diff options
| author | Martin Spielmann <martin.spielmann@pingunaut.com> | 2017-01-07 13:47:42 +0100 |
|---|---|---|
| committer | Martin Spielmann <martin.spielmann@pingunaut.com> | 2017-01-07 13:47:42 +0100 |
| commit | 4ab81b3465f086f9fbeadc93d6bce326208e85ac (patch) | |
| tree | 600614bc28b8e2a121cb4200a9ad80fb3b51729f /src/main/java/com/gitblit/utils/SecurePasswordHashUtils.java | |
| parent | 15782f62ba134006a2f92f65d10f0713e8ad85a0 (diff) | |
| download | gitblit-4ab81b3465f086f9fbeadc93d6bce326208e85ac.tar.gz gitblit-4ab81b3465f086f9fbeadc93d6bce326208e85ac.zip | |
Update AuthenticationManager to update weakly stored passwords on login
Diffstat (limited to 'src/main/java/com/gitblit/utils/SecurePasswordHashUtils.java')
| -rw-r--r-- | src/main/java/com/gitblit/utils/SecurePasswordHashUtils.java | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/src/main/java/com/gitblit/utils/SecurePasswordHashUtils.java b/src/main/java/com/gitblit/utils/SecurePasswordHashUtils.java index de2c0084..289084ee 100644 --- a/src/main/java/com/gitblit/utils/SecurePasswordHashUtils.java +++ b/src/main/java/com/gitblit/utils/SecurePasswordHashUtils.java @@ -11,13 +11,16 @@ import java.security.spec.InvalidKeySpecException; import java.util.Arrays; /** - * The Class SecurePasswordHashUtils provides methods to create and validate secure hashes from user passwords. + * The Class SecurePasswordHashUtils provides methods to create and validate + * secure hashes from user passwords. * - * It uses the concept proposed by OWASP - Hashing Java: https://www.owasp.org/index.php/Hashing_Java + * It uses the concept proposed by OWASP - Hashing Java: + * https://www.owasp.org/index.php/Hashing_Java */ public class SecurePasswordHashUtils { - public static final String PBKDF2WITHHMACSHA256_TYPE = "PBKDF2WITHHMACSHA256:"; + public static final String PBKDF2WITHHMACSHA256 = "PBKDF2WithHmacSHA256"; + public static final String PBKDF2WITHHMACSHA256_TYPE = PBKDF2WITHHMACSHA256.toUpperCase() + ":"; private static final SecureRandom RANDOM = new SecureRandom(); private static final int ITERATIONS = 10000; @@ -112,8 +115,21 @@ public class SecurePasswordHashUtils { * @return the sting to be stored in a file (users.conf) */ public String createStoredPasswordFromPassword(String password) { + return createStoredPasswordFromPassword(password.toCharArray()); + } + + /** + * Creates the new secure hash from a password and formats it properly to be + * stored in a file. + * + * @param password + * the password to be hashed + * @return the sting to be stored in a file (users.conf) + */ + public String createStoredPasswordFromPassword(char[] password) { byte[] salt = getNextSalt(); - return String.format("%s%s%s", SecurePasswordHashUtils.PBKDF2WITHHMACSHA256_TYPE, StringUtils.toHex(salt), StringUtils.toHex(hash(password.toCharArray(), salt))); + return String.format("%s%s%s", SecurePasswordHashUtils.PBKDF2WITHHMACSHA256_TYPE, StringUtils.toHex(salt), + StringUtils.toHex(hash(password, salt))); } /** |