Skip to content

Commit 9bf139d

Browse files
garvit-joshigarvit-joshi
committed
gh-18234: Create SHA-1 MessageDigest for every new check request
Signed-off-by: Garvit Joshi <[email protected]>
1 parent 27f91e0 commit 9bf139d

File tree

2 files changed

+2
-14
lines changed

2 files changed

+2
-14
lines changed

web/src/main/java/org/springframework/security/web/authentication/password/HaveIBeenPwnedRestApiPasswordChecker.java

Lines changed: 1 addition & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -52,18 +52,12 @@ public final class HaveIBeenPwnedRestApiPasswordChecker implements CompromisedPa
5252

5353
private final Log logger = LogFactory.getLog(getClass());
5454

55-
private final MessageDigest sha1Digest;
56-
5755
private RestClient restClient = RestClient.builder().baseUrl(API_URL).build();
5856

59-
public HaveIBeenPwnedRestApiPasswordChecker() {
60-
this.sha1Digest = getSha1Digest();
61-
}
62-
6357
@Override
6458
@NonNull
6559
public CompromisedPasswordDecision check(String password) {
66-
byte[] hash = this.sha1Digest.digest(password.getBytes(StandardCharsets.UTF_8));
60+
byte[] hash = getSha1Digest().digest(password.getBytes(StandardCharsets.UTF_8));
6761
String encoded = new String(Hex.encode(hash)).toUpperCase(Locale.ROOT);
6862
String prefix = encoded.substring(0, PREFIX_LENGTH);
6963
String suffix = encoded.substring(PREFIX_LENGTH);

web/src/main/java/org/springframework/security/web/authentication/password/HaveIBeenPwnedRestApiReactivePasswordChecker.java

Lines changed: 1 addition & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -54,12 +54,6 @@ public class HaveIBeenPwnedRestApiReactivePasswordChecker implements ReactiveCom
5454

5555
private WebClient webClient = WebClient.builder().baseUrl(API_URL).build();
5656

57-
private final MessageDigest sha1Digest;
58-
59-
public HaveIBeenPwnedRestApiReactivePasswordChecker() {
60-
this.sha1Digest = getSha1Digest();
61-
}
62-
6357
@Override
6458
public Mono<CompromisedPasswordDecision> check(String password) {
6559
return getHash(password).map((hash) -> new String(Hex.encode(hash)))
@@ -95,7 +89,7 @@ public void setWebClient(WebClient webClient) {
9589
}
9690

9791
private Mono<byte[]> getHash(String password) {
98-
return Mono.fromSupplier(() -> this.sha1Digest.digest(password.getBytes(StandardCharsets.UTF_8)))
92+
return Mono.fromSupplier(() -> getSha1Digest().digest(password.getBytes(StandardCharsets.UTF_8)))
9993
.subscribeOn(Schedulers.boundedElastic())
10094
.publishOn(Schedulers.parallel());
10195
}

0 commit comments

Comments
 (0)