basic encryption

This commit is contained in:
Malte Schulze Hobeling 2023-01-06 00:02:06 +01:00
parent c4b31bc548
commit 89ea9ca70e

View File

@ -1,4 +1,15 @@
package com.bib.essensbestellungsverwaltung; package com.bib.essensbestellungsverwaltung;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.util.Arrays;
import java.util.Base64;
/* /*
@author Malte Schulze Hobeling @author Malte Schulze Hobeling
*/ */
@ -40,7 +51,7 @@ public class AccountMgr {
String[] userH = {"name", "firstname", "addressid", "password", "email"}; String[] userH = {"name", "firstname", "addressid", "password", "email"};
String name = userData[0]; String name = userData[0];
String firstname = userData[1]; String firstname = userData[1];
String pw = userData[2]; String pw = hashAndSalt(userData[2]);
String email = userData[3]; String email = userData[3];
long id = Database.insert("address", addressH, addressData); long id = Database.insert("address", addressH, addressData);
@ -72,7 +83,7 @@ public class AccountMgr {
public static long login(String email, String pw){ public static long login(String email, String pw){
String[] userH = {"email","password"}; String[] userH = {"email","password"};
String[] userD = {email,pw}; String[] userD = {email,hashAndSalt(pw)};
return Database.getSingleId("user",userH,userD); return Database.getSingleId("user",userH,userD);
} }
@ -90,4 +101,20 @@ public class AccountMgr {
long parentId = Database.getSingleId("parent",parentH,parentD); long parentId = Database.getSingleId("parent",parentH,parentD);
return parentId > 0; return parentId > 0;
} }
public static String hashAndSalt(String pw){
//todo: find a better way to salt
byte[] magicSalt = new byte[]{96, 13, 100, 85, -37, 52, -123, 86, -123, -92, 16, 15, -110, -42, -49, 0};
KeySpec spec = new PBEKeySpec(pw.toCharArray(), magicSalt,310001,256);
String hashedPw = null;
try {
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
byte[] hash = factory.generateSecret(spec).getEncoded();
Base64.Encoder enc = Base64.getEncoder();
hashedPw = enc.encodeToString(hash);
} catch (InvalidKeySpecException | NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
return hashedPw;
}
} }