added scyrpt support to PasswordUtil
This commit is contained in:
jomu
32
pom.xml
32
pom.xml
@ -13,4 +13,36 @@
|
||||
<module>util</module>
|
||||
<module>jeeutil</module>
|
||||
</modules>
|
||||
|
||||
<dependencyManagement>
|
||||
<dependencies>
|
||||
|
||||
<dependency>
|
||||
<groupId>junit</groupId>
|
||||
<artifactId>junit</artifactId>
|
||||
<version>4.10</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>commons-codec</groupId>
|
||||
<artifactId>commons-codec</artifactId>
|
||||
<version>1.4</version>
|
||||
<type>jar</type>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>com.lambdaworks</groupId>
|
||||
<artifactId>scrypt</artifactId>
|
||||
<version>1.4.0</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>log4j</groupId>
|
||||
<artifactId>log4j</artifactId>
|
||||
<version>1.2.17</version>
|
||||
<type>jar</type>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</dependencyManagement>
|
||||
</project>
|
||||
@ -27,20 +27,22 @@
|
||||
<dependency>
|
||||
<groupId>junit</groupId>
|
||||
<artifactId>junit</artifactId>
|
||||
<version>4.10</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>commons-codec</groupId>
|
||||
<artifactId>commons-codec</artifactId>
|
||||
<version>1.4</version>
|
||||
<type>jar</type>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>log4j</groupId>
|
||||
<artifactId>log4j</artifactId>
|
||||
<version>1.2.17</version>
|
||||
<type>jar</type>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>com.lambdaworks</groupId>
|
||||
<artifactId>scrypt</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</project>
|
||||
|
||||
@ -4,6 +4,7 @@
|
||||
*/
|
||||
package de.muehlencord.shared.security;
|
||||
|
||||
import com.lambdaworks.crypto.SCryptUtil;
|
||||
import java.security.MessageDigest;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.SecureRandom;
|
||||
@ -20,6 +21,15 @@ public abstract class PasswordUtil {
|
||||
/** logging object */
|
||||
private final static Logger logger = Logger.getLogger(PasswordUtil.class);
|
||||
|
||||
|
||||
/** SCrypt CPU cost parameter */
|
||||
private final static int scryptCpuCostParameter = 16384;
|
||||
/** SCrypt memory cost parameter */
|
||||
private final static int scryptMemCostParameter = 8;
|
||||
/** SCrypt paralelization parameter */
|
||||
private final static int scryptParallelizationParameter = 1;
|
||||
|
||||
|
||||
/**
|
||||
* returns password (pos 0) and the salt (pos 1) of given plaintext password. Both strings are base64 encoded
|
||||
*
|
||||
@ -210,4 +220,26 @@ public abstract class PasswordUtil {
|
||||
Base64 decoder = new Base64();
|
||||
return decoder.decode(data.getBytes());
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* returns the crypted parameter string for the given plain text password
|
||||
*
|
||||
* @param plainPassword the plain text password to crypt
|
||||
* @return the crypted password string
|
||||
*/
|
||||
public static String getScryptHash(String plainPassword) {
|
||||
return SCryptUtil.scrypt(plainPassword, scryptCpuCostParameter, scryptMemCostParameter, scryptParallelizationParameter);
|
||||
}
|
||||
|
||||
/**
|
||||
* returns true, if the given plainPassword re-encrypted matches the given crypted password
|
||||
*
|
||||
* @param plainPassword the plain password to validate
|
||||
* @param hashedPassword the encrypted password to validate against
|
||||
* @return true, if the encrypted string of the given plain password matches the provided crypted password
|
||||
*/
|
||||
public static boolean validateScryptHash(String plainPassword, String hashedPassword) {
|
||||
return SCryptUtil.check(plainPassword, hashedPassword);
|
||||
}
|
||||
}
|
||||
|
||||
@ -18,26 +18,6 @@ import static org.junit.Assert.*;
|
||||
*/
|
||||
public class PasswordUtilTest {
|
||||
|
||||
public PasswordUtilTest() {
|
||||
}
|
||||
|
||||
@BeforeClass
|
||||
public static void setUpClass() throws Exception {
|
||||
}
|
||||
|
||||
@AfterClass
|
||||
public static void tearDownClass() throws Exception {
|
||||
}
|
||||
|
||||
@Before
|
||||
public void setUp() {
|
||||
}
|
||||
|
||||
@After
|
||||
public void tearDown() {
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Test of createSaltString method, of class PasswordUtil.
|
||||
*/
|
||||
@ -148,4 +128,34 @@ public class PasswordUtilTest {
|
||||
assertEquals("string length check", 32, randomString.length());
|
||||
}
|
||||
|
||||
/**
|
||||
* test the hashPassword method
|
||||
*/
|
||||
@Test
|
||||
public void testGetScryptHash() {
|
||||
String hash1 = PasswordUtil.getScryptHash("secret");
|
||||
String hash2 = PasswordUtil.getScryptHash("secret");
|
||||
System.out.println (hash1);
|
||||
System.out.println (hash2);
|
||||
assertNotNull (hash1);
|
||||
assertNotNull (hash2);
|
||||
// even if password is the same, the has must not be the same due to correct usage of salts
|
||||
assertFalse (hash1.equals (hash2));
|
||||
|
||||
assertTrue (hash1.length() == 79);
|
||||
assertTrue (hash2.length() == 79);
|
||||
}
|
||||
|
||||
/**
|
||||
* test for validating passwords
|
||||
*/
|
||||
@Test
|
||||
public void testValidateScryptHash() {
|
||||
String hash1 = PasswordUtil.getScryptHash("secret");
|
||||
String hash2 = PasswordUtil.getScryptHash("secret");
|
||||
assertTrue ("hash must match if correct password is given",PasswordUtil.validateScryptHash("secret", hash1));
|
||||
assertTrue ("hash must match if correct password is given", PasswordUtil.validateScryptHash("secret", hash2));
|
||||
assertFalse ("hash must not match if wrong password is given", PasswordUtil.validateScryptHash("secret2", hash1));
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user