diff --git a/Workspace/server/src/main/WEB-INF/classes/com/pqt/server/module/account/FileAccountDao.java b/Workspace/server/src/main/WEB-INF/classes/com/pqt/server/module/account/FileAccountDao.java index 3695b015..24364a18 100644 --- a/Workspace/server/src/main/WEB-INF/classes/com/pqt/server/module/account/FileAccountDao.java +++ b/Workspace/server/src/main/WEB-INF/classes/com/pqt/server/module/account/FileAccountDao.java @@ -5,7 +5,7 @@ import com.pqt.core.entities.user_account.AccountLevel; import com.pqt.server.tools.io.ISerialFileManager; import com.pqt.server.tools.io.SimpleSerialFileManagerFactory; import com.pqt.server.tools.security.IHashTool; -import com.pqt.server.tools.security.MD5HashTool; +import com.pqt.server.tools.security.SHA256HashTool; import java.util.*; import java.util.stream.Collectors; @@ -19,7 +19,7 @@ import java.util.stream.Collectors; * Cette classe n'est pas faite pour gérer les accès concurentiels au fichier assurant la persistance, et n'est donc pas * thread-safe. Elle est conçue pour que tous les accès soient effectués depuis un même thread et depuis un unique objet. *

- * Cette classe manipule les mot de passe sous forme chiffrée via un système de hash (md5) + salt, et ne fait pas + * Cette classe manipule les mot de passe sous forme chiffrée via un système de hash (SHA-256) + salt, et ne fait pas * persister les mots de passes non-chiffrées. Les noms d'utilisateurs sont stockés sans chiffrage. */ class FileAccountDao implements IAccountDao { @@ -34,7 +34,7 @@ class FileAccountDao implements IAccountDao { FileAccountDao() { accountEntries = new HashSet<>(); connectedAccount = new HashSet<>(); - hashTool = new MD5HashTool(); + hashTool = new SHA256HashTool(); fileManager = SimpleSerialFileManagerFactory.getFileManager(AccountEntry.class, ACCOUNT_FILE_NAME); loadFromFile(); } diff --git a/Workspace/server/src/main/WEB-INF/classes/com/pqt/server/tools/security/AbstractSimpleHashTool.java b/Workspace/server/src/main/WEB-INF/classes/com/pqt/server/tools/security/AbstractSimpleHashTool.java new file mode 100644 index 00000000..0cf31c97 --- /dev/null +++ b/Workspace/server/src/main/WEB-INF/classes/com/pqt/server/tools/security/AbstractSimpleHashTool.java @@ -0,0 +1,39 @@ +package com.pqt.server.tools.security; + +import java.math.BigInteger; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; + +public abstract class AbstractSimpleHashTool implements IHashTool { + + private static final String DEFAULT_INSTANCE_CODE = "SHA-256"; + + private String instanceCode; + + @Override + public final String hashAndSalt(String input, String salt) { + String encryptedInput = null; + + if(input == null || salt == null) return null; + + try { + String str = salt+input; + //Create MessageDigest object with the instance code + MessageDigest digest = (instanceCode!=null?MessageDigest.getInstance(instanceCode):MessageDigest.getInstance(DEFAULT_INSTANCE_CODE)); + + //Update input string in message digest + digest.update(str.getBytes(), 0, str.length()); + + //Converts message digest value in base 16 (hex) + encryptedInput = new BigInteger(1, digest.digest()).toString(16); + + } catch (NoSuchAlgorithmException e) { + e.printStackTrace(); + } + return encryptedInput; + } + + protected void setInstanceCode(String instanceCode){ + this.instanceCode = instanceCode; + } +} diff --git a/Workspace/server/src/main/WEB-INF/classes/com/pqt/server/tools/security/IHashTool.java b/Workspace/server/src/main/WEB-INF/classes/com/pqt/server/tools/security/IHashTool.java index 57cee938..9fefd6dc 100644 --- a/Workspace/server/src/main/WEB-INF/classes/com/pqt/server/tools/security/IHashTool.java +++ b/Workspace/server/src/main/WEB-INF/classes/com/pqt/server/tools/security/IHashTool.java @@ -1,5 +1,5 @@ package com.pqt.server.tools.security; public interface IHashTool { - String hashAndSalt(String str, String salt); + String hashAndSalt(String input, String salt); } diff --git a/Workspace/server/src/main/WEB-INF/classes/com/pqt/server/tools/security/MD5HashTool.java b/Workspace/server/src/main/WEB-INF/classes/com/pqt/server/tools/security/MD5HashTool.java index ffb2ebca..b3b34da9 100644 --- a/Workspace/server/src/main/WEB-INF/classes/com/pqt/server/tools/security/MD5HashTool.java +++ b/Workspace/server/src/main/WEB-INF/classes/com/pqt/server/tools/security/MD5HashTool.java @@ -4,27 +4,8 @@ import java.math.BigInteger; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; -public class MD5HashTool implements IHashTool{ - @Override - public String hashAndSalt(String input, String salt) { - String md5 = null; - - if(input == null || salt == null) return null; - - try { - String str = salt+input; - //Create MessageDigest object for MD5 - MessageDigest digest = MessageDigest.getInstance("MD5"); - - //Update input string in message digest - digest.update(str.getBytes(), 0, str.length()); - - //Converts message digest value in base 16 (hex) - md5 = new BigInteger(1, digest.digest()).toString(16); - - } catch (NoSuchAlgorithmException e) { - e.printStackTrace(); - } - return md5; +public class MD5HashTool extends AbstractSimpleHashTool{ + public MD5HashTool() { + setInstanceCode("MD5"); } } diff --git a/Workspace/server/src/main/WEB-INF/classes/com/pqt/server/tools/security/SHA256HashTool.java b/Workspace/server/src/main/WEB-INF/classes/com/pqt/server/tools/security/SHA256HashTool.java new file mode 100644 index 00000000..02db548a --- /dev/null +++ b/Workspace/server/src/main/WEB-INF/classes/com/pqt/server/tools/security/SHA256HashTool.java @@ -0,0 +1,7 @@ +package com.pqt.server.tools.security; + +public class SHA256HashTool extends AbstractSimpleHashTool { + public SHA256HashTool() { + setInstanceCode("SHA-256"); + } +}