Skip to content

Commit 6dd6e8e

Browse files
rwinchrwinch
committed
Merge branch '6.5.x' into 7.0.x
Closes gh-18235
2 parents 7cfcfae + edd82ba commit 6dd6e8e

File tree

2 files changed

+2
-14
lines changed

2 files changed

+2
-14
lines changed

web/src/main/java/org/springframework/security/web/authentication/password/HaveIBeenPwnedRestApiPasswordChecker.java

Lines changed: 1 addition & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -52,20 +52,14 @@ public final class HaveIBeenPwnedRestApiPasswordChecker implements CompromisedPa
5252

5353
private final Log logger = LogFactory.getLog(getClass());
5454

55-
private final MessageDigest sha1Digest;
56-
5755
private RestClient restClient = RestClient.builder().baseUrl(API_URL).build();
5856

59-
public HaveIBeenPwnedRestApiPasswordChecker() {
60-
this.sha1Digest = getSha1Digest();
61-
}
62-
6357
@Override
6458
public CompromisedPasswordDecision check(@Nullable String password) {
6559
if (password == null) {
6660
return new CompromisedPasswordDecision(false);
6761
}
68-
byte[] hash = this.sha1Digest.digest(password.getBytes(StandardCharsets.UTF_8));
62+
byte[] hash = getSha1Digest().digest(password.getBytes(StandardCharsets.UTF_8));
6963
String encoded = new String(Hex.encode(hash)).toUpperCase(Locale.ROOT);
7064
String prefix = encoded.substring(0, PREFIX_LENGTH);
7165
String suffix = encoded.substring(PREFIX_LENGTH);

web/src/main/java/org/springframework/security/web/authentication/password/HaveIBeenPwnedRestApiReactivePasswordChecker.java

Lines changed: 1 addition & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -55,12 +55,6 @@ public class HaveIBeenPwnedRestApiReactivePasswordChecker implements ReactiveCom
5555

5656
private WebClient webClient = WebClient.builder().baseUrl(API_URL).build();
5757

58-
private final MessageDigest sha1Digest;
59-
60-
public HaveIBeenPwnedRestApiReactivePasswordChecker() {
61-
this.sha1Digest = getSha1Digest();
62-
}
63-
6458
@Override
6559
public Mono<CompromisedPasswordDecision> check(@Nullable String password) {
6660
return getHash(password).map((hash) -> new String(Hex.encode(hash)))
@@ -98,7 +92,7 @@ public void setWebClient(WebClient webClient) {
9892

9993
private Mono<byte[]> getHash(@Nullable String rawPassword) {
10094
return Mono.justOrEmpty(rawPassword)
101-
.map((password) -> this.sha1Digest.digest(password.getBytes(StandardCharsets.UTF_8)))
95+
.map((password) -> getSha1Digest().digest(password.getBytes(StandardCharsets.UTF_8)))
10296
.subscribeOn(Schedulers.boundedElastic())
10397
.publishOn(Schedulers.parallel());
10498
}

0 commit comments

Comments
 (0)