basic encryption
This commit is contained in:
parent
c4b31bc548
commit
89ea9ca70e
@ -1,4 +1,15 @@
|
||||
package com.bib.essensbestellungsverwaltung;
|
||||
|
||||
import javax.crypto.SecretKeyFactory;
|
||||
import javax.crypto.spec.PBEKeySpec;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.SecureRandom;
|
||||
import java.security.spec.InvalidKeySpecException;
|
||||
import java.security.spec.KeySpec;
|
||||
import java.util.Arrays;
|
||||
import java.util.Base64;
|
||||
|
||||
/*
|
||||
@author Malte Schulze Hobeling
|
||||
*/
|
||||
@ -40,7 +51,7 @@ public class AccountMgr {
|
||||
String[] userH = {"name", "firstname", "addressid", "password", "email"};
|
||||
String name = userData[0];
|
||||
String firstname = userData[1];
|
||||
String pw = userData[2];
|
||||
String pw = hashAndSalt(userData[2]);
|
||||
String email = userData[3];
|
||||
|
||||
long id = Database.insert("address", addressH, addressData);
|
||||
@ -72,7 +83,7 @@ public class AccountMgr {
|
||||
|
||||
public static long login(String email, String pw){
|
||||
String[] userH = {"email","password"};
|
||||
String[] userD = {email,pw};
|
||||
String[] userD = {email,hashAndSalt(pw)};
|
||||
return Database.getSingleId("user",userH,userD);
|
||||
}
|
||||
|
||||
@ -90,4 +101,20 @@ public class AccountMgr {
|
||||
long parentId = Database.getSingleId("parent",parentH,parentD);
|
||||
return parentId > 0;
|
||||
}
|
||||
|
||||
public static String hashAndSalt(String pw){
|
||||
//todo: find a better way to salt
|
||||
byte[] magicSalt = new byte[]{96, 13, 100, 85, -37, 52, -123, 86, -123, -92, 16, 15, -110, -42, -49, 0};
|
||||
KeySpec spec = new PBEKeySpec(pw.toCharArray(), magicSalt,310001,256);
|
||||
String hashedPw = null;
|
||||
try {
|
||||
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
|
||||
byte[] hash = factory.generateSecret(spec).getEncoded();
|
||||
Base64.Encoder enc = Base64.getEncoder();
|
||||
hashedPw = enc.encodeToString(hash);
|
||||
} catch (InvalidKeySpecException | NoSuchAlgorithmException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
return hashedPw;
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user