllegalArgumentException ex) {
this.logger.warn("Malformed password hash", ex);
return false;
}
byte[] hashBytes = new byte[decoded.getHash().length];
Argon2BytesGenerator generator = new Argon2BytesGenerator();
generator.init(decoded.getParameters());
generator.generateBytes(rawPassword, hashBytes);
return constantTimeArrayEquals(decoded.getHash(), hashBytes);
}

protected boolean upgradeEncodingNonNull(String encodedPassword) {
Argon2Parameters parameters = Argon2EncodingUtils.decode(encodedPassword).getParameters();
return parameters.getMemory() < this.memory || parameters.getIterations() < this.iterations;
Expand Down