fix: ResultSet.getDate is often wrong as it fetches day-precision times

[gigi.git] / src / org / cacert / gigi / util / PasswordHash.java

package org.cacert.gigi.util;

import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Properties;

import com.lambdaworks.crypto.SCryptUtil;

public class PasswordHash {

    /**
     * Verifies a password hash.
     * 
     * @param password
     *            The password that should result in the given hash.
     * @param hash
     *            The hash to verify the password against.
     * @return
     *         <ul>
     *         <li><code>null</code>, if the password was valid</li>
     *         <li><code>hash</code>, if the password is valid and the hash
     *         doesn't need to be updated</li>
     *         <li>a new hash, if the password is valid but the hash in the
     *         database needs to be updated.</li>
     *         </ul>
     */
    public static String verifyHash(String password, String hash) {
        if (password == null || password.isEmpty()) {
            return null;
        }
        if (hash.contains("$")) {
            if (SCryptUtil.check(password, hash)) {
                return hash;
            } else {
                return null;
            }
        }
        String newhash = sha1(password);
        boolean match = true;
        if (newhash.length() != hash.length()) {
            match = false;
        }
        for (int i = 0; i < newhash.length(); i++) {
            match &= newhash.charAt(i) == hash.charAt(i);
        }
        if (match) {
            return hash(password);
        } else {
            return null;
        }
    }

    public static String sha1(String password) {
        try {
            MessageDigest md = MessageDigest.getInstance("SHA1");
            byte[] digest = md.digest(password.getBytes("UTF-8"));
            StringBuffer res = new StringBuffer(digest.length * 2);
            for (int i = 0; i < digest.length; i++) {
                res.append(Integer.toHexString((digest[i] & 0xF0) >> 4));
                res.append(Integer.toHexString(digest[i] & 0xF));
            }
            return res.toString();
        } catch (NoSuchAlgorithmException e) {
            throw new Error(e);
        } catch (UnsupportedEncodingException e) {
            throw new Error(e);
        }
    }

    public static String hash(String password) {
        return SCryptUtil.scrypt(password, N, r, p);
    }

    private static int N = 1 << 14;

    private static int r = 8;

    private static int p = 1;

    private static boolean initialized = false;

    public static synchronized void init(Properties prop) {
        if (initialized) {
            throw new IllegalStateException("Already initialized.");
        }
        String val = prop.getProperty("scrypt.params", "14;8;1");
        String[] parts = val.split(";", 3);
        int N = 1 << Integer.parseInt(parts[0]);
        int r = Integer.parseInt(parts[1]);
        int p = Integer.parseInt(parts[2]);
        checkScryptParams(N, r, p);
        PasswordHash.N = N;
        PasswordHash.r = r;
        PasswordHash.p = p;
        initialized = true;
    }

    private static void checkScryptParams(int N, int r, int p) {
        if (N < 2 || (N & (N - 1)) != 0) {
            throw new IllegalArgumentException("N must be a power of 2 greater than 1");
        }
        if (r <= 0) {
            throw new IllegalArgumentException("Parameter r zero or negative");
        }
        if (p <= 0) {
            throw new IllegalArgumentException("Parameter p zero or negative");
        }

        if (N > Integer.MAX_VALUE / 128 / r) {
            throw new IllegalArgumentException("Parameter N is too large");
        }
        if (r > Integer.MAX_VALUE / 128 / p) {
            throw new IllegalArgumentException("Parameter r is too large");
        }
    }
}