store ssha512 password hash
This commit is contained in:
parent
29f13cf0ca
commit
12eca73c21
@ -1,6 +1,7 @@
|
|||||||
package de.jalin.ldapadmin.beans;
|
package de.jalin.ldapadmin.beans;
|
||||||
|
|
||||||
import java.io.Serializable;
|
import java.io.Serializable;
|
||||||
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
@ -48,9 +49,10 @@ public class User implements Serializable, LDAPBean {
|
|||||||
this.password = password;
|
this.password = password;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setAndValidatePassword(String password) throws SimplePasswordException {
|
public void setAndValidatePassword(String password) throws SimplePasswordException, NoSuchAlgorithmException {
|
||||||
final PasswordValidator validator = new PasswordValidator();
|
final PasswordValidator validator = new PasswordValidator();
|
||||||
validator.validate(password);
|
validator.validate(password);
|
||||||
|
validator.createSaltedSHA512Hash(password);
|
||||||
this.password = password;
|
this.password = password;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,8 +1,20 @@
|
|||||||
package de.jalin.ldapadmin.ldap;
|
package de.jalin.ldapadmin.ldap;
|
||||||
|
|
||||||
|
import java.security.MessageDigest;
|
||||||
|
import java.security.NoSuchAlgorithmException;
|
||||||
|
|
||||||
|
import org.apache.commons.codec.binary.Base64;
|
||||||
|
|
||||||
|
|
||||||
public class PasswordValidator {
|
public class PasswordValidator {
|
||||||
|
|
||||||
private static final int MIN_PASSWORD_LEN = 6;
|
private static final int MIN_PASSWORD_LEN = 6;
|
||||||
|
private static final Base64 BASE64 = new Base64();
|
||||||
|
private static final String LABEL = "{SSHA512}";
|
||||||
|
private static final String SALT_CHARACTERS =
|
||||||
|
"abcdefghijklmnopqrstuvwxyz"
|
||||||
|
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
|
||||||
|
+ "0123456789$_";
|
||||||
|
|
||||||
public void validate(final String password) throws SimplePasswordException {
|
public void validate(final String password) throws SimplePasswordException {
|
||||||
if (password == null || password.isEmpty()) {
|
if (password == null || password.isEmpty()) {
|
||||||
@ -38,4 +50,35 @@ public class PasswordValidator {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static String randomSalt() {
|
||||||
|
final StringBuffer buffer = new StringBuffer();
|
||||||
|
for (int i=0; i < 8; i++) {
|
||||||
|
double randomValue = Math.random() * 64.0f - 0.5d;
|
||||||
|
int randomIndex = Math.round((float)randomValue);
|
||||||
|
if (randomIndex < 0 || randomIndex >= SALT_CHARACTERS.length()) {
|
||||||
|
randomIndex = 0;
|
||||||
|
}
|
||||||
|
buffer.append(SALT_CHARACTERS.charAt(randomIndex));
|
||||||
|
}
|
||||||
|
return buffer.toString();
|
||||||
|
}
|
||||||
|
|
||||||
|
public String createSaltedSHA512Hash(String passwd) throws NoSuchAlgorithmException {
|
||||||
|
return createSaltedSHA512Hash(randomSalt(), passwd);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static String createSaltedSHA512Hash(String salt, String passwd) throws NoSuchAlgorithmException {
|
||||||
|
final byte[] saltBytes = salt.getBytes();
|
||||||
|
MessageDigest sha = MessageDigest.getInstance("SHA-512");
|
||||||
|
sha.reset();
|
||||||
|
sha.update(passwd.getBytes());
|
||||||
|
sha.update(saltBytes);
|
||||||
|
byte[] pwHash = sha.digest();
|
||||||
|
final byte[] hashBytes = new byte[pwHash.length + saltBytes.length];
|
||||||
|
System.arraycopy(pwHash, 0, hashBytes, 0, pwHash.length);
|
||||||
|
System.arraycopy(saltBytes, 0, hashBytes, pwHash.length, saltBytes.length);
|
||||||
|
final String encode = BASE64.encodeAsString(hashBytes);
|
||||||
|
return LABEL + new String(encode);
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
package de.jalin.ldapadmin.web;
|
package de.jalin.ldapadmin.web;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.SortedMap;
|
import java.util.SortedMap;
|
||||||
|
|
||||||
@ -110,7 +111,8 @@ public class ProfileServlet extends AbstractLDAPServlet {
|
|||||||
httpSession.setAttribute("errormessage", messages.getString("ProfileServlet.inputfield") + e.getFieldname() + " " + e.getCondition());
|
httpSession.setAttribute("errormessage", messages.getString("ProfileServlet.inputfield") + e.getFieldname() + " " + e.getCondition());
|
||||||
req.getRequestDispatcher("/user.jsp").forward(req, resp);
|
req.getRequestDispatcher("/user.jsp").forward(req, resp);
|
||||||
return;
|
return;
|
||||||
}
|
} catch (NoSuchAlgorithmException e) {
|
||||||
|
throwServletException(httpSession, e); }
|
||||||
try {
|
try {
|
||||||
if ("password".equals(operation)) {
|
if ("password".equals(operation)) {
|
||||||
final User oldValue = usersDAO.read(dn);
|
final User oldValue = usersDAO.read(dn);
|
||||||
|
@ -8,6 +8,7 @@ import java.io.PrintStream;
|
|||||||
import java.io.PrintWriter;
|
import java.io.PrintWriter;
|
||||||
import java.io.Writer;
|
import java.io.Writer;
|
||||||
import java.net.InetAddress;
|
import java.net.InetAddress;
|
||||||
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
import java.util.SortedMap;
|
import java.util.SortedMap;
|
||||||
|
|
||||||
@ -17,6 +18,7 @@ import javax.servlet.http.HttpServletRequest;
|
|||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
import javax.servlet.http.HttpSession;
|
import javax.servlet.http.HttpSession;
|
||||||
|
|
||||||
|
import org.apache.commons.lang.CharEncoding;
|
||||||
import org.apache.commons.net.smtp.SMTPClient;
|
import org.apache.commons.net.smtp.SMTPClient;
|
||||||
import org.apache.commons.net.smtp.SMTPReply;
|
import org.apache.commons.net.smtp.SMTPReply;
|
||||||
import org.apache.commons.net.smtp.SimpleSMTPHeader;
|
import org.apache.commons.net.smtp.SimpleSMTPHeader;
|
||||||
@ -28,7 +30,6 @@ import de.jalin.ldapadmin.hsadmin.MailboxNotFound;
|
|||||||
import de.jalin.ldapadmin.ldap.LDAPSessionException;
|
import de.jalin.ldapadmin.ldap.LDAPSessionException;
|
||||||
import de.jalin.ldapadmin.ldap.SimplePasswordException;
|
import de.jalin.ldapadmin.ldap.SimplePasswordException;
|
||||||
import de.jalin.ldapadmin.ldap.UsersDAO;
|
import de.jalin.ldapadmin.ldap.UsersDAO;
|
||||||
import org.apache.commons.lang.CharEncoding;
|
|
||||||
|
|
||||||
@WebServlet(name = "ResetPassword", urlPatterns = {"/passwordreset"}, loadOnStartup = 1)
|
@WebServlet(name = "ResetPassword", urlPatterns = {"/passwordreset"}, loadOnStartup = 1)
|
||||||
public class ResetPasswordServlet extends AbstractLDAPServlet {
|
public class ResetPasswordServlet extends AbstractLDAPServlet {
|
||||||
@ -122,7 +123,8 @@ public class ResetPasswordServlet extends AbstractLDAPServlet {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
throwServletException(httpSession, e);
|
throwServletException(httpSession, e);
|
||||||
}
|
} catch (NoSuchAlgorithmException e) {
|
||||||
|
throwServletException(httpSession, e); }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
package de.jalin.ldapadmin.web;
|
package de.jalin.ldapadmin.web;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Iterator;
|
import java.util.Iterator;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
@ -137,6 +138,8 @@ public class UserServlet extends AbstractLDAPServlet {
|
|||||||
httpSession.setAttribute("errormessage", messages.getString("UserServlet.input_field") + " \"" + e.getFieldname() + "\" " + e.getCondition());
|
httpSession.setAttribute("errormessage", messages.getString("UserServlet.input_field") + " \"" + e.getFieldname() + "\" " + e.getCondition());
|
||||||
req.getRequestDispatcher("/user.jsp").forward(req, resp);
|
req.getRequestDispatcher("/user.jsp").forward(req, resp);
|
||||||
return;
|
return;
|
||||||
|
} catch (NoSuchAlgorithmException e) {
|
||||||
|
throwServletException(httpSession, e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
final GroupsDAO groupsDAO = new GroupsDAO(ldapSession);
|
final GroupsDAO groupsDAO = new GroupsDAO(ldapSession);
|
||||||
|
Loading…
Reference in New Issue
Block a user