From a2a2177728653e8921db1558dff575a862b40143 Mon Sep 17 00:00:00 2001 From: CyB3RC0nN0R Date: Wed, 8 Jul 2020 12:32:24 +0200 Subject: [PATCH] Store password instead of password hash in LoginCredentials --- .../java/envoy/data/LoginCredentials.java | 57 +++++-------------- 1 file changed, 15 insertions(+), 42 deletions(-) diff --git a/src/main/java/envoy/data/LoginCredentials.java b/src/main/java/envoy/data/LoginCredentials.java index afffd4b..6257c10 100644 --- a/src/main/java/envoy/data/LoginCredentials.java +++ b/src/main/java/envoy/data/LoginCredentials.java @@ -1,13 +1,11 @@ package envoy.data; import java.io.Serializable; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.util.Formatter; /** - * Contains a {@link User}'s login information.
- *
+ * Contains a {@link User}'s login / registration information as well as the + * client version. + *

* Project: envoy-common
* File: LoginCredentials.java
* Created: 29.12.2019
@@ -15,58 +13,33 @@ import java.util.Formatter; * @author Kai S. K. Engelbart * @since Envoy Common v0.2-alpha */ -public class LoginCredentials implements Serializable { +public final class LoginCredentials implements Serializable { - private final String identifier; - private final byte[] passwordHash; + private final String identifier, password, clientVersion; private final boolean registration; - private final String clientVersion; - private static final long serialVersionUID = 1; + private static final long serialVersionUID = 2; /** - * Creates an instance of {@link LoginCredentials} for a new {@link User}. + * Initializes login credentials for a handshake. * * @param identifier the identifier of the user - * @param password the password of the user (will be converted to a hash) + * @param password the password of the user * @param registration signifies that these credentials are used for user * registration instead of user login * @param clientVersion the version of the client sending these credentials - * @since Envoy Common v0.2-alpha + * @since Envoy Common v0.1-beta */ - public LoginCredentials(String identifier, char[] password, boolean registration, String clientVersion) { + public LoginCredentials(String identifier, String password, boolean registration, String clientVersion) { this.identifier = identifier; - passwordHash = getSha256(toByteArray(password)); + this.password = password; this.registration = registration; this.clientVersion = clientVersion; } - private byte[] getSha256(byte[] input) { - try { - return MessageDigest.getInstance("SHA-256").digest(input); - } catch (NoSuchAlgorithmException e) { - // This will never happen - throw new RuntimeException(e); - } - } - - private byte[] toByteArray(char[] chars) { - byte[] bytes = new byte[chars.length * 2]; - for (int i = 0; i < chars.length; ++i) { - bytes[i * 2] = (byte) (chars[i] >> 8); - bytes[i * 2 + 1] = (byte) (chars[i]); - } - return bytes; - } - @Override public String toString() { - try (Formatter form = new Formatter()) { - form.format("LoginCredentials[identifier=%s,passwordHash=", identifier); - for (int i = 0; i < 3; i++) - form.format("%02x", passwordHash[i]); - return form.format(",registration=%b]", registration).toString(); - } + return String.format("LoginCredentials[identifier=%s,registration=%b,clientVersion=%s]", identifier, registration, clientVersion); } /** @@ -76,10 +49,10 @@ public class LoginCredentials implements Serializable { public String getIdentifier() { return identifier; } /** - * @return the password hash of the user performing the login - * @since Envoy Common v0.2-alpha + * @return the password of the user performing the login + * @since Envoy Common v0.1-beta */ - public byte[] getPasswordHash() { return passwordHash; } + public String getPassword() { return password; } /** * @return {@code true} if these credentials are used for user registration