pl.edu.icm.unity.stdext.credential.pass.PasswordEngine Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of unity-server-std-plugins Show documentation

Standard plugins which are distributed with the system: attribute syntaxes, identity types, credentials

There is a newer version: 4.0.2

Show newest version

/*
 * Copyright (c) 2017 Bixbit - Krzysztof Benedyczak All rights reserved.
 * See LICENCE.txt file for licensing information.
 */
package pl.edu.icm.unity.stdext.credential.pass;

import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.Map;
import java.util.Random;
import java.util.concurrent.ForkJoinPool;

import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.util.Arrays;


/**
 * Low level password handling.
 * Allows for initial obfuscation of a given password (PasswordInfo is generated, 
 * ready to be stored in DB) and for checking a given password against the one loaded.
 */
public class PasswordEngine
{
	private static final int SALT_LENGTH = 32;
	private Random random = new SecureRandom();
	private final SCryptEncoder scryptEncoder;
	
	public PasswordEngine(ForkJoinPool pool)
	{
		this.scryptEncoder = new SCryptEncoder(pool);
	}
	
	PasswordInfo prepareForStore(PasswordCredential credentialSettings, String password)
	{
		byte[] salt = genSalt();
		ScryptParams scryptParams = credentialSettings.getScryptParams();
		byte[] hash = scryptEncoder.scrypt(password, salt, scryptParams);
		return new PasswordInfo(PasswordHashMethod.SCRYPT, 
				hash, 
				salt, 
				scryptParams.toMap(), 
				System.currentTimeMillis());
	}

	boolean verify(PasswordInfo stored, String password)
	{
		PasswordHashMethod method = stored.getMethod();
		switch (method)
		{
		case SCRYPT:
			return verifySCrypt(stored, password);
		case SHA256:
			return verifySHA2(stored, password);
		}
		throw new IllegalStateException("Shouldn't happen: "
				+ "unsupported password hash method: " + method);
	}
	
	private boolean verifySHA2(PasswordInfo stored, String password)
	{
		Map methodParams = stored.getMethodParams();
		int rehashNumber = (Integer)methodParams.getOrDefault("rehashNumber", 1);
		String salt = stored.getSalt() == null ? "" :
			new String(stored.getSalt(), StandardCharsets.UTF_8);
		byte[] interim = (salt+password).getBytes(StandardCharsets.UTF_8);
		SHA256Digest digest = new SHA256Digest();
		int size = digest.getDigestSize();
		
		for (int i=0; i

    

    

    
            
    
            

    
        
            
                Related Artifacts
                
                     mysql-connector-java mysql
 facebook-messenger com.github.codedrinker
 selenium-java org.seleniumhq.selenium
 instagram-java com.github.sola92
 gson com.google.code.gson
 poi org.apache.poi
 httpclient org.apache.httpcomponents
 json org.json
 facebook-java-api com.google.code.facebook-java-api
 poi-ooxml org.apache.poi
 jackson-databind com.fasterxml.jackson.core
 junit junit
 primefaces org.primefaces
 ojdbc7 com.github.noraui
 jfoenix com.jfoenix
 testng org.testng
 json-simple com.googlecode.json-simple
 selenium-server org.seleniumhq.selenium
 itextpdf com.itextpdf
 spring-core org.springframework
                
            
        
        
            
                Related Groups
                
                     org.springframework
 org.apache.poi
 org.hibernate
 org.springframework.boot
 com.fasterxml.jackson.core
 com.itextpdf
 org.seleniumhq.selenium
 mysql
 org.finos.legend.engine
 org.apache.httpcomponents
 org.apache.logging.log4j
 org.openjfx
 org.apache.commons
 org.json
 com.google.guava
 com.google.zxing
 net.sf.jasperreports
 javax.xml.bind
 ojdbc
 com.google.code.facebook-java-api