package io.lumify.core.model.user;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
public class UserPasswordUtil {
private static final int SALT_LENGTH = 16;
private static final int ITERATION_COUNT = 1000;
private static final int KEY_LENGTH = 64 * 8;
public static final String SHA_1_PRNG = "SHA1PRNG";
public static byte[] getSalt() {
SecureRandom sr;
try {
sr = SecureRandom.getInstance(SHA_1_PRNG);
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException("Could not find algorithm: " + SHA_1_PRNG, e);
}
byte[] salt = new byte[SALT_LENGTH];
sr.nextBytes(salt);
return salt;
}
public static byte[] hashPassword(String password, byte[] salt) {
try {
PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, ITERATION_COUNT, KEY_LENGTH);
SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
return skf.generateSecret(spec).getEncoded();
} catch (InvalidKeySpecException e) {
throw new RuntimeException("Invalid key spec", e);
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException("Could not find algorithm", e);
}
}
public static boolean validatePassword(String password, byte[] salt, byte[] storedPassword) {
byte[] hashedPassword = hashPassword(password, salt);
if (hashedPassword.length != storedPassword.length) {
return false;
}
for (int i = 0; i < storedPassword.length; i++) {
if (hashedPassword[i] != storedPassword[i]) {
return false;
}
}
return true;
}
}