From ca5b199bcb3126318d81aa62824c18cf1549d4b2 Mon Sep 17 00:00:00 2001 From: Roland Haeder Date: Tue, 13 Oct 2015 09:38:52 +0200 Subject: [PATCH] =?utf8?q?Added=20UserUtils.ifPasswordMatches()=20for=20ea?= =?utf8?q?sy=20password=20comparison=20(including=20strong=20salt)=20Signe?= =?utf8?q?d-off-by:Roland=20H=C3=A4der=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit --- .../jusercore/model/user/UserUtils.java | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/src/org/mxchange/jusercore/model/user/UserUtils.java b/src/org/mxchange/jusercore/model/user/UserUtils.java index 8449b9b..c2b484a 100644 --- a/src/org/mxchange/jusercore/model/user/UserUtils.java +++ b/src/org/mxchange/jusercore/model/user/UserUtils.java @@ -18,6 +18,7 @@ package org.mxchange.jusercore.model.user; import org.apache.commons.codec.digest.Crypt; import org.mxchange.jcore.BaseFrameworkSystem; +import org.mxchange.jusercore.container.login.LoginContainer; /** * An utilities class for customers @@ -39,6 +40,15 @@ public class UserUtils extends BaseFrameworkSystem { * @return Hashed user password */ public static String encryptPassword (final String userPassword) { + // Is it null or empty? + if (null == userPassword) { + // Throw NPE + throw new NullPointerException("userPassword is null"); + } else if (userPassword.isEmpty()) { + // Empty passwords are hardcoded not allowed due to security risks + throw new IllegalArgumentException("userPassword is empty"); + } + // Generate large number String number = Long.toString(Math.round(Math.random() * 10_000_000_000L)); @@ -52,6 +62,39 @@ public class UserUtils extends BaseFrameworkSystem { return encryptedPassword; } + /** + * Checks if password from container matches the updatedUser's password + *

+ * @param container Container holding user instance and unencrypted password + * @param updatedUser Updated user instance from database + * @return Whethet the password matches + */ + public static boolean ifPasswordMatches (final LoginContainer container, final User updatedUser) { + // Validate parameters + if (null == container) { + // Throw NPE + throw new NullPointerException("container is null"); + } else if (null == updatedUser) { + // And again NPE ... + throw new NullPointerException("updatedUser is null"); + } else if (container.getUser() == null) { + // NPE for user in container + throw new NullPointerException("container.user is null"); + } else if (container.getUserPassword() == null) { + // NPE for user password in container + throw new NullPointerException("container.userPassword is null"); + } else if (container.getUserPassword().isEmpty()) { + // Empty password in container + throw new IllegalArgumentException("container.userPassword is empty"); + } + + // First encrypt password + String encryptedPassword = Crypt.crypt(container.getUserPassword(), updatedUser.getUserEncryptedPassword()); + + // Is it matching? + return encryptedPassword.equals(updatedUser.getUserEncryptedPassword()); + } + /** * No instance from this class */ -- 2.39.5