From 7f46153951cd0c524784433b04affe7812975bc2 Mon Sep 17 00:00:00 2001
From: Mahammed Taheer <mohd.taheer@gmail.com>
Date: Thu, 23 Nov 2023 19:15:50 +0530
Subject: [PATCH] Corrected password hash & salt sharing logic.

Signed-off-by: Mahammed Taheer <mohd.taheer@gmail.com>
---
 .../impl/match/PasswordMatchingStrategy.java        | 13 ++++++++++---
 .../core/constant/IdAuthCommonConstants.java        |  2 ++
 .../core/spi/indauth/match/IdInfoFetcher.java       |  5 ++++-
 3 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/authentication/authentication-common/src/main/java/io/mosip/authentication/common/service/impl/match/PasswordMatchingStrategy.java b/authentication/authentication-common/src/main/java/io/mosip/authentication/common/service/impl/match/PasswordMatchingStrategy.java
index 723a95279c9..a567dedf1fe 100644
--- a/authentication/authentication-common/src/main/java/io/mosip/authentication/common/service/impl/match/PasswordMatchingStrategy.java
+++ b/authentication/authentication-common/src/main/java/io/mosip/authentication/common/service/impl/match/PasswordMatchingStrategy.java
@@ -1,8 +1,11 @@
 package io.mosip.authentication.common.service.impl.match;
 
 import static io.mosip.authentication.core.constant.IdAuthCommonConstants.SEMI_COLON;
+import static io.mosip.authentication.core.constant.IdAuthCommonConstants.COLON;
 
+import java.util.Arrays;
 import java.util.Map;
+import java.util.stream.Collectors;
 
 import io.mosip.authentication.core.constant.IdAuthCommonConstants;
 import io.mosip.authentication.core.constant.IdAuthenticationErrorConstants;
@@ -24,9 +27,13 @@ public enum PasswordMatchingStrategy implements MatchingStrategy {
                 ComparePasswordFunction func = (ComparePasswordFunction) object;
                 Map<String, String> entityInfoMap = (Map<String, String>) entityInfo;
                 Map<String, String> reqInfoMap = (Map<String, String>) reqInfo;
-                String[] hashSaltValue = entityInfoMap.get("password").split(SEMI_COLON);
-                String passwordHashedValue = hashSaltValue[0];
-                String salt = hashSaltValue[1];
+                String hashSaltValue = entityInfoMap.get(IdaIdMapping.PASSWORD.getIdname());
+                Map<String, String> passwordMap = Arrays.stream(hashSaltValue.split(SEMI_COLON))
+                                                        .map(str -> str.split(String.valueOf(COLON), 2))
+        						                        .collect(Collectors.toMap(strArr -> strArr[0].trim(), strArr -> strArr[1].trim()));
+
+                String passwordHashedValue = passwordMap.get(IdAuthCommonConstants.HASH);
+                String salt = passwordMap.get(IdAuthCommonConstants.SALT);
                 String reqInfoValue = reqInfoMap.get(IdaIdMapping.PASSWORD.getIdname());
 				boolean matched = func.matchPasswordFunction(reqInfoValue, passwordHashedValue, salt);
                 return !matched ? 0 : 100;
diff --git a/authentication/authentication-core/src/main/java/io/mosip/authentication/core/constant/IdAuthCommonConstants.java b/authentication/authentication-core/src/main/java/io/mosip/authentication/core/constant/IdAuthCommonConstants.java
index 04f3fc39f0c..9ec8fe6d3d2 100644
--- a/authentication/authentication-core/src/main/java/io/mosip/authentication/core/constant/IdAuthCommonConstants.java
+++ b/authentication/authentication-core/src/main/java/io/mosip/authentication/core/constant/IdAuthCommonConstants.java
@@ -449,6 +449,8 @@ public final class IdAuthCommonConstants {
 
 	public static final String PASSWORD = "password";
 
+	public static final String SALT = "salt";
+
 	public static final String SEMI_COLON = ";";
 
 	private IdAuthCommonConstants() {
diff --git a/authentication/authentication-core/src/main/java/io/mosip/authentication/core/spi/indauth/match/IdInfoFetcher.java b/authentication/authentication-core/src/main/java/io/mosip/authentication/core/spi/indauth/match/IdInfoFetcher.java
index 2d168eeb52e..237e97b6a22 100644
--- a/authentication/authentication-core/src/main/java/io/mosip/authentication/core/spi/indauth/match/IdInfoFetcher.java
+++ b/authentication/authentication-core/src/main/java/io/mosip/authentication/core/spi/indauth/match/IdInfoFetcher.java
@@ -2,6 +2,7 @@
 
 import static io.mosip.authentication.core.constant.IdAuthCommonConstants.PASSWORD;
 import static io.mosip.authentication.core.constant.IdAuthCommonConstants.SEMI_COLON;
+import static io.mosip.authentication.core.constant.IdAuthCommonConstants.COLON;
 
 import java.util.Collections;
 import java.util.List;
@@ -239,7 +240,9 @@ public static Map<String, List<IdentityInfoDTO>> getIdInfo(Map<String, Object> i
 				return Stream.of(idInfo).collect(Collectors.toList());
 			} else if (entry.getKey().equals(PASSWORD) && val instanceof Map) {
 				Map<String, String> map = (Map<String, String>) val;
-				String passwordData = map.entrySet().stream().map(mapEntry -> mapEntry.getValue() ).collect(Collectors.joining(SEMI_COLON));
+				String passwordData = map.entrySet().stream()
+										 .map(mapEntry -> mapEntry.getKey().trim() + String.valueOf(COLON) + mapEntry.getValue().trim())
+										 .collect(Collectors.joining(SEMI_COLON));
 				IdentityInfoDTO idInfo = new IdentityInfoDTO();
 				idInfo.setValue(String.valueOf(passwordData));
 				return Stream.of(idInfo).collect(Collectors.toList());