Upstream/AuthMeReloaded
1
0
Fork 0
mirror of https://github.com/AuthMe/AuthMeReloaded.git synced 2024-11-03 01:00:18 +01:00
Code Issues Projects Releases Wiki Activity

#369 Fix bcrypt 2y implementation

Browse Source 
- Change salt length to 22: it was once changed on accident during some other commit
This commit is contained in:
ljacqu 2015-12-28 21:03:33 +01:00
parent 48d0a65724
commit 73bc6e286a
3 changed files with 23 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/main/java/fr/xephi/authme/security/crypts/BCRYPT2Y.java
View File

@ -4,19 +4,24 @@ import fr.xephi.authme.security.crypts.description.Recommendation;
import fr.xephi.authme.security.crypts.description.Usage;
@Recommendation(Usage.DOES_NOT_WORK)
public class BCRYPT2Y implements EncryptionMethod {
public class BCRYPT2Y extends HexSaltedMethod {
@Override
public String computeHash(String password, String salt, String name) {
if (salt.length() == 22)
salt = "$2y$10$" + salt;
return (BCRYPT.hashpw(password, salt));
return BCRYPT.hashpw(password, salt);
}
@Override
public boolean comparePassword(String hash, String password, String playerName) {
public boolean comparePassword(String hash, String password, String salt, String playerName) {
String ok = hash.substring(0, 29);
return ok.length() == 29 && hash.equals(computeHash(password, ok, playerName));
}
@Override
public int getSaltLength() {
return 22;
}
}

12
src/test/java/fr/xephi/authme/security/crypts/AbstractEncryptionMethodTest.java
View File

@ -151,7 +151,6 @@ public abstract class AbstractEncryptionMethodTest {
NewEncrMethod method1 = null;
if (method instanceof NewEncrMethod) {
method1 = (NewEncrMethod) method;
if (!method1.hasSeparateSalt()) method1 = null;
}
@ -161,9 +160,14 @@ public abstract class AbstractEncryptionMethodTest {
delim = "); ";
}
if (method1 != null) {
HashResult hashResult = method1.computeHash(password, USERNAME);
System.out.println(String.format("\t\tnew HashResult(\"%s\", \"%s\")%s// %s",
hashResult.getHash(), hashResult.getSalt(), delim, password));
if (method1.hasSeparateSalt()) {
HashResult hashResult = method1.computeHash(password, USERNAME);
System.out.println(String.format("\t\tnew HashResult(\"%s\", \"%s\")%s// %s",
hashResult.getHash(), hashResult.getSalt(), delim, password));
} else {
System.out.println("\t\t\"" + method1.computeHash(password, USERNAME).getHash()
+ "\"" + delim + "// " + password);
}
} else {
System.out.println("\t\t\"" + method.computeHash(password, null, USERNAME)
+ "\"" + delim + "// " + password);

21
src/test/java/fr/xephi/authme/security/crypts/BCRYPT2YTest.java
View File

@ -1,23 +1,16 @@
package fr.xephi.authme.security.crypts;
import fr.xephi.authme.security.PasswordSecurity;
import org.junit.Ignore;
import org.junit.Test;
import java.security.NoSuchAlgorithmException;
/**
* Test for {@link BCRYPT2Y}.
*/
@Ignore
// TODO #369: Fix hash & add standard test
public class BCRYPT2YTest {
public class BCRYPT2YTest extends AbstractEncryptionMethodTest {
@Test
public void shouldCreateHash() throws NoSuchAlgorithmException {
String salt = PasswordSecurity.createSalt(16); // As defined in PasswordSecurity
EncryptionMethod method = new BCRYPT2Y();
System.out.println(method.computeHash("password", salt, "testPlayer"));
public BCRYPT2YTest() {
super(new BCRYPT2Y(),
"$2y$10$da641e404b982edf1c7c0uTU9BcKzfA2vWKV05q6r.dCvm/93wqVK", // password
"$2y$10$e52c48a76f5b86f5da899uiK/HYocyPsfQXESNbP278rIz08LKEP2", // PassWord1
"$2y$10$be6f11548dc5fb4088410ONdC0dXnJ04y1RHcJh5fVF3XK5d.qgqK", // &^%te$t?Pw@_
"$2y$10$a8097db1fa4423b93f1b2eF6rMAGFkSX178fpROf/OvCFtrDebp6K"); // âË_3(íù*
}
}