jomu/shared
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases 7 Activity

added scyrpt support to PasswordUtil

Browse Source
This commit is contained in:
jomu
2014-01-18 17:13:06 +00:00
parent b56501e70d
commit 348999132b
4 changed files with 104 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
security/src/main/java/de/muehlencord/shared/security/PasswordUtil.java
View File

@ -4,6 +4,7 @@
*/
package de.muehlencord.shared.security;
import com.lambdaworks.crypto.SCryptUtil;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
@ -19,6 +20,15 @@ public abstract class PasswordUtil {
/** logging object */
private final static Logger logger = Logger.getLogger(PasswordUtil.class);
/** SCrypt CPU cost parameter */
private final static int scryptCpuCostParameter = 16384;
/** SCrypt memory cost parameter */
private final static int scryptMemCostParameter = 8;
/** SCrypt paralelization parameter */
private final static int scryptParallelizationParameter = 1;
/**
* returns password (pos 0) and the salt (pos 1) of given plaintext password. Both strings are base64 encoded
@ -210,4 +220,26 @@ public abstract class PasswordUtil {
Base64 decoder = new Base64();
return decoder.decode(data.getBytes());
}
/**
* returns the crypted parameter string for the given plain text password
*
* @param plainPassword the plain text password to crypt
* @return the crypted password string
*/
public static String getScryptHash(String plainPassword) {
return SCryptUtil.scrypt(plainPassword, scryptCpuCostParameter, scryptMemCostParameter, scryptParallelizationParameter);
}
/**
* returns true, if the given plainPassword re-encrypted matches the given crypted password
*
* @param plainPassword the plain password to validate
* @param hashedPassword the encrypted password to validate against
* @return true, if the encrypted string of the given plain password matches the provided crypted password
*/
public static boolean validateScryptHash(String plainPassword, String hashedPassword) {
return SCryptUtil.check(plainPassword, hashedPassword);
}
}

52
security/src/test/java/de/muehlencord/shared/security/PasswordUtilTest.java
View File

@ -17,27 +17,7 @@ import static org.junit.Assert.*;
* @author jomu
*/
public class PasswordUtilTest {
public PasswordUtilTest() {
}
@BeforeClass
public static void setUpClass() throws Exception {
}
@AfterClass
public static void tearDownClass() throws Exception {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of createSaltString method, of class PasswordUtil.
*/
@ -147,5 +127,35 @@ public class PasswordUtilTest {
assertNotNull(randomString);
assertEquals("string length check", 32, randomString.length());
}
/**
* test the hashPassword method
*/
@Test
public void testGetScryptHash() {
String hash1 = PasswordUtil.getScryptHash("secret");
String hash2 = PasswordUtil.getScryptHash("secret");
System.out.println (hash1);
System.out.println (hash2);
assertNotNull (hash1);
assertNotNull (hash2);
// even if password is the same, the has must not be the same due to correct usage of salts
assertFalse (hash1.equals (hash2));
assertTrue (hash1.length() == 79);
assertTrue (hash2.length() == 79);
}
/**
* test for validating passwords
*/
@Test
public void testValidateScryptHash() {
String hash1 = PasswordUtil.getScryptHash("secret");
String hash2 = PasswordUtil.getScryptHash("secret");
assertTrue ("hash must match if correct password is given",PasswordUtil.validateScryptHash("secret", hash1));
assertTrue ("hash must match if correct password is given", PasswordUtil.validateScryptHash("secret", hash2));
assertFalse ("hash must not match if wrong password is given", PasswordUtil.validateScryptHash("secret2", hash1));
}
}