store ssha512 password hash

This commit is contained in:
Peter Hormanns 2020-03-31 20:19:25 +02:00
parent 29f13cf0ca
commit 12eca73c21
5 changed files with 57 additions and 5 deletions

View File

@ -1,6 +1,7 @@
package de.jalin.ldapadmin.beans; package de.jalin.ldapadmin.beans;
import java.io.Serializable; import java.io.Serializable;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
@ -48,9 +49,10 @@ public class User implements Serializable, LDAPBean {
this.password = password; this.password = password;
} }
public void setAndValidatePassword(String password) throws SimplePasswordException { public void setAndValidatePassword(String password) throws SimplePasswordException, NoSuchAlgorithmException {
final PasswordValidator validator = new PasswordValidator(); final PasswordValidator validator = new PasswordValidator();
validator.validate(password); validator.validate(password);
validator.createSaltedSHA512Hash(password);
this.password = password; this.password = password;
} }

View File

@ -1,8 +1,20 @@
package de.jalin.ldapadmin.ldap; package de.jalin.ldapadmin.ldap;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import org.apache.commons.codec.binary.Base64;
public class PasswordValidator { public class PasswordValidator {
private static final int MIN_PASSWORD_LEN = 6; private static final int MIN_PASSWORD_LEN = 6;
private static final Base64 BASE64 = new Base64();
private static final String LABEL = "{SSHA512}";
private static final String SALT_CHARACTERS =
"abcdefghijklmnopqrstuvwxyz"
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "0123456789$_";
public void validate(final String password) throws SimplePasswordException { public void validate(final String password) throws SimplePasswordException {
if (password == null || password.isEmpty()) { if (password == null || password.isEmpty()) {
@ -38,4 +50,35 @@ public class PasswordValidator {
} }
} }
public static String randomSalt() {
final StringBuffer buffer = new StringBuffer();
for (int i=0; i < 8; i++) {
double randomValue = Math.random() * 64.0f - 0.5d;
int randomIndex = Math.round((float)randomValue);
if (randomIndex < 0 || randomIndex >= SALT_CHARACTERS.length()) {
randomIndex = 0;
}
buffer.append(SALT_CHARACTERS.charAt(randomIndex));
}
return buffer.toString();
}
public String createSaltedSHA512Hash(String passwd) throws NoSuchAlgorithmException {
return createSaltedSHA512Hash(randomSalt(), passwd);
}
public static String createSaltedSHA512Hash(String salt, String passwd) throws NoSuchAlgorithmException {
final byte[] saltBytes = salt.getBytes();
MessageDigest sha = MessageDigest.getInstance("SHA-512");
sha.reset();
sha.update(passwd.getBytes());
sha.update(saltBytes);
byte[] pwHash = sha.digest();
final byte[] hashBytes = new byte[pwHash.length + saltBytes.length];
System.arraycopy(pwHash, 0, hashBytes, 0, pwHash.length);
System.arraycopy(saltBytes, 0, hashBytes, pwHash.length, saltBytes.length);
final String encode = BASE64.encodeAsString(hashBytes);
return LABEL + new String(encode);
}
} }

View File

@ -1,6 +1,7 @@
package de.jalin.ldapadmin.web; package de.jalin.ldapadmin.web;
import java.io.IOException; import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.util.List; import java.util.List;
import java.util.SortedMap; import java.util.SortedMap;
@ -110,7 +111,8 @@ public class ProfileServlet extends AbstractLDAPServlet {
httpSession.setAttribute("errormessage", messages.getString("ProfileServlet.inputfield") + e.getFieldname() + " " + e.getCondition()); httpSession.setAttribute("errormessage", messages.getString("ProfileServlet.inputfield") + e.getFieldname() + " " + e.getCondition());
req.getRequestDispatcher("/user.jsp").forward(req, resp); req.getRequestDispatcher("/user.jsp").forward(req, resp);
return; return;
} } catch (NoSuchAlgorithmException e) {
throwServletException(httpSession, e); }
try { try {
if ("password".equals(operation)) { if ("password".equals(operation)) {
final User oldValue = usersDAO.read(dn); final User oldValue = usersDAO.read(dn);

View File

@ -8,6 +8,7 @@ import java.io.PrintStream;
import java.io.PrintWriter; import java.io.PrintWriter;
import java.io.Writer; import java.io.Writer;
import java.net.InetAddress; import java.net.InetAddress;
import java.security.NoSuchAlgorithmException;
import java.util.Collection; import java.util.Collection;
import java.util.SortedMap; import java.util.SortedMap;
@ -17,6 +18,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSession;
import org.apache.commons.lang.CharEncoding;
import org.apache.commons.net.smtp.SMTPClient; import org.apache.commons.net.smtp.SMTPClient;
import org.apache.commons.net.smtp.SMTPReply; import org.apache.commons.net.smtp.SMTPReply;
import org.apache.commons.net.smtp.SimpleSMTPHeader; import org.apache.commons.net.smtp.SimpleSMTPHeader;
@ -28,7 +30,6 @@ import de.jalin.ldapadmin.hsadmin.MailboxNotFound;
import de.jalin.ldapadmin.ldap.LDAPSessionException; import de.jalin.ldapadmin.ldap.LDAPSessionException;
import de.jalin.ldapadmin.ldap.SimplePasswordException; import de.jalin.ldapadmin.ldap.SimplePasswordException;
import de.jalin.ldapadmin.ldap.UsersDAO; import de.jalin.ldapadmin.ldap.UsersDAO;
import org.apache.commons.lang.CharEncoding;
@WebServlet(name = "ResetPassword", urlPatterns = {"/passwordreset"}, loadOnStartup = 1) @WebServlet(name = "ResetPassword", urlPatterns = {"/passwordreset"}, loadOnStartup = 1)
public class ResetPasswordServlet extends AbstractLDAPServlet { public class ResetPasswordServlet extends AbstractLDAPServlet {
@ -122,7 +123,8 @@ public class ResetPasswordServlet extends AbstractLDAPServlet {
return; return;
} }
throwServletException(httpSession, e); throwServletException(httpSession, e);
} } catch (NoSuchAlgorithmException e) {
throwServletException(httpSession, e); }
} }
} }
} }

View File

@ -1,6 +1,7 @@
package de.jalin.ldapadmin.web; package de.jalin.ldapadmin.web;
import java.io.IOException; import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Iterator; import java.util.Iterator;
import java.util.List; import java.util.List;
@ -137,7 +138,9 @@ public class UserServlet extends AbstractLDAPServlet {
httpSession.setAttribute("errormessage", messages.getString("UserServlet.input_field") + " \"" + e.getFieldname() + "\" " + e.getCondition()); httpSession.setAttribute("errormessage", messages.getString("UserServlet.input_field") + " \"" + e.getFieldname() + "\" " + e.getCondition());
req.getRequestDispatcher("/user.jsp").forward(req, resp); req.getRequestDispatcher("/user.jsp").forward(req, resp);
return; return;
} } catch (NoSuchAlgorithmException e) {
throwServletException(httpSession, e);
}
} }
final GroupsDAO groupsDAO = new GroupsDAO(ldapSession); final GroupsDAO groupsDAO = new GroupsDAO(ldapSession);
try { try {