package com.bib.essensbestellungsverwaltung; /* @author Malte Schulze Hobeling */ import javax.crypto.SecretKeyFactory; import javax.crypto.spec.PBEKeySpec; import java.security.NoSuchAlgorithmException; import java.security.spec.InvalidKeySpecException; import java.security.spec.KeySpec; import java.util.Base64; public class AccountMgr { /** * creates a user with createUser(...) and adds its id to the 'worker' table * @param userData String[] name, firstname, password, email * @param addressData String[] street, number, plz, city * @return userid or -1 */ public static long createWorker(String[] userData, String[] addressData){ long id = createUser(userData, addressData); String sId = String.valueOf(id); Database.insert("worker", new String[]{"userid"}, new String[]{sId}); return id; } /** * creates a user with createUser(...) and adds its id to the 'parent' table * @param userData String[] name, firstname, password, email * @param addressData String[] street, number, plz, city * @return userid or -1 */ public static long createParent(String[] userData, String[] addressData){ long id = createUser(userData, addressData); String sId = String.valueOf(id); Database.insert("parent", new String[]{"userid"}, new String[]{sId}); return id; } /** * adds a user to the database * @param userData String[] name, firstname, password, email * @param addressData String[] street, number, plz, city * @return userid or -1 */ private static long createUser(String[] userData, String[] addressData) { String[] addressH = {"street", "number", "plz", "city"}; String[] userH = {"name", "firstname", "addressid", "password", "email"}; String name = userData[0]; String firstname = userData[1]; String pw = hashAndSalt(userData[2]); String email = userData[3]; long id = Database.insert("address", addressH, addressData); String sId = String.valueOf(id); String[] userD = {name, firstname, sId, pw, email}; id = Database.insert("user", userH, userD); return id; } public static long createChild(String[] childData,String[] allergyData, String[] severityData){ String[] childH = {"name","firstname","addressid"}; String[] child_allergyH = {"childid","allergyid","severityid"}; long id = Database.insert("child", childH, childData); if(allergyData.length > 0){ for(int i = 0; i < allergyData.length; i++){ String sId = String.valueOf(id); String[] child_allergyD = {sId,allergyData[i],severityData[i]}; Database.insert("child_allergy",child_allergyH,child_allergyD); } } return id; } public static long matchParentChild(String parentId, String childId){ String[] parent_childH = {"parentuserid","childid"}; String[] parent_childD = {parentId,childId}; return Database.insert("parent_child", parent_childH,parent_childD); } public static long login(String email, String pw){ String[] userH = {"email","password"}; String[] userD = {email,hashAndSalt(pw)}; return Database.getSingleId("user",userH,userD); } public static boolean isWorker(String id){ String[] workerH = {"userid"}; String[] workerD = {id}; long workerId = Database.getSingleId("worker",workerH,workerD); return workerId > 0; } public static boolean isParent(String id){ String[] parentH = {"userid"}; String[] parentD = {id}; long parentId = Database.getSingleId("parent",parentH,parentD); return parentId > 0; } public static String hashAndSalt(String pw){ //todo: find a better way to salt byte[] magicSalt = new byte[]{96, 13, 100, 85, -37, 52, -123, 86, -123, -92, 16, 15, -110, -42, -49, 0}; KeySpec spec = new PBEKeySpec(pw.toCharArray(), magicSalt,310001,256); String hashedPw; try { SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); byte[] hash = factory.generateSecret(spec).getEncoded(); Base64.Encoder enc = Base64.getEncoder(); hashedPw = enc.encodeToString(hash); } catch (InvalidKeySpecException | NoSuchAlgorithmException e) { throw new RuntimeException(e); } return hashedPw; } }