package com.bib.essensbestellungsverwaltung; /* @author Malte Schulze Hobeling */ import javax.crypto.SecretKeyFactory; import javax.crypto.spec.PBEKeySpec; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.security.spec.InvalidKeySpecException; import java.security.spec.KeySpec; import java.util.ArrayList; import java.util.Base64; import java.util.List; public class AccountMgr { protected static double price = 5.0; /** * creates a user with createUser(...) and adds its id to the 'worker' table * @param userData String[] name, firstname, password, email * @param addressData String[] street, number, plz, city * @return userid or -1 */ protected static long createWorker(String[] userData, String[] addressData){ long id = createUser(userData, addressData); String sId = String.valueOf(id); Database.insert("worker", new String[]{"userid"}, new String[]{sId}); return id; } /** * creates a user with createUser(...) and adds its id to the 'parent' table * @param userData String[] name, firstname, password, email * @param addressData String[] street, number, plz, city * @return userid or -1 */ protected static long createParent(String[] userData, String[] addressData){ long id = createUser(userData, addressData); String sId = String.valueOf(id); Database.insert("parent", new String[]{"userid"}, new String[]{sId}); return id; } /** * adds a user to the database * @param userData String[] name, firstname, password, email * @param addressData String[] street, number, plz, city * @return userid or -1 */ protected static long createUser(String[] userData, String[] addressData) { String[] addressH = {"street", "number", "plz", "city"}; String[] userH = {"name", "firstname", "addressid", "password", "email"}; String name = userData[0]; String firstname = userData[1]; String pw = hashAndSalt(userData[2], getSalt()); String email = userData[3]; long id = Database.insert("address", addressH, addressData); String sId = String.valueOf(id); String[] userD = {name, firstname, sId, pw, email}; id = Database.insert("user", userH, userD); return id; } /** * adds a child and allergies to the database * @param childData name, firstname, addressid * @param allergyData id of allergies order matching with severityData * @param severityData id of severity order matching with allergyData * @return id of child or -1 */ protected static long createChild(String[] childData,String[] allergyData, String[] severityData){ String[] childH = {"name","firstname","addressid"}; String[] child_allergyH = {"childid","allergyid","severityid"}; long id = Database.insert("child", childH, childData); if(allergyData.length > 0){ for(int i = 0; i < allergyData.length; i++){ String sId = String.valueOf(id); String[] child_allergyD = {sId,allergyData[i],severityData[i]}; Database.insert("child_allergy",child_allergyH,child_allergyD); } } return id; } protected static User getUserById(long id){ List entry = Database.getEntryById("user",id); String[] parts = entry.get(0).split(":"); Address address = getAddressById(id); return new User(id,parts[1],parts[2],parts[4],parts[5],address,isWorker(String.valueOf(id)),isParent(String.valueOf(id))); } protected static Address getAddressById(long id){ List entry = Database.getEntryById("address",id); String[] parts = entry.get(0).split(":"); return new Address(Long.parseLong(parts[0]),parts[1],parts[2],parts[3],parts[4]); } /** * creates entries in the database to match parent to child * @param parentId id of parent * @param childId id of child * @return id of parent_child or -1 */ protected static long matchParentChild(String parentId, String childId){ String[] parent_childH = {"parentuserid","childid"}; String[] parent_childD = {parentId,childId}; return Database.insert("parent_child", parent_childH,parent_childD); } /** * a simple login to check if a given email matches a password * @param email email * @param pw password * @return id or -1 */ protected static long login(String email, String pw){ String[] pwH = {"email"}; String[] pwD = {email}; List foundEmail = Database.select("user",pwH,pwD); String salt; if(foundEmail.size() == 1){ String[] userParts = foundEmail.get(0).split(":"); String[] pwParts = userParts[4].split("\\."); salt = pwParts[1]; }else{ //no unique user found; still calculating a hash for security reasons salt = getSalt(); } String[] userH = {"email","password"}; String[] userD = {email,hashAndSalt(pw,salt)}; return Database.getSingleId("user",userH,userD); } /** * checks if id is in worker table * @param id userid * @return true if id is in worker table */ protected static boolean isWorker(String id){ String[] workerH = {"userid"}; String[] workerD = {id}; long workerId = Database.getSingleId("worker",workerH,workerD); return workerId > 0; } /** * checks if id is in parent table * @param id userid * @return true if id is in parent table */ protected static boolean isParent(String id){ String[] parentH = {"userid"}; String[] parentD = {id}; long parentId = Database.getSingleId("parent",parentH,parentD); return parentId > 0; } /** * returns a hashed and salted password * @param pw the password to hash * @return hashed and salted password */ protected static String hashAndSalt(String pw, String salt){ Base64.Decoder dec = Base64.getDecoder(); byte[] bySalt = dec.decode(salt); KeySpec spec = new PBEKeySpec(pw.toCharArray(), bySalt,310001,256); String hashedPw; try { SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); byte[] hash = factory.generateSecret(spec).getEncoded(); Base64.Encoder enc = Base64.getEncoder(); hashedPw = enc.encodeToString(hash); } catch (InvalidKeySpecException | NoSuchAlgorithmException e) { throw new RuntimeException(e); } hashedPw += "." + salt; return hashedPw; } private static String getSalt(){ SecureRandom sec = new SecureRandom(); byte[] salt = new byte[16]; sec.nextBytes(salt); Base64.Encoder enc = Base64.getEncoder(); return enc.encodeToString(salt); } /** * gives the invoice for one month and one child * @param date YYYY-MM the month * @param childId id of child * @return the invoice as a List */ protected static List getInvoice(String date, String childId){ List invoice = new ArrayList<>(); invoice.add("Monatsabrechnung " + date); List child = Database.getEntryById("child", Long.parseLong(childId)); String[] childParts = child.get(0).split(":"); invoice.add(childParts[1] + ", " + childParts[2]); String[] food_planH = {"date"}; String[] food_planD = {date+"%"}; List food_plan = Database.select("food_plan",food_planH,food_planD); for (String day : food_plan) { String[] food_planParts = day.split(":"); String[] food_selectionH = {"childid","food_planid"}; String[] food_selectionD = {childId,food_planParts[0]}; List food_selection = Database.select("food_selection",food_selectionH,food_selectionD); for (String food_select : food_selection) { String[] food_selectParts = food_select.split(":"); List food = Database.getEntryById("food",Long.parseLong(food_selectParts[3])); String[] foodParts = food.get(0).split(":"); String line = food_planParts[1] + ": " + foodParts[1]; invoice.add(line); } } invoice.add("Total: " + (invoice.size()-2) + " X " + price + "€ = " + ((invoice.size()-2)*price) + "€"); return invoice; } }