resolveHasher defaults to NOOP

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/support/Hasher.java

@@ -438,7 +438,8 @@ public static Hasher resolve(String name) {
 
     /**
      * Returns a {@link Hasher} instance that can be used to verify the {@code hash} by inspecting the
-     * hash prefix and determining the algorithm used for its generation.
+     * hash prefix and determining the algorithm used for its generation. If no specific algorithm
+     * prefix, can be determined {@code Hasher.NOOP} is returned.
      *
      * @param hash the char array from which the hashing algorithm is to be deduced
      * @return the hasher that can be used for validation
@@ -457,7 +458,8 @@ public static Hasher resolveFromHash(char[] hash) {
         } else if (CharArrays.charsBeginsWith(SSHA256_PREFIX, hash)) {
             return Hasher.SSHA256;
         } else {
-            throw new IllegalArgumentException("unknown hash format for hash [" + new String(hash) + "]");
+            // This is either a non hashed password from cache or a corrupted hash string.
+            return Hasher.NOOP;
         }
     }
 
@@ -471,13 +473,8 @@ public static Hasher resolveFromHash(char[] hash) {
      * @return true if the hash corresponds to the data, false otherwise
      */
     public static boolean verifyHash(SecureString data, char[] hash) {
-        try {
-            final Hasher hasher = resolveFromHash(hash);
-            return hasher.verify(data, hash);
-        } catch (IllegalArgumentException e) {
-            // The password hash format is invalid, we're unable to verify password
-            return false;
-        }
+        final Hasher hasher = resolveFromHash(hash);
+        return hasher.verify(data, hash);
     }
 
     private static char[] getPbkdf2Hash(SecureString data, int cost) {

x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/file/FileRealmTests.java

@@ -84,13 +84,11 @@ public void testAuthenticate() throws Exception {
         assertThat(user.roles(), arrayContaining("role1", "role2"));
     }
 
-    @AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch/issues/31697")
     public void testAuthenticateCaching() throws Exception {
         Settings settings = Settings.builder()
             .put("cache.hash_algo", Hasher.values()[randomIntBetween(0, Hasher.values().length - 1)].name().toLowerCase(Locale.ROOT)).build();
         RealmConfig config = new RealmConfig("file-test", settings, globalSettings, TestEnvironment.newEnvironment(globalSettings),
             threadContext);
-
         when(userPasswdStore.verifyPassword(eq("user1"), eq(new SecureString("test123")), any(Supplier.class)))
                 .thenAnswer(VERIFY_PASSWORD_ANSWER);
         when(userRolesStore.roles("user1")).thenReturn(new String[]{"role1", "role2"});

x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/support/HasherTests.java

@@ -128,10 +128,7 @@ public void testResolveFromHash() {
         assertThat(Hasher.resolveFromHash(
             "{PBKDF2}1000000$UuyhtjDEzWmE2wyY80akZKPWWpy2r2X50so41YML82U=$WFasYLelqbjQwt3EqFlUcwHiC38EZC45Iu/Iz0xL1GQ=".toCharArray()),
             sameInstance(Hasher.PBKDF2_1000000));
-        IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> {
-            Hasher.resolveFromHash("{GBGN}cGR8S2vr3FuFuOpQitR".toCharArray());
-        });
-        assertThat(e.getMessage(), containsString("unknown hash format for hash"));
+        assertThat(Hasher.resolveFromHash("notavalidhashformat".toCharArray()), sameInstance(Hasher.NOOP));
     }
 
     private static void testHasherSelfGenerated(Hasher hasher) {