Add PWs #61
@ -25,17 +25,27 @@ import lombok.SneakyThrows;
|
|||||||
|
|
||||||
import javax.crypto.SecretKeyFactory;
|
import javax.crypto.SecretKeyFactory;
|
||||||
import javax.crypto.spec.PBEKeySpec;
|
import javax.crypto.spec.PBEKeySpec;
|
||||||
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.security.SecureRandom;
|
import java.security.SecureRandom;
|
||||||
|
import java.security.spec.InvalidKeySpecException;
|
||||||
import java.sql.Timestamp;
|
import java.sql.Timestamp;
|
||||||
import java.util.*;
|
import java.util.*;
|
||||||
|
import java.util.function.BiConsumer;
|
||||||
import java.util.function.Consumer;
|
import java.util.function.Consumer;
|
||||||
import java.util.logging.Level;
|
import java.util.logging.Level;
|
||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
public class SteamwarUser {
|
public class SteamwarUser {
|
||||||
private static final SecureRandom random = new SecureRandom();
|
private static final SecureRandom random = new SecureRandom();
|
||||||
|
private static final SecretKeyFactory factory;
|
||||||
|
|
||||||
static {
|
static {
|
||||||
|
try {
|
||||||
|
factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512");
|
||||||
|
} catch (NoSuchAlgorithmException e) {
|
||||||
|
throw new SecurityException(e);
|
||||||
|
}
|
||||||
|
|
||||||
new SqlTypeMapper<>(UUID.class, "CHAR(36)", (rs, identifier) -> UUID.fromString(rs.getString(identifier)), (st, index, value) -> st.setString(index, value.toString()));
|
new SqlTypeMapper<>(UUID.class, "CHAR(36)", (rs, identifier) -> UUID.fromString(rs.getString(identifier)), (st, index, value) -> st.setString(index, value.toString()));
|
||||||
new SqlTypeMapper<>(Locale.class, "VARCHAR(32)", (rs, identifier) -> {
|
new SqlTypeMapper<>(Locale.class, "VARCHAR(32)", (rs, identifier) -> {
|
||||||
String l = rs.getString(identifier);
|
String l = rs.getString(identifier);
|
||||||
@ -110,12 +120,13 @@ public class SteamwarUser {
|
|||||||
return byDiscord.select(discordId);
|
return byDiscord.select(discordId);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static SteamwarUser getOrCreate(UUID uuid, String name, Consumer<UUID> newPlayer) {
|
public static SteamwarUser getOrCreate(UUID uuid, String name, Consumer<UUID> newPlayer, BiConsumer<String, String> nameUpdate) {
|
||||||
SteamwarUser user = get(uuid);
|
SteamwarUser user = get(uuid);
|
||||||
|
|
||||||
if (user != null) {
|
if (user != null) {
|
||||||
if (!user.userName.equals(name)) {
|
if (!user.userName.equals(name)) {
|
||||||
updateName.update(name, user.id);
|
updateName.update(name, user.id);
|
||||||
|
nameUpdate.accept(user.userName, name);
|
||||||
user.userName = name;
|
user.userName = name;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -288,24 +299,23 @@ public class SteamwarUser {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@SneakyThrows
|
|
||||||
public void setPassword(String password) {
|
public void setPassword(String password) {
|
||||||
|
try {
|
||||||
byte[] salt = new byte[16];
|
byte[] salt = new byte[16];
|
||||||
random.nextBytes(salt);
|
random.nextBytes(salt);
|
||||||
String saltString = Base64.getEncoder().encodeToString(salt);
|
String saltString = Base64.getEncoder().encodeToString(salt);
|
||||||
|
|
||||||
PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 65536, 512);
|
byte[] hash = generateHash(password, salt);
|
||||||
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512");
|
|
||||||
byte[] hash = factory.generateSecret(spec).getEncoded();
|
|
||||||
|
|
||||||
String hashString = Base64.getEncoder().encodeToString(hash);
|
String hashString = Base64.getEncoder().encodeToString(hash);
|
||||||
|
|
||||||
this.password = hashString + ":" + saltString;
|
this.password = hashString + ":" + saltString;
|
||||||
updatePassword.update(this.password, id);
|
updatePassword.update(this.password, id);
|
||||||
|
} catch (Exception e) {
|
||||||
|
throw new SecurityException(e);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@SneakyThrows
|
|
||||||
public boolean verifyPassword(String password) {
|
public boolean verifyPassword(String password) {
|
||||||
|
try {
|
||||||
if (this.password == null) {
|
if (this.password == null) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
@ -320,12 +330,19 @@ public class SteamwarUser {
|
|||||||
byte[] realHash = Base64.getDecoder().decode(hashString);
|
byte[] realHash = Base64.getDecoder().decode(hashString);
|
||||||
String saltString = parts[1];
|
String saltString = parts[1];
|
||||||
byte[] salt = Base64.getDecoder().decode(saltString);
|
byte[] salt = Base64.getDecoder().decode(saltString);
|
||||||
|
byte[] hash = generateHash(password, salt);
|
||||||
PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 65536, 512);
|
|
||||||
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512");
|
|
||||||
byte[] hash = factory.generateSecret(spec).getEncoded();
|
|
||||||
|
|
||||||
return Arrays.equals(realHash, hash);
|
return Arrays.equals(realHash, hash);
|
||||||
|
} catch (Exception e) {
|
||||||
|
SQLConfig.impl.getLogger().log(Level.SEVERE, "Error while verifying password for user " + userName + " (" + id + ")", e);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private byte[] generateHash(String password, byte[] salt)
|
||||||
|
throws InvalidKeySpecException {
|
||||||
|
PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 65536, 512);
|
||||||
|
return factory.generateSecret(spec).getEncoded();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private void initPunishments() {
|
private void initPunishments() {
|
||||||
|
|||||||
Laden…
In neuem Issue referenzieren
Einen Benutzer sperren