PasswordReciprocal optimize

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeService.java

@@ -25,7 +25,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.maxkey.configuration.ApplicationConfig;
 import org.maxkey.constants.ConstantsTimeInterval;
 import org.maxkey.crypto.Base64Utils;
-import org.maxkey.crypto.ReciprocalUtils;
+import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.util.JsonUtils;
 import org.maxkey.web.WebConstants;
 import org.maxkey.web.WebContext;
@@ -71,7 +71,7 @@ public abstract class AbstractRemeberMeService {
             String jsonRemeberMe = JsonUtils.object2Json(remeberMe);
             _logger.debug("Remeber Me JSON " + jsonRemeberMe);
 
-            jsonRemeberMe = ReciprocalUtils.encode(jsonRemeberMe);
+            jsonRemeberMe = PasswordReciprocal.getInstance().encode(jsonRemeberMe);
 
             String cookieValue = Base64Utils.base64UrlEncode(jsonRemeberMe.getBytes());
 
@@ -101,7 +101,7 @@ public abstract class AbstractRemeberMeService {
         _logger.debug("Remeber Me JSON " + jsonRemeberMe);
 
         _logger.debug("Encode Remeber Me JSON ...");
-        jsonRemeberMe = ReciprocalUtils.encode(jsonRemeberMe);
+        jsonRemeberMe = PasswordReciprocal.getInstance().encode(jsonRemeberMe);
         _logger.debug("Encode Remeber Me JSON " + jsonRemeberMe);
 
         String cookieValue = Base64Utils.base64UrlEncode(jsonRemeberMe.getBytes());

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/HttpRemeberMeEntryPoint.java

@@ -27,7 +27,7 @@ import org.maxkey.authn.LoginCredential;
 import org.maxkey.configuration.ApplicationConfig;
 import org.maxkey.constants.ConstantsLoginType;
 import org.maxkey.crypto.Base64Utils;
-import org.maxkey.crypto.ReciprocalUtils;
+import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.util.JsonUtils;
 import org.maxkey.web.WebConstants;
 import org.maxkey.web.WebContext;
@@ -82,7 +82,7 @@ public class HttpRemeberMeEntryPoint implements AsyncHandlerInterceptor {
 
         remeberMe = new String(Base64Utils.base64UrlDecode(remeberMe));
 
-        remeberMe = ReciprocalUtils.decoder(remeberMe);
+        remeberMe = PasswordReciprocal.getInstance().decoder(remeberMe);
 
         _logger.debug("decoder RemeberMe : " + remeberMe);
         RemeberMe remeberMeCookie = new RemeberMe();

maxkey-common/src/main/java/org/maxkey/crypto/ReciprocalUtils.java

@@ -132,55 +132,18 @@ public final class ReciprocalUtils {
         return null;
     }
 
-    public static byte[] encodeByDefaultKey(String simple, String algorithm) {
-        SecretKey key = generatorDefaultKey(algorithm);
-        return encode(simple.getBytes(), key, algorithm);
-
-    }
-
-    public static String encode2HexByDefaultKey(String simple, String algorithm) {
-        byte[] byteFinal = encodeByDefaultKey(simple, algorithm);
-
-        String cipherHex = HexUtils.bytes2HexString(byteFinal);
-        return cipherHex;
-    }
-
-    public static byte[] decoderByDefaultKey(byte[] byteCiphers, String algorithm) {
-        SecretKey key = generatorDefaultKey(algorithm);
-        return decoder(byteCiphers, key, algorithm);
-
-    }
-
-    public static String decoderHexByDefaultKey(String ciphers, String algorithm) {
-        if(StringUtils.isBlank(ciphers))return "";
-        
-        byte[] byteSimple = HexUtils.hex2Bytes(ciphers);
-
-        byte[] byteFinal = decoderByDefaultKey(byteSimple, algorithm);
-
-        String simple = null;
+    public static String generatorDefaultKey(String secretKey,String algorithm) {
         try {
-            simple = new String(byteFinal, "UTF-8");
-        } catch (UnsupportedEncodingException e) {
-            e.printStackTrace();
-        }
-        return simple;
-
-    }
-
-    public static SecretKey generatorDefaultKey(String algorithm) {
-        try {
-            String secretKey = defaultKey;
+            secretKey = secretKey + defaultKey;
             if (algorithm.equals(Algorithm.DES)) {
-                secretKey = defaultKey.substring(0, 8);
+                secretKey = secretKey.substring(0, 8);
             } else if (algorithm.equals(Algorithm.AES) || algorithm.equals(Algorithm.Blowfish)) {
-                secretKey = defaultKey.substring(0, 16);
+                secretKey = secretKey.substring(0, 16);
             } else if (algorithm.equals(Algorithm.DESede)) {
-                secretKey = defaultKey.substring(0, 24);
+                secretKey = secretKey.substring(0, 24);
             }
             // System.out.println("defaultKey : "+secretKey);
-            SecretKey key = new SecretKeySpec(secretKey.getBytes(), algorithm);
-            return key;
+           return secretKey;
         } catch (Exception e) {
             e.printStackTrace();
         }
@@ -216,7 +179,17 @@ public final class ReciprocalUtils {
         }
         return null;
     }
+    
+    public static String encode2Hex(String simple, String secretKey) {
+    	String key = generatorDefaultKey(secretKey + defaultKey,Algorithm.DESede);
+    	return encode2Hex(simple,key, Algorithm.DESede);
+    }
 
+    public static String decoderHex(String ciphers, String secretKey) {
+    	String key = generatorDefaultKey(secretKey + defaultKey,Algorithm.DESede);
+    	return decoderHex(ciphers,key,Algorithm.DESede);
+    }
+    
     private static boolean keyLengthCheck(String secretKey, String algorithm) {
         boolean lengthCheck = false;
         if (algorithm.equals(Algorithm.DES)) {
@@ -264,27 +237,6 @@ public final class ReciprocalUtils {
         return decoderHex(ciphers, secretKey, Algorithm.AES);
     }
 
-    /**
-     * encode by defaultKey with Algorithm.AES
-     * 
-     * @param simple
-     * @return Hex
-     */
-    public static String encode(String simple) {
-        return encode2HexByDefaultKey(simple, Algorithm.AES);
-    }
-
-    /**
-     * decoder by defaultKey with Algorithm.AES
-     * 
-     * @param ciphers is HEX
-     * 
-     * @return
-     */
-    public static String decoder(String ciphers) {
-        return decoderHexByDefaultKey(ciphers, Algorithm.AES);
-    }
-
     public static String generateKey(String algorithm) {
         if (algorithm.equals(Algorithm.DES)) {
             return (new StringGenerator(8)).randomGenerate();

maxkey-common/src/main/java/org/maxkey/crypto/password/PasswordReciprocal.java

@@ -18,6 +18,7 @@
 package org.maxkey.crypto.password;
 
 import org.maxkey.crypto.ReciprocalUtils;
+import org.springframework.security.crypto.bcrypt.BCrypt;
 import org.springframework.security.crypto.password.PasswordEncoder;
 
 /**
@@ -27,8 +28,10 @@ import org.springframework.security.crypto.password.PasswordEncoder;
  */
 public class PasswordReciprocal implements PasswordEncoder {
 
+	public static int PREFFIX_LENGTH = 7;
+	
     public static PasswordReciprocal passwordReciprocal;
-
+    
     public PasswordReciprocal() {
 
     }
@@ -45,24 +48,38 @@ public class PasswordReciprocal implements PasswordEncoder {
 
         return passwordReciprocal;
     }
-
-    public String rawPassword(String username, String password) {
-        return password + "@" + username;
-    }
-
-    public String encode(CharSequence rawPassword) {
-        return ReciprocalUtils.encode(rawPassword.toString());
+    
+    public String decoder(CharSequence encodedPassword) {
+    	String salt = encodedPassword.subSequence(0, 29).toString();
+    	encodedPassword = encodedPassword.subSequence(29, encodedPassword.length());
+    	String plain = ReciprocalUtils.decoderHex(encodedPassword.toString(), salt.substring(PREFFIX_LENGTH));
+        return plain.substring(salt.substring(PREFFIX_LENGTH).length());
     }
 
     public boolean matches(CharSequence rawPassword, String encodedPassword) {
-        return ReciprocalUtils.encode(rawPassword.toString()).equals(encodedPassword);
+    	String salt = encodedPassword.subSequence(0, 29).toString();
+    	String finalPassword = encode(rawPassword,salt);
+        return finalPassword.equals(encodedPassword);//ReciprocalUtils.encode(rawPassword.toString()).equals(encodedPassword);
     }
 
-    public String decoder(CharSequence encodedPassword) {
-        if(encodedPassword == null || encodedPassword.equals("")) {
-            return "";
-        }
-        return ReciprocalUtils.decoder(encodedPassword.toString());
+    /**
+     * salt
+     * length 29
+     * @return salt
+     */
+    public String gensalt() {
+    	return BCrypt.gensalt("$2a", 10);
     }
 
+	@Override
+	public String encode(CharSequence plain) {
+		//$2a$10$
+    	String salt = gensalt();
+        return encode(plain, salt);
+	}
+	
+	private String encode(CharSequence plain,String salt) {
+    	String password = salt.substring(PREFFIX_LENGTH) + plain ;
+        return salt + ReciprocalUtils.encode2Hex(password , salt.substring(PREFFIX_LENGTH));
+	}
 }

maxkey-common/src/test/java/org/maxkey/crypto/ReciprocalUtilsTest.java

@@ -20,6 +20,7 @@ package org.maxkey.crypto;
 import java.io.UnsupportedEncodingException;
 
 import org.junit.Test;
+import org.maxkey.crypto.password.PasswordReciprocal;
 
 public class ReciprocalUtilsTest {
 	@Test
@@ -53,18 +54,13 @@ public class ReciprocalUtilsTest {
 				 
 				
 		 System.out.println(urldcode);*/
-		System.out.println( ReciprocalUtils.decoder("76efad66eb7d10140dc2d9ef41c51df0"));
-		 
-		
-		
-		
-		
+
 		 
 		String encoderString="root";
-		System.out.println( ReciprocalUtils.encode(encoderString));
+		encoderString = PasswordReciprocal.getInstance().encode(encoderString);
+		System.out.println( encoderString);
 		
-	    encoderString="ead67db5c4f55eace090ab0044682451";
-		encoderString=ReciprocalUtils.decoder(encoderString);
+		encoderString=PasswordReciprocal.getInstance().decoder(encoderString);
 		System.out.println(encoderString );
 		
 		

maxkey-common/src/test/java/org/maxkey/crypto/password/PasswordReciprocalTest.java

@@ -27,11 +27,16 @@ public class PasswordReciprocalTest {
 
 	public static void main(String[] args) {
 		BCryptPasswordEncoder spe= new BCryptPasswordEncoder();
-		String pass=PasswordReciprocal.getInstance().rawPassword("admin", "admin");
+		//String pass=PasswordReciprocal.getInstance().rawPassword("admin", "admin");
+		String pass ="x8zPbCya";
 		String epass=spe.encode(pass);
 		System.out.println("PasswordEncoder "+epass); 
 		
-		System.out.println(PasswordReciprocal.getInstance().decoder("f1ee1e9b912f05333a06925c99daf9c0"));
+		String encode = PasswordReciprocal.getInstance().encode(pass);
+		System.out.println(encode);
+		System.out.println(PasswordReciprocal.getInstance().decoder(encode));
+		
+		System.out.println(PasswordReciprocal.getInstance().matches(pass,encode));
 	}
 
 }

maxkey-persistence/src/main/java/org/maxkey/persistence/service/AccountsService.java

@@ -21,7 +21,7 @@ import java.util.List;
 
 import org.apache.mybatis.jpa.persistence.JpaBaseService;
 import org.maxkey.constants.ConstantsStatus;
-import org.maxkey.crypto.ReciprocalUtils;
+import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.entity.Accounts;
 import org.maxkey.entity.AccountsStrategy;
 import org.maxkey.entity.OrganizationsCast;
@@ -141,7 +141,7 @@ public class AccountsService  extends JpaBaseService<Accounts>{
            account.setUsername(user.getUsername());
            account.setDisplayName(user.getDisplayName());
            account.setRelatedUsername(generateAccount(user,strategy));
-           account.setRelatedPassword(ReciprocalUtils.encode(userInfoService.randomPassword()));
+           account.setRelatedPassword(PasswordReciprocal.getInstance().encode(userInfoService.randomPassword()));
            
            account.setCreateType("automatic");
            account.setStatus(ConstantsStatus.ACTIVE);

maxkey-persistence/src/main/java/org/maxkey/persistence/service/UserInfoService.java

@@ -20,7 +20,6 @@ package org.maxkey.persistence.service;
 
 import org.apache.mybatis.jpa.persistence.JpaBaseService;
 import org.maxkey.constants.ConstantsStatus;
-import org.maxkey.crypto.ReciprocalUtils;
 import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.entity.Accounts;
 import org.maxkey.entity.ChangePassword;
@@ -205,7 +204,7 @@ public class UserInfoService extends JpaBaseService<UserInfo> {
 	    //密码不为空，则需要进行加密处理
 	    if(userInfo.getPassword()!=null && !userInfo.getPassword().equals("")) {
     	    String password = passwordEncoder.encode(userInfo.getPassword());
-            userInfo.setDecipherable(ReciprocalUtils.encode(PasswordReciprocal.getInstance().rawPassword(userInfo.getUsername(), userInfo.getPassword())));
+            userInfo.setDecipherable(PasswordReciprocal.getInstance().encode(userInfo.getPassword()));
             _logger.debug("decipherable : "+userInfo.getDecipherable());
             userInfo.setPassword(password);
             userInfo.setPasswordLastSetTime(DateUtils.getCurrentDateTimeAsString());
@@ -263,8 +262,7 @@ public class UserInfoService extends JpaBaseService<UserInfo> {
     public boolean changePassword(UserInfo changeUserInfo,boolean passwordPolicy) {
         try {
             _logger.debug("decipherable old : " + changeUserInfo.getDecipherable());
-            _logger.debug("decipherable new : " + ReciprocalUtils.encode(PasswordReciprocal.getInstance()
-                    .rawPassword(changeUserInfo.getUsername(), changeUserInfo.getPassword())));
+            _logger.debug("decipherable new : " + PasswordReciprocal.getInstance().encode(changeUserInfo.getPassword()));
 
             if (passwordPolicy && passwordPolicyValidator.validator(changeUserInfo) == false) {
                 return false;

maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java

@@ -22,7 +22,7 @@ package org.maxkey.authz.endpoint;
 
 import org.apache.commons.lang3.StringUtils;
 import org.maxkey.configuration.ApplicationConfig;
-import org.maxkey.crypto.ReciprocalUtils;
+import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.entity.Accounts;
 import org.maxkey.entity.UserInfo;
 import org.maxkey.entity.apps.Apps;
@@ -80,12 +80,12 @@ public class AuthorizeBaseEndpoint {
 			
 			account=accountsService.load(new Accounts(userInfo.getId(),loadApp.getId()));
 			if(account!=null){
-				account.setRelatedPassword(ReciprocalUtils.decoder(account.getRelatedPassword()));
+				account.setRelatedPassword(PasswordReciprocal.getInstance().decoder(account.getRelatedPassword()));
 			}
 		}else if(loadApp.getCredential()==Apps.CREDENTIALS.SHARED){
 			
 			account.setRelatedUsername(loadApp.getSharedUsername());
-			account.setRelatedPassword(ReciprocalUtils.decoder(loadApp.getSharedPassword()));
+			account.setRelatedPassword(PasswordReciprocal.getInstance().decoder(loadApp.getSharedPassword()));
 			
 		}else if(loadApp.getCredential()==Apps.CREDENTIALS.SYSTEM){
 			
@@ -101,7 +101,7 @@ public class AuthorizeBaseEndpoint {
 				account.setUsername(userInfo.getWindowsAccount());
 			}
 			//decoder database stored encode password
-			account.setRelatedPassword(ReciprocalUtils.decoder(WebContext.getUserInfo().getDecipherable()));
+			account.setRelatedPassword(PasswordReciprocal.getInstance().decoder(WebContext.getUserInfo().getDecipherable()));
 			
 		}else if(loadApp.getCredential()==Apps.CREDENTIALS.NONE){
 			

maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeCredentialEndpoint.java

@@ -21,8 +21,7 @@
 package org.maxkey.authz.endpoint;
 
 import javax.servlet.http.HttpServletRequest;
-
-import org.maxkey.crypto.ReciprocalUtils;
+import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.entity.Accounts;
 import org.maxkey.entity.UserInfo;
 import org.maxkey.util.StringUtils;
@@ -76,7 +75,7 @@ public class AuthorizeCredentialEndpoint extends AuthorizeBaseEndpoint{
 			appUser.setAppName(getApp(appId).getName());
 			
 			appUser.setRelatedUsername(identity_username);
-			appUser.setRelatedPassword(ReciprocalUtils.encode(identity_password));
+			appUser.setRelatedPassword(PasswordReciprocal.getInstance().encode(identity_password));
 			
 			if(accountsService.insert(appUser)){
 				

maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeProtectedEndpoint.java

@@ -21,8 +21,7 @@
 package org.maxkey.authz.endpoint;
 
 import javax.servlet.http.HttpServletRequest;
-
-import org.maxkey.crypto.ReciprocalUtils;
+import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.entity.UserInfo;
 import org.maxkey.web.WebConstants;
 import org.maxkey.web.WebContext;
@@ -52,7 +51,7 @@ public class AuthorizeProtectedEndpoint{
 			@RequestParam("password") String password,
 			@RequestParam("redirect_uri") String redirect_uri){
 		 UserInfo userInfo=WebContext.getUserInfo();
-		if( userInfo.getAppLoginPassword().equals(ReciprocalUtils.encode(password))){
+		if( userInfo.getAppLoginPassword().equals(PasswordReciprocal.getInstance().encode(password))){
 			WebContext.setAttribute(WebConstants.CURRENT_SINGLESIGNON_URI, redirect_uri);
 			return WebContext.redirect(redirect_uri);
 		}

maxkey-protocols/maxkey-protocol-jwt/src/main/java/org/maxkey/authz/jwt/endpoint/adapter/JwtHS256Adapter.java

@@ -25,9 +25,9 @@ import org.joda.time.DateTime;
 import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
 import org.maxkey.configuration.oidc.OIDCProviderMetadata;
-import org.maxkey.crypto.ReciprocalUtils;
 import org.maxkey.crypto.jwt.signer.service.JwtSigningAndValidationService;
 import org.maxkey.crypto.jwt.signer.service.impl.SymmetricSigningAndValidationServiceBuilder;
+import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.entity.UserInfo;
 import org.maxkey.entity.apps.Apps;
 import org.maxkey.entity.apps.AppsJwtDetails;
@@ -79,7 +79,7 @@ public class JwtHS256Adapter extends AbstractAuthorizeAdapter {
 		
 		JWT jwtToken = new PlainJWT(jwtClaims);
 		
-		String sharedSecret=ReciprocalUtils.decoder(details.getAlgorithmKey());
+		String sharedSecret=PasswordReciprocal.getInstance().decoder(details.getAlgorithmKey());
 		
 		_logger.debug("jwt sharedSecret : "+sharedSecret);
 		

maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/OpenIdConnectUserInfoEndpoint.java

@@ -31,11 +31,11 @@ import org.maxkey.authz.oauth2.provider.ClientDetailsService;
 import org.maxkey.authz.oauth2.provider.OAuth2Authentication;
 import org.maxkey.authz.oauth2.provider.token.DefaultTokenServices;
 import org.maxkey.constants.ContentType;
-import org.maxkey.crypto.ReciprocalUtils;
 import org.maxkey.crypto.jwt.encryption.service.JwtEncryptionAndDecryptionService;
 import org.maxkey.crypto.jwt.encryption.service.impl.RecipientJwtEncryptionAndDecryptionServiceBuilder;
 import org.maxkey.crypto.jwt.signer.service.JwtSigningAndValidationService;
 import org.maxkey.crypto.jwt.signer.service.impl.SymmetricSigningAndValidationServiceBuilder;
+import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.entity.UserInfo;
 import org.maxkey.entity.apps.oauth2.provider.ClientDetails;
 import org.maxkey.persistence.service.AppsService;
@@ -233,7 +233,7 @@ public class OpenIdConnectUserInfoEndpoint {
 						|| signingAlg.equals(JWSAlgorithm.HS384)
 						|| signingAlg.equals(JWSAlgorithm.HS512)) {
 					// sign it with the client's secret
-					String client_secret=ReciprocalUtils.decoder(clientDetails.getClientSecret());
+					String client_secret=PasswordReciprocal.getInstance().decoder(clientDetails.getClientSecret());
 					
 					JwtSigningAndValidationService symmetricJwtSignerService =symmetricJwtSignerServiceBuilder.serviceBuilder(client_secret);
 					if(symmetricJwtSignerService!=null){

maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oidc/idtoken/OIDCIdTokenEnhancer.java

@@ -34,11 +34,11 @@ import org.maxkey.authz.oauth2.provider.OAuth2Authentication;
 import org.maxkey.authz.oauth2.provider.OAuth2Request;
 import org.maxkey.authz.oauth2.provider.token.TokenEnhancer;
 import org.maxkey.configuration.oidc.OIDCProviderMetadata;
-import org.maxkey.crypto.ReciprocalUtils;
 import org.maxkey.crypto.jwt.encryption.service.JwtEncryptionAndDecryptionService;
 import org.maxkey.crypto.jwt.encryption.service.impl.RecipientJwtEncryptionAndDecryptionServiceBuilder;
 import org.maxkey.crypto.jwt.signer.service.JwtSigningAndValidationService;
 import org.maxkey.crypto.jwt.signer.service.impl.SymmetricSigningAndValidationServiceBuilder;
+import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.entity.apps.oauth2.provider.ClientDetails;
 import org.maxkey.web.WebContext;
 
@@ -174,7 +174,7 @@ public class OIDCIdTokenEnhancer implements TokenEnhancer {
 							|| signingAlg.equals(JWSAlgorithm.HS384)
 							|| signingAlg.equals(JWSAlgorithm.HS512)) {
 						// sign it with the client's secret
-						String client_secret=ReciprocalUtils.decoder(clientDetails.getClientSecret());
+						String client_secret=PasswordReciprocal.getInstance().decoder(clientDetails.getClientSecret());
 						
 						JwtSigningAndValidationService symmetricJwtSignerService =symmetricJwtSignerServiceBuilder.serviceBuilder(client_secret);
 						if(symmetricJwtSignerService!=null){

maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/AppListController.java

@@ -23,7 +23,7 @@ import java.util.List;
 import org.maxkey.configuration.ApplicationConfig;
 import org.maxkey.constants.ConstantsOperateMessage;
 import org.maxkey.constants.ConstantsProtocols;
-import org.maxkey.crypto.ReciprocalUtils;
+import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.entity.Accounts;
 import org.maxkey.entity.UserInfo;
 import org.maxkey.entity.apps.Apps;
@@ -147,7 +147,7 @@ public class AppListController {
                 @RequestParam("password") String password) {
 
         UserInfo userInfo = WebContext.getUserInfo();
-        String userAppProtectedPassword = ReciprocalUtils.decoder(userInfo.getAppLoginPassword());
+        String userAppProtectedPassword = PasswordReciprocal.getInstance().decoder(userInfo.getAppLoginPassword());
         if (userAppProtectedPassword.equals(password)) {
 
             if (protectedappId.equalsIgnoreCase("YES")) {
@@ -213,7 +213,7 @@ public class AppListController {
             }
             if (appUsers != null) {
                 modelAndView.addObject("identity_username", appUsers.getRelatedUsername());
-                modelAndView.addObject("identity_password", ReciprocalUtils.decoder(appUsers.getRelatedPassword()));
+                modelAndView.addObject("identity_password", PasswordReciprocal.getInstance().decoder(appUsers.getRelatedPassword()));
             } else {
                 modelAndView.addObject("identity_username", "");
                 modelAndView.addObject("identity_password", "");
@@ -256,11 +256,11 @@ public class AppListController {
                 appUsers.setDisplayName(userInfo.getDisplayName());
 
                 appUsers.setRelatedUsername(identity_username);
-                appUsers.setRelatedPassword(ReciprocalUtils.encode(identity_password));
+                appUsers.setRelatedPassword(PasswordReciprocal.getInstance().encode(identity_password));
                 appUsersService.insert(appUsers);
             } else {
                 appUsers.setRelatedUsername(identity_username);
-                appUsers.setRelatedPassword(ReciprocalUtils.encode(identity_password));
+                appUsers.setRelatedPassword(PasswordReciprocal.getInstance().encode(identity_password));
                 appUsersService.update(appUsers);
             }
         }

maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/RegistrationController.java

@@ -27,7 +27,6 @@ import org.apache.ibatis.session.SqlSession;
 import org.apache.ibatis.session.SqlSessionFactory;
 import org.maxkey.configuration.ApplicationConfig;
 import org.maxkey.constants.ConstantsStatus;
-import org.maxkey.crypto.ReciprocalUtils;
 import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.entity.Registration;
 import org.maxkey.entity.UserInfo;
@@ -164,10 +163,9 @@ public class RegistrationController {
 				userInfo.setWorkPhoneNumber(registration.getWorkPhone());
 				userInfo.setEmail(registration.getWorkEmail());
 				userInfo.setStatus(ConstantsStatus.ACTIVE);
-				String rawPassword=PasswordReciprocal.getInstance().rawPassword(userInfo.getUsername(), password);
-				userInfo.setDecipherable(ReciprocalUtils.encode(rawPassword));
+				userInfo.setDecipherable(PasswordReciprocal.getInstance().encode(password));
 				
-				password = passwordEncoder.encode(rawPassword );
+				password = passwordEncoder.encode(password );
 				userInfo.setPassword(password);
 				userInfo.setPasswordLastSetTime(DateUtils.format(new Date(), DateUtils.FORMAT_DATE_YYYY_MM_DD_HH_MM_SS));
 				userInfoService.insert(userInfo);

maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/SafeController.java

@@ -23,7 +23,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.maxkey.constants.ConstantsOperateMessage;
 import org.maxkey.constants.ConstantsPasswordSetType;
 import org.maxkey.constants.ConstantsTimeInterval;
-import org.maxkey.crypto.ReciprocalUtils;
+import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.entity.UserInfo;
 import org.maxkey.persistence.db.PasswordPolicyValidator;
 import org.maxkey.persistence.service.UserInfoService;
@@ -133,10 +133,10 @@ public class SafeController {
 		
 		UserInfo userInfo =WebContext.getUserInfo();
 		_logger.debug("App Login Password : "+userInfo.getAppLoginPassword());
-		_logger.debug("App Login new Password : "+ReciprocalUtils.encode(newPassword));
+		_logger.debug("App Login new Password : "+PasswordReciprocal.getInstance().encode(newPassword));
 		if(newPassword.equals(confirmPassword)){
-			if(StringUtils.isEmpty(userInfo.getAppLoginPassword())||userInfo.getAppLoginPassword().equals(ReciprocalUtils.encode(oldPassword))){
-				userInfo.setAppLoginPassword(ReciprocalUtils.encode(newPassword));
+			if(StringUtils.isEmpty(userInfo.getAppLoginPassword())||userInfo.getAppLoginPassword().equals(PasswordReciprocal.getInstance().encode(oldPassword))){
+				userInfo.setAppLoginPassword(PasswordReciprocal.getInstance().encode(newPassword));
 				boolean change= userInfoService.changeAppLoginPassword(userInfo);
 				_logger.debug(""+change);
 				return  new Message(WebContext.getI18nValue(ConstantsOperateMessage.UPDATE_SUCCESS),MessageType.prompt);

maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/apps/contorller/BaseAppContorller.java

@@ -23,7 +23,6 @@ package org.maxkey.web.apps.contorller;
 import java.io.IOException;
 
 import org.maxkey.constants.ConstantsProtocols;
-import org.maxkey.crypto.ReciprocalUtils;
 import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.entity.apps.Apps;
 import org.maxkey.persistence.service.AppsService;
@@ -84,7 +83,7 @@ public class BaseAppContorller {
 		if(application.getCredential()!=Apps.CREDENTIALS.SHARED){
 			if(application.getProtocol().equals(ConstantsProtocols.FORMBASED)){
 				if(StringUtils.isNotEmpty(application.getSharedPassword())){
-					application.setSharedPassword(ReciprocalUtils.encode(application.getSharedPassword()));
+					application.setSharedPassword(PasswordReciprocal.getInstance().encode(application.getSharedPassword()));
 				}
 			}
 		}
@@ -94,7 +93,7 @@ public class BaseAppContorller {
 		if(application.getCredential()!=Apps.CREDENTIALS.SHARED){
 			if(application.getProtocol().equals(ConstantsProtocols.FORMBASED)){
 				if(StringUtils.isNotEmpty(application.getSharedPassword())){
-					application.setSharedPassword(ReciprocalUtils.decoder(application.getSharedPassword()));
+					application.setSharedPassword(PasswordReciprocal.getInstance().decoder(application.getSharedPassword()));
 				}
 			}
 		}

maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/AccountsController.java

@@ -19,7 +19,7 @@ package org.maxkey.web.contorller;
 
 import org.apache.mybatis.jpa.persistence.JpaPageResults;
 import org.maxkey.constants.ConstantsOperateMessage;
-import org.maxkey.crypto.ReciprocalUtils;
+import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.entity.Accounts;
 import org.maxkey.entity.AccountsStrategy;
 import org.maxkey.entity.UserInfo;
@@ -101,7 +101,7 @@ public class AccountsController {
 	@RequestMapping(value={"/add"})  
 	public Message add(@ModelAttribute("appAccounts") Accounts appAccounts ) {
 		_logger.debug("-update  :" + appAccounts);
-		appAccounts.setRelatedPassword(ReciprocalUtils.encode(appAccounts.getRelatedPassword()));
+		appAccounts.setRelatedPassword(PasswordReciprocal.getInstance().encode(appAccounts.getRelatedPassword()));
 		accountsService.insert(appAccounts);
 		return  new Message(WebContext.getI18nValue(ConstantsOperateMessage.UPDATE_SUCCESS),MessageType.success);
 		
@@ -113,7 +113,7 @@ public class AccountsController {
 		ModelAndView modelAndView=new ModelAndView("/accounts/accountsUpdate");
 		Accounts appAccounts =accountsService.get(id);
 		
-		appAccounts.setRelatedPassword(ReciprocalUtils.decoder(appAccounts.getRelatedPassword()));
+		appAccounts.setRelatedPassword(PasswordReciprocal.getInstance().decoder(appAccounts.getRelatedPassword()));
 		modelAndView.addObject("model",appAccounts);
 		return modelAndView;
 	}
@@ -129,7 +129,7 @@ public class AccountsController {
 	public Message update(@ModelAttribute("appAccounts") Accounts appAccounts ) {
 		_logger.debug("-update  :" + appAccounts);
 		
-		appAccounts.setRelatedPassword(ReciprocalUtils.encode(appAccounts.getRelatedPassword()));
+		appAccounts.setRelatedPassword(PasswordReciprocal.getInstance().encode(appAccounts.getRelatedPassword()));
 		accountsService.update(appAccounts);
 		return  new Message(WebContext.getI18nValue(ConstantsOperateMessage.UPDATE_SUCCESS),MessageType.success);
 		

maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/UserInfoController.java

@@ -37,7 +37,7 @@ import org.apache.poi.ss.usermodel.Sheet;
 import org.apache.poi.ss.usermodel.Workbook;
 import org.maxkey.constants.ConstantsOperateMessage;
 import org.maxkey.constants.ConstantsPasswordSetType;
-import org.maxkey.crypto.ReciprocalUtils;
+import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.entity.ExcelImport;
 import org.maxkey.entity.UserInfo;
 import org.maxkey.persistence.service.UserInfoService;
@@ -162,7 +162,7 @@ public class UserInfoController {
 		UserInfo userInfo = userInfoService.get(id);
 		if(userInfo!=null&&userInfo.getDecipherable()!=null){
 			try{
-				userInfo.setPassword(ReciprocalUtils.decoder(userInfo.getDecipherable()));
+				userInfo.setPassword(PasswordReciprocal.getInstance().decoder(userInfo.getDecipherable()));
 			}catch (Exception e) {
 			}
 			userInfo.setDecipherable(userInfo.getPassword());