[seam-commits] Seam SVN: r7540 - in trunk/src: test/unit/org/jboss/seam/test/unit and 1 other directory.
seam-commits at lists.jboss.org
seam-commits at lists.jboss.org
Wed Mar 12 00:33:30 EDT 2008
Author: shane.bryzak at jboss.com
Date: 2008-03-12 00:33:30 -0400 (Wed, 12 Mar 2008)
New Revision: 7540
Added:
trunk/src/main/org/jboss/seam/security/management/PasswordHash.java
trunk/src/test/unit/org/jboss/seam/test/unit/PasswordHashTest.java
Modified:
trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java
trunk/src/test/unit/org/jboss/seam/test/unit/testng.xml
Log:
refactored password hashing, base64 encode instead of hex encode
Modified: trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java 2008-03-12 02:23:43 UTC (rev 7539)
+++ trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java 2008-03-12 04:33:30 UTC (rev 7540)
@@ -2,7 +2,6 @@
import static org.jboss.seam.ScopeType.APPLICATION;
-import java.security.MessageDigest;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
@@ -22,7 +21,6 @@
import org.jboss.seam.core.Events;
import org.jboss.seam.security.Identity;
import org.jboss.seam.security.management.UserAccount.AccountType;
-import org.jboss.seam.util.Hex;
/**
* The default identity store implementation, uses JPA as its persistence mechanism.
@@ -38,9 +36,6 @@
public static final String EVENT_ACCOUNT_CREATED = "org.jboss.seam.security.management.accountCreated";
public static final String EVENT_ACCOUNT_AUTHENTICATED = "org.jboss.seam.security.management.accountAuthenticated";
- private String hashFunction = "MD5";
- private String hashCharset = "UTF-8";
-
private String entityManagerName = "entityManager";
private Class<? extends UserAccount> accountClass;
@@ -97,7 +92,7 @@
}
else
{
- account.setPasswordHash(hashPassword(password, username));
+ account.setPasswordHash(PasswordHash.generateHash(password, username));
account.setEnabled(true);
}
@@ -275,7 +270,7 @@
throw new NoSuchUserException("Could not change password, user '" + name + "' does not exist");
}
- account.setPasswordHash(hashPassword(password, name));
+ account.setPasswordHash(PasswordHash.generateHash(password, name));
mergeAccount(account);
return true;
}
@@ -359,7 +354,8 @@
return false;
}
- boolean success = hashPassword(password, username).equals(account.getPasswordHash());
+ String passwordHash = PasswordHash.generateHash(password, username);
+ boolean success = passwordHash.equals(account.getPasswordHash());
if (success && Events.exists())
{
@@ -475,26 +471,5 @@
public void setEntityManagerName(String name)
{
this.entityManagerName = name;
- }
-
- protected String hashPassword(String password, String saltPhrase)
- {
- try {
- MessageDigest md = MessageDigest.getInstance(hashFunction);
-
- md.update(saltPhrase.getBytes());
- byte[] salt = md.digest();
-
- md.reset();
- md.update(password.getBytes(hashCharset));
- md.update(salt);
-
- byte[] raw = md.digest();
-
- return new String(Hex.encodeHex(raw));
- }
- catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
+ }
}
Added: trunk/src/main/org/jboss/seam/security/management/PasswordHash.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/management/PasswordHash.java (rev 0)
+++ trunk/src/main/org/jboss/seam/security/management/PasswordHash.java 2008-03-12 04:33:30 UTC (rev 7540)
@@ -0,0 +1,54 @@
+package org.jboss.seam.security.management;
+
+import java.security.MessageDigest;
+
+import org.jboss.seam.util.Base64;
+
+public class PasswordHash
+{
+ public enum Algorithm {SHA, MD5}
+
+ private static final Algorithm DEFAULT_ALGORITHM = Algorithm.MD5;
+
+ public static String generateHash(String password)
+ {
+ return generateHash(password, DEFAULT_ALGORITHM);
+ }
+
+ public static String generateHash(String password, Algorithm algorithm)
+ {
+ return generateHash(password, algorithm, null);
+ }
+
+ public static String generateHash(String password, String saltPhrase)
+ {
+ return generateHash(password, DEFAULT_ALGORITHM, saltPhrase);
+ }
+
+ public static String generateHash(String password, Algorithm algorithm, String saltPhrase)
+ {
+ try {
+ MessageDigest md = MessageDigest.getInstance(algorithm.name());
+
+ if (saltPhrase != null)
+ {
+ md.update(saltPhrase.getBytes());
+ byte[] salt = md.digest();
+
+ md.reset();
+ md.update(password.getBytes());
+ md.update(salt);
+ }
+ else
+ {
+ md.update(password.getBytes());
+ }
+
+ byte[] raw = md.digest();
+ return Base64.encodeBytes(raw);
+ }
+ catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+}
Added: trunk/src/test/unit/org/jboss/seam/test/unit/PasswordHashTest.java
===================================================================
--- trunk/src/test/unit/org/jboss/seam/test/unit/PasswordHashTest.java (rev 0)
+++ trunk/src/test/unit/org/jboss/seam/test/unit/PasswordHashTest.java 2008-03-12 04:33:30 UTC (rev 7540)
@@ -0,0 +1,22 @@
+package org.jboss.seam.test.unit;
+
+import org.jboss.seam.security.management.PasswordHash;
+import org.jboss.seam.security.management.PasswordHash.Algorithm;
+import org.testng.annotations.Test;
+
+public class PasswordHashTest
+{
+ @Test
+ public void testMd5Hash()
+ {
+ String hash = PasswordHash.generateHash("secret", Algorithm.MD5);
+ assert hash.equals("Xr4ilOzQ4PCOq3aQ0qbuaQ==");
+ }
+
+ @Test
+ public void testShaHash()
+ {
+ String hash = PasswordHash.generateHash("secret", Algorithm.SHA);
+ assert hash.equals("5en6G6MezRroT3XKqkdPOmY/BfQ=");
+ }
+}
Modified: trunk/src/test/unit/org/jboss/seam/test/unit/testng.xml
===================================================================
--- trunk/src/test/unit/org/jboss/seam/test/unit/testng.xml 2008-03-12 02:23:43 UTC (rev 7539)
+++ trunk/src/test/unit/org/jboss/seam/test/unit/testng.xml 2008-03-12 04:33:30 UTC (rev 7540)
@@ -45,6 +45,12 @@
</classes>
</test>
+ <test name="Seam Unit Tests: Password Hash">
+ <classes>
+ <class name="org.jboss.seam.test.unit.PasswordHashTest"/>
+ </classes>
+ </test>
+
<test name="Seam Unit Tests: Framework">
<classes>
<class name="org.jboss.seam.test.unit.HomeTest" />
More information about the seam-commits
mailing list