diff --git a/src/main/java/fr/xephi/authme/security/HashAlgorithm.java b/src/main/java/fr/xephi/authme/security/HashAlgorithm.java index 10793f5ae..a9fd19e53 100644 --- a/src/main/java/fr/xephi/authme/security/HashAlgorithm.java +++ b/src/main/java/fr/xephi/authme/security/HashAlgorithm.java @@ -28,6 +28,7 @@ public enum HashAlgorithm { WORDPRESS(fr.xephi.authme.security.crypts.WORDPRESS.class), ROYALAUTH(fr.xephi.authme.security.crypts.ROYALAUTH.class), CRAZYCRYPT1(fr.xephi.authme.security.crypts.CRAZYCRYPT1.class), + BCRYPT2Y(fr.xephi.authme.security.crypts.BCRYPT2Y.class), CUSTOM(Null.class); Class classe; diff --git a/src/main/java/fr/xephi/authme/security/PasswordSecurity.java b/src/main/java/fr/xephi/authme/security/PasswordSecurity.java index 3800d8b0f..bfc2fb2d6 100644 --- a/src/main/java/fr/xephi/authme/security/PasswordSecurity.java +++ b/src/main/java/fr/xephi/authme/security/PasswordSecurity.java @@ -20,7 +20,8 @@ public class PasswordSecurity { private static SecureRandom rnd = new SecureRandom(); public static HashMap userSalt = new HashMap(); - public static String createSalt(int length) throws NoSuchAlgorithmException { + public static String createSalt(int length) + throws NoSuchAlgorithmException { byte[] msg = new byte[40]; rnd.nextBytes(msg); MessageDigest sha1 = MessageDigest.getInstance("SHA1"); @@ -94,6 +95,9 @@ public class PasswordSecurity { salt = createSalt(16); userSalt.put(playerName, salt); break; + case BCRYPT2Y: + salt = createSalt(22); + break; case MD5: case SHA1: case WHIRLPOOL: diff --git a/src/main/java/fr/xephi/authme/security/crypts/BCRYPT2Y.java b/src/main/java/fr/xephi/authme/security/crypts/BCRYPT2Y.java new file mode 100644 index 000000000..ad7eb62ac --- /dev/null +++ b/src/main/java/fr/xephi/authme/security/crypts/BCRYPT2Y.java @@ -0,0 +1,24 @@ +package fr.xephi.authme.security.crypts; + +import java.security.NoSuchAlgorithmException; + +public class BCRYPT2Y implements EncryptionMethod { + + @Override + public String getHash(String password, String salt, String name) + throws NoSuchAlgorithmException { + if (salt.length() == 22) + salt = "$2y$10$" + salt; + return (BCRYPT.hashpw(password, salt)); + } + + @Override + public boolean comparePassword(String hash, String password, + String playerName) throws NoSuchAlgorithmException { + String ok = hash.substring(29); + if (ok.length() != 29) + return false; + return hash.equals(getHash(password, ok, playerName)); + } + +}