-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added getHashPassword to PasswordHasher
- Loading branch information
Showing
3 changed files
with
61 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <module version="4"> | ||
| <component name="CheckStyle-IDEA-Module" serialisationVersion="2"> | ||
| <option name="activeLocationsIds" /> | ||
| </component> | ||
| </module> |
52 changes: 52 additions & 0 deletions
52
helpmehelpapplication/src/main/java/ntnu/sytemutvikling/team6/models/PasswordHasher.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| package ntnu.sytemutvikling.team6.models; | ||
|
|
||
| import javax.crypto.SecretKeyFactory; | ||
| import javax.crypto.interfaces.PBEKey; | ||
| import javax.crypto.spec.PBEKeySpec; | ||
| import java.security.SecureRandom; | ||
| import java.util.Base64; | ||
|
|
||
| /** | ||
| * A password hasher | ||
| * | ||
| * <p> | ||
| * Description | ||
| * <p/> | ||
| * | ||
| * @author Robin Strand Prestmo | ||
| */ | ||
| public final class PasswordHasher { | ||
| private static final SecureRandom RNG = new SecureRandom(); | ||
|
|
||
| /** | ||
| * Get the hash of the password | ||
| * | ||
| * @param password a string password | ||
| * @return a hash secured password | ||
| */ | ||
| public String getHashPassword(String password) { | ||
| String hasPass = ""; | ||
|
|
||
| try { | ||
| // 1. Create salt | ||
| byte[] salt = new byte[16]; | ||
| RNG.nextBytes(salt); | ||
|
|
||
| // 2. Create PBKDF2 Hash value | ||
| PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 100000, 32*8); | ||
| SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); | ||
| byte[] hash = factory.generateSecret(spec).getEncoded(); | ||
|
|
||
| // 3. Combine salt and password bytes | ||
| byte[] hashBytes = new byte[48]; | ||
| System.arraycopy(salt, 0, hashBytes, 0, 16); | ||
| System.arraycopy(hash, 0, hashBytes, 16, 32); | ||
|
|
||
| //4. Turn the combined salt+hash into a string. | ||
| hasPass = Base64.getEncoder().encodeToString(hashBytes); | ||
| } catch (Exception e) { | ||
| throw new RuntimeException("Error while hasing password.", e); | ||
| } | ||
| return hasPass; | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters