From 9a3630b07cb870266669ba120985a2c0a8ebbf5c Mon Sep 17 00:00:00 2001
From: Chaoscaot <chaos@chaoscaot.de>
Date: Tue, 19 Dec 2023 20:49:37 +0100
Subject: [PATCH] Code Review Stuff

---
 src/de/steamwar/sql/SteamwarUser.java | 77 ++++++++++++++++-----------
 1 file changed, 47 insertions(+), 30 deletions(-)

diff --git a/src/de/steamwar/sql/SteamwarUser.java b/src/de/steamwar/sql/SteamwarUser.java
index 514e428..3166124 100644
--- a/src/de/steamwar/sql/SteamwarUser.java
+++ b/src/de/steamwar/sql/SteamwarUser.java
@@ -25,18 +25,28 @@ import lombok.SneakyThrows;
 
 import javax.crypto.SecretKeyFactory;
 import javax.crypto.spec.PBEKeySpec;
+import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
+import java.security.spec.InvalidKeySpecException;
 import java.sql.Timestamp;
 import java.util.*;
+import java.util.function.BiConsumer;
 import java.util.function.Consumer;
 import java.util.logging.Level;
 import java.util.stream.Collectors;
 
 public class SteamwarUser {
     private static final SecureRandom random = new SecureRandom();
+    private static final SecretKeyFactory factory;
 
 	static {
-		new SqlTypeMapper<>(UUID.class, "CHAR(36)", (rs, identifier) -> UUID.fromString(rs.getString(identifier)), (st, index, value) -> st.setString(index, value.toString()));
+        try {
+            factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512");
+        } catch (NoSuchAlgorithmException e) {
+            throw new SecurityException(e);
+        }
+
+        new SqlTypeMapper<>(UUID.class, "CHAR(36)", (rs, identifier) -> UUID.fromString(rs.getString(identifier)), (st, index, value) -> st.setString(index, value.toString()));
 		new SqlTypeMapper<>(Locale.class, "VARCHAR(32)", (rs, identifier) -> {
 			String l = rs.getString(identifier);
 			return l != null ? Locale.forLanguageTag(l) : null;
@@ -110,12 +120,13 @@ public class SteamwarUser {
 		return byDiscord.select(discordId);
 	}
 
-	public static SteamwarUser getOrCreate(UUID uuid, String name, Consumer<UUID> newPlayer) {
+	public static SteamwarUser getOrCreate(UUID uuid, String name, Consumer<UUID> newPlayer, BiConsumer<String, String> nameUpdate) {
 		SteamwarUser user = get(uuid);
 
 		if (user != null) {
 			if (!user.userName.equals(name)) {
 				updateName.update(name, user.id);
+                nameUpdate.accept(user.userName, name);
 				user.userName = name;
 			}
 
@@ -288,44 +299,50 @@ public class SteamwarUser {
 		}
 	}
 
-    @SneakyThrows
     public void setPassword(String password) {
-        byte[] salt = new byte[16];
-        random.nextBytes(salt);
-        String saltString = Base64.getEncoder().encodeToString(salt);
+        try {
+            byte[] salt = new byte[16];
+            random.nextBytes(salt);
+            String saltString = Base64.getEncoder().encodeToString(salt);
 
-        PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 65536, 512);
-        SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512");
-        byte[] hash = factory.generateSecret(spec).getEncoded();
-
-        String hashString = Base64.getEncoder().encodeToString(hash);
-
-        this.password = hashString + ":" + saltString;
-        updatePassword.update(this.password, id);
+            byte[] hash = generateHash(password, salt);
+            String hashString = Base64.getEncoder().encodeToString(hash);
+            this.password = hashString + ":" + saltString;
+            updatePassword.update(this.password, id);
+        } catch (Exception e) {
+            throw new SecurityException(e);
+        }
     }
 
-    @SneakyThrows
     public boolean verifyPassword(String password) {
-        if (this.password == null) {
+        try {
+            if (this.password == null) {
+                return false;
+            }
+
+            String[] parts = this.password.split(":");
+            if (parts.length != 2) {
+                SQLConfig.impl.getLogger().log(Level.SEVERE ,"Invalid password hash for user {0} ({1})", new Object[]{userName, id});
+                return false;
+            }
+
+            String hashString = parts[0];
+            byte[] realHash = Base64.getDecoder().decode(hashString);
+            String saltString = parts[1];
+            byte[] salt = Base64.getDecoder().decode(saltString);
+            byte[] hash = generateHash(password, salt);
+            return Arrays.equals(realHash, hash);
+        } catch (Exception e) {
+            SQLConfig.impl.getLogger().log(Level.SEVERE, "Error while verifying password for user " + userName + " (" + id + ")", e);
             return false;
         }
+    }
 
-        String[] parts = this.password.split(":");
-        if (parts.length != 2) {
-            SQLConfig.impl.getLogger().log(Level.SEVERE ,"Invalid password hash for user {0} ({1})", new Object[]{userName, id});
-            return false;
-        }
-
-        String hashString = parts[0];
-        byte[] realHash = Base64.getDecoder().decode(hashString);
-        String saltString = parts[1];
-        byte[] salt = Base64.getDecoder().decode(saltString);
-
+    private byte[] generateHash(String password, byte[] salt)
+            throws InvalidKeySpecException {
         PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 65536, 512);
-        SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512");
-        byte[] hash = factory.generateSecret(spec).getEncoded();
+        return factory.generateSecret(spec).getEncoded();
 
-        return Arrays.equals(realHash, hash);
     }
 
 	private void initPunishments() {