PasswordEncryptionService.java example

Explorer

OpenBaas-master
- src
  - main
    - java
      - infosistema
        openbaas
        comunication
        bound
        InboundSocket.java
        InboundWebSocket.java
        Outbound.java
        connector
        IConnector.java
        SocketConnector.java
        WebSocketConnector.java
        message
        Message.java
        data
        Error.java
        ListResult.java
        Metadata.java
        QueryParameters.java
        Result.java
        enums
        FileMode.java
        ModelEnum.java
        OperatorEnum.java
        models
        Application.java
        Audio.java
        Certificate.java
        ChatMessage.java
        ChatRoom.java
        DeviceOB.java
        Image.java
        Media.java
        Storage.java
        User.java
        UsersState.java
        Video.java
        dataaccess
        acl
        Acl.java
        email
        Email.java
        files
        AwsModel.java
        DropboxModel.java
        FileInterface.java
        FileSystemModel.java
        FilesUtils.java
        FtpModel.java
        models
        AppModel.java
        ChatModel.java
        DocumentModel.java
        MediaModel.java
        ModelAbstract.java
        NotificationsModel.java
        SessionModel.java
        UserModel.java
        cache
        hold.java
        management
        FeedBackSchedule.java
        NotificationsThread.java
        Startup.java
        middleLayer
        AclMiddleLayer.java
        AppsMiddleLayer.java
        ChatMiddleLayer.java
        DocumentMiddleLayer.java
        MediaMiddleLayer.java
        MiddleLayerAbstract.java
        NotificationMiddleLayer.java
        SessionMiddleLayer.java
        UsersMiddleLayer.java
        rest
        APNSResource.java
        AccountResource.java
        AclResource.java
        AppDataResource.java
        AppResource.java
        AudioResource.java
        ChatResource.java
        ImageResource.java
        IntegrationResource.java
        ManagementResource.java
        MediaResource.java
        RootResource.java
        SessionsResource.java
        SettingsResource.java
        StorageResource.java
        UserConfirmationResource.java
        UserDataResource.java
        UserRecoveryResource.java
        UsersResource.java
        VideoResource.java
        utils
        ApplePushNotifications.java
        Const.java
        LoadProperties.java
        Log.java
        Utils.java
        ValueComparator.java
        encryption
        PasswordEncryptionService.java
        geolocation
        Geo.java
    - test
      - java
        simulators
        Test.java

/*****************************************************************************************
Infosistema - OpenBaas
Copyright(C) 2002-2014 Infosistema, S.A.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
www.infosistema.com
info@openbaas.com
Av. José Gomes Ferreira, 11 3rd floor, s.34
Miraflores
1495-139 Algés Portugal
****************************************************************************************/
package infosistema.openbaas.utils.encryption;

import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.util.Arrays;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;

public class PasswordEncryptionService {

 public boolean authenticate(String attemptedPassword, byte[] encryptedPassword, byte[] salt)
   throws NoSuchAlgorithmException, InvalidKeySpecException {
  // Encrypt the clear-text password using the same salt that was used to
  // encrypt the original password
  byte[] encryptedAttemptedPassword = getEncryptedPassword(attemptedPassword, salt);

  // Authentication succeeds if encrypted password that the user entered
  // is equal to the stored hash
  return Arrays.equals(encryptedPassword, encryptedAttemptedPassword);
 }

 public byte[] getEncryptedPassword(String password, byte[] salt)
   throws NoSuchAlgorithmException, InvalidKeySpecException {
  // PBKDF2 with SHA-1 as the hashing algorithm. Note that the NIST
  // specifically names SHA-1 as an acceptable hashing algorithm for PBKDF2
  String algorithm = "PBKDF2WithHmacSHA1";
  // SHA-1 generates 160 bit hashes, so that's what makes sense here
  int derivedKeyLength = 160;
  // Pick an iteration count that works for you. The NIST recommends at
  // least 1,000 iterations:
  // http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf
  // iOS 4.x reportedly uses 10,000:
  // http://blog.crackpassword.com/2010/09/smartphone-forensics-cracking-blackberry-backup-passwords/
  int iterations = 10000;

  KeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterations, derivedKeyLength);

  SecretKeyFactory f = SecretKeyFactory.getInstance(algorithm);

  return f.generateSecret(spec).getEncoded();
 }

 public byte[] generateSalt() throws NoSuchAlgorithmException {
  // VERY important to use SecureRandom instead of just Random
  SecureRandom random = SecureRandom.getInstance("SHA1PRNG");

  // Generate a 8 byte (64 bit) salt as recommended by RSA PKCS5
  byte[] salt = new byte[8];
  random.nextBytes(salt);

  return salt;
 }
}