X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Futil%2FPasswordHash.java;h=ed0d4f3c251903a0400552e1db0f6b2a1e75b20e;hb=4434b6f12f8813b1a32f6c3cbf925cd5b83f1843;hp=aaff22686389c974b7b856e9914f11a91d104146;hpb=943d8e7ed0ea5a9d56e7e694a3cbd849c52bad16;p=gigi.git

diff --git a/src/org/cacert/gigi/util/PasswordHash.java b/src/org/cacert/gigi/util/PasswordHash.java
index aaff2268..ed0d4f3c 100644
--- a/src/org/cacert/gigi/util/PasswordHash.java
+++ b/src/org/cacert/gigi/util/PasswordHash.java
@@ -1,11 +1,36 @@
 package org.cacert.gigi.util;
 
+import java.io.UnsupportedEncodingException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 
+import com.lambdaworks.crypto.SCryptUtil;
+
 public class PasswordHash {
 
-    public static boolean verifyHash(String password, String hash) {
+    /**
+     * Verifies a password hash.
+     * 
+     * @param password
+     *            The password that should result in the given hash.
+     * @param hash
+     *            The hash to verify the password against.
+     * @return <ul>
+     *         <li><code>null</code>, if the password was valid</li>
+     *         <li><code>hash</code>, if the password is valid and the hash
+     *         doesn't need to be updated</li>
+     *         <li>a new hash, if the password is valid but the hash in the
+     *         database needs to be updated.</li>
+     *         </ul>
+     */
+    public static String verifyHash(String password, String hash) {
+        if (hash.contains("$")) {
+            if (SCryptUtil.check(password, hash)) {
+                return hash;
+            } else {
+                return null;
+            }
+        }
         String newhash = sha1(password);
         boolean match = true;
         if (newhash.length() != hash.length()) {
@@ -14,13 +39,17 @@ public class PasswordHash {
         for (int i = 0; i < newhash.length(); i++) {
             match &= newhash.charAt(i) == hash.charAt(i);
         }
-        return match;
+        if (match) {
+            return hash(password);
+        } else {
+            return null;
+        }
     }
 
     private static String sha1(String password) {
         try {
             MessageDigest md = MessageDigest.getInstance("SHA1");
-            byte[] digest = md.digest(password.getBytes());
+            byte[] digest = md.digest(password.getBytes("UTF-8"));
             StringBuffer res = new StringBuffer(digest.length * 2);
             for (int i = 0; i < digest.length; i++) {
                 res.append(Integer.toHexString((digest[i] & 0xF0) >> 4));
@@ -29,10 +58,12 @@ public class PasswordHash {
             return res.toString();
         } catch (NoSuchAlgorithmException e) {
             throw new Error(e);
+        } catch (UnsupportedEncodingException e) {
+            throw new Error(e);
         }
     }
 
     public static String hash(String password) {
-        return sha1(password);
+        return SCryptUtil.scrypt(password, 1 << 14, 8, 1);
     }
 }