PasswordReciprocal optimize

2025-12-07 01:18:27 +08:00 · 2021-12-10 22:35:12 +08:00 · 2021-12-10 22:35:12 +08:00 · df81c2ed68
commit df81c2ed68
parent d5517af26a
20 changed files with 101 additions and 138 deletions
--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeService.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeService.java
@ -25,7 +25,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.maxkey.configuration.ApplicationConfig;
 import org.maxkey.constants.ConstantsTimeInterval;
 import org.maxkey.crypto.Base64Utils;
-import org.maxkey.crypto.ReciprocalUtils;
+import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.util.JsonUtils;
 import org.maxkey.web.WebConstants;
 import org.maxkey.web.WebContext;
@ -71,7 +71,7 @@ public abstract class AbstractRemeberMeService {
            String jsonRemeberMe = JsonUtils.object2Json(remeberMe);
            _logger.debug("Remeber Me JSON " + jsonRemeberMe);
-            jsonRemeberMe = ReciprocalUtils.encode(jsonRemeberMe);
+            jsonRemeberMe = PasswordReciprocal.getInstance().encode(jsonRemeberMe);
            String cookieValue = Base64Utils.base64UrlEncode(jsonRemeberMe.getBytes());
@ -101,7 +101,7 @@ public abstract class AbstractRemeberMeService {
        _logger.debug("Remeber Me JSON " + jsonRemeberMe);
        _logger.debug("Encode Remeber Me JSON ...");
-        jsonRemeberMe = ReciprocalUtils.encode(jsonRemeberMe);
+        jsonRemeberMe = PasswordReciprocal.getInstance().encode(jsonRemeberMe);
        _logger.debug("Encode Remeber Me JSON " + jsonRemeberMe);
        String cookieValue = Base64Utils.base64UrlEncode(jsonRemeberMe.getBytes());
--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/HttpRemeberMeEntryPoint.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/HttpRemeberMeEntryPoint.java
@ -27,7 +27,7 @@ import org.maxkey.authn.LoginCredential;
 import org.maxkey.configuration.ApplicationConfig;
 import org.maxkey.constants.ConstantsLoginType;
 import org.maxkey.crypto.Base64Utils;
-import org.maxkey.crypto.ReciprocalUtils;
+import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.util.JsonUtils;
 import org.maxkey.web.WebConstants;
 import org.maxkey.web.WebContext;
@ -82,7 +82,7 @@ public class HttpRemeberMeEntryPoint implements AsyncHandlerInterceptor {
        remeberMe = new String(Base64Utils.base64UrlDecode(remeberMe));
-        remeberMe = ReciprocalUtils.decoder(remeberMe);
+        remeberMe = PasswordReciprocal.getInstance().decoder(remeberMe);
        _logger.debug("decoder RemeberMe : " + remeberMe);
        RemeberMe remeberMeCookie = new RemeberMe();
--- a/maxkey-common/src/main/java/org/maxkey/crypto/ReciprocalUtils.java
+++ b/maxkey-common/src/main/java/org/maxkey/crypto/ReciprocalUtils.java
@ -132,55 +132,18 @@ public final class ReciprocalUtils {
        return null;
    }
-    public static byte[] encodeByDefaultKey(String simple, String algorithm) {
+    public static String generatorDefaultKey(String secretKey,String algorithm) {
        SecretKey key = generatorDefaultKey(algorithm);
        return encode(simple.getBytes(), key, algorithm);
    }
    public static String encode2HexByDefaultKey(String simple, String algorithm) {
        byte[] byteFinal = encodeByDefaultKey(simple, algorithm);
        String cipherHex = HexUtils.bytes2HexString(byteFinal);
        return cipherHex;
    }
    public static byte[] decoderByDefaultKey(byte[] byteCiphers, String algorithm) {
        SecretKey key = generatorDefaultKey(algorithm);
        return decoder(byteCiphers, key, algorithm);
    }
    public static String decoderHexByDefaultKey(String ciphers, String algorithm) {
        if(StringUtils.isBlank(ciphers))return "";
        byte[] byteSimple = HexUtils.hex2Bytes(ciphers);
        byte[] byteFinal = decoderByDefaultKey(byteSimple, algorithm);
        String simple = null;
        try {
-            simple = new String(byteFinal, "UTF-8");
+            secretKey = secretKey + defaultKey;
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        }
        return simple;
    }
    public static SecretKey generatorDefaultKey(String algorithm) {
        try {
            String secretKey = defaultKey;
            if (algorithm.equals(Algorithm.DES)) {
-                secretKey = defaultKey.substring(0, 8);
+                secretKey = secretKey.substring(0, 8);
            } else if (algorithm.equals(Algorithm.AES) || algorithm.equals(Algorithm.Blowfish)) {
-                secretKey = defaultKey.substring(0, 16);
+                secretKey = secretKey.substring(0, 16);
            } else if (algorithm.equals(Algorithm.DESede)) {
-                secretKey = defaultKey.substring(0, 24);
+                secretKey = secretKey.substring(0, 24);
            }
            // System.out.println("defaultKey : "+secretKey);
-            SecretKey key = new SecretKeySpec(secretKey.getBytes(), algorithm);
+           return secretKey;
            return key;
        } catch (Exception e) {
            e.printStackTrace();
        }
@ -216,7 +179,17 @@ public final class ReciprocalUtils {
        }
        return null;
    }
    public static String encode2Hex(String simple, String secretKey) {
    	String key = generatorDefaultKey(secretKey + defaultKey,Algorithm.DESede);
    	return encode2Hex(simple,key, Algorithm.DESede);
    }
    public static String decoderHex(String ciphers, String secretKey) {
    	String key = generatorDefaultKey(secretKey + defaultKey,Algorithm.DESede);
    	return decoderHex(ciphers,key,Algorithm.DESede);
    }
    private static boolean keyLengthCheck(String secretKey, String algorithm) {
        boolean lengthCheck = false;
        if (algorithm.equals(Algorithm.DES)) {
@ -264,27 +237,6 @@ public final class ReciprocalUtils {
        return decoderHex(ciphers, secretKey, Algorithm.AES);
    }
    /**
     * encode by defaultKey with Algorithm.AES
     * 
     * @param simple
     * @return Hex
     */
    public static String encode(String simple) {
        return encode2HexByDefaultKey(simple, Algorithm.AES);
    }
    /**
     * decoder by defaultKey with Algorithm.AES
     * 
     * @param ciphers is HEX
     * 
     * @return
     */
    public static String decoder(String ciphers) {
        return decoderHexByDefaultKey(ciphers, Algorithm.AES);
    }
    public static String generateKey(String algorithm) {
        if (algorithm.equals(Algorithm.DES)) {
            return (new StringGenerator(8)).randomGenerate();
--- a/maxkey-common/src/main/java/org/maxkey/crypto/password/PasswordReciprocal.java
+++ b/maxkey-common/src/main/java/org/maxkey/crypto/password/PasswordReciprocal.java
@ -18,6 +18,7 @@
 package org.maxkey.crypto.password;
 import org.maxkey.crypto.ReciprocalUtils;
 import org.springframework.security.crypto.bcrypt.BCrypt;
 import org.springframework.security.crypto.password.PasswordEncoder;
 /**
@ -27,8 +28,10 @@ import org.springframework.security.crypto.password.PasswordEncoder;
 */
 public class PasswordReciprocal implements PasswordEncoder {
 	public static int PREFFIX_LENGTH = 7;
    public static PasswordReciprocal passwordReciprocal;
-
+    
    public PasswordReciprocal() {
    }
@ -45,24 +48,38 @@ public class PasswordReciprocal implements PasswordEncoder {
        return passwordReciprocal;
    }
-
+    
-    public String rawPassword(String username, String password) {
+    public String decoder(CharSequence encodedPassword) {
-        return password + "@" + username;
+    	String salt = encodedPassword.subSequence(0, 29).toString();
-    }
+    	encodedPassword = encodedPassword.subSequence(29, encodedPassword.length());
-
+    	String plain = ReciprocalUtils.decoderHex(encodedPassword.toString(), salt.substring(PREFFIX_LENGTH));
-    public String encode(CharSequence rawPassword) {
+        return plain.substring(salt.substring(PREFFIX_LENGTH).length());
        return ReciprocalUtils.encode(rawPassword.toString());
    }
    public boolean matches(CharSequence rawPassword, String encodedPassword) {
-        return ReciprocalUtils.encode(rawPassword.toString()).equals(encodedPassword);
+    	String salt = encodedPassword.subSequence(0, 29).toString();
    	String finalPassword = encode(rawPassword,salt);
        return finalPassword.equals(encodedPassword);//ReciprocalUtils.encode(rawPassword.toString()).equals(encodedPassword);
    }
-    public String decoder(CharSequence encodedPassword) {
+    /**
-        if(encodedPassword == null || encodedPassword.equals("")) {
+     * salt
-            return "";
+     * length 29
-        }
+     * @return salt
-        return ReciprocalUtils.decoder(encodedPassword.toString());
+     */
    public String gensalt() {
    	return BCrypt.gensalt("$2a", 10);
    }
 	@Override
 	public String encode(CharSequence plain) {
 		//$2a$10$
    	String salt = gensalt();
        return encode(plain, salt);
 	}
 	private String encode(CharSequence plain,String salt) {
    	String password = salt.substring(PREFFIX_LENGTH) + plain ;
        return salt + ReciprocalUtils.encode2Hex(password , salt.substring(PREFFIX_LENGTH));
 	}
 }
--- a/maxkey-common/src/test/java/org/maxkey/crypto/ReciprocalUtilsTest.java
+++ b/maxkey-common/src/test/java/org/maxkey/crypto/ReciprocalUtilsTest.java
@ -20,6 +20,7 @@ package org.maxkey.crypto;
 import java.io.UnsupportedEncodingException;
 import org.junit.Test;
 import org.maxkey.crypto.password.PasswordReciprocal;
 public class ReciprocalUtilsTest {
 	@Test
@ -53,18 +54,13 @@ public class ReciprocalUtilsTest {
 		 System.out.println(urldcode);*/
-		System.out.println( ReciprocalUtils.decoder("76efad66eb7d10140dc2d9ef41c51df0"));
+
 		String encoderString="root";
-		System.out.println( ReciprocalUtils.encode(encoderString));
+		encoderString = PasswordReciprocal.getInstance().encode(encoderString);
 		System.out.println( encoderString);
-	    encoderString="ead67db5c4f55eace090ab0044682451";
+		encoderString=PasswordReciprocal.getInstance().decoder(encoderString);
 		encoderString=ReciprocalUtils.decoder(encoderString);
 		System.out.println(encoderString );
--- a/maxkey-common/src/test/java/org/maxkey/crypto/password/PasswordReciprocalTest.java
+++ b/maxkey-common/src/test/java/org/maxkey/crypto/password/PasswordReciprocalTest.java
@ -27,11 +27,16 @@ public class PasswordReciprocalTest {
 	public static void main(String[] args) {
 		BCryptPasswordEncoder spe= new BCryptPasswordEncoder();
-		String pass=PasswordReciprocal.getInstance().rawPassword("admin", "admin");
+		//String pass=PasswordReciprocal.getInstance().rawPassword("admin", "admin");
 		String pass ="x8zPbCya";
 		String epass=spe.encode(pass);
 		System.out.println("PasswordEncoder "+epass); 
-		System.out.println(PasswordReciprocal.getInstance().decoder("f1ee1e9b912f05333a06925c99daf9c0"));
+		String encode = PasswordReciprocal.getInstance().encode(pass);
 		System.out.println(encode);
 		System.out.println(PasswordReciprocal.getInstance().decoder(encode));
 		System.out.println(PasswordReciprocal.getInstance().matches(pass,encode));
 	}
 }
--- a/maxkey-persistence/src/main/java/org/maxkey/persistence/service/AccountsService.java
+++ b/maxkey-persistence/src/main/java/org/maxkey/persistence/service/AccountsService.java
@ -21,7 +21,7 @@ import java.util.List;
 import org.apache.mybatis.jpa.persistence.JpaBaseService;
 import org.maxkey.constants.ConstantsStatus;
-import org.maxkey.crypto.ReciprocalUtils;
+import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.entity.Accounts;
 import org.maxkey.entity.AccountsStrategy;
 import org.maxkey.entity.OrganizationsCast;
@ -141,7 +141,7 @@ public class AccountsService  extends JpaBaseService<Accounts>{
           account.setUsername(user.getUsername());
           account.setDisplayName(user.getDisplayName());
           account.setRelatedUsername(generateAccount(user,strategy));
-           account.setRelatedPassword(ReciprocalUtils.encode(userInfoService.randomPassword()));
+           account.setRelatedPassword(PasswordReciprocal.getInstance().encode(userInfoService.randomPassword()));
           account.setCreateType("automatic");
           account.setStatus(ConstantsStatus.ACTIVE);
--- a/maxkey-persistence/src/main/java/org/maxkey/persistence/service/UserInfoService.java
+++ b/maxkey-persistence/src/main/java/org/maxkey/persistence/service/UserInfoService.java
@ -20,7 +20,6 @@ package org.maxkey.persistence.service;
 import org.apache.mybatis.jpa.persistence.JpaBaseService;
 import org.maxkey.constants.ConstantsStatus;
 import org.maxkey.crypto.ReciprocalUtils;
 import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.entity.Accounts;
 import org.maxkey.entity.ChangePassword;
@ -205,7 +204,7 @@ public class UserInfoService extends JpaBaseService<UserInfo> {
 	    //密码不为空，则需要进行加密处理
 	    if(userInfo.getPassword()!=null && !userInfo.getPassword().equals("")) {
    	    String password = passwordEncoder.encode(userInfo.getPassword());
-            userInfo.setDecipherable(ReciprocalUtils.encode(PasswordReciprocal.getInstance().rawPassword(userInfo.getUsername(), userInfo.getPassword())));
+            userInfo.setDecipherable(PasswordReciprocal.getInstance().encode(userInfo.getPassword()));
            _logger.debug("decipherable : "+userInfo.getDecipherable());
            userInfo.setPassword(password);
            userInfo.setPasswordLastSetTime(DateUtils.getCurrentDateTimeAsString());
@ -263,8 +262,7 @@ public class UserInfoService extends JpaBaseService<UserInfo> {
    public boolean changePassword(UserInfo changeUserInfo,boolean passwordPolicy) {
        try {
            _logger.debug("decipherable old : " + changeUserInfo.getDecipherable());
-            _logger.debug("decipherable new : " + ReciprocalUtils.encode(PasswordReciprocal.getInstance()
+            _logger.debug("decipherable new : " + PasswordReciprocal.getInstance().encode(changeUserInfo.getPassword()));
                    .rawPassword(changeUserInfo.getUsername(), changeUserInfo.getPassword())));
            if (passwordPolicy && passwordPolicyValidator.validator(changeUserInfo) == false) {
                return false;
--- a/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java
@ -22,7 +22,7 @@ package org.maxkey.authz.endpoint;
 import org.apache.commons.lang3.StringUtils;
 import org.maxkey.configuration.ApplicationConfig;
-import org.maxkey.crypto.ReciprocalUtils;
+import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.entity.Accounts;
 import org.maxkey.entity.UserInfo;
 import org.maxkey.entity.apps.Apps;
@ -80,12 +80,12 @@ public class AuthorizeBaseEndpoint {
 			account=accountsService.load(new Accounts(userInfo.getId(),loadApp.getId()));
 			if(account!=null){
-				account.setRelatedPassword(ReciprocalUtils.decoder(account.getRelatedPassword()));
+				account.setRelatedPassword(PasswordReciprocal.getInstance().decoder(account.getRelatedPassword()));
 			}
 		}else if(loadApp.getCredential()==Apps.CREDENTIALS.SHARED){
 			account.setRelatedUsername(loadApp.getSharedUsername());
-			account.setRelatedPassword(ReciprocalUtils.decoder(loadApp.getSharedPassword()));
+			account.setRelatedPassword(PasswordReciprocal.getInstance().decoder(loadApp.getSharedPassword()));
 		}else if(loadApp.getCredential()==Apps.CREDENTIALS.SYSTEM){
@ -101,7 +101,7 @@ public class AuthorizeBaseEndpoint {
 				account.setUsername(userInfo.getWindowsAccount());
 			}
 			//decoder database stored encode password
-			account.setRelatedPassword(ReciprocalUtils.decoder(WebContext.getUserInfo().getDecipherable()));
+			account.setRelatedPassword(PasswordReciprocal.getInstance().decoder(WebContext.getUserInfo().getDecipherable()));
 		}else if(loadApp.getCredential()==Apps.CREDENTIALS.NONE){
--- a/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeCredentialEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeCredentialEndpoint.java
@ -21,8 +21,7 @@
 package org.maxkey.authz.endpoint;
 import javax.servlet.http.HttpServletRequest;
-
+import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.crypto.ReciprocalUtils;
 import org.maxkey.entity.Accounts;
 import org.maxkey.entity.UserInfo;
 import org.maxkey.util.StringUtils;
@ -76,7 +75,7 @@ public class AuthorizeCredentialEndpoint extends AuthorizeBaseEndpoint{
 			appUser.setAppName(getApp(appId).getName());
 			appUser.setRelatedUsername(identity_username);
-			appUser.setRelatedPassword(ReciprocalUtils.encode(identity_password));
+			appUser.setRelatedPassword(PasswordReciprocal.getInstance().encode(identity_password));
 			if(accountsService.insert(appUser)){
--- a/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeProtectedEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeProtectedEndpoint.java
@ -21,8 +21,7 @@
 package org.maxkey.authz.endpoint;
 import javax.servlet.http.HttpServletRequest;
-
+import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.crypto.ReciprocalUtils;
 import org.maxkey.entity.UserInfo;
 import org.maxkey.web.WebConstants;
 import org.maxkey.web.WebContext;
@ -52,7 +51,7 @@ public class AuthorizeProtectedEndpoint{
 			@RequestParam("password") String password,
 			@RequestParam("redirect_uri") String redirect_uri){
 		 UserInfo userInfo=WebContext.getUserInfo();
-		if( userInfo.getAppLoginPassword().equals(ReciprocalUtils.encode(password))){
+		if( userInfo.getAppLoginPassword().equals(PasswordReciprocal.getInstance().encode(password))){
 			WebContext.setAttribute(WebConstants.CURRENT_SINGLESIGNON_URI, redirect_uri);
 			return WebContext.redirect(redirect_uri);
 		}
--- a/maxkey-protocols/maxkey-protocol-jwt/src/main/java/org/maxkey/authz/jwt/endpoint/adapter/JwtHS256Adapter.java
+++ b/maxkey-protocols/maxkey-protocol-jwt/src/main/java/org/maxkey/authz/jwt/endpoint/adapter/JwtHS256Adapter.java
@ -25,9 +25,9 @@ import org.joda.time.DateTime;
 import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
 import org.maxkey.configuration.oidc.OIDCProviderMetadata;
 import org.maxkey.crypto.ReciprocalUtils;
 import org.maxkey.crypto.jwt.signer.service.JwtSigningAndValidationService;
 import org.maxkey.crypto.jwt.signer.service.impl.SymmetricSigningAndValidationServiceBuilder;
 import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.entity.UserInfo;
 import org.maxkey.entity.apps.Apps;
 import org.maxkey.entity.apps.AppsJwtDetails;
@ -79,7 +79,7 @@ public class JwtHS256Adapter extends AbstractAuthorizeAdapter {
 		JWT jwtToken = new PlainJWT(jwtClaims);
-		String sharedSecret=ReciprocalUtils.decoder(details.getAlgorithmKey());
+		String sharedSecret=PasswordReciprocal.getInstance().decoder(details.getAlgorithmKey());
 		_logger.debug("jwt sharedSecret : "+sharedSecret);
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/OpenIdConnectUserInfoEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/OpenIdConnectUserInfoEndpoint.java
@ -31,11 +31,11 @@ import org.maxkey.authz.oauth2.provider.ClientDetailsService;
 import org.maxkey.authz.oauth2.provider.OAuth2Authentication;
 import org.maxkey.authz.oauth2.provider.token.DefaultTokenServices;
 import org.maxkey.constants.ContentType;
 import org.maxkey.crypto.ReciprocalUtils;
 import org.maxkey.crypto.jwt.encryption.service.JwtEncryptionAndDecryptionService;
 import org.maxkey.crypto.jwt.encryption.service.impl.RecipientJwtEncryptionAndDecryptionServiceBuilder;
 import org.maxkey.crypto.jwt.signer.service.JwtSigningAndValidationService;
 import org.maxkey.crypto.jwt.signer.service.impl.SymmetricSigningAndValidationServiceBuilder;
 import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.entity.UserInfo;
 import org.maxkey.entity.apps.oauth2.provider.ClientDetails;
 import org.maxkey.persistence.service.AppsService;
@ -233,7 +233,7 @@ public class OpenIdConnectUserInfoEndpoint {
 						|| signingAlg.equals(JWSAlgorithm.HS384)
 						|| signingAlg.equals(JWSAlgorithm.HS512)) {
 					// sign it with the client's secret
-					String client_secret=ReciprocalUtils.decoder(clientDetails.getClientSecret());
+					String client_secret=PasswordReciprocal.getInstance().decoder(clientDetails.getClientSecret());
 					JwtSigningAndValidationService symmetricJwtSignerService =symmetricJwtSignerServiceBuilder.serviceBuilder(client_secret);
 					if(symmetricJwtSignerService!=null){
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oidc/idtoken/OIDCIdTokenEnhancer.java
+++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oidc/idtoken/OIDCIdTokenEnhancer.java
@ -34,11 +34,11 @@ import org.maxkey.authz.oauth2.provider.OAuth2Authentication;
 import org.maxkey.authz.oauth2.provider.OAuth2Request;
 import org.maxkey.authz.oauth2.provider.token.TokenEnhancer;
 import org.maxkey.configuration.oidc.OIDCProviderMetadata;
 import org.maxkey.crypto.ReciprocalUtils;
 import org.maxkey.crypto.jwt.encryption.service.JwtEncryptionAndDecryptionService;
 import org.maxkey.crypto.jwt.encryption.service.impl.RecipientJwtEncryptionAndDecryptionServiceBuilder;
 import org.maxkey.crypto.jwt.signer.service.JwtSigningAndValidationService;
 import org.maxkey.crypto.jwt.signer.service.impl.SymmetricSigningAndValidationServiceBuilder;
 import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.entity.apps.oauth2.provider.ClientDetails;
 import org.maxkey.web.WebContext;
@ -174,7 +174,7 @@ public class OIDCIdTokenEnhancer implements TokenEnhancer {
 							|| signingAlg.equals(JWSAlgorithm.HS384)
 							|| signingAlg.equals(JWSAlgorithm.HS512)) {
 						// sign it with the client's secret
-						String client_secret=ReciprocalUtils.decoder(clientDetails.getClientSecret());
+						String client_secret=PasswordReciprocal.getInstance().decoder(clientDetails.getClientSecret());
 						JwtSigningAndValidationService symmetricJwtSignerService =symmetricJwtSignerServiceBuilder.serviceBuilder(client_secret);
 						if(symmetricJwtSignerService!=null){
--- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/AppListController.java
+++ b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/AppListController.java
@ -23,7 +23,7 @@ import java.util.List;
 import org.maxkey.configuration.ApplicationConfig;
 import org.maxkey.constants.ConstantsOperateMessage;
 import org.maxkey.constants.ConstantsProtocols;
-import org.maxkey.crypto.ReciprocalUtils;
+import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.entity.Accounts;
 import org.maxkey.entity.UserInfo;
 import org.maxkey.entity.apps.Apps;
@ -147,7 +147,7 @@ public class AppListController {
                @RequestParam("password") String password) {
        UserInfo userInfo = WebContext.getUserInfo();
-        String userAppProtectedPassword = ReciprocalUtils.decoder(userInfo.getAppLoginPassword());
+        String userAppProtectedPassword = PasswordReciprocal.getInstance().decoder(userInfo.getAppLoginPassword());
        if (userAppProtectedPassword.equals(password)) {
            if (protectedappId.equalsIgnoreCase("YES")) {
@ -213,7 +213,7 @@ public class AppListController {
            }
            if (appUsers != null) {
                modelAndView.addObject("identity_username", appUsers.getRelatedUsername());
-                modelAndView.addObject("identity_password", ReciprocalUtils.decoder(appUsers.getRelatedPassword()));
+                modelAndView.addObject("identity_password", PasswordReciprocal.getInstance().decoder(appUsers.getRelatedPassword()));
            } else {
                modelAndView.addObject("identity_username", "");
                modelAndView.addObject("identity_password", "");
@ -256,11 +256,11 @@ public class AppListController {
                appUsers.setDisplayName(userInfo.getDisplayName());
                appUsers.setRelatedUsername(identity_username);
-                appUsers.setRelatedPassword(ReciprocalUtils.encode(identity_password));
+                appUsers.setRelatedPassword(PasswordReciprocal.getInstance().encode(identity_password));
                appUsersService.insert(appUsers);
            } else {
                appUsers.setRelatedUsername(identity_username);
-                appUsers.setRelatedPassword(ReciprocalUtils.encode(identity_password));
+                appUsers.setRelatedPassword(PasswordReciprocal.getInstance().encode(identity_password));
                appUsersService.update(appUsers);
            }
        }
--- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/RegistrationController.java
+++ b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/RegistrationController.java
@ -27,7 +27,6 @@ import org.apache.ibatis.session.SqlSession;
 import org.apache.ibatis.session.SqlSessionFactory;
 import org.maxkey.configuration.ApplicationConfig;
 import org.maxkey.constants.ConstantsStatus;
 import org.maxkey.crypto.ReciprocalUtils;
 import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.entity.Registration;
 import org.maxkey.entity.UserInfo;
@ -164,10 +163,9 @@ public class RegistrationController {
 				userInfo.setWorkPhoneNumber(registration.getWorkPhone());
 				userInfo.setEmail(registration.getWorkEmail());
 				userInfo.setStatus(ConstantsStatus.ACTIVE);
-				String rawPassword=PasswordReciprocal.getInstance().rawPassword(userInfo.getUsername(), password);
+				userInfo.setDecipherable(PasswordReciprocal.getInstance().encode(password));
 				userInfo.setDecipherable(ReciprocalUtils.encode(rawPassword));
-				password = passwordEncoder.encode(rawPassword );
+				password = passwordEncoder.encode(password );
 				userInfo.setPassword(password);
 				userInfo.setPasswordLastSetTime(DateUtils.format(new Date(), DateUtils.FORMAT_DATE_YYYY_MM_DD_HH_MM_SS));
 				userInfoService.insert(userInfo);
--- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/SafeController.java
+++ b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/SafeController.java
@ -23,7 +23,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.maxkey.constants.ConstantsOperateMessage;
 import org.maxkey.constants.ConstantsPasswordSetType;
 import org.maxkey.constants.ConstantsTimeInterval;
-import org.maxkey.crypto.ReciprocalUtils;
+import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.entity.UserInfo;
 import org.maxkey.persistence.db.PasswordPolicyValidator;
 import org.maxkey.persistence.service.UserInfoService;
@ -133,10 +133,10 @@ public class SafeController {
 		UserInfo userInfo =WebContext.getUserInfo();
 		_logger.debug("App Login Password : "+userInfo.getAppLoginPassword());
-		_logger.debug("App Login new Password : "+ReciprocalUtils.encode(newPassword));
+		_logger.debug("App Login new Password : "+PasswordReciprocal.getInstance().encode(newPassword));
 		if(newPassword.equals(confirmPassword)){
-			if(StringUtils.isEmpty(userInfo.getAppLoginPassword())||userInfo.getAppLoginPassword().equals(ReciprocalUtils.encode(oldPassword))){
+			if(StringUtils.isEmpty(userInfo.getAppLoginPassword())||userInfo.getAppLoginPassword().equals(PasswordReciprocal.getInstance().encode(oldPassword))){
-				userInfo.setAppLoginPassword(ReciprocalUtils.encode(newPassword));
+				userInfo.setAppLoginPassword(PasswordReciprocal.getInstance().encode(newPassword));
 				boolean change= userInfoService.changeAppLoginPassword(userInfo);
 				_logger.debug(""+change);
 				return  new Message(WebContext.getI18nValue(ConstantsOperateMessage.UPDATE_SUCCESS),MessageType.prompt);
--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/apps/contorller/BaseAppContorller.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/apps/contorller/BaseAppContorller.java
@ -23,7 +23,6 @@ package org.maxkey.web.apps.contorller;
 import java.io.IOException;
 import org.maxkey.constants.ConstantsProtocols;
 import org.maxkey.crypto.ReciprocalUtils;
 import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.entity.apps.Apps;
 import org.maxkey.persistence.service.AppsService;
@ -84,7 +83,7 @@ public class BaseAppContorller {
 		if(application.getCredential()!=Apps.CREDENTIALS.SHARED){
 			if(application.getProtocol().equals(ConstantsProtocols.FORMBASED)){
 				if(StringUtils.isNotEmpty(application.getSharedPassword())){
-					application.setSharedPassword(ReciprocalUtils.encode(application.getSharedPassword()));
+					application.setSharedPassword(PasswordReciprocal.getInstance().encode(application.getSharedPassword()));
 				}
 			}
 		}
@ -94,7 +93,7 @@ public class BaseAppContorller {
 		if(application.getCredential()!=Apps.CREDENTIALS.SHARED){
 			if(application.getProtocol().equals(ConstantsProtocols.FORMBASED)){
 				if(StringUtils.isNotEmpty(application.getSharedPassword())){
-					application.setSharedPassword(ReciprocalUtils.decoder(application.getSharedPassword()));
+					application.setSharedPassword(PasswordReciprocal.getInstance().decoder(application.getSharedPassword()));
 				}
 			}
 		}
--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/AccountsController.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/AccountsController.java
@ -19,7 +19,7 @@ package org.maxkey.web.contorller;
 import org.apache.mybatis.jpa.persistence.JpaPageResults;
 import org.maxkey.constants.ConstantsOperateMessage;
-import org.maxkey.crypto.ReciprocalUtils;
+import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.entity.Accounts;
 import org.maxkey.entity.AccountsStrategy;
 import org.maxkey.entity.UserInfo;
@ -101,7 +101,7 @@ public class AccountsController {
 	@RequestMapping(value={"/add"})  
 	public Message add(@ModelAttribute("appAccounts") Accounts appAccounts ) {
 		_logger.debug("-update  :" + appAccounts);
-		appAccounts.setRelatedPassword(ReciprocalUtils.encode(appAccounts.getRelatedPassword()));
+		appAccounts.setRelatedPassword(PasswordReciprocal.getInstance().encode(appAccounts.getRelatedPassword()));
 		accountsService.insert(appAccounts);
 		return  new Message(WebContext.getI18nValue(ConstantsOperateMessage.UPDATE_SUCCESS),MessageType.success);
@ -113,7 +113,7 @@ public class AccountsController {
 		ModelAndView modelAndView=new ModelAndView("/accounts/accountsUpdate");
 		Accounts appAccounts =accountsService.get(id);
-		appAccounts.setRelatedPassword(ReciprocalUtils.decoder(appAccounts.getRelatedPassword()));
+		appAccounts.setRelatedPassword(PasswordReciprocal.getInstance().decoder(appAccounts.getRelatedPassword()));
 		modelAndView.addObject("model",appAccounts);
 		return modelAndView;
 	}
@ -129,7 +129,7 @@ public class AccountsController {
 	public Message update(@ModelAttribute("appAccounts") Accounts appAccounts ) {
 		_logger.debug("-update  :" + appAccounts);
-		appAccounts.setRelatedPassword(ReciprocalUtils.encode(appAccounts.getRelatedPassword()));
+		appAccounts.setRelatedPassword(PasswordReciprocal.getInstance().encode(appAccounts.getRelatedPassword()));
 		accountsService.update(appAccounts);
 		return  new Message(WebContext.getI18nValue(ConstantsOperateMessage.UPDATE_SUCCESS),MessageType.success);
--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/UserInfoController.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/UserInfoController.java
@ -37,7 +37,7 @@ import org.apache.poi.ss.usermodel.Sheet;
 import org.apache.poi.ss.usermodel.Workbook;
 import org.maxkey.constants.ConstantsOperateMessage;
 import org.maxkey.constants.ConstantsPasswordSetType;
-import org.maxkey.crypto.ReciprocalUtils;
+import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.entity.ExcelImport;
 import org.maxkey.entity.UserInfo;
 import org.maxkey.persistence.service.UserInfoService;
@ -162,7 +162,7 @@ public class UserInfoController {
 		UserInfo userInfo = userInfoService.get(id);
 		if(userInfo!=null&&userInfo.getDecipherable()!=null){
 			try{
-				userInfo.setPassword(ReciprocalUtils.decoder(userInfo.getDecipherable()));
+				userInfo.setPassword(PasswordReciprocal.getInstance().decoder(userInfo.getDecipherable()));
 			}catch (Exception e) {
 			}
 			userInfo.setDecipherable(userInfo.getPassword());