-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
32 changed files
with
335 additions
and
70 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
28 changes: 28 additions & 0 deletions
28
gsrs-core-entities/src/main/java/gsrs/model/UserProfileAuthenticationResult.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
package gsrs.model; | ||
|
||
import lombok.AllArgsConstructor; | ||
import lombok.NoArgsConstructor; | ||
|
||
@NoArgsConstructor | ||
@AllArgsConstructor | ||
public class UserProfileAuthenticationResult { | ||
private boolean matchesRepository; | ||
|
||
public boolean matchesRepository() { | ||
return matchesRepository; | ||
} | ||
|
||
public void setMatchesRepository(boolean matchesRepository) { | ||
this.matchesRepository = matchesRepository; | ||
} | ||
|
||
public boolean needsSave() { | ||
return needsSave; | ||
} | ||
|
||
public void setNeedsSave(boolean needsSave) { | ||
this.needsSave = needsSave; | ||
} | ||
|
||
private boolean needsSave; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
38 changes: 38 additions & 0 deletions
38
gsrs-core-entities/src/test/java/gsrs/LegacySalterTests.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
package gsrs; | ||
|
||
import gsrs.util.GsrsPasswordHasher; | ||
import gsrs.util.Hasher; | ||
import gsrs.util.LegacyTypeSalter; | ||
import gsrs.util.Salter; | ||
import org.junit.jupiter.api.Assertions; | ||
import org.junit.jupiter.api.Test; | ||
|
||
public class LegacySalterTests { | ||
|
||
private final String SALT_PREFIX = "G"; | ||
|
||
private final Hasher hasher = new GsrsPasswordHasher(); | ||
|
||
private final Salter salter = new LegacyTypeSalter(hasher, SALT_PREFIX); | ||
|
||
@Test | ||
void testGenerateSalt() { | ||
String salt1 = salter.generateSalt(); | ||
Assertions.assertNotNull(salt1); | ||
System.out.printf("salt: %s\n", salt1); | ||
} | ||
|
||
@Test | ||
void testGenerateOwnSalt() { | ||
String salt1 = salter.generateSalt(); | ||
Assertions.assertTrue(salter.mayBeOneOfMine(salt1)); | ||
} | ||
|
||
@Test | ||
void testGenerateNotOwnSalt() { | ||
String salt1 = salter.generateSalt(); | ||
String changedSalt = salt1.replace('G', 'N'); | ||
Assertions.assertFalse(salter.mayBeOneOfMine(changedSalt)); | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
package gsrs.util; | ||
|
||
import lombok.extern.slf4j.Slf4j; | ||
|
||
import javax.crypto.SecretKeyFactory; | ||
import javax.crypto.spec.PBEKeySpec; | ||
import java.io.UnsupportedEncodingException; | ||
import java.security.MessageDigest; | ||
import java.security.NoSuchAlgorithmException; | ||
import java.security.spec.InvalidKeySpecException; | ||
|
||
@Slf4j | ||
public class GsrsPasswordHasher implements Hasher { | ||
|
||
String preferredHashAlgorithm = "PBKDF2"; | ||
static int iterations = 1000; | ||
static String characterSet ="utf8"; | ||
|
||
private final static String HASHING_ALGORITHM = "PBKDF2WithHmacSHA512"; | ||
|
||
@Override | ||
public String getHashType() { | ||
return this.preferredHashAlgorithm; | ||
} | ||
|
||
@Override | ||
public String hash(String... values) { | ||
if (values == null) { | ||
return null; | ||
} | ||
try { | ||
if(preferredHashAlgorithm.equals("PBKDF2")) { | ||
return hash(values[0], values.length > 1 ? values[1] : null, iterations); | ||
} | ||
MessageDigest md = MessageDigest.getInstance(preferredHashAlgorithm); | ||
for (String v : values) { | ||
md.update(v.getBytes(characterSet)); | ||
} | ||
return toHex(md.digest()); | ||
} catch (Exception ex) { | ||
log.error("Can't generate hash!", ex); | ||
throw new RuntimeException(ex); | ||
} | ||
} | ||
|
||
public static String toHex(byte[] d) { | ||
StringBuilder sb = new StringBuilder(); | ||
for (byte b : d) { | ||
sb.append(String.format("%1$02x", b & 0xff)); | ||
} | ||
return sb.toString(); | ||
} | ||
|
||
public static String hash(String input, String salt, int iterations) throws NoSuchAlgorithmException, InvalidKeySpecException, UnsupportedEncodingException { | ||
PBEKeySpec spec = new PBEKeySpec(input.toCharArray(), salt != null ? salt.getBytes(characterSet) : | ||
input.getBytes(characterSet), iterations, 64 * 8); | ||
SecretKeyFactory skf = SecretKeyFactory.getInstance(HASHING_ALGORITHM); | ||
|
||
byte[] hash = skf.generateSecret(spec).getEncoded(); | ||
return toHex(hash); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
package gsrs.util; | ||
|
||
public interface Hasher { | ||
|
||
String getHashType(); | ||
|
||
String hash(String... values); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
package gsrs.util; | ||
|
||
import gov.nih.ncats.common.util.TimeUtil; | ||
import lombok.Data; | ||
|
||
import static java.lang.String.valueOf; | ||
|
||
@Data | ||
public class LegacyTypeSalter implements Salter { | ||
|
||
Hasher hasher; | ||
|
||
String prefix = ""; | ||
|
||
public LegacyTypeSalter(Hasher newHasher, String newPrefix) { | ||
hasher = newHasher; | ||
prefix = newPrefix; | ||
} | ||
@Override | ||
public void setHasher(Hasher hasher) { | ||
this.hasher = hasher; | ||
} | ||
|
||
@Override | ||
public String generateSalt() { | ||
String text = "---" + TimeUtil.getCurrentDate().toString() + "---" + String.valueOf(Math.random()) + "---"; | ||
return prefix + hasher.hash(text); | ||
} | ||
|
||
@Override | ||
public boolean mayBeOneOfMine(String testHash) { | ||
return testHash != null && testHash.startsWith(prefix); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
package gsrs.util; | ||
|
||
public interface Salter { | ||
|
||
void setHasher(Hasher hasher); | ||
|
||
String generateSalt(); | ||
|
||
boolean mayBeOneOfMine(String testHash); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.