diff --git a/src/main/java/fr/xephi/authme/security/PasswordSecurity.java b/src/main/java/fr/xephi/authme/security/PasswordSecurity.java index 99f579b9..1ffa423d 100644 --- a/src/main/java/fr/xephi/authme/security/PasswordSecurity.java +++ b/src/main/java/fr/xephi/authme/security/PasswordSecurity.java @@ -90,7 +90,7 @@ public class PasswordSecurity { userSalt.put(playerName, salt); break; case SMF: - return method.getHash(password, null, playerName); + return method.computeHash(password, null, playerName); case PHPBB: salt = createSalt(16); userSalt.put(playerName, salt); @@ -123,7 +123,7 @@ public class PasswordSecurity { method = event.getMethod(); if (method == null) throw new NoSuchAlgorithmException("Unknown hash algorithm"); - return method.getHash(password, salt, playerName); + return method.computeHash(password, salt, playerName); } public static boolean comparePasswordWithHash(String password, String hash, diff --git a/src/main/java/fr/xephi/authme/security/crypts/BCRYPT.java b/src/main/java/fr/xephi/authme/security/crypts/BCRYPT.java index 48c508ce..c94644e9 100644 --- a/src/main/java/fr/xephi/authme/security/crypts/BCRYPT.java +++ b/src/main/java/fr/xephi/authme/security/crypts/BCRYPT.java @@ -508,7 +508,7 @@ public class BCRYPT implements EncryptionMethod { } @Override - public String getHash(String password, String salt, String name) + public String computeHash(String password, String salt, String name) throws NoSuchAlgorithmException { return hashpw(password, salt); } diff --git a/src/main/java/fr/xephi/authme/security/crypts/BCRYPT2Y.java b/src/main/java/fr/xephi/authme/security/crypts/BCRYPT2Y.java index 19ad553f..d90af6e4 100644 --- a/src/main/java/fr/xephi/authme/security/crypts/BCRYPT2Y.java +++ b/src/main/java/fr/xephi/authme/security/crypts/BCRYPT2Y.java @@ -7,7 +7,7 @@ import java.security.NoSuchAlgorithmException; public class BCRYPT2Y implements EncryptionMethod { @Override - public String getHash(String password, String salt, String name) + public String computeHash(String password, String salt, String name) throws NoSuchAlgorithmException { if (salt.length() == 22) salt = "$2y$10$" + salt; @@ -20,7 +20,7 @@ public class BCRYPT2Y implements EncryptionMethod { String ok = hash.substring(0, 29); if (ok.length() != 29) return false; - return hash.equals(getHash(password, ok, playerName)); + return hash.equals(computeHash(password, ok, playerName)); } } diff --git a/src/main/java/fr/xephi/authme/security/crypts/CRAZYCRYPT1.java b/src/main/java/fr/xephi/authme/security/crypts/CRAZYCRYPT1.java index e6281810..336d8a4a 100644 --- a/src/main/java/fr/xephi/authme/security/crypts/CRAZYCRYPT1.java +++ b/src/main/java/fr/xephi/authme/security/crypts/CRAZYCRYPT1.java @@ -22,7 +22,7 @@ public class CRAZYCRYPT1 implements EncryptionMethod { } @Override - public String getHash(String password, String salt, String name) + public String computeHash(String password, String salt, String name) throws NoSuchAlgorithmException { final String text = "ÜÄaeut//&/=I " + password + "7421€547" + name + "__+IÄIH§%NK " + password; try { @@ -37,6 +37,6 @@ public class CRAZYCRYPT1 implements EncryptionMethod { @Override public boolean comparePassword(String hash, String password, String playerName) throws NoSuchAlgorithmException { - return hash.equals(getHash(password, null, playerName)); + return hash.equals(computeHash(password, null, playerName)); } } diff --git a/src/main/java/fr/xephi/authme/security/crypts/CryptPBKDF2.java b/src/main/java/fr/xephi/authme/security/crypts/CryptPBKDF2.java index eeb6cfad..728023be 100644 --- a/src/main/java/fr/xephi/authme/security/crypts/CryptPBKDF2.java +++ b/src/main/java/fr/xephi/authme/security/crypts/CryptPBKDF2.java @@ -11,7 +11,7 @@ import java.util.Arrays; public class CryptPBKDF2 implements EncryptionMethod { @Override - public String getHash(String password, String salt, String name) + public String computeHash(String password, String salt, String name) throws NoSuchAlgorithmException { String result = "pbkdf2_sha256$10000$" + salt + "$"; PBKDF2Parameters params = new PBKDF2Parameters("HmacSHA256", "ASCII", salt.getBytes(), 10000); diff --git a/src/main/java/fr/xephi/authme/security/crypts/CryptPBKDF2Django.java b/src/main/java/fr/xephi/authme/security/crypts/CryptPBKDF2Django.java index f6bbf863..36e6dfe3 100644 --- a/src/main/java/fr/xephi/authme/security/crypts/CryptPBKDF2Django.java +++ b/src/main/java/fr/xephi/authme/security/crypts/CryptPBKDF2Django.java @@ -11,7 +11,7 @@ import java.security.NoSuchAlgorithmException; public class CryptPBKDF2Django implements EncryptionMethod { @Override - public String getHash(String password, String salt, String name) + public String computeHash(String password, String salt, String name) throws NoSuchAlgorithmException { String result = "pbkdf2_sha256$15000$" + salt + "$"; PBKDF2Parameters params = new PBKDF2Parameters("HmacSHA256", "ASCII", salt.getBytes(), 15000); diff --git a/src/main/java/fr/xephi/authme/security/crypts/DOUBLEMD5.java b/src/main/java/fr/xephi/authme/security/crypts/DOUBLEMD5.java index eacf600b..58d30a66 100644 --- a/src/main/java/fr/xephi/authme/security/crypts/DOUBLEMD5.java +++ b/src/main/java/fr/xephi/authme/security/crypts/DOUBLEMD5.java @@ -18,7 +18,7 @@ public class DOUBLEMD5 implements EncryptionMethod { } @Override - public String getHash(String password, String salt, String name) + public String computeHash(String password, String salt, String name) throws NoSuchAlgorithmException { return getMD5(getMD5(password)); } @@ -26,7 +26,7 @@ public class DOUBLEMD5 implements EncryptionMethod { @Override public boolean comparePassword(String hash, String password, String playerName) throws NoSuchAlgorithmException { - return hash.equals(getHash(password, "", "")); + return hash.equals(computeHash(password, "", "")); } } diff --git a/src/main/java/fr/xephi/authme/security/crypts/EncryptionMethod.java b/src/main/java/fr/xephi/authme/security/crypts/EncryptionMethod.java index 97da85d3..f925c10d 100644 --- a/src/main/java/fr/xephi/authme/security/crypts/EncryptionMethod.java +++ b/src/main/java/fr/xephi/authme/security/crypts/EncryptionMethod.java @@ -3,36 +3,31 @@ package fr.xephi.authme.security.crypts; import java.security.NoSuchAlgorithmException; /** - *

- * Public interface for Custom Password encryption method - *

- *

- * The getHash function is called when we need to crypt the password (/register - * usually) - *

- *

- * The comparePassword is called when we need to match password (/login usually) - *

+ * Public interface for custom password encryption methods. */ public interface EncryptionMethod { /** - * @param password - * @param salt (can be an other data like playerName;salt , playerName, - * etc... for customs methods) - * @param name String + * Hash the given password with the given salt for the given player. * - * @return Hashing password + * @param password The clear-text password to hash + * @param salt The salt to add to the hash + * @param name The player's name (sometimes required for storing the salt separately in the database) + * + * @return The hashed password */ - String getHash(String password, String salt, String name) + String computeHash(String password, String salt, String name) throws NoSuchAlgorithmException; /** - * @param hash - * @param password - * @param playerName + * Check whether a given hash matches the clear-text password. * - * @return true if password match, false else + * @param hash The hash to verify + * @param password The clear-text password to verify the hash against + * @param playerName The player name to do the check for (sometimes required for retrieving + * the salt from the database) + * + * @return True if the password matches, false otherwise */ boolean comparePassword(String hash, String password, String playerName) throws NoSuchAlgorithmException; diff --git a/src/main/java/fr/xephi/authme/security/crypts/IPB3.java b/src/main/java/fr/xephi/authme/security/crypts/IPB3.java index 09030311..93abdaf1 100644 --- a/src/main/java/fr/xephi/authme/security/crypts/IPB3.java +++ b/src/main/java/fr/xephi/authme/security/crypts/IPB3.java @@ -20,7 +20,7 @@ public class IPB3 implements EncryptionMethod { } @Override - public String getHash(String password, String salt, String name) + public String computeHash(String password, String salt, String name) throws NoSuchAlgorithmException { return getMD5(getMD5(salt) + getMD5(password)); } @@ -29,6 +29,6 @@ public class IPB3 implements EncryptionMethod { public boolean comparePassword(String hash, String password, String playerName) throws NoSuchAlgorithmException { String salt = AuthMe.getInstance().database.getAuth(playerName).getSalt(); - return hash.equals(getHash(password, salt, playerName)); + return hash.equals(computeHash(password, salt, playerName)); } } diff --git a/src/main/java/fr/xephi/authme/security/crypts/JOOMLA.java b/src/main/java/fr/xephi/authme/security/crypts/JOOMLA.java index 8e2dc7b8..41f6fe35 100644 --- a/src/main/java/fr/xephi/authme/security/crypts/JOOMLA.java +++ b/src/main/java/fr/xephi/authme/security/crypts/JOOMLA.java @@ -18,7 +18,7 @@ public class JOOMLA implements EncryptionMethod { } @Override - public String getHash(String password, String salt, String name) + public String computeHash(String password, String salt, String name) throws NoSuchAlgorithmException { return getMD5(password + salt) + ":" + salt; } diff --git a/src/main/java/fr/xephi/authme/security/crypts/MD5.java b/src/main/java/fr/xephi/authme/security/crypts/MD5.java index b2e9116a..8e20dbf4 100644 --- a/src/main/java/fr/xephi/authme/security/crypts/MD5.java +++ b/src/main/java/fr/xephi/authme/security/crypts/MD5.java @@ -18,7 +18,7 @@ public class MD5 implements EncryptionMethod { } @Override - public String getHash(String password, String salt, String name) + public String computeHash(String password, String salt, String name) throws NoSuchAlgorithmException { return getMD5(password); } @@ -26,6 +26,6 @@ public class MD5 implements EncryptionMethod { @Override public boolean comparePassword(String hash, String password, String playerName) throws NoSuchAlgorithmException { - return hash.equals(getHash(password, "", "")); + return hash.equals(computeHash(password, "", "")); } } diff --git a/src/main/java/fr/xephi/authme/security/crypts/MD5VB.java b/src/main/java/fr/xephi/authme/security/crypts/MD5VB.java index 90ea7fc3..e54f8ad3 100644 --- a/src/main/java/fr/xephi/authme/security/crypts/MD5VB.java +++ b/src/main/java/fr/xephi/authme/security/crypts/MD5VB.java @@ -18,7 +18,7 @@ public class MD5VB implements EncryptionMethod { } @Override - public String getHash(String password, String salt, String name) + public String computeHash(String password, String salt, String name) throws NoSuchAlgorithmException { return "$MD5vb$" + salt + "$" + getMD5(getMD5(password) + salt); } @@ -27,7 +27,7 @@ public class MD5VB implements EncryptionMethod { public boolean comparePassword(String hash, String password, String playerName) throws NoSuchAlgorithmException { String[] line = hash.split("\\$"); - return hash.equals(getHash(password, line[2], "")); + return hash.equals(computeHash(password, line[2], "")); } } diff --git a/src/main/java/fr/xephi/authme/security/crypts/MYBB.java b/src/main/java/fr/xephi/authme/security/crypts/MYBB.java index 444bac47..7232dd18 100644 --- a/src/main/java/fr/xephi/authme/security/crypts/MYBB.java +++ b/src/main/java/fr/xephi/authme/security/crypts/MYBB.java @@ -20,7 +20,7 @@ public class MYBB implements EncryptionMethod { } @Override - public String getHash(String password, String salt, String name) + public String computeHash(String password, String salt, String name) throws NoSuchAlgorithmException { return getMD5(getMD5(salt) + getMD5(password)); } @@ -29,6 +29,6 @@ public class MYBB implements EncryptionMethod { public boolean comparePassword(String hash, String password, String playerName) throws NoSuchAlgorithmException { String salt = AuthMe.getInstance().database.getAuth(playerName).getSalt(); - return hash.equals(getHash(password, salt, playerName)); + return hash.equals(computeHash(password, salt, playerName)); } } diff --git a/src/main/java/fr/xephi/authme/security/crypts/PHPBB.java b/src/main/java/fr/xephi/authme/security/crypts/PHPBB.java index abac8763..ff2e256e 100644 --- a/src/main/java/fr/xephi/authme/security/crypts/PHPBB.java +++ b/src/main/java/fr/xephi/authme/security/crypts/PHPBB.java @@ -137,7 +137,7 @@ public class PHPBB implements EncryptionMethod { } @Override - public String getHash(String password, String salt, String name) + public String computeHash(String password, String salt, String name) throws NoSuchAlgorithmException { return phpbb_hash(password, salt); } diff --git a/src/main/java/fr/xephi/authme/security/crypts/PHPFUSION.java b/src/main/java/fr/xephi/authme/security/crypts/PHPFUSION.java index 2d7bc047..4b8646c0 100644 --- a/src/main/java/fr/xephi/authme/security/crypts/PHPFUSION.java +++ b/src/main/java/fr/xephi/authme/security/crypts/PHPFUSION.java @@ -24,7 +24,7 @@ public class PHPFUSION implements EncryptionMethod { } @Override - public String getHash(String password, String salt, String name) + public String computeHash(String password, String salt, String name) throws NoSuchAlgorithmException { String digest = null; String algo = "HmacSHA256"; @@ -54,7 +54,7 @@ public class PHPFUSION implements EncryptionMethod { public boolean comparePassword(String hash, String password, String playerName) throws NoSuchAlgorithmException { String salt = AuthMe.getInstance().database.getAuth(playerName).getSalt(); - return hash.equals(getHash(password, salt, "")); + return hash.equals(computeHash(password, salt, "")); } } diff --git a/src/main/java/fr/xephi/authme/security/crypts/PLAINTEXT.java b/src/main/java/fr/xephi/authme/security/crypts/PLAINTEXT.java index 0e811786..8dec71ad 100644 --- a/src/main/java/fr/xephi/authme/security/crypts/PLAINTEXT.java +++ b/src/main/java/fr/xephi/authme/security/crypts/PLAINTEXT.java @@ -7,7 +7,7 @@ import java.security.NoSuchAlgorithmException; public class PLAINTEXT implements EncryptionMethod { @Override - public String getHash(String password, String salt, String name) + public String computeHash(String password, String salt, String name) throws NoSuchAlgorithmException { return password; } diff --git a/src/main/java/fr/xephi/authme/security/crypts/ROYALAUTH.java b/src/main/java/fr/xephi/authme/security/crypts/ROYALAUTH.java index 76303d3f..41e658ec 100644 --- a/src/main/java/fr/xephi/authme/security/crypts/ROYALAUTH.java +++ b/src/main/java/fr/xephi/authme/security/crypts/ROYALAUTH.java @@ -8,7 +8,7 @@ import java.security.NoSuchAlgorithmException; public class ROYALAUTH implements EncryptionMethod { @Override - public String getHash(String password, String salt, String name) + public String computeHash(String password, String salt, String name) throws NoSuchAlgorithmException { for (int i = 0; i < 25; i++) password = hash(password, salt); @@ -29,7 +29,7 @@ public class ROYALAUTH implements EncryptionMethod { @Override public boolean comparePassword(String hash, String password, String playerName) throws NoSuchAlgorithmException { - return hash.equalsIgnoreCase(getHash(password, "", "")); + return hash.equalsIgnoreCase(computeHash(password, "", "")); } } diff --git a/src/main/java/fr/xephi/authme/security/crypts/SALTED2MD5.java b/src/main/java/fr/xephi/authme/security/crypts/SALTED2MD5.java index 24075b72..1de37d50 100644 --- a/src/main/java/fr/xephi/authme/security/crypts/SALTED2MD5.java +++ b/src/main/java/fr/xephi/authme/security/crypts/SALTED2MD5.java @@ -20,7 +20,7 @@ public class SALTED2MD5 implements EncryptionMethod { } @Override - public String getHash(String password, String salt, String name) + public String computeHash(String password, String salt, String name) throws NoSuchAlgorithmException { return getMD5(getMD5(password) + salt); } diff --git a/src/main/java/fr/xephi/authme/security/crypts/SALTEDSHA512.java b/src/main/java/fr/xephi/authme/security/crypts/SALTEDSHA512.java index 02ae097e..e336a13f 100644 --- a/src/main/java/fr/xephi/authme/security/crypts/SALTEDSHA512.java +++ b/src/main/java/fr/xephi/authme/security/crypts/SALTEDSHA512.java @@ -20,7 +20,7 @@ public class SALTEDSHA512 implements EncryptionMethod { } @Override - public String getHash(String password, String salt, String name) + public String computeHash(String password, String salt, String name) throws NoSuchAlgorithmException { return getSHA512(password + salt); } @@ -29,6 +29,6 @@ public class SALTEDSHA512 implements EncryptionMethod { public boolean comparePassword(String hash, String password, String playerName) throws NoSuchAlgorithmException { String salt = AuthMe.getInstance().database.getAuth(playerName).getSalt(); - return hash.equals(getHash(password, salt, "")); + return hash.equals(computeHash(password, salt, "")); } } diff --git a/src/main/java/fr/xephi/authme/security/crypts/SHA1.java b/src/main/java/fr/xephi/authme/security/crypts/SHA1.java index 47ae5ca0..f41c01e9 100644 --- a/src/main/java/fr/xephi/authme/security/crypts/SHA1.java +++ b/src/main/java/fr/xephi/authme/security/crypts/SHA1.java @@ -18,7 +18,7 @@ public class SHA1 implements EncryptionMethod { } @Override - public String getHash(String password, String salt, String name) + public String computeHash(String password, String salt, String name) throws NoSuchAlgorithmException { return getSHA1(password); } @@ -26,7 +26,7 @@ public class SHA1 implements EncryptionMethod { @Override public boolean comparePassword(String hash, String password, String playerName) throws NoSuchAlgorithmException { - return hash.equals(getHash(password, "", "")); + return hash.equals(computeHash(password, "", "")); } } diff --git a/src/main/java/fr/xephi/authme/security/crypts/SHA256.java b/src/main/java/fr/xephi/authme/security/crypts/SHA256.java index e14fac4f..834b208f 100644 --- a/src/main/java/fr/xephi/authme/security/crypts/SHA256.java +++ b/src/main/java/fr/xephi/authme/security/crypts/SHA256.java @@ -18,7 +18,7 @@ public class SHA256 implements EncryptionMethod { } @Override - public String getHash(String password, String salt, String name) + public String computeHash(String password, String salt, String name) throws NoSuchAlgorithmException { return "$SHA$" + salt + "$" + getSHA256(getSHA256(password) + salt); } @@ -27,7 +27,7 @@ public class SHA256 implements EncryptionMethod { public boolean comparePassword(String hash, String password, String playerName) throws NoSuchAlgorithmException { String[] line = hash.split("\\$"); - return hash.equals(getHash(password, line[2], "")); + return hash.equals(computeHash(password, line[2], "")); } } diff --git a/src/main/java/fr/xephi/authme/security/crypts/SHA512.java b/src/main/java/fr/xephi/authme/security/crypts/SHA512.java index ae752b41..888406a1 100644 --- a/src/main/java/fr/xephi/authme/security/crypts/SHA512.java +++ b/src/main/java/fr/xephi/authme/security/crypts/SHA512.java @@ -18,7 +18,7 @@ public class SHA512 implements EncryptionMethod { } @Override - public String getHash(String password, String salt, String name) + public String computeHash(String password, String salt, String name) throws NoSuchAlgorithmException { return getSHA512(password); } @@ -26,6 +26,6 @@ public class SHA512 implements EncryptionMethod { @Override public boolean comparePassword(String hash, String password, String playerName) throws NoSuchAlgorithmException { - return hash.equals(getHash(password, "", "")); + return hash.equals(computeHash(password, "", "")); } } diff --git a/src/main/java/fr/xephi/authme/security/crypts/SMF.java b/src/main/java/fr/xephi/authme/security/crypts/SMF.java index d4f9bcc1..d2d4f74d 100644 --- a/src/main/java/fr/xephi/authme/security/crypts/SMF.java +++ b/src/main/java/fr/xephi/authme/security/crypts/SMF.java @@ -18,7 +18,7 @@ public class SMF implements EncryptionMethod { } @Override - public String getHash(String password, String salt, String name) + public String computeHash(String password, String salt, String name) throws NoSuchAlgorithmException { return getSHA1(name.toLowerCase() + password); } @@ -26,6 +26,6 @@ public class SMF implements EncryptionMethod { @Override public boolean comparePassword(String hash, String password, String playerName) throws NoSuchAlgorithmException { - return hash.equals(getHash(password, null, playerName)); + return hash.equals(computeHash(password, null, playerName)); } } diff --git a/src/main/java/fr/xephi/authme/security/crypts/WBB3.java b/src/main/java/fr/xephi/authme/security/crypts/WBB3.java index 992f6280..a3fe0d5e 100644 --- a/src/main/java/fr/xephi/authme/security/crypts/WBB3.java +++ b/src/main/java/fr/xephi/authme/security/crypts/WBB3.java @@ -20,7 +20,7 @@ public class WBB3 implements EncryptionMethod { } @Override - public String getHash(String password, String salt, String name) + public String computeHash(String password, String salt, String name) throws NoSuchAlgorithmException { return getSHA1(salt.concat(getSHA1(salt.concat(getSHA1(password))))); } @@ -29,6 +29,6 @@ public class WBB3 implements EncryptionMethod { public boolean comparePassword(String hash, String password, String playerName) throws NoSuchAlgorithmException { String salt = AuthMe.getInstance().database.getAuth(playerName).getSalt(); - return hash.equals(getHash(password, salt, "")); + return hash.equals(computeHash(password, salt, "")); } } diff --git a/src/main/java/fr/xephi/authme/security/crypts/WBB4.java b/src/main/java/fr/xephi/authme/security/crypts/WBB4.java index 5a49e06d..05272886 100644 --- a/src/main/java/fr/xephi/authme/security/crypts/WBB4.java +++ b/src/main/java/fr/xephi/authme/security/crypts/WBB4.java @@ -7,7 +7,7 @@ import java.security.NoSuchAlgorithmException; public class WBB4 implements EncryptionMethod { @Override - public String getHash(String password, String salt, String name) + public String computeHash(String password, String salt, String name) throws NoSuchAlgorithmException { return BCRYPT.getDoubleHash(password, salt); } diff --git a/src/main/java/fr/xephi/authme/security/crypts/WHIRLPOOL.java b/src/main/java/fr/xephi/authme/security/crypts/WHIRLPOOL.java index 0e27a04a..0ce0c2e5 100644 --- a/src/main/java/fr/xephi/authme/security/crypts/WHIRLPOOL.java +++ b/src/main/java/fr/xephi/authme/security/crypts/WHIRLPOOL.java @@ -382,17 +382,8 @@ public class WHIRLPOOL implements EncryptionMethod { } } - /** - * Method getHash. - * - * @param password String - * @param salt String - * @param name String - * - * @return String * @throws NoSuchAlgorithmException * @see fr.xephi.authme.security.crypts.EncryptionMethod#getHash(String, String, String) - */ @Override - public String getHash(String password, String salt, String name) + public String computeHash(String password, String salt, String name) throws NoSuchAlgorithmException { byte[] digest = new byte[DIGESTBYTES]; NESSIEinit(); @@ -404,6 +395,6 @@ public class WHIRLPOOL implements EncryptionMethod { @Override public boolean comparePassword(String hash, String password, String playerName) throws NoSuchAlgorithmException { - return hash.equals(getHash(password, "", "")); + return hash.equals(computeHash(password, "", "")); } } diff --git a/src/main/java/fr/xephi/authme/security/crypts/WORDPRESS.java b/src/main/java/fr/xephi/authme/security/crypts/WORDPRESS.java index 1817d975..3147ddbb 100644 --- a/src/main/java/fr/xephi/authme/security/crypts/WORDPRESS.java +++ b/src/main/java/fr/xephi/authme/security/crypts/WORDPRESS.java @@ -102,7 +102,7 @@ public class WORDPRESS implements EncryptionMethod { } @Override - public String getHash(String password, String salt, String name) + public String computeHash(String password, String salt, String name) throws NoSuchAlgorithmException { byte random[] = new byte[6]; this.randomGen.nextBytes(random); diff --git a/src/main/java/fr/xephi/authme/security/crypts/XAUTH.java b/src/main/java/fr/xephi/authme/security/crypts/XAUTH.java index f648677f..aa287ddd 100644 --- a/src/main/java/fr/xephi/authme/security/crypts/XAUTH.java +++ b/src/main/java/fr/xephi/authme/security/crypts/XAUTH.java @@ -16,7 +16,7 @@ public class XAUTH implements EncryptionMethod { } @Override - public String getHash(String password, String salt, String name) + public String computeHash(String password, String salt, String name) throws NoSuchAlgorithmException { String hash = getWhirlpool(salt + password).toLowerCase(); int saltPos = (password.length() >= hash.length() ? hash.length() - 1 : password.length()); @@ -28,7 +28,7 @@ public class XAUTH implements EncryptionMethod { String playerName) throws NoSuchAlgorithmException { int saltPos = (password.length() >= hash.length() ? hash.length() - 1 : password.length()); String salt = hash.substring(saltPos, saltPos + 12); - return hash.equals(getHash(password, salt, "")); + return hash.equals(computeHash(password, salt, "")); } } diff --git a/src/main/java/fr/xephi/authme/security/crypts/XF.java b/src/main/java/fr/xephi/authme/security/crypts/XF.java index 0125a6a7..00a23c8e 100644 --- a/src/main/java/fr/xephi/authme/security/crypts/XF.java +++ b/src/main/java/fr/xephi/authme/security/crypts/XF.java @@ -14,7 +14,7 @@ import java.util.regex.Pattern; public class XF implements EncryptionMethod { @Override - public String getHash(String password, String salt, String name) + public String computeHash(String password, String salt, String name) throws NoSuchAlgorithmException { return getSha256(getSha256(password) + regmatch("\"salt\";.:..:\"(.*)\";.:.:\"hashFunc\"", salt)); } diff --git a/src/test/java/fr/xephi/authme/security/crypts/AbstractEncryptionMethodTest.java b/src/test/java/fr/xephi/authme/security/crypts/AbstractEncryptionMethodTest.java index 03876055..2d2c4aca 100644 --- a/src/test/java/fr/xephi/authme/security/crypts/AbstractEncryptionMethodTest.java +++ b/src/test/java/fr/xephi/authme/security/crypts/AbstractEncryptionMethodTest.java @@ -49,7 +49,7 @@ public abstract class AbstractEncryptionMethodTest { public void testPasswordEquality() { for (String password : INTERNAL_PASSWORDS) { try { - String hash = method.getHash(password, getSalt(method), USERNAME); + String hash = method.computeHash(password, getSalt(method), USERNAME); assertTrue("Generated hash for '" + password + "' should match password (hash = '" + hash + "')", method.comparePassword(hash, password, USERNAME)); if (!password.equals(password.toLowerCase())) { @@ -70,8 +70,9 @@ public abstract class AbstractEncryptionMethodTest { // TODO #364: Remove this method static void generateTest(EncryptionMethod method) { String className = method.getClass().getSimpleName(); + System.out.println("/**\n * Test for {@link " + className + "}.\n */"); System.out.println("public class " + className + "Test extends AbstractEncryptionMethodTest {"); - System.out.println("\tpublic " + className + "Test() {"); + System.out.println("\n\tpublic " + className + "Test() {"); System.out.println("\t\tsuper(new " + className + "(),"); String delim = ", "; @@ -80,14 +81,14 @@ public abstract class AbstractEncryptionMethodTest { delim = "); "; } try { - System.out.println("\t\t\"" + method.getHash(password, getSalt(method), "USERNAME") + System.out.println("\t\t\"" + method.computeHash(password, getSalt(method), USERNAME) + "\"" + delim + "// " + password); } catch (NoSuchAlgorithmException e) { throw new RuntimeException("Could not generate hash", e); } } System.out.println("\t}"); - System.out.println("}"); + System.out.println("\n}"); } // TODO #358: Remove this method and use the new salt method on the interface @@ -95,16 +96,22 @@ public abstract class AbstractEncryptionMethodTest { try { if (method instanceof BCRYPT) { return BCRYPT.gensalt(); - } else if (method instanceof MD5 || method instanceof WORDPRESS) { + } else if (method instanceof MD5 || method instanceof WORDPRESS || method instanceof SMF + || method instanceof SHA512 || method instanceof SHA1 || method instanceof ROYALAUTH + || method instanceof DOUBLEMD5) { return ""; - } else if (method instanceof JOOMLA) { + } else if (method instanceof JOOMLA || method instanceof SALTEDSHA512) { return PasswordSecurity.createSalt(32); - } else if (method instanceof SHA256 || method instanceof PHPBB) { + } else if (method instanceof SHA256 || method instanceof PHPBB || method instanceof WHIRLPOOL + || method instanceof MD5VB || method instanceof BCRYPT2Y) { return PasswordSecurity.createSalt(16); } else if (method instanceof WBB3) { return PasswordSecurity.createSalt(40); - } else if (method instanceof XAUTH) { + } else if (method instanceof XAUTH || method instanceof CryptPBKDF2Django + || method instanceof CryptPBKDF2) { return PasswordSecurity.createSalt(12); + } else if (method instanceof WBB4) { + return BCRYPT.gensalt(8); } } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); diff --git a/src/test/java/fr/xephi/authme/security/crypts/BCRYPT2YTest.java b/src/test/java/fr/xephi/authme/security/crypts/BCRYPT2YTest.java new file mode 100644 index 00000000..d49c1d3c --- /dev/null +++ b/src/test/java/fr/xephi/authme/security/crypts/BCRYPT2YTest.java @@ -0,0 +1,23 @@ +package fr.xephi.authme.security.crypts; + +import fr.xephi.authme.security.PasswordSecurity; +import org.junit.Ignore; +import org.junit.Test; + +import java.security.NoSuchAlgorithmException; + +/** + * Test for {@link BCRYPT2Y}. + */ +@Ignore +// TODO #369: Fix hash & add standard test +public class BCRYPT2YTest { + + @Test + public void shouldCreateHash() throws NoSuchAlgorithmException { + String salt = PasswordSecurity.createSalt(16); // As defined in PasswordSecurity + EncryptionMethod method = new BCRYPT2Y(); + System.out.println(method.computeHash("password", salt, "testPlayer")); + } + +} diff --git a/src/test/java/fr/xephi/authme/security/crypts/CryptPBKDF2DjangoTest.java b/src/test/java/fr/xephi/authme/security/crypts/CryptPBKDF2DjangoTest.java new file mode 100644 index 00000000..f2f22edf --- /dev/null +++ b/src/test/java/fr/xephi/authme/security/crypts/CryptPBKDF2DjangoTest.java @@ -0,0 +1,20 @@ +package fr.xephi.authme.security.crypts; + +import org.junit.Ignore; + +/** + * Test for {@link CryptPBKDF2Django}. + */ +@Ignore +// TODO ljacqu 20151220: testPasswordEquality fails - password matches hash for uppercase password...? +public class CryptPBKDF2DjangoTest extends AbstractEncryptionMethodTest { + + public CryptPBKDF2DjangoTest() { + super(new CryptPBKDF2Django(), + "pbkdf2_sha256$15000$50a7ff2d7e00$t7Qx2CfzMhGEbyCa3Wk5nJvNjj3N+FdxhpwJDerl4Fs=", // password + "pbkdf2_sha256$15000$f9d8a58f3fe2$oMqmMGuJetdubW0cpubmT8CltQLjHT+L2GuwKsaWLx8=", // PassWord1 + "pbkdf2_sha256$15000$1170bc7a31f5$Ex/2aQsXm4kogLIYARpUPn04ccK5LYYjyVPpl32ALjE=", // &^%te$t?Pw@_ + "pbkdf2_sha256$15000$c029bd67eea4$Hfw992SL2WtYQ6g2WLdxA09hbmMDwjrr/Z+uUggbxwo="); // âË_3(íù* + } + +} diff --git a/src/test/java/fr/xephi/authme/security/crypts/CryptPBKDF2Test.java b/src/test/java/fr/xephi/authme/security/crypts/CryptPBKDF2Test.java new file mode 100644 index 00000000..2e9f6380 --- /dev/null +++ b/src/test/java/fr/xephi/authme/security/crypts/CryptPBKDF2Test.java @@ -0,0 +1,20 @@ +package fr.xephi.authme.security.crypts; + +import org.junit.Ignore; + +/** + * Test for {@link CryptPBKDF2}. + */ +@Ignore +// TODO #369: This algorithm seems broken +public class CryptPBKDF2Test extends AbstractEncryptionMethodTest { + + public CryptPBKDF2Test() { + super(new CryptPBKDF2(), + "pbkdf2_sha256$10000$dd9b1cd071f2$[82, -69, -58, -51, 101, 105, 61, -48, -49, 25, 50, -126, 115, 36, 16, -94, 4, 84, -94, 13, -115, -12, 94, -27, 94, -103, 115, -31, -56, -18, 8, 77, 36, 78, -61, 105, -7, -114, 41, 3, 48, 122, 27, 1, 56, 76, 126, 68, -120, 127, -95, 119, -7, 100, -87, -128, -77, 83, -118, 28, 43, 84, 73, 103]", // password + "pbkdf2_sha256$10000$4b3b650288cd$[99, 25, 45, 22, -66, -109, -109, 30, 117, 77, 22, 63, -36, -126, -116, -66, 35, 109, -33, -4, -112, 53, 48, 33, -20, 107, -100, -37, -89, 59, -29, -83, 57, -123, -40, 11, 98, 32, -74, 77, 107, -76, 95, -9, 110, -92, -31, -2, -18, 115, 43, -27, 16, 36, 75, -56, -11, 58, -62, 21, 0, 37, -59, -82]", // PassWord1 + "pbkdf2_sha256$10000$035205f5ab39$[-121, -15, 97, 35, -105, -57, -49, -60, -58, -106, 101, 78, -103, 2, -116, -120, 0, 106, -107, 10, 78, -97, 111, 98, -15, 40, -53, 84, 120, -86, 116, 12, -60, 19, 105, 1, 71, 99, 4, 43, -4, -36, 35, -110, 59, 73, -20, -8, 46, 102, 51, 84, 54, -92, -41, -84, 28, 36, 37, 26, 90, -6, -49, 70]", // &^%te$t?Pw@_ + "pbkdf2_sha256$10000$ca72ded579e9$[-81, 76, -103, 78, 68, -10, -58, -88, -57, 88, -38, 108, 115, -86, 13, -84, 80, 69, 48, 15, 105, 25, -2, 123, 9, 97, 23, -96, 95, -64, -56, 59, -124, 116, 36, 10, 96, -12, -76, -121, -51, 76, -96, -27, 84, 66, 85, 75, 95, -97, -60, -98, -41, -32, -58, 39, 82, -19, -25, 98, -15, -68, 59, -48]"); // âË_3(íù* + } + +} diff --git a/src/test/java/fr/xephi/authme/security/crypts/DOUBLEMD5Test.java b/src/test/java/fr/xephi/authme/security/crypts/DOUBLEMD5Test.java new file mode 100644 index 00000000..53039951 --- /dev/null +++ b/src/test/java/fr/xephi/authme/security/crypts/DOUBLEMD5Test.java @@ -0,0 +1,16 @@ +package fr.xephi.authme.security.crypts; + +/** + * Test for {@link DOUBLEMD5}. + */ +public class DOUBLEMD5Test extends AbstractEncryptionMethodTest { + + public DOUBLEMD5Test() { + super(new DOUBLEMD5(), + "696d29e0940a4957748fe3fc9efd22a3", // password + "c77aa2024d9fb7233a2872452d601aba", // PassWord1 + "fbd5790af706ec19f8a7ef161878758b", // &^%te$t?Pw@_ + "cf3b0b6c6c7a4da95019634fb732aaf0"); // âË_3(íù* + } + +} diff --git a/src/test/java/fr/xephi/authme/security/crypts/MD5VBTest.java b/src/test/java/fr/xephi/authme/security/crypts/MD5VBTest.java new file mode 100644 index 00000000..acb823e6 --- /dev/null +++ b/src/test/java/fr/xephi/authme/security/crypts/MD5VBTest.java @@ -0,0 +1,16 @@ +package fr.xephi.authme.security.crypts; + +/** + * Test for {@link MD5VB}. + */ +public class MD5VBTest extends AbstractEncryptionMethodTest { + + public MD5VBTest() { + super(new MD5VB(), + "$MD5vb$bd9832fffa287321$5006d371fcb813f2347987f902a024ad", // password + "$MD5vb$5e492c1166b5a828$c954fa5ee561700a097826971653b57f", // PassWord1 + "$MD5vb$3ec43cd46a61d70b$59687c0976f2e327b1245c8063f7008c", // &^%te$t?Pw@_ + "$MD5vb$2fb6bf22929e3127$a7155b88e2899561fe16b14ccdb0d935"); // âË_3(íù* + } + +} diff --git a/src/test/java/fr/xephi/authme/security/crypts/ROYALAUTHTest.java b/src/test/java/fr/xephi/authme/security/crypts/ROYALAUTHTest.java new file mode 100644 index 00000000..0de9c2f3 --- /dev/null +++ b/src/test/java/fr/xephi/authme/security/crypts/ROYALAUTHTest.java @@ -0,0 +1,16 @@ +package fr.xephi.authme.security.crypts; + +/** + * Test for {@link ROYALAUTH}. + */ +public class ROYALAUTHTest extends AbstractEncryptionMethodTest { + + public ROYALAUTHTest() { + super(new ROYALAUTH(), + "5d21ef9236896bc4ac508e524e2da8a0def555dac1cdfc7259d62900d1d3f553826210c369870673ae2cf1c41abcf4f92670d76af1db044d33559324f5c2a339", // password + "ecc685f4328bc54093c086ced66c5c11855e117ea22940632d5c0f55fff84d94bfdcc74e05f5d95bbdd052823a7057910748bc1c7a07af96b3e86731a4f11794", // PassWord1 + "2c0b4674f7c2c266db13ae4382cbeee3083167a774f6e73793a6268a0b8b2c3c6b324a99596f4a7958e58c5311c77e25975a3b517ce17adfc4eaece821e3dd19", // &^%te$t?Pw@_ + "f7bdc87552f7f7d19b68de5e6be6e48f4a6f277d9a5b00f470958062ab3a82b6c62ab8df86ef38636a632e10ef7bf8e3b5cafe8af53bb628919a84676ee0b4b7"); // âË_3(íù* + } + +} diff --git a/src/test/java/fr/xephi/authme/security/crypts/SALTEDSHA512Test.java b/src/test/java/fr/xephi/authme/security/crypts/SALTEDSHA512Test.java new file mode 100644 index 00000000..851d8b85 --- /dev/null +++ b/src/test/java/fr/xephi/authme/security/crypts/SALTEDSHA512Test.java @@ -0,0 +1,20 @@ +package fr.xephi.authme.security.crypts; + +import org.junit.Ignore; + +/** + * Test for {@link SALTEDSHA512}. + */ +@Ignore +// TODO ljacqu 20151220: Currently cannot test because of closely coupled database call inside of class +public class SALTEDSHA512Test extends AbstractEncryptionMethodTest { + + public SALTEDSHA512Test() { + super(new SALTEDSHA512(), + "c8efe95e1ab02d9a0e7c7d11d4ac3cc068a8405b5810aac3a1b8b01927ab059563438131dc995156739daf74db40ffdc79b78f6aec9b2a468fe106b88c66c204", // password + "74c61af1bcbb3293cdc0959c7323d50be28c167eddc7a1b7eb029e38263c2cfb6eb090f41370a65249752aa316fa851091c2bd8420302e87d383529beea735b4", // PassWord1 + "08eefcca4a17876441ebe61a02e8bc62cab7502dd87f8ec3b7f82edb2adace791b8dad31e74c5513cf99be502b732f5c5efffb239f4590d5c600d066a7037908", // &^%te$t?Pw@_ + "a122490c4c7c18ad665b5ac9617c948741468a787a2ba42c6fd2530ea1d7874681b8575ee9a8907c42ff65dac69e4ada2852789759c17d51865ca915b259a65a"); // âË_3(íù* + } + +} diff --git a/src/test/java/fr/xephi/authme/security/crypts/SMFTest.java b/src/test/java/fr/xephi/authme/security/crypts/SMFTest.java new file mode 100644 index 00000000..8ba3b197 --- /dev/null +++ b/src/test/java/fr/xephi/authme/security/crypts/SMFTest.java @@ -0,0 +1,16 @@ +package fr.xephi.authme.security.crypts; + +/** + * Test for {@link SMF}. + */ +public class SMFTest extends AbstractEncryptionMethodTest { + + public SMFTest() { + super(new SMF(), + "9b361c66977bb059d460a20d3c21fb3394772df5", // password + "31a560bdd095a837945d46add1605108ba87b268", // PassWord1 + "8d4b84544e0891be8c183fe9b1003cfac18c51a1", // &^%te$t?Pw@_ + "03cca5af1eb0a93be47777651b2e7be4fd5d537d"); // âË_3(íù* + } + +} diff --git a/src/test/java/fr/xephi/authme/security/crypts/Sha1Test.java b/src/test/java/fr/xephi/authme/security/crypts/Sha1Test.java new file mode 100644 index 00000000..620cef27 --- /dev/null +++ b/src/test/java/fr/xephi/authme/security/crypts/Sha1Test.java @@ -0,0 +1,16 @@ +package fr.xephi.authme.security.crypts; + +/** + * Test for {@link SHA1}. + */ +public class Sha1Test extends AbstractEncryptionMethodTest { + + public Sha1Test() { + super(new SHA1(), + "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8", // password + "285d0c707f9644b75e1a87a62f25d0efb56800f0", // PassWord1 + "a42ef8e61e890af80461ca5dcded25cbfcf407a4", // &^%te$t?Pw@_ + "64a8fb6e043105ba6cf3f2d63d59ca24d80aabbb"); // âË_3(íù* + } + +} diff --git a/src/test/java/fr/xephi/authme/security/crypts/Sha512Test.java b/src/test/java/fr/xephi/authme/security/crypts/Sha512Test.java new file mode 100644 index 00000000..17ba989c --- /dev/null +++ b/src/test/java/fr/xephi/authme/security/crypts/Sha512Test.java @@ -0,0 +1,16 @@ +package fr.xephi.authme.security.crypts; + +/** + * Test for {@link SHA512}. + */ +public class Sha512Test extends AbstractEncryptionMethodTest { + + public Sha512Test() { + super(new SHA512(), + "b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86", // password + "ae9942149995a8171391625b36da134d5e288c721650d7c8d2d464fb49a49f3f551e4916ab1e097d9dd1201b01d69b1dccdefa3d2524a66092fb61b3df6e7e71", // PassWord1 + "8c4f3df78db191142d819a72c16058b9e1ea41ae9b1649e1184eb89e30344c51c9c71039c483cf2f1b76b51480d8459d7eb3cfbaa24b07f2041d1551af4ead75", // &^%te$t?Pw@_ + "9db561d04daa6086538444181f1a2ed180bbc5191df2a50c5c1be0c62b510e1dc32936c259e7138d4aa544ce5b60820fa4ead0362aeef730f86d360dc325d824"); // âË_3(íù* + } + +} diff --git a/src/test/java/fr/xephi/authme/security/crypts/WBB4Test.java b/src/test/java/fr/xephi/authme/security/crypts/WBB4Test.java new file mode 100644 index 00000000..3579be2f --- /dev/null +++ b/src/test/java/fr/xephi/authme/security/crypts/WBB4Test.java @@ -0,0 +1,20 @@ +package fr.xephi.authme.security.crypts; + +import org.junit.Ignore; + +/** + * Test for {@link WBB4}. + */ +@Ignore +// TODO #369: Fix WBB4 hash and un-ignore this test +public class WBB4Test extends AbstractEncryptionMethodTest { + + public WBB4Test() { + super(new WBB4(), + "$2a$08$GktrHRoOk0EHrl3ONsFmieIbjq7EIzBx8dhsWiCmn6sWwO3b3DoRO", // password + "$2a$08$ouvtovnHgPWz6YHuOhyct.I2/j1xTOLG8OTuEn1/YqtkiRJYUV7lq", // PassWord1 + "$2a$08$z.qWFh7k0qvIu5.qiq/Wuu2HDCNH7LNlMDNhN61F1ISsV8wZRKD0.", // &^%te$t?Pw@_ + "$2a$08$OU8e9dncXyz8UP5Z.gWP8Os1IK89pspCS4FPzj8hBjgCWmjbLVcO2"); // âË_3(íù* + } + +} diff --git a/src/test/java/fr/xephi/authme/security/crypts/WHIRLPOOLTest.java b/src/test/java/fr/xephi/authme/security/crypts/WHIRLPOOLTest.java new file mode 100644 index 00000000..1fbc94fd --- /dev/null +++ b/src/test/java/fr/xephi/authme/security/crypts/WHIRLPOOLTest.java @@ -0,0 +1,16 @@ +package fr.xephi.authme.security.crypts; + +/** + * Test for {@link WHIRLPOOL}. + */ +public class WHIRLPOOLTest extends AbstractEncryptionMethodTest { + + public WHIRLPOOLTest() { + super(new WHIRLPOOL(), + "74DFC2B27ACFA364DA55F93A5CAEE29CCAD3557247EDA238831B3E9BD931B01D77FE994E4F12B9D4CFA92A124461D2065197D8CF7F33FC88566DA2DB2A4D6EAE", // password + "819B4CBD26508E39EA76BFE102DCF2ACC87A446747CAB0BD88522B0822A724583E81B6A4BD2CE255DB694E530B659F47D434EEB50344A02F50B64414C9671583", // PassWord1 + "71ECB0E5AEAB006F5336348076AA6A8E46075AEC9E010C7055BA1334B57746F2A9D8A8799BDD9B7EB4AB7544A59D25F469C8BCA2067508ACBA62A929260A1E17", // &^%te$t?Pw@_ + "CBFEFB3DD7FC6D7F88E006955CFFE07758C74216A825A355D67AE352DA99D8F17FA00CB5CB6875A90BAB4992121E786F57E7B3602232002752925E4DC545C414"); // âË_3(íù* + } + +}