Store password instead of password hash in LoginCredentials

This commit is contained in:
Kai S. K. Engelbart 2020-07-08 12:32:24 +02:00
parent 6f1ecd21f2
commit 267ed6726e

View File

@ -1,13 +1,11 @@
package envoy.data; package envoy.data;
import java.io.Serializable; import java.io.Serializable;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Formatter;
/** /**
* Contains a {@link User}'s login information.<br> * Contains a {@link User}'s login / registration information as well as the
* <br> * client version.
* <p>
* Project: <strong>envoy-common</strong><br> * Project: <strong>envoy-common</strong><br>
* File: <strong>LoginCredentials.java</strong><br> * File: <strong>LoginCredentials.java</strong><br>
* Created: <strong>29.12.2019</strong><br> * Created: <strong>29.12.2019</strong><br>
@ -15,58 +13,33 @@ import java.util.Formatter;
* @author Kai S. K. Engelbart * @author Kai S. K. Engelbart
* @since Envoy Common v0.2-alpha * @since Envoy Common v0.2-alpha
*/ */
public class LoginCredentials implements Serializable { public final class LoginCredentials implements Serializable {
private final String identifier; private final String identifier, password, clientVersion;
private final byte[] passwordHash;
private final boolean registration; private final boolean registration;
private final String clientVersion;
private static final long serialVersionUID = 1; private static final long serialVersionUID = 2;
/** /**
* Creates an instance of {@link LoginCredentials} for a new {@link User}. * Initializes login credentials for a handshake.
* *
* @param identifier the identifier of the user * @param identifier the identifier of the user
* @param password the password of the user (will be converted to a hash) * @param password the password of the user
* @param registration signifies that these credentials are used for user * @param registration signifies that these credentials are used for user
* registration instead of user login * registration instead of user login
* @param clientVersion the version of the client sending these credentials * @param clientVersion the version of the client sending these credentials
* @since Envoy Common v0.2-alpha * @since Envoy Common v0.1-beta
*/ */
public LoginCredentials(String identifier, char[] password, boolean registration, String clientVersion) { public LoginCredentials(String identifier, String password, boolean registration, String clientVersion) {
this.identifier = identifier; this.identifier = identifier;
passwordHash = getSha256(toByteArray(password)); this.password = password;
this.registration = registration; this.registration = registration;
this.clientVersion = clientVersion; this.clientVersion = clientVersion;
} }
private byte[] getSha256(byte[] input) {
try {
return MessageDigest.getInstance("SHA-256").digest(input);
} catch (NoSuchAlgorithmException e) {
// This will never happen
throw new RuntimeException(e);
}
}
private byte[] toByteArray(char[] chars) {
byte[] bytes = new byte[chars.length * 2];
for (int i = 0; i < chars.length; ++i) {
bytes[i * 2] = (byte) (chars[i] >> 8);
bytes[i * 2 + 1] = (byte) (chars[i]);
}
return bytes;
}
@Override @Override
public String toString() { public String toString() {
try (Formatter form = new Formatter()) { return String.format("LoginCredentials[identifier=%s,registration=%b,clientVersion=%s]", identifier, registration, clientVersion);
form.format("LoginCredentials[identifier=%s,passwordHash=", identifier);
for (int i = 0; i < 3; i++)
form.format("%02x", passwordHash[i]);
return form.format(",registration=%b]", registration).toString();
}
} }
/** /**
@ -76,10 +49,10 @@ public class LoginCredentials implements Serializable {
public String getIdentifier() { return identifier; } public String getIdentifier() { return identifier; }
/** /**
* @return the password hash of the user performing the login * @return the password of the user performing the login
* @since Envoy Common v0.2-alpha * @since Envoy Common v0.1-beta
*/ */
public byte[] getPasswordHash() { return passwordHash; } public String getPassword() { return password; }
/** /**
* @return {@code true} if these credentials are used for user registration * @return {@code true} if these credentials are used for user registration