PasswordEncryptionService.java example

Explorer

commafeed-master
- src
  - main
    - java
      - com
        commafeed
        CommaFeedApplication.java
        CommaFeedConfiguration.java
        CommaFeedModule.java
        backend
        ContentEncodingInterceptor.java
        FixedSizeSortedSet.java
        HttpGetter.java
        cache
        CacheService.java
        NoopCacheService.java
        RedisCacheService.java
        RedisPoolFactory.java
        dao
        FeedCategoryDAO.java
        FeedDAO.java
        FeedEntryContentDAO.java
        FeedEntryDAO.java
        FeedEntryStatusDAO.java
        FeedEntryTagDAO.java
        FeedSubscriptionDAO.java
        GenericDAO.java
        UnitOfWork.java
        UserDAO.java
        UserRoleDAO.java
        UserSettingsDAO.java
        favicon
        AbstractFaviconFetcher.java
        DefaultFaviconFetcher.java
        FacebookFaviconFetcher.java
        YoutubeFaviconFetcher.java
        feed
        EstimateDirection.java
        FeedEntryKeyword.java
        FeedFetcher.java
        FeedParser.java
        FeedQueues.java
        FeedRefreshContext.java
        FeedRefreshExecutor.java
        FeedRefreshTaskGiver.java
        FeedRefreshUpdater.java
        FeedRefreshWorker.java
        FeedUtils.java
        FetchedFeed.java
        HtmlEntities.java
        model
        AbstractModel.java
        Feed.java
        FeedCategory.java
        FeedEntry.java
        FeedEntryContent.java
        FeedEntryStatus.java
        FeedEntryTag.java
        FeedSubscription.java
        Models.java
        User.java
        UserRole.java
        UserSettings.java
        opml
        OPMLExporter.java
        OPMLImporter.java
        rome
        OPML11Generator.java
        OPML11Parser.java
        RSS090DescriptionConverter.java
        RSS090DescriptionParser.java
        RSSRDF10Parser.java
        service
        DatabaseCleaningService.java
        FeedEntryContentService.java
        FeedEntryFilteringService.java
        FeedEntryService.java
        FeedEntryTagService.java
        FeedService.java
        FeedSubscriptionService.java
        FeedUpdateService.java
        MailService.java
        PasswordEncryptionService.java
        PubSubService.java
        StartupService.java
        UserService.java
        internal
        PostLoginActivities.java
        task
        OldEntriesCleanupTask.java
        OldStatusesCleanupTask.java
        OrphanedContentsCleanupTask.java
        OrphanedFeedsCleanupTask.java
        ScheduledTask.java
        frontend
        auth
        SecurityCheck.java
        SecurityCheckFactory.java
        SecurityCheckFactoryProvider.java
        model
        Category.java
        Entries.java
        Entry.java
        FeedInfo.java
        ServerInfo.java
        Settings.java
        Subscription.java
        UnreadCount.java
        UserModel.java
        request
        AddCategoryRequest.java
        CategoryModificationRequest.java
        CollapseRequest.java
        FeedInfoRequest.java
        FeedMergeRequest.java
        FeedModificationRequest.java
        IDRequest.java
        LoginRequest.java
        MarkRequest.java
        MultipleMarkRequest.java
        PasswordResetRequest.java
        ProfileModificationRequest.java
        RegistrationRequest.java
        StarRequest.java
        SubscribeRequest.java
        TagRequest.java
        resource
        AdminREST.java
        CategoryREST.java
        EntryREST.java
        FeedREST.java
        PubSubHubbubCallbackREST.java
        ServerREST.java
        UserREST.java
        servlet
        AnalyticsServlet.java
        CustomCssServlet.java
        LogoutServlet.java
        NextUnreadServlet.java
        session
        SessionHelper.java
        SessionHelperFactory.java
        SessionHelperFactoryProvider.java
        SessionManagerFactory.java
      - edu
        uci
        ics
        crawler4j
        url
        URLCanonicalizer.java
        UrlResolver.java
  - test
    - java
      - com
        commafeed
        backend
        FixedSizeSortedSetTest.java
        feed
        EstimateDirectionTest.java
        FeedUtilsTest.java
        opml
        OPMLExporterTest.java
        OPMLImporterTest.java
        service
        FeedEntryFilteringServiceTest.java
        UserServiceTest.java
        frontend
        auth
        SecurityCheckFactoryTest.java
        resource
        UserRestTest.java
        session
        SessionHelperTest.java

package com.commafeed.backend.service;

import java.io.Serializable;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.KeySpec;

import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.inject.Inject;
import javax.inject.Singleton;

import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;

import org.apache.commons.lang3.StringUtils;

// taken from http://www.javacodegeeks.com/2012/05/secure-password-storage-donts-dos-and.html
@SuppressWarnings("serial")
@Slf4j
@RequiredArgsConstructor(onConstructor = @__({ @Inject }))
@Singleton
public class PasswordEncryptionService implements Serializable {

	public boolean authenticate(String attemptedPassword, byte[] encryptedPassword, byte[] salt) {
		if (StringUtils.isBlank(attemptedPassword)) {
			return false;
		}
		// Encrypt the clear-text password using the same salt that was used to
		// encrypt the original password
		byte[] encryptedAttemptedPassword = null;
		try {
			encryptedAttemptedPassword = getEncryptedPassword(attemptedPassword, salt);
		} catch (Exception e) {
			// should never happen
			log.error(e.getMessage(), e);
		}

		if (encryptedAttemptedPassword == null) {
			return false;
		}

		// Authentication succeeds if encrypted password that the user entered
		// is equal to the stored hash
		return MessageDigest.isEqual(encryptedPassword, encryptedAttemptedPassword);
	}

	public byte[] getEncryptedPassword(String password, byte[] salt) {
		// PBKDF2 with SHA-1 as the hashing algorithm. Note that the NIST
		// specifically names SHA-1 as an acceptable hashing algorithm for
		// PBKDF2
		String algorithm = "PBKDF2WithHmacSHA1";
		// SHA-1 generates 160 bit hashes, so that's what makes sense here
		int derivedKeyLength = 160;
		// Pick an iteration count that works for you. The NIST recommends at
		// least 1,000 iterations:
		// http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf
		// iOS 4.x reportedly uses 10,000:
		// http://blog.crackpassword.com/2010/09/smartphone-forensics-cracking-blackberry-backup-passwords/
		int iterations = 20000;

		KeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterations, derivedKeyLength);

		byte[] bytes = null;
		try {
			SecretKeyFactory f = SecretKeyFactory.getInstance(algorithm);
			SecretKey key = f.generateSecret(spec);
			bytes = key.getEncoded();
		} catch (Exception e) {
			// should never happen
			log.error(e.getMessage(), e);
		}
		return bytes;
	}

	public byte[] generateSalt() {
		// VERY important to use SecureRandom instead of just Random

		byte[] salt = null;
		try {
			SecureRandom random = SecureRandom.getInstance("SHA1PRNG");

			// Generate a 8 byte (64 bit) salt as recommended by RSA PKCS5
			salt = new byte[8];
			random.nextBytes(salt);
		} catch (NoSuchAlgorithmException e) {
			// should never happen
			log.error(e.getMessage(), e);
		}
		return salt;
	}

}