safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 13:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Ticket #269: Password check should also compare usernames. Fix styles.

Browse Source
This commit is contained in:
Michael Jumper
2013-02-22 20:05:27 -08:00
parent 4d62cb9c92
commit fec96bcbd6
1 changed files with 29 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/utility/Sha256PasswordEncryptionUtility.java
View File

@@ -1,3 +1,6 @@
package net.sourceforge.guacamole.net.auth.mysql.utility;
/* ***** BEGIN LICENSE BLOCK ***** /* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
* *
@@ -33,7 +36,6 @@
* the terms of any one of the MPL, the GPL or the LGPL. * the terms of any one of the MPL, the GPL or the LGPL.
* *
* ***** END LICENSE BLOCK ***** */ * ***** END LICENSE BLOCK ***** */
package net.sourceforge.guacamole.net.auth.mysql.utility;
import java.io.UnsupportedEncodingException; import java.io.UnsupportedEncodingException;
import java.security.MessageDigest; import java.security.MessageDigest;
@@ -49,25 +51,45 @@ import net.sourceforge.guacamole.net.auth.Credentials;
public class Sha256PasswordEncryptionUtility implements PasswordEncryptionUtility { public class Sha256PasswordEncryptionUtility implements PasswordEncryptionUtility {
@Override @Override
public boolean checkCredentials(Credentials credentials, byte[] dbPasswordHash, String dbUsername, byte[] dbSalt) { public boolean checkCredentials(Credentials credentials,
byte[] dbPasswordHash, String dbUsername, byte[] dbSalt) {
// If usernames don't match, don't bother comparing passwords, just fail
if (!dbUsername.equals(credentials.getUsername()))
return false;
// Compare bytes of password in credentials against hashed password
byte[] passwordBytes = createPasswordHash(credentials.getPassword(), dbSalt); byte[] passwordBytes = createPasswordHash(credentials.getPassword(), dbSalt);
return Arrays.equals(passwordBytes, dbPasswordHash); return Arrays.equals(passwordBytes, dbPasswordHash);
} }
@Override @Override
public byte[] createPasswordHash(String password, byte[] salt) { public byte[] createPasswordHash(String password, byte[] salt) {
try {
MessageDigest md = MessageDigest.getInstance("SHA-256");
try {
// Build salted password
StringBuilder builder = new StringBuilder(); StringBuilder builder = new StringBuilder();
builder.append(password); builder.append(password);
builder.append(DatatypeConverter.printHexBinary(salt)); builder.append(DatatypeConverter.printHexBinary(salt));
// Hash UTF-8 bytes of salted password
MessageDigest md = MessageDigest.getInstance("SHA-256");
md.update(builder.toString().getBytes("UTF-8")); md.update(builder.toString().getBytes("UTF-8"));
return md.digest(); return md.digest();
} catch (UnsupportedEncodingException ex) { // should not happen
throw new RuntimeException(ex); }
} catch (NoSuchAlgorithmException ex) { // should not happen
// Should not happen
catch (UnsupportedEncodingException ex) {
throw new RuntimeException(ex); throw new RuntimeException(ex);
} }
// Should not happen
catch (NoSuchAlgorithmException ex) {
throw new RuntimeException(ex);
}
} }
} }