Merge pull request #19 from Xephi/master

Up
2024-09-17 09:24:25 +02:00 · 2015-07-31 01:36:44 +02:00 · 2015-07-31 01:36:44 +02:00 · 42dc6e3a42
commit 42dc6e3a42
parent 4568b11664 e889fb580a
3 changed files with 30 additions and 1 deletions
--- a/src/main/java/fr/xephi/authme/security/HashAlgorithm.java
+++ b/src/main/java/fr/xephi/authme/security/HashAlgorithm.java
@ -28,6 +28,7 @@ public enum HashAlgorithm {
    WORDPRESS(fr.xephi.authme.security.crypts.WORDPRESS.class),
    ROYALAUTH(fr.xephi.authme.security.crypts.ROYALAUTH.class),
    CRAZYCRYPT1(fr.xephi.authme.security.crypts.CRAZYCRYPT1.class),
+    BCRYPT2Y(fr.xephi.authme.security.crypts.BCRYPT2Y.class),
    CUSTOM(Null.class);

    Class<?> classe;
--- a/src/main/java/fr/xephi/authme/security/PasswordSecurity.java
+++ b/src/main/java/fr/xephi/authme/security/PasswordSecurity.java
@ -20,7 +20,8 @@ public class PasswordSecurity {
    private static SecureRandom rnd = new SecureRandom();
    public static HashMap<String, String> userSalt = new HashMap<String, String>();

-    public static String createSalt(int length) throws NoSuchAlgorithmException {
+    public static String createSalt(int length)
+            throws NoSuchAlgorithmException {
        byte[] msg = new byte[40];
        rnd.nextBytes(msg);
        MessageDigest sha1 = MessageDigest.getInstance("SHA1");
@ -94,6 +95,9 @@ public class PasswordSecurity {
                salt = createSalt(16);
                userSalt.put(playerName, salt);
                break;
+            case BCRYPT2Y:
+                salt = createSalt(22);
+                break;
            case MD5:
            case SHA1:
            case WHIRLPOOL:
--- a/src/main/java/fr/xephi/authme/security/crypts/BCRYPT2Y.java
+++ b/src/main/java/fr/xephi/authme/security/crypts/BCRYPT2Y.java
@ -0,0 +1,24 @@
+package fr.xephi.authme.security.crypts;
+
+import java.security.NoSuchAlgorithmException;
+
+public class BCRYPT2Y implements EncryptionMethod {
+
+    @Override
+    public String getHash(String password, String salt, String name)
+            throws NoSuchAlgorithmException {
+        if (salt.length() == 22)
+            salt = "$2y$10$" + salt;
+        return (BCRYPT.hashpw(password, salt));
+    }
+
+    @Override
+    public boolean comparePassword(String hash, String password,
+            String playerName) throws NoSuchAlgorithmException {
+        String ok = hash.substring(29);
+        if (ok.length() != 29)
+            return false;
+        return hash.equals(getHash(password, ok, playerName));
+    }
+
+}