• Search by APIs
• Search by Words
• Search Projects

• Java
• Python
• JavaScript
• TypeScript
• C++
• Scala
• Blog

• auction-website-master
  • src
    • javauction
      • util
        • DateXmlUtil.java
        • UserXmlUtil.java
        • HibernateUtil.java
        • CategoryXmlUtil.java
        • MoneyXmlUtil.java
      • service
        • UserService.java
        • Service.java
        • CategoryService.java
        • NotificationService.java
        • MessagesService.java
        • BidService.java
        • SearchService.java
        • AuctionService.java
        • RatingService.java
      • model
        • AuctionCategoryEntity.java
        • MessagesEntity.java
        • ItemImageEntity.java
        • NotificationEntity.java
        • RecommendationEngine.java
        • AuctionEntity.java
        • RatingEntity.java
        • UserEntity.java
        • CategoryEntity.java
        • BidEntity.java
      • controller
        • notification.java
        • rate.java
        • message.java
        • login.java
        • PasswordAuthentication.java
        • ErrorHandler.java
        • user.java
        • filters
          • XSSFilter.java
          • XSSRequestWrapper.java
          • CharacterEncodingFilter.java
          • sessionFilter.java
          • notificationFilter.java
        • logout.java
        • search.java
        • auction.java
    • hibernate.cfg.xml
  • database
    • auctionDB.sql
  • _config.yml
  • web
    • header.jsp
    • images
      • img404.jpg
    • user
      • auctionSubmit.jsp
      • messages.jsp
      • listYourSubmittedRatings.jsp
      • homepage.jsp
      • listYourReceivedRatings.jsp
      • newAuction.jsp
      • index.jsp
      • listInbox.jsp
      • rating.jsp
      • welcome.jsp
      • listSent.jsp
      • auctionEdit.jsp
    • public
      • error404.jsp
      • customSearch.jsp
      • searchResults.jsp
      • listAuctions.jsp
      • auctionInfo.jsp
      • register.jsp
      • index.jsp
      • backoffice.jsp
    • admin
      • listAuctions.jsp
      • homepage.jsp
      • userInfo.jsp
      • index.jsp
      • downloadAuctions.jsp
      • listUsers.jsp
    • paginationLinks.jsp
    • index.jsp
    • WEB-INF
      • lib
      • web.xml
    • js
      • scripts.js
      • jquery.min.js
      • cookie.js
    • css
      • icons
        • fontello.css
        • font
          • fontello.svg
          • fontello.eot
          • fontello.woff
          • fontello.ttf
          • fontello.woff2
      • organism.css
      • custom.css
      • skeleton.css
  • LICENSE
  • lib
  • README.md
  • screenshots
  • .gitignore

package javauction.controller;

import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Random;

/**
 * A class for secure salted password hashing
 */
public class PasswordAuthentication {

    public static byte[] genSalt() {
        byte[] salt = new byte[16];
        Random rand = new SecureRandom();
        rand.nextBytes(salt);
        return salt;
    }

    public static byte[] hash(char[] password, byte[] salt) {
        PBEKeySpec spec = new PBEKeySpec(password, salt, 5000, 128);
        Arrays.fill(password, Character.MIN_VALUE);
        try {
            SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
            return skf.generateSecret(spec).getEncoded();
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new AssertionError("Error while hashing a password: " + e.getMessage(), e);
        } finally {
            spec.clearPassword();
        }
    }

    public static boolean isExpectedPassword(char[] password, byte[] salt, byte[] expectedHash) {
        byte[] pwdHash = hash(password, salt);
        Arrays.fill(password, Character.MIN_VALUE);
        if (pwdHash.length != expectedHash.length) return false;
        for (int i = 0; i < pwdHash.length; i++) {
            if (pwdHash[i] != expectedHash[i]) return false;
        }
        return true;
    }

}