/*
This file is part of Cyclos (www.cyclos.org).
A project of the Social Trade Organisation (www.socialtrade.org).
Cyclos is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
Cyclos is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with Cyclos; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
package nl.strohalm.cyclos.setup.migrations.version3_5;
import java.sql.ResultSet;
import java.sql.SQLException;
import nl.strohalm.cyclos.setup.UntraceableMigration;
import nl.strohalm.cyclos.utils.HashHandler;
import nl.strohalm.cyclos.utils.JDBCWrapper;
import org.apache.commons.lang.StringUtils;
/**
* Migrates the existing passwords, applying the SHA-256 hash over the MD5 hash
* @author luis
*/
@SuppressWarnings("deprecation")
public class PasswordHashMigration implements UntraceableMigration {
public void execute(final JDBCWrapper jdbc) throws SQLException {
final String select = "select id, password, transaction_password from users";
final String update = "update users set password = ?, transaction_password = ? where id = ?";
final ResultSet rs = jdbc.query(select);
try {
while (rs.next()) {
final long id = rs.getLong("id");
final String password = StringUtils.trimToNull(rs.getString("password"));
final String transactionPassword = StringUtils.trimToNull(rs.getString("transaction_password"));
// When no password is defined, skip this user
if (password == null && transactionPassword == null) {
continue;
}
final String newPassword = password == null ? null : HashHandler.sha2(password.toUpperCase());
final String newTransactionPassword = transactionPassword == null ? null : HashHandler.sha2(transactionPassword.toUpperCase());
jdbc.execute(update, newPassword, newTransactionPassword, id);
}
} finally {
JDBCWrapper.closeQuietly(rs);
}
}
}