You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openmeetings.apache.org by so...@apache.org on 2016/04/11 07:38:23 UTC
svn commit: r1738512 [1/2] - in /openmeetings/application:
branches/3.1.x/openmeetings-core/src/main/java/org/apache/openmeetings/core/data/file/
branches/3.1.x/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/
branches/3.1.x/openmee...
Author: solomax
Date: Mon Apr 11 05:38:22 2016
New Revision: 1738512
URL: http://svn.apache.org/viewvc?rev=1738512&view=rev
Log:
[OPENMEETINGS-1344] SHA256 with salt and 1000 iterations used to encrypt passwords
Added:
openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/CryptProvider.java
- copied, changed from r1738210, openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/ManageCryptStyle.java
openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/ICrypt.java
- copied, changed from r1738510, openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/ICryptString.java
openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/SHA256.java
openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/SHA256Implementation.java
openmeetings/application/branches/3.1.x/openmeetings-util/src/test/
openmeetings/application/branches/3.1.x/openmeetings-util/src/test/java/
openmeetings/application/branches/3.1.x/openmeetings-util/src/test/java/org/
openmeetings/application/branches/3.1.x/openmeetings-util/src/test/java/org/apache/
openmeetings/application/branches/3.1.x/openmeetings-util/src/test/java/org/apache/openmeetings/
openmeetings/application/branches/3.1.x/openmeetings-util/src/test/java/org/apache/openmeetings/util/
openmeetings/application/branches/3.1.x/openmeetings-util/src/test/java/org/apache/openmeetings/util/crypt/
openmeetings/application/branches/3.1.x/openmeetings-util/src/test/java/org/apache/openmeetings/util/crypt/AbstractCryptTest.java
openmeetings/application/branches/3.1.x/openmeetings-util/src/test/java/org/apache/openmeetings/util/crypt/TestSHA.java
openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/CryptProvider.java
- copied, changed from r1738510, openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/ManageCryptStyle.java
openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/ICrypt.java
- copied, changed from r1738510, openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/ICryptString.java
openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/SHA256.java
openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/SHA256Implementation.java
openmeetings/application/trunk/openmeetings-util/src/test/
openmeetings/application/trunk/openmeetings-util/src/test/java/
openmeetings/application/trunk/openmeetings-util/src/test/java/org/
openmeetings/application/trunk/openmeetings-util/src/test/java/org/apache/
openmeetings/application/trunk/openmeetings-util/src/test/java/org/apache/openmeetings/
openmeetings/application/trunk/openmeetings-util/src/test/java/org/apache/openmeetings/util/
openmeetings/application/trunk/openmeetings-util/src/test/java/org/apache/openmeetings/util/crypt/
openmeetings/application/trunk/openmeetings-util/src/test/java/org/apache/openmeetings/util/crypt/AbstractCryptTest.java
openmeetings/application/trunk/openmeetings-util/src/test/java/org/apache/openmeetings/util/crypt/TestSHA.java
Removed:
openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/ICryptString.java
openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/ManageCryptStyle.java
openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/ICryptString.java
openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/ManageCryptStyle.java
Modified:
openmeetings/application/branches/3.1.x/openmeetings-core/src/main/java/org/apache/openmeetings/core/data/file/FileProcessor.java
openmeetings/application/branches/3.1.x/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/ConferenceLibrary.java
openmeetings/application/branches/3.1.x/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/MobileService.java
openmeetings/application/branches/3.1.x/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/PrintService.java
openmeetings/application/branches/3.1.x/openmeetings-core/src/main/java/org/apache/openmeetings/core/session/SessionManager.java
openmeetings/application/branches/3.1.x/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/server/SOAPLoginDao.java
openmeetings/application/branches/3.1.x/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/server/SessiondataDao.java
openmeetings/application/branches/3.1.x/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/user/UserDao.java
openmeetings/application/branches/3.1.x/openmeetings-db/src/main/java/org/apache/openmeetings/db/dto/room/InvitationDTO.java
openmeetings/application/branches/3.1.x/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/user/User.java
openmeetings/application/branches/3.1.x/openmeetings-server/src/site/xdoc/CustomCryptMechanism.xml
openmeetings/application/branches/3.1.x/openmeetings-service/src/main/java/org/apache/openmeetings/service/room/InvitationManager.java
openmeetings/application/branches/3.1.x/openmeetings-service/src/main/java/org/apache/openmeetings/service/user/UserManager.java
openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5.java
openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java
openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5Implementation.java
openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/ResetPage.java
openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/RegisterDialog.java
openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ResetPasswordDialog.java
openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/InvitationDialog.java
openmeetings/application/branches/3.1.x/openmeetings-web/src/test/java/org/apache/openmeetings/test/session/TestHashMapSession.java
openmeetings/application/branches/3.1.x/openmeetings-web/src/test/java/org/apache/openmeetings/test/userdata/TestAuth.java
openmeetings/application/trunk/openmeetings-core/src/main/java/org/apache/openmeetings/core/data/file/FileProcessor.java
openmeetings/application/trunk/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/ConferenceLibrary.java
openmeetings/application/trunk/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/MobileService.java
openmeetings/application/trunk/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/PrintService.java
openmeetings/application/trunk/openmeetings-core/src/main/java/org/apache/openmeetings/core/session/SessionManager.java
openmeetings/application/trunk/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/server/SOAPLoginDao.java
openmeetings/application/trunk/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/server/SessiondataDao.java
openmeetings/application/trunk/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/user/UserDao.java
openmeetings/application/trunk/openmeetings-db/src/main/java/org/apache/openmeetings/db/dto/room/InvitationDTO.java
openmeetings/application/trunk/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/user/User.java
openmeetings/application/trunk/openmeetings-server/src/site/xdoc/CustomCryptMechanism.xml
openmeetings/application/trunk/openmeetings-service/src/main/java/org/apache/openmeetings/service/room/InvitationManager.java
openmeetings/application/trunk/openmeetings-service/src/main/java/org/apache/openmeetings/service/user/UserManager.java
openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5.java
openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java
openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5Implementation.java
openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/ResetPage.java
openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/RegisterDialog.java
openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ResetPasswordDialog.java
openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/InvitationDialog.java
openmeetings/application/trunk/openmeetings-web/src/test/java/org/apache/openmeetings/test/session/TestHashMapSession.java
openmeetings/application/trunk/openmeetings-web/src/test/java/org/apache/openmeetings/test/userdata/TestAuth.java
Modified: openmeetings/application/branches/3.1.x/openmeetings-core/src/main/java/org/apache/openmeetings/core/data/file/FileProcessor.java
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-core/src/main/java/org/apache/openmeetings/core/data/file/FileProcessor.java?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-core/src/main/java/org/apache/openmeetings/core/data/file/FileProcessor.java (original)
+++ openmeetings/application/branches/3.1.x/openmeetings-core/src/main/java/org/apache/openmeetings/core/data/file/FileProcessor.java Mon Apr 11 05:38:22 2016
@@ -68,7 +68,7 @@ public class FileProcessor {
// Generate a random string to prevent any problems with
// foreign characters and duplicates
- String newName = MD5.do_checksum("FILE_" + new Date().getTime());
+ String newName = MD5.checksum("FILE_" + new Date().getTime());
String extDot = f.getName().substring(dotidx, f.getName().length()).toLowerCase();
String ext = extDot.substring(1);
Modified: openmeetings/application/branches/3.1.x/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/ConferenceLibrary.java
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/ConferenceLibrary.java?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/ConferenceLibrary.java (original)
+++ openmeetings/application/branches/3.1.x/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/ConferenceLibrary.java Mon Apr 11 05:38:22 2016
@@ -124,7 +124,7 @@ public class ConferenceLibrary implement
log.debug("saveAsObject" + tObject.size());
- String localFileName = MD5.do_checksum(new Date().toString()) + ".wml";
+ String localFileName = MD5.checksum(new Date().toString()) + ".wml";
LibraryDocumentConverter.writeToLocalFolder(localFileName, tObject);
Modified: openmeetings/application/branches/3.1.x/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/MobileService.java
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/MobileService.java?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/MobileService.java (original)
+++ openmeetings/application/branches/3.1.x/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/MobileService.java Mon Apr 11 05:38:22 2016
@@ -33,6 +33,7 @@ import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.TimeZone;
+import java.util.UUID;
import org.apache.openmeetings.core.remote.red5.ScopeApplicationAdapter;
import org.apache.openmeetings.core.remote.util.SessionVariablesUtil;
@@ -51,7 +52,7 @@ import org.apache.openmeetings.db.entity
import org.apache.openmeetings.db.entity.user.User;
import org.apache.openmeetings.util.CalendarPatterns;
import org.apache.openmeetings.util.OmException;
-import org.apache.openmeetings.util.crypt.ManageCryptStyle;
+import org.apache.openmeetings.util.crypt.CryptProvider;
import org.apache.wicket.util.string.Strings;
import org.red5.logging.Red5LoggerFactory;
import org.red5.server.api.IConnection;
@@ -136,8 +137,7 @@ public class MobileService {
Long langId = Long.valueOf(umap.get("langId"));
//FIXME TODO unify with Register dialog
- String hash = ManageCryptStyle.getInstanceOfCrypt().createPassPhrase(
- login + CalendarPatterns.getDateWithTimeByMiliSeconds(new Date()));
+ String hash = UUID.randomUUID().toString();
String baseURL = cfgDao.getBaseUrl();
boolean sendConfirmation = !Strings.isEmpty(baseURL)
Modified: openmeetings/application/branches/3.1.x/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/PrintService.java
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/PrintService.java?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/PrintService.java (original)
+++ openmeetings/application/branches/3.1.x/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/PrintService.java Mon Apr 11 05:38:22 2016
@@ -52,7 +52,7 @@ public class PrintService {
Long users_id = sessiondataDao.checkSession(SID);
if (AuthLevelUtil.hasUserLevel(userDao.getRights(users_id))) {
String hashRaw = ""+new Date();
- String hash = MD5.do_checksum(hashRaw);
+ String hash = MD5.checksum(hashRaw);
PrintService.addPrintItembyMap(hash, map, width, height);
return hash;
}
Modified: openmeetings/application/branches/3.1.x/openmeetings-core/src/main/java/org/apache/openmeetings/core/session/SessionManager.java
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-core/src/main/java/org/apache/openmeetings/core/session/SessionManager.java?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-core/src/main/java/org/apache/openmeetings/core/session/SessionManager.java (original)
+++ openmeetings/application/branches/3.1.x/openmeetings-core/src/main/java/org/apache/openmeetings/core/session/SessionManager.java Mon Apr 11 05:38:22 2016
@@ -20,7 +20,6 @@ package org.apache.openmeetings.core.ses
import static org.apache.openmeetings.util.OpenmeetingsVariables.webAppRootKey;
-import java.math.BigInteger;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
@@ -28,7 +27,7 @@ import java.util.Date;
import java.util.LinkedList;
import java.util.List;
import java.util.Map.Entry;
-import java.util.Random;
+import java.util.UUID;
import org.apache.openmeetings.core.session.store.IClientPersistenceStore;
import org.apache.openmeetings.db.dao.server.ISessionManager;
@@ -36,7 +35,6 @@ import org.apache.openmeetings.db.dto.ba
import org.apache.openmeetings.db.dto.server.ClientSessionInfo;
import org.apache.openmeetings.db.entity.room.Client;
import org.apache.openmeetings.db.entity.server.Server;
-import org.apache.openmeetings.util.crypt.ManageCryptStyle;
import org.red5.logging.Red5LoggerFactory;
import org.slf4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
@@ -88,11 +86,7 @@ public class SessionManager implements I
rcm.setConnectedSince(new Date());
rcm.setStreamid(streamId);
rcm.setScope(scopeName);
- long random = System.currentTimeMillis() + new BigInteger(256, new Random()).longValue();
-
- rcm.setPublicSID(ManageCryptStyle.getInstanceOfCrypt()
- .createPassPhrase(String.valueOf(random).toString()));
-
+ rcm.setPublicSID(UUID.randomUUID().toString());
rcm.setServer(server);
rcm.setUserport(remotePort);
rcm.setUserip(remoteAddress);
Modified: openmeetings/application/branches/3.1.x/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/server/SOAPLoginDao.java
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/server/SOAPLoginDao.java?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/server/SOAPLoginDao.java (original)
+++ openmeetings/application/branches/3.1.x/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/server/SOAPLoginDao.java Mon Apr 11 05:38:22 2016
@@ -22,13 +22,13 @@ import static org.apache.openmeetings.ut
import java.util.Date;
import java.util.List;
+import java.util.UUID;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.persistence.TypedQuery;
import org.apache.openmeetings.db.entity.server.SOAPLogin;
-import org.apache.openmeetings.util.crypt.ManageCryptStyle;
import org.red5.logging.Red5LoggerFactory;
import org.slf4j.Logger;
import org.springframework.transaction.annotation.Transactional;
@@ -46,16 +46,12 @@ public class SOAPLoginDao {
boolean showNickNameDialog, String landingZone,
boolean allowRecording) {
try {
- String thistime = "TIME_" + (new Date().getTime());
-
- String hash = ManageCryptStyle.getInstanceOfCrypt().createPassPhrase(thistime);
-
SOAPLogin soapLogin = new SOAPLogin();
soapLogin.setCreated(new Date());
soapLogin.setUsed(false);
soapLogin.setRoomId(roomId);
soapLogin.setAllowSameURLMultipleTimes(allowSameURLMultipleTimes);
- soapLogin.setHash(hash);
+ soapLogin.setHash(UUID.randomUUID().toString());
soapLogin.setRecordingId(recordingId);
soapLogin.setSessionHash(sessionHash);
soapLogin.setBecomemoderator(becomemoderator);
@@ -67,8 +63,8 @@ public class SOAPLoginDao {
soapLogin = em.merge(soapLogin);
Long soapLoginId = soapLogin.getId();
- if (soapLoginId > 0) {
- return hash;
+ if (soapLoginId != null) {
+ return soapLogin.getHash();
} else {
throw new Exception("Could not store SOAPLogin");
}
Modified: openmeetings/application/branches/3.1.x/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/server/SessiondataDao.java
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/server/SessiondataDao.java?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/server/SessiondataDao.java (original)
+++ openmeetings/application/branches/3.1.x/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/server/SessiondataDao.java Mon Apr 11 05:38:22 2016
@@ -22,6 +22,7 @@ import static org.apache.openmeetings.ut
import java.util.Date;
import java.util.List;
+import java.util.UUID;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
@@ -29,7 +30,6 @@ import javax.persistence.TypedQuery;
import org.apache.openmeetings.db.entity.room.Client;
import org.apache.openmeetings.db.entity.server.Sessiondata;
-import org.apache.openmeetings.util.crypt.ManageCryptStyle;
import org.red5.logging.Red5LoggerFactory;
import org.slf4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
@@ -60,9 +60,8 @@ public class SessiondataDao {
try {
log.debug("startsession :: startsession");
- long thistime = new Date().getTime();
Sessiondata sessiondata = new Sessiondata();
- sessiondata.setSessionId(ManageCryptStyle.getInstanceOfCrypt().createPassPhrase(String.valueOf(thistime).toString()));
+ sessiondata.setSessionId(UUID.randomUUID().toString());
sessiondata.setRefreshed(new Date());
sessiondata.setCreated(new Date());
sessiondata.setUserId(null);
Modified: openmeetings/application/branches/3.1.x/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/user/UserDao.java
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/user/UserDao.java?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/user/UserDao.java (original)
+++ openmeetings/application/branches/3.1.x/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/user/UserDao.java Mon Apr 11 05:38:22 2016
@@ -57,7 +57,7 @@ import org.apache.openmeetings.db.util.T
import org.apache.openmeetings.db.util.UserHelper;
import org.apache.openmeetings.util.DaoHelper;
import org.apache.openmeetings.util.OmException;
-import org.apache.openmeetings.util.crypt.ManageCryptStyle;
+import org.apache.openmeetings.util.crypt.CryptProvider;
import org.apache.wicket.util.string.Strings;
import org.red5.logging.Red5LoggerFactory;
import org.slf4j.Logger;
@@ -229,13 +229,22 @@ public class UserDao implements IDataPro
return u;
}
+ //this method is required to be able to drop reset hash
+ public User resetPassword(User u, String password) throws NoSuchAlgorithmException {
+ if (u != null) {
+ u.setResethash(null);
+ u = update(u, password, u.getId());
+ }
+ return u;
+ }
+
// TODO: Why the password field is not set via the Model is because its
// FetchType is Lazy, this extra hook here might be not needed with a
// different mechanism to protect the password from being read
// sebawagner, 01.10.2012
- public User update(User user, String password, Long updatedBy) throws NoSuchAlgorithmException, UnsupportedEncodingException {
+ public User update(User user, String password, Long updatedBy) throws NoSuchAlgorithmException {
User u = update(user, updatedBy);
- if (u != null && password != null && !password.isEmpty()) {
+ if (u != null && !Strings.isEmpty(password)) {
//OpenJPA is not allowing to set fields not being fetched before
User u1 = get(u.getId(), true);
u1.updatePassword(cfgDao, password);
@@ -445,11 +454,12 @@ public class UserDao implements IDataPro
* @return
*/
public boolean verifyPassword(Long userId, String password) {
- TypedQuery<Long> query = em.createNamedQuery("checkPassword", Long.class);
- query.setParameter("userId", userId);
- query.setParameter("password", ManageCryptStyle.getInstanceOfCrypt().createPassPhrase(password));
- return Long.valueOf(1).equals(query.getResultList().get(0));
-
+ List<String> l = em.createNamedQuery("getPassword", String.class)
+ .setParameter("userId", userId).getResultList();
+ if (l == null || l.size() != 1) {
+ return false;
+ }
+ return CryptProvider.get().verify(password, l.get(0));
}
public User getContact(String email, Long ownerId) {
Modified: openmeetings/application/branches/3.1.x/openmeetings-db/src/main/java/org/apache/openmeetings/db/dto/room/InvitationDTO.java
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-db/src/main/java/org/apache/openmeetings/db/dto/room/InvitationDTO.java?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-db/src/main/java/org/apache/openmeetings/db/dto/room/InvitationDTO.java (original)
+++ openmeetings/application/branches/3.1.x/openmeetings-db/src/main/java/org/apache/openmeetings/db/dto/room/InvitationDTO.java Mon Apr 11 05:38:22 2016
@@ -35,7 +35,7 @@ import org.apache.openmeetings.db.dao.us
import org.apache.openmeetings.db.entity.room.Invitation;
import org.apache.openmeetings.db.entity.room.Invitation.Valid;
import org.apache.openmeetings.db.entity.user.User.Type;
-import org.apache.openmeetings.util.crypt.ManageCryptStyle;
+import org.apache.openmeetings.util.crypt.CryptProvider;
import org.red5.logging.Red5LoggerFactory;
import org.slf4j.Logger;
@@ -164,7 +164,7 @@ public class InvitationDTO implements Se
i.setHash(UUID.randomUUID().toString());
i.setPasswordProtected(passwordProtected);
if (passwordProtected) {
- i.setPassword(ManageCryptStyle.getInstanceOfCrypt().createPassPhrase(password));
+ i.setPassword(CryptProvider.get().hash(password));
}
i.setUsed(false);
Modified: openmeetings/application/branches/3.1.x/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/user/User.java
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/user/User.java?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/user/User.java (original)
+++ openmeetings/application/branches/3.1.x/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/user/User.java Mon Apr 11 05:38:22 2016
@@ -60,7 +60,7 @@ import org.apache.openmeetings.db.dao.ba
import org.apache.openmeetings.db.entity.IDataProviderEntity;
import org.apache.openmeetings.db.entity.server.Sessiondata;
import org.apache.openmeetings.util.crypt.MD5;
-import org.apache.openmeetings.util.crypt.ManageCryptStyle;
+import org.apache.openmeetings.util.crypt.CryptProvider;
import org.simpleframework.xml.Element;
import org.simpleframework.xml.ElementList;
import org.simpleframework.xml.Root;
@@ -90,8 +90,7 @@ import org.simpleframework.xml.Root;
+ "OR lower(c.firstname) LIKE :search "
+ "OR lower(c.lastname) LIKE :search )"),
@NamedQuery(name = "getAllUsers", query = "SELECT u FROM User u ORDER BY u.id"),
- @NamedQuery(name = "checkPassword", query = "select count(c) from User c where c.deleted = false AND c.id = :userId " //
- + "AND c.password LIKE :password"), //
+ @NamedQuery(name = "getPassword", query = "SELECT u.password FROM User u WHERE u.deleted = false AND u.id = :userId "),
@NamedQuery(name = "updatePassword", query = "UPDATE User u SET u.password = :password WHERE u.id = :userId"), //
@NamedQuery(name = "getNondeletedUsers", query = "SELECT u FROM User u WHERE u.deleted = false"),
@NamedQuery(name = "countNondeletedUsers", query = "SELECT COUNT(u) FROM User u WHERE u.deleted = false"),
@@ -203,7 +202,7 @@ public class User implements IDataProvid
private String login;
@Basic(fetch = FetchType.LAZY)
- @Column(name = "password")
+ @Column(name = "password", length = 1024)
@LoadFetchGroup("backupexport")
@Element(name = "pass", data = true, required = false)
private String password;
@@ -389,11 +388,11 @@ public class User implements IDataProvid
this.login = login;
}
- public void updatePassword(ConfigurationDao configDao, String pass) throws NoSuchAlgorithmException, UnsupportedEncodingException {
+ public void updatePassword(ConfigurationDao configDao, String pass) throws NoSuchAlgorithmException {
updatePassword(configDao, pass, false);
}
- public void updatePassword(ConfigurationDao configDao, String pass, boolean empty) throws NoSuchAlgorithmException, UnsupportedEncodingException {
+ public void updatePassword(ConfigurationDao configDao, String pass, boolean empty) throws NoSuchAlgorithmException {
if (!empty) {
if (invalidPassword(pass, configDao)) {
throw new RuntimeException("Password of invalid length is provided");
@@ -408,13 +407,13 @@ public class User implements IDataProvid
String defaultRoomContext = configDao.getConfValue("red5sip.exten_context", String.class, "rooms");
u.setName(login);
u.setDefaultuser(login);
- u.setMd5secret(MD5.do_checksum(login + ":asterisk:" + pass));
+ u.setMd5secret(MD5.checksum(login + ":asterisk:" + pass));
u.setContext(defaultRoomContext);
u.setHost("dynamic");
} else {
setSipUser(null);
}
- password = ManageCryptStyle.getInstanceOfCrypt().createPassPhrase(pass);
+ password = CryptProvider.get().hash(pass);
}
public String getPassword() {
Modified: openmeetings/application/branches/3.1.x/openmeetings-server/src/site/xdoc/CustomCryptMechanism.xml
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-server/src/site/xdoc/CustomCryptMechanism.xml?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-server/src/site/xdoc/CustomCryptMechanism.xml (original)
+++ openmeetings/application/branches/3.1.x/openmeetings-server/src/site/xdoc/CustomCryptMechanism.xml Mon Apr 11 05:38:22 2016
@@ -45,7 +45,7 @@
<section name="Configuration of Custom Crypt-Style">
<p>
To add your own crypt style you need to write a class which
- implements the interface: org.apache.openmeetings.util.crypt.ICryptString
+ implements the interface: org.apache.openmeetings.util.crypt.ICrypt
<br />
Example of an Implementation:
</p>
@@ -53,24 +53,39 @@
<![CDATA[
package org.apache.openmeetings.util.crypt;
+import static org.apache.openmeetings.util.OpenmeetingsVariables.webAppRootKey;
+
import java.security.NoSuchAlgorithmException;
-public class MD5Implementation implements ICryptString {
- @Override
- public String createPassPhrase(String userGivenPass) {
- String passPhrase = null;
- try {
- passPhrase = MD5.do_checksum(userGivenPass);
- } catch (NoSuchAlgorithmException e) {
- e.printStackTrace();
- }
- return passPhrase;
- }
-
- @Override
- public Boolean verifyPassword(String passGiven, String passwdFromDb) {
- return (passwdFromDb.equals(createPassPhrase(passGiven)));
- }
+import org.red5.logging.Red5LoggerFactory;
+import org.slf4j.Logger;
+
+public class MD5Implementation implements ICrypt {
+ private static final Logger log = Red5LoggerFactory.getLogger(MD5Implementation.class, webAppRootKey);
+
+ /*
+ * (non-Javadoc)
+ * @see org.apache.openmeetings.utils.crypt.ICrypt#hash(java.lang.String)
+ */
+ @Override
+ public String hash(String str) {
+ String passPhrase = null;
+ try {
+ passPhrase = MD5.checksum(str);
+ } catch (NoSuchAlgorithmException e) {
+ log.error("Error", e);
+ }
+ return passPhrase;
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.apache.openmeetings.utils.crypt.ICrypt#verify(java.lang.String, java.lang.String)
+ */
+ @Override
+ public boolean verify(String str, String hash) {
+ return hash != null && hash.equals(hash(str));
+ }
}
]]>
</source>
Modified: openmeetings/application/branches/3.1.x/openmeetings-service/src/main/java/org/apache/openmeetings/service/room/InvitationManager.java
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-service/src/main/java/org/apache/openmeetings/service/room/InvitationManager.java?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-service/src/main/java/org/apache/openmeetings/service/room/InvitationManager.java (original)
+++ openmeetings/application/branches/3.1.x/openmeetings-service/src/main/java/org/apache/openmeetings/service/room/InvitationManager.java Mon Apr 11 05:38:22 2016
@@ -51,7 +51,7 @@ import org.apache.openmeetings.service.m
import org.apache.openmeetings.service.mail.template.InvitationTemplate;
import org.apache.openmeetings.service.mail.template.UpdatedAppointmentTemplate;
import org.apache.openmeetings.util.CalendarHelper;
-import org.apache.openmeetings.util.crypt.ManageCryptStyle;
+import org.apache.openmeetings.util.crypt.CryptProvider;
import org.apache.openmeetings.util.mail.IcalHandler;
import org.apache.wicket.Application;
import org.apache.wicket.util.string.Strings;
@@ -260,7 +260,7 @@ public class InvitationManager implement
if (obj instanceof Invitation) {
Invitation invitation = (Invitation) obj;
- if (ManageCryptStyle.getInstanceOfCrypt().verifyPassword(pass, invitation.getPassword())) {
+ if (CryptProvider.get().verify(pass, invitation.getPassword())) {
return new Long(1);
} else {
return new Long(-34);
@@ -325,7 +325,7 @@ public class InvitationManager implement
invitation.setPasswordProtected(isPasswordProtected);
if (isPasswordProtected) {
- invitation.setPassword(ManageCryptStyle.getInstanceOfCrypt().createPassPhrase(invitationpass));
+ invitation.setPassword(CryptProvider.get().hash(invitationpass));
}
invitation.setUsed(false);
Modified: openmeetings/application/branches/3.1.x/openmeetings-service/src/main/java/org/apache/openmeetings/service/user/UserManager.java
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-service/src/main/java/org/apache/openmeetings/service/user/UserManager.java?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-service/src/main/java/org/apache/openmeetings/service/user/UserManager.java (original)
+++ openmeetings/application/branches/3.1.x/openmeetings-service/src/main/java/org/apache/openmeetings/service/user/UserManager.java Mon Apr 11 05:38:22 2016
@@ -38,6 +38,7 @@ import java.util.Map;
import java.util.Random;
import java.util.Set;
import java.util.TimeZone;
+import java.util.UUID;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
@@ -65,7 +66,7 @@ import org.apache.openmeetings.db.util.T
import org.apache.openmeetings.service.mail.EmailManager;
import org.apache.openmeetings.util.CalendarPatterns;
import org.apache.openmeetings.util.DaoHelper;
-import org.apache.openmeetings.util.crypt.ManageCryptStyle;
+import org.apache.openmeetings.util.crypt.CryptProvider;
import org.apache.wicket.util.string.Strings;
import org.red5.logging.Red5LoggerFactory;
import org.red5.server.api.scope.IScope;
@@ -371,11 +372,7 @@ public class UserManager implements IUse
if (checkName && checkEmail) {
String link = cfgDao.getBaseUrl();
- String hash = activatedHash;
- if (hash == null){
- hash = ManageCryptStyle.getInstanceOfCrypt().createPassPhrase(login
- + CalendarPatterns.getDateWithTimeByMiliSeconds(new Date()));
- }
+ String hash = Strings.isEmpty(activatedHash) ? UUID.randomUUID().toString() : activatedHash;
link += "activate?u=" + hash;
if (sendWelcomeMessage && email.length() != 0) {
Copied: openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/CryptProvider.java (from r1738210, openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/ManageCryptStyle.java)
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/CryptProvider.java?p2=openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/CryptProvider.java&p1=openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/ManageCryptStyle.java&r1=1738210&r2=1738512&rev=1738512&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/ManageCryptStyle.java (original)
+++ openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/CryptProvider.java Mon Apr 11 05:38:22 2016
@@ -24,14 +24,14 @@ import static org.apache.openmeetings.ut
import org.red5.logging.Red5LoggerFactory;
import org.slf4j.Logger;
-public class ManageCryptStyle {
- private static final Logger log = Red5LoggerFactory.getLogger(ManageCryptStyle.class, webAppRootKey);
+public class CryptProvider {
+ private static final Logger log = Red5LoggerFactory.getLogger(CryptProvider.class, webAppRootKey);
- public static ICryptString getInstanceOfCrypt() {
+ public static ICrypt get() {
try {
log.debug("getInstanceOfCrypt:: configKeyCryptClassName: " + configKeyCryptClassName);
- return configKeyCryptClassName == null ? null : (ICryptString) Class.forName(configKeyCryptClassName).newInstance();
+ return configKeyCryptClassName == null ? null : (ICrypt) Class.forName(configKeyCryptClassName).newInstance();
} catch (Exception err) {
log.error("[getInstanceOfCrypt]", err);
}
Copied: openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/ICrypt.java (from r1738510, openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/ICryptString.java)
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/ICrypt.java?p2=openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/ICrypt.java&p1=openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/ICryptString.java&r1=1738510&r2=1738512&rev=1738512&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/ICryptString.java (original)
+++ openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/ICrypt.java Mon Apr 11 05:38:22 2016
@@ -19,30 +19,32 @@
package org.apache.openmeetings.util.crypt;
/**
- * interface for Encryption-Class
- * see: http://openmeetings.apache.org/CustomCryptMechanism.html
+ * Interface for Encryption-Class see:
+ * http://openmeetings.apache.org/CustomCryptMechanism.html see:
+ * https://crackstation.net/hashing-security.htm
*
- * @author sebastianwagner
+ * @author sebastianwagner, solomax
*
*/
-public interface ICryptString {
-
+public interface ICrypt {
/**
- * create a pass phrase
+ * Creates hash of given string
*
- * @param userGivenPass
- * @return
+ * @param str
+ * - string to calculate hash for
+ * @return hash of passed string
*/
- public String createPassPhrase(String userGivenPass);
-
+ String hash(String str);
+
/**
- * verify a password
+ * Verify string passed is matches given hash
*
- * @param passGiven
- * @param passwdFromDb
- * @return
+ * @param str
+ * - string to check hash for
+ * @param hash
+ * - hash to compare
+ * @return <code>true</code> in case string matches hash, <code>false</code> otherwise
*/
- public boolean verifyPassword(String passGiven, String passwdFromDb);
-
+ boolean verify(String str, String hash);
}
Modified: openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5.java
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5.java?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5.java (original)
+++ openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5.java Mon Apr 11 05:38:22 2016
@@ -25,7 +25,7 @@ import java.security.NoSuchAlgorithmExce
import org.apache.commons.codec.binary.Hex;
public class MD5 {
- public static String do_checksum(String data) throws NoSuchAlgorithmException {
+ public static String checksum(String data) throws NoSuchAlgorithmException {
MessageDigest md5 = MessageDigest.getInstance("MD5");
byte[] b = data == null ? new byte[0] : data.getBytes(StandardCharsets.UTF_8);
md5.update(b, 0, b.length);
Modified: openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java (original)
+++ openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java Mon Apr 11 05:38:22 2016
@@ -25,18 +25,18 @@ import java.security.NoSuchAlgorithmExce
import org.red5.logging.Red5LoggerFactory;
import org.slf4j.Logger;
-public class MD5CryptImplementation implements ICryptString {
+public class MD5CryptImplementation implements ICrypt {
private static final Logger log = Red5LoggerFactory.getLogger(MD5CryptImplementation.class, webAppRootKey);
/*
* (non-Javadoc)
- * @see org.apache.openmeetings.utils.crypt.ICryptString#createPassPhrase(java.lang.String)
+ * @see org.apache.openmeetings.utils.crypt.ICrypt#hash(java.lang.String)
*/
@Override
- public String createPassPhrase(String userGivenPass) {
+ public String hash(String str) {
String passPhrase = null;
try {
- passPhrase = MD5Crypt.crypt(userGivenPass);
+ passPhrase = MD5Crypt.crypt(str);
} catch (NoSuchAlgorithmException e) {
log.error("Error", e);
}
@@ -45,19 +45,18 @@ public class MD5CryptImplementation impl
/*
* (non-Javadoc)
- * @see org.apache.openmeetings.utils.crypt.ICryptString#verifyPassword(java.lang.String, java.lang.String)
+ * @see org.apache.openmeetings.utils.crypt.ICrypt#verify(java.lang.String, java.lang.String)
*/
@Override
- public boolean verifyPassword(String passGiven, String passwdFromDb) {
+ public boolean verify(String str, String hash) {
boolean validPassword = false;
- String salt = passwdFromDb.split("\\$")[2];
+ String salt = hash.split("\\$")[2];
try {
- validPassword = passwdFromDb.equals(MD5Crypt.crypt(passGiven, salt));
+ validPassword = hash.equals(MD5Crypt.crypt(str, salt));
} catch (NoSuchAlgorithmException e) {
log.error("Error", e);
}
return validPassword;
}
-
}
Modified: openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5Implementation.java
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5Implementation.java?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5Implementation.java (original)
+++ openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5Implementation.java Mon Apr 11 05:38:22 2016
@@ -25,18 +25,18 @@ import java.security.NoSuchAlgorithmExce
import org.red5.logging.Red5LoggerFactory;
import org.slf4j.Logger;
-public class MD5Implementation implements ICryptString {
+public class MD5Implementation implements ICrypt {
private static final Logger log = Red5LoggerFactory.getLogger(MD5Implementation.class, webAppRootKey);
/*
* (non-Javadoc)
- * @see org.apache.openmeetings.utils.crypt.ICryptString#createPassPhrase(java.lang.String)
+ * @see org.apache.openmeetings.utils.crypt.ICrypt#hash(java.lang.String)
*/
@Override
- public String createPassPhrase(String userGivenPass) {
+ public String hash(String str) {
String passPhrase = null;
try {
- passPhrase = MD5.do_checksum(userGivenPass);
+ passPhrase = MD5.checksum(str);
} catch (NoSuchAlgorithmException e) {
log.error("Error", e);
}
@@ -45,11 +45,10 @@ public class MD5Implementation implement
/*
* (non-Javadoc)
- * @see org.apache.openmeetings.utils.crypt.ICryptString#verifyPassword(java.lang.String, java.lang.String)
+ * @see org.apache.openmeetings.utils.crypt.ICrypt#verify(java.lang.String, java.lang.String)
*/
@Override
- public boolean verifyPassword(String passGiven, String passwdFromDb) {
- return (passwdFromDb.equals(createPassPhrase(passGiven)));
+ public boolean verify(String str, String hash) {
+ return hash != null && hash.equals(hash(str));
}
-
}
Added: openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/SHA256.java
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/SHA256.java?rev=1738512&view=auto
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/SHA256.java (added)
+++ openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/SHA256.java Mon Apr 11 05:38:22 2016
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License") + you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.openmeetings.util.crypt;
+
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+import org.apache.commons.codec.binary.Hex;
+
+public class SHA256 {
+ public static String checksum(String data) throws NoSuchAlgorithmException {
+ MessageDigest md = MessageDigest.getInstance("SHA-256");
+ byte[] b = data == null ? new byte[0] : data.getBytes(StandardCharsets.UTF_8);
+ md.update(b);
+ return Hex.encodeHexString(md.digest());
+ }
+}
Added: openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/SHA256Implementation.java
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/SHA256Implementation.java?rev=1738512&view=auto
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/SHA256Implementation.java (added)
+++ openmeetings/application/branches/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/SHA256Implementation.java Mon Apr 11 05:38:22 2016
@@ -0,0 +1,101 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License") + you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.openmeetings.util.crypt;
+
+import static org.apache.openmeetings.util.OpenmeetingsVariables.webAppRootKey;
+
+import java.nio.charset.StandardCharsets;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+
+import org.apache.commons.codec.binary.Base64;
+import org.bouncycastle.crypto.digests.SHA256Digest;
+import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.red5.logging.Red5LoggerFactory;
+import org.slf4j.Logger;
+
+public class SHA256Implementation implements ICrypt {
+ private static final Logger log = Red5LoggerFactory.getLogger(SHA256Implementation.class, webAppRootKey);
+ private static final String SECURE_RND_ALG = "SHA1PRNG";
+ private static final int ITERATIONS = 1000;
+ private static final int KEY_LENGTH = 128 * 8;
+ private static final int SALT_LENGTH = 256;
+
+ private static byte[] getSalt() throws NoSuchAlgorithmException {
+ SecureRandom sr = SecureRandom.getInstance(SECURE_RND_ALG);
+ byte[] salt = new byte[SALT_LENGTH];
+ sr.nextBytes(salt);
+ return salt;
+ }
+
+ private static String hash(String str, byte[] salt, int iter) {
+ PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest());
+ gen.init(str.getBytes(StandardCharsets.UTF_8), salt, iter);
+ byte[] dk = ((KeyParameter) gen.generateDerivedParameters(KEY_LENGTH)).getKey();
+ return Base64.encodeBase64String(dk);
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.apache.openmeetings.utils.crypt.ICrypt#hash(java.lang.String)
+ */
+ @Override
+ public String hash(String str) {
+ if (str == null) {
+ return null;
+ }
+ String hash = null;
+ try {
+ byte[] salt = getSalt();
+ String h = hash(str, salt, ITERATIONS);
+ hash = String.format("%s:%s:%s", ITERATIONS, h, Base64.encodeBase64String(salt));
+ } catch (NoSuchAlgorithmException e) {
+ log.error("Error", e);
+ }
+ return hash;
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.apache.openmeetings.utils.crypt.ICrypt#verify(java.lang.String, java.lang.String)
+ */
+ @Override
+ public boolean verify(String str, String hash) {
+ if (str == null) {
+ return hash == null;
+ }
+ if (hash == null) {
+ return false;
+ }
+ String[] ss = hash.split(":");
+ if (ss.length != 3) {
+ return false;
+ }
+ try {
+ int iter = Integer.parseInt(ss[0]);
+ String h1 = ss[1];
+ byte[] salt = Base64.decodeBase64(ss[2]);
+ String h2 = hash(str, salt, iter);
+ return h2.equals(h1);
+ } catch (Exception e) {
+ return false;
+ }
+ }
+}
Added: openmeetings/application/branches/3.1.x/openmeetings-util/src/test/java/org/apache/openmeetings/util/crypt/AbstractCryptTest.java
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-util/src/test/java/org/apache/openmeetings/util/crypt/AbstractCryptTest.java?rev=1738512&view=auto
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-util/src/test/java/org/apache/openmeetings/util/crypt/AbstractCryptTest.java (added)
+++ openmeetings/application/branches/3.1.x/openmeetings-util/src/test/java/org/apache/openmeetings/util/crypt/AbstractCryptTest.java Mon Apr 11 05:38:22 2016
@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License") + you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.openmeetings.util.crypt;
+
+import static org.junit.Assert.*;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Random;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Test;
+
+public abstract class AbstractCryptTest {
+ protected static ICrypt crypt;
+
+ @Test
+ public void nulltest() {
+ String hash = crypt.hash(null);
+ assertEquals("Hash for null should be null", null, hash);
+
+ assertTrue("Hash for null should be null", crypt.verify(null, null));
+ }
+
+ private static List<String> get(int count) {
+ Random rnd = new Random();
+ List<String> l = new ArrayList<>(count + 1);
+ l.add("");
+ for (int i = 0; i < count; ++i) {
+ l.add(RandomStringUtils.random(rnd.nextInt(256)));
+ }
+ return l;
+ }
+
+ @Test
+ public void test() {
+ for (String str : get(64)) {
+ String h1 = crypt.hash(str);
+ assertNotNull("Hash should not be null", h1);
+ String h2 = crypt.hash(str);
+ assertNotEquals("Hashes of same string should NOT be the same", h1, h2);
+ assertTrue("String should be verified successfully", crypt.verify(str, h1));
+ assertTrue("String should be verified successfully", crypt.verify(str, h2));
+ }
+ }
+}
Added: openmeetings/application/branches/3.1.x/openmeetings-util/src/test/java/org/apache/openmeetings/util/crypt/TestSHA.java
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-util/src/test/java/org/apache/openmeetings/util/crypt/TestSHA.java?rev=1738512&view=auto
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-util/src/test/java/org/apache/openmeetings/util/crypt/TestSHA.java (added)
+++ openmeetings/application/branches/3.1.x/openmeetings-util/src/test/java/org/apache/openmeetings/util/crypt/TestSHA.java Mon Apr 11 05:38:22 2016
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License") + you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.openmeetings.util.crypt;
+
+import org.junit.BeforeClass;
+
+public class TestSHA extends AbstractCryptTest {
+ @BeforeClass
+ public static void setup() {
+ crypt = new SHA256Implementation();
+ }
+}
Modified: openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/ResetPage.java
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/ResetPage.java?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/ResetPage.java (original)
+++ openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/ResetPage.java Mon Apr 11 05:38:22 2016
@@ -34,12 +34,11 @@ public class ResetPage extends BaseNotIn
Object user = Application.getBean(UserDao.class).getUserByHash(resetHash);
if (user instanceof User){
add(new ResetPasswordDialog("resetPassword", (User)user));
- }else {
+ } else {
setResponsePage(Application.get().getSignInPageClass());
}
} else {
setResponsePage(Application.get().getSignInPageClass());
}
}
-
}
Modified: openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/RegisterDialog.java
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/RegisterDialog.java?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/RegisterDialog.java (original)
+++ openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/RegisterDialog.java Mon Apr 11 05:38:22 2016
@@ -23,7 +23,6 @@ import static org.apache.openmeetings.db
import static org.apache.openmeetings.util.CalendarPatterns.getDateWithTimeByMiliSeconds;
import static org.apache.openmeetings.util.OpenmeetingsVariables.CONFIG_DEFAULT_GROUP_ID;
import static org.apache.openmeetings.util.OpenmeetingsVariables.webAppRootKey;
-import static org.apache.openmeetings.util.crypt.ManageCryptStyle.getInstanceOfCrypt;
import static org.apache.openmeetings.web.app.Application.getBean;
import static org.apache.openmeetings.web.app.WebSession.AVAILABLE_TIMEZONES;
import static org.apache.wicket.validation.validator.StringValidator.minimumLength;
@@ -32,11 +31,13 @@ import java.util.Arrays;
import java.util.Date;
import java.util.List;
import java.util.TimeZone;
+import java.util.UUID;
import org.apache.openmeetings.db.dao.basic.ConfigurationDao;
import org.apache.openmeetings.db.dao.user.IUserManager;
import org.apache.openmeetings.db.dao.user.UserDao;
import org.apache.openmeetings.db.entity.user.User;
+import org.apache.openmeetings.util.crypt.CryptProvider;
import org.apache.openmeetings.web.app.Application;
import org.apache.openmeetings.web.app.WebSession;
import org.apache.openmeetings.web.common.LanguageDropDown;
@@ -191,7 +192,7 @@ public class RegisterDialog extends Abst
@Override
protected void onSubmit(AjaxRequestTarget target) {
- String hash = getInstanceOfCrypt().createPassPhrase(login + getDateWithTimeByMiliSeconds(new Date()));
+ String hash = UUID.randomUUID().toString();
try {
getBean(IUserManager.class).registerUserInit(UserDao.getDefaultRights(), login, password, lastName
Modified: openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ResetPasswordDialog.java
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ResetPasswordDialog.java?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ResetPasswordDialog.java (original)
+++ openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ResetPasswordDialog.java Mon Apr 11 05:38:22 2016
@@ -149,7 +149,7 @@ public class ResetPasswordDialog extends
@Override
protected void onSubmit(AjaxRequestTarget target) {
try {
- getBean(UserDao.class).update(user, password.getConvertedInput(), user.getId());
+ getBean(UserDao.class).resetPassword(user, password.getConvertedInput());
} catch (Exception e) {
error(e.getMessage());
}
@@ -171,10 +171,9 @@ public class ResetPasswordDialog extends
private static final long serialVersionUID = 1L;
@Override
- protected String $()
- {
- return this.$(Options.asString("open"));
- }
- });
+ protected String $() {
+ return this.$(Options.asString("open"));
+ }
+ });
}
}
Modified: openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/InvitationDialog.java
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/InvitationDialog.java?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/InvitationDialog.java (original)
+++ openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/InvitationDialog.java Mon Apr 11 05:38:22 2016
@@ -47,7 +47,7 @@ import org.apache.openmeetings.db.entity
import org.apache.openmeetings.db.entity.user.User.Type;
import org.apache.openmeetings.db.util.AuthLevelUtil;
import org.apache.openmeetings.service.room.InvitationManager;
-import org.apache.openmeetings.util.crypt.ManageCryptStyle;
+import org.apache.openmeetings.util.crypt.CryptProvider;
import org.apache.openmeetings.web.app.Application;
import org.apache.openmeetings.web.app.WebSession;
import org.apache.openmeetings.web.common.LanguageDropDown;
@@ -270,7 +270,7 @@ public class InvitationDialog extends Ab
i.setUpdated(null);
i.setUsed(false);
- i.setPassword(ManageCryptStyle.getInstanceOfCrypt().createPassPhrase(i.getPassword())); //FIXME should be hidden
+ i.setPassword(CryptProvider.get().hash(i.getPassword())); //FIXME should be hidden
//FIXME another HACK
Calendar d = Calendar.getInstance();
d.setTime(i.getValidFrom());
Modified: openmeetings/application/branches/3.1.x/openmeetings-web/src/test/java/org/apache/openmeetings/test/session/TestHashMapSession.java
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-web/src/test/java/org/apache/openmeetings/test/session/TestHashMapSession.java?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-web/src/test/java/org/apache/openmeetings/test/session/TestHashMapSession.java (original)
+++ openmeetings/application/branches/3.1.x/openmeetings-web/src/test/java/org/apache/openmeetings/test/session/TestHashMapSession.java Mon Apr 11 05:38:22 2016
@@ -30,7 +30,7 @@ import org.apache.openmeetings.core.sess
import org.apache.openmeetings.db.entity.room.Client;
import org.apache.openmeetings.test.AbstractJUnitDefaults;
import org.apache.openmeetings.util.OpenmeetingsVariables;
-import org.apache.openmeetings.util.crypt.ManageCryptStyle;
+import org.apache.openmeetings.util.crypt.CryptProvider;
import org.junit.Test;
import org.red5.logging.Red5LoggerFactory;
import org.slf4j.Logger;
@@ -60,8 +60,7 @@ public class TestHashMapSession extends
rcm.setScope("scopeName");
long random = System.currentTimeMillis() + new BigInteger(256, new Random()).longValue();
- rcm.setPublicSID(ManageCryptStyle.getInstanceOfCrypt()
- .createPassPhrase(String.valueOf(random).toString()));
+ rcm.setPublicSID(CryptProvider.get().hash(String.valueOf(random).toString()));
rcm.setUserport(0);
rcm.setUserip("remoteAddress");
Modified: openmeetings/application/branches/3.1.x/openmeetings-web/src/test/java/org/apache/openmeetings/test/userdata/TestAuth.java
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-web/src/test/java/org/apache/openmeetings/test/userdata/TestAuth.java?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-web/src/test/java/org/apache/openmeetings/test/userdata/TestAuth.java (original)
+++ openmeetings/application/branches/3.1.x/openmeetings-web/src/test/java/org/apache/openmeetings/test/userdata/TestAuth.java Mon Apr 11 05:38:22 2016
@@ -21,7 +21,7 @@ package org.apache.openmeetings.test.use
import org.apache.openmeetings.db.dao.server.SessiondataDao;
import org.apache.openmeetings.db.entity.server.Sessiondata;
import org.apache.openmeetings.test.AbstractJUnitDefaults;
-import org.apache.openmeetings.util.crypt.ManageCryptStyle;
+import org.apache.openmeetings.util.crypt.CryptProvider;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
@@ -35,7 +35,7 @@ public class TestAuth extends AbstractJU
System.out.println("sessionData: " + sessionData.getSessionId());
- String tTemp = ManageCryptStyle.getInstanceOfCrypt().createPassPhrase("test");
+ String tTemp = CryptProvider.get().hash("test");
System.out.println("tTemp: " + tTemp);
Modified: openmeetings/application/trunk/openmeetings-core/src/main/java/org/apache/openmeetings/core/data/file/FileProcessor.java
URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-core/src/main/java/org/apache/openmeetings/core/data/file/FileProcessor.java?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/trunk/openmeetings-core/src/main/java/org/apache/openmeetings/core/data/file/FileProcessor.java (original)
+++ openmeetings/application/trunk/openmeetings-core/src/main/java/org/apache/openmeetings/core/data/file/FileProcessor.java Mon Apr 11 05:38:22 2016
@@ -68,7 +68,7 @@ public class FileProcessor {
// Generate a random string to prevent any problems with
// foreign characters and duplicates
- String newName = MD5.do_checksum("FILE_" + new Date().getTime());
+ String newName = MD5.checksum("FILE_" + new Date().getTime());
String extDot = f.getName().substring(dotidx, f.getName().length()).toLowerCase();
String ext = extDot.substring(1);
Modified: openmeetings/application/trunk/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/ConferenceLibrary.java
URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/ConferenceLibrary.java?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/trunk/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/ConferenceLibrary.java (original)
+++ openmeetings/application/trunk/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/ConferenceLibrary.java Mon Apr 11 05:38:22 2016
@@ -124,7 +124,7 @@ public class ConferenceLibrary implement
log.debug("saveAsObject" + tObject.size());
- String localFileName = MD5.do_checksum(new Date().toString()) + ".wml";
+ String localFileName = MD5.checksum(new Date().toString()) + ".wml";
LibraryDocumentConverter.writeToLocalFolder(localFileName, tObject);
Modified: openmeetings/application/trunk/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/MobileService.java
URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/MobileService.java?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/trunk/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/MobileService.java (original)
+++ openmeetings/application/trunk/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/MobileService.java Mon Apr 11 05:38:22 2016
@@ -33,6 +33,7 @@ import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.TimeZone;
+import java.util.UUID;
import org.apache.openmeetings.core.remote.red5.ScopeApplicationAdapter;
import org.apache.openmeetings.core.remote.util.SessionVariablesUtil;
@@ -51,7 +52,7 @@ import org.apache.openmeetings.db.entity
import org.apache.openmeetings.db.entity.user.User;
import org.apache.openmeetings.util.CalendarPatterns;
import org.apache.openmeetings.util.OmException;
-import org.apache.openmeetings.util.crypt.ManageCryptStyle;
+import org.apache.openmeetings.util.crypt.CryptProvider;
import org.apache.wicket.util.string.Strings;
import org.red5.logging.Red5LoggerFactory;
import org.red5.server.api.IConnection;
@@ -136,8 +137,7 @@ public class MobileService {
Long langId = Long.valueOf(umap.get("langId"));
//FIXME TODO unify with Register dialog
- String hash = ManageCryptStyle.getInstanceOfCrypt().createPassPhrase(
- login + CalendarPatterns.getDateWithTimeByMiliSeconds(new Date()));
+ String hash = UUID.randomUUID().toString();
String baseURL = cfgDao.getBaseUrl();
boolean sendConfirmation = !Strings.isEmpty(baseURL)
Modified: openmeetings/application/trunk/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/PrintService.java
URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/PrintService.java?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/trunk/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/PrintService.java (original)
+++ openmeetings/application/trunk/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/PrintService.java Mon Apr 11 05:38:22 2016
@@ -52,7 +52,7 @@ public class PrintService {
Long users_id = sessiondataDao.checkSession(SID);
if (AuthLevelUtil.hasUserLevel(userDao.getRights(users_id))) {
String hashRaw = ""+new Date();
- String hash = MD5.do_checksum(hashRaw);
+ String hash = MD5.checksum(hashRaw);
PrintService.addPrintItembyMap(hash, map, width, height);
return hash;
}
Modified: openmeetings/application/trunk/openmeetings-core/src/main/java/org/apache/openmeetings/core/session/SessionManager.java
URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-core/src/main/java/org/apache/openmeetings/core/session/SessionManager.java?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/trunk/openmeetings-core/src/main/java/org/apache/openmeetings/core/session/SessionManager.java (original)
+++ openmeetings/application/trunk/openmeetings-core/src/main/java/org/apache/openmeetings/core/session/SessionManager.java Mon Apr 11 05:38:22 2016
@@ -20,7 +20,6 @@ package org.apache.openmeetings.core.ses
import static org.apache.openmeetings.util.OpenmeetingsVariables.webAppRootKey;
-import java.math.BigInteger;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
@@ -28,7 +27,7 @@ import java.util.Date;
import java.util.LinkedList;
import java.util.List;
import java.util.Map.Entry;
-import java.util.Random;
+import java.util.UUID;
import org.apache.openmeetings.core.session.store.IClientPersistenceStore;
import org.apache.openmeetings.db.dao.server.ISessionManager;
@@ -36,7 +35,6 @@ import org.apache.openmeetings.db.dto.ba
import org.apache.openmeetings.db.dto.server.ClientSessionInfo;
import org.apache.openmeetings.db.entity.room.Client;
import org.apache.openmeetings.db.entity.server.Server;
-import org.apache.openmeetings.util.crypt.ManageCryptStyle;
import org.red5.logging.Red5LoggerFactory;
import org.slf4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
@@ -74,7 +72,7 @@ public class SessionManager implements I
public void clearCache() {
cache.clear();
}
-
+
@Override
public Client addClientListItem(String streamId, String scopeName,
int remotePort, String remoteAddress, String swfUrl, Server server) {
@@ -88,11 +86,7 @@ public class SessionManager implements I
rcm.setConnectedSince(new Date());
rcm.setStreamid(streamId);
rcm.setScope(scopeName);
- long random = System.currentTimeMillis() + new BigInteger(256, new Random()).longValue();
-
- rcm.setPublicSID(ManageCryptStyle.getInstanceOfCrypt()
- .createPassPhrase(String.valueOf(random).toString()));
-
+ rcm.setPublicSID(UUID.randomUUID().toString());
rcm.setServer(server);
rcm.setUserport(remotePort);
rcm.setUserip(remoteAddress);
Modified: openmeetings/application/trunk/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/server/SOAPLoginDao.java
URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/server/SOAPLoginDao.java?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/trunk/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/server/SOAPLoginDao.java (original)
+++ openmeetings/application/trunk/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/server/SOAPLoginDao.java Mon Apr 11 05:38:22 2016
@@ -22,13 +22,13 @@ import static org.apache.openmeetings.ut
import java.util.Date;
import java.util.List;
+import java.util.UUID;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.persistence.TypedQuery;
import org.apache.openmeetings.db.entity.server.SOAPLogin;
-import org.apache.openmeetings.util.crypt.ManageCryptStyle;
import org.red5.logging.Red5LoggerFactory;
import org.slf4j.Logger;
import org.springframework.transaction.annotation.Transactional;
@@ -46,16 +46,12 @@ public class SOAPLoginDao {
boolean showNickNameDialog, String landingZone,
boolean allowRecording) {
try {
- String thistime = "TIME_" + (new Date().getTime());
-
- String hash = ManageCryptStyle.getInstanceOfCrypt().createPassPhrase(thistime);
-
SOAPLogin soapLogin = new SOAPLogin();
soapLogin.setCreated(new Date());
soapLogin.setUsed(false);
soapLogin.setRoomId(roomId);
soapLogin.setAllowSameURLMultipleTimes(allowSameURLMultipleTimes);
- soapLogin.setHash(hash);
+ soapLogin.setHash(UUID.randomUUID().toString());
soapLogin.setRecordingId(recordingId);
soapLogin.setSessionHash(sessionHash);
soapLogin.setBecomemoderator(becomemoderator);
@@ -67,8 +63,8 @@ public class SOAPLoginDao {
soapLogin = em.merge(soapLogin);
Long soapLoginId = soapLogin.getId();
- if (soapLoginId > 0) {
- return hash;
+ if (soapLoginId != null) {
+ return soapLogin.getHash();
} else {
throw new Exception("Could not store SOAPLogin");
}
Modified: openmeetings/application/trunk/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/server/SessiondataDao.java
URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/server/SessiondataDao.java?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/trunk/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/server/SessiondataDao.java (original)
+++ openmeetings/application/trunk/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/server/SessiondataDao.java Mon Apr 11 05:38:22 2016
@@ -22,6 +22,7 @@ import static org.apache.openmeetings.ut
import java.util.Date;
import java.util.List;
+import java.util.UUID;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
@@ -29,7 +30,6 @@ import javax.persistence.TypedQuery;
import org.apache.openmeetings.db.entity.room.Client;
import org.apache.openmeetings.db.entity.server.Sessiondata;
-import org.apache.openmeetings.util.crypt.ManageCryptStyle;
import org.red5.logging.Red5LoggerFactory;
import org.slf4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
@@ -60,9 +60,8 @@ public class SessiondataDao {
try {
log.debug("startsession :: startsession");
- long thistime = new Date().getTime();
Sessiondata sessiondata = new Sessiondata();
- sessiondata.setSessionId(ManageCryptStyle.getInstanceOfCrypt().createPassPhrase(String.valueOf(thistime).toString()));
+ sessiondata.setSessionId(UUID.randomUUID().toString());
sessiondata.setRefreshed(new Date());
sessiondata.setCreated(new Date());
sessiondata.setUserId(null);
Modified: openmeetings/application/trunk/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/user/UserDao.java
URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/user/UserDao.java?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/trunk/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/user/UserDao.java (original)
+++ openmeetings/application/trunk/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/user/UserDao.java Mon Apr 11 05:38:22 2016
@@ -57,7 +57,7 @@ import org.apache.openmeetings.db.util.T
import org.apache.openmeetings.db.util.UserHelper;
import org.apache.openmeetings.util.DaoHelper;
import org.apache.openmeetings.util.OmException;
-import org.apache.openmeetings.util.crypt.ManageCryptStyle;
+import org.apache.openmeetings.util.crypt.CryptProvider;
import org.apache.wicket.util.string.Strings;
import org.red5.logging.Red5LoggerFactory;
import org.slf4j.Logger;
@@ -229,13 +229,22 @@ public class UserDao implements IDataPro
return u;
}
+ //this method is required to be able to drop reset hash
+ public User resetPassword(User u, String password) throws NoSuchAlgorithmException {
+ if (u != null) {
+ u.setResethash(null);
+ u = update(u, password, u.getId());
+ }
+ return u;
+ }
+
// TODO: Why the password field is not set via the Model is because its
// FetchType is Lazy, this extra hook here might be not needed with a
// different mechanism to protect the password from being read
// sebawagner, 01.10.2012
- public User update(User user, String password, Long updatedBy) throws NoSuchAlgorithmException, UnsupportedEncodingException {
+ public User update(User user, String password, Long updatedBy) throws NoSuchAlgorithmException {
User u = update(user, updatedBy);
- if (u != null && password != null && !password.isEmpty()) {
+ if (u != null && !Strings.isEmpty(password)) {
//OpenJPA is not allowing to set fields not being fetched before
User u1 = get(u.getId(), true);
u1.updatePassword(cfgDao, password);
@@ -445,11 +454,12 @@ public class UserDao implements IDataPro
* @return
*/
public boolean verifyPassword(Long userId, String password) {
- TypedQuery<Long> query = em.createNamedQuery("checkPassword", Long.class);
- query.setParameter("userId", userId);
- query.setParameter("password", ManageCryptStyle.getInstanceOfCrypt().createPassPhrase(password));
- return Long.valueOf(1).equals(query.getResultList().get(0));
-
+ List<String> l = em.createNamedQuery("getPassword", String.class)
+ .setParameter("userId", userId).getResultList();
+ if (l == null || l.size() != 1) {
+ return false;
+ }
+ return CryptProvider.get().verify(password, l.get(0));
}
public User getContact(String email, Long ownerId) {
Modified: openmeetings/application/trunk/openmeetings-db/src/main/java/org/apache/openmeetings/db/dto/room/InvitationDTO.java
URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-db/src/main/java/org/apache/openmeetings/db/dto/room/InvitationDTO.java?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/trunk/openmeetings-db/src/main/java/org/apache/openmeetings/db/dto/room/InvitationDTO.java (original)
+++ openmeetings/application/trunk/openmeetings-db/src/main/java/org/apache/openmeetings/db/dto/room/InvitationDTO.java Mon Apr 11 05:38:22 2016
@@ -35,7 +35,7 @@ import org.apache.openmeetings.db.dao.us
import org.apache.openmeetings.db.entity.room.Invitation;
import org.apache.openmeetings.db.entity.room.Invitation.Valid;
import org.apache.openmeetings.db.entity.user.User.Type;
-import org.apache.openmeetings.util.crypt.ManageCryptStyle;
+import org.apache.openmeetings.util.crypt.CryptProvider;
import org.red5.logging.Red5LoggerFactory;
import org.slf4j.Logger;
@@ -164,7 +164,7 @@ public class InvitationDTO implements Se
i.setHash(UUID.randomUUID().toString());
i.setPasswordProtected(passwordProtected);
if (passwordProtected) {
- i.setPassword(ManageCryptStyle.getInstanceOfCrypt().createPassPhrase(password));
+ i.setPassword(CryptProvider.get().hash(password));
}
i.setUsed(false);
Modified: openmeetings/application/trunk/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/user/User.java
URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/user/User.java?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/trunk/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/user/User.java (original)
+++ openmeetings/application/trunk/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/user/User.java Mon Apr 11 05:38:22 2016
@@ -60,7 +60,7 @@ import org.apache.openmeetings.db.dao.ba
import org.apache.openmeetings.db.entity.IDataProviderEntity;
import org.apache.openmeetings.db.entity.server.Sessiondata;
import org.apache.openmeetings.util.crypt.MD5;
-import org.apache.openmeetings.util.crypt.ManageCryptStyle;
+import org.apache.openmeetings.util.crypt.CryptProvider;
import org.simpleframework.xml.Element;
import org.simpleframework.xml.ElementList;
import org.simpleframework.xml.Root;
@@ -408,13 +408,13 @@ public class User implements IDataProvid
String defaultRoomContext = configDao.getConfValue("red5sip.exten_context", String.class, "rooms");
u.setName(login);
u.setDefaultuser(login);
- u.setMd5secret(MD5.do_checksum(login + ":asterisk:" + pass));
+ u.setMd5secret(MD5.checksum(login + ":asterisk:" + pass));
u.setContext(defaultRoomContext);
u.setHost("dynamic");
} else {
setSipUser(null);
}
- password = ManageCryptStyle.getInstanceOfCrypt().createPassPhrase(pass);
+ password = CryptProvider.get().hash(pass);
}
public String getPassword() {
Modified: openmeetings/application/trunk/openmeetings-server/src/site/xdoc/CustomCryptMechanism.xml
URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-server/src/site/xdoc/CustomCryptMechanism.xml?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/trunk/openmeetings-server/src/site/xdoc/CustomCryptMechanism.xml (original)
+++ openmeetings/application/trunk/openmeetings-server/src/site/xdoc/CustomCryptMechanism.xml Mon Apr 11 05:38:22 2016
@@ -45,7 +45,7 @@
<section name="Configuration of Custom Crypt-Style">
<p>
To add your own crypt style you need to write a class which
- implements the interface: org.apache.openmeetings.util.crypt.ICryptString
+ implements the interface: org.apache.openmeetings.util.crypt.ICrypt
<br />
Example of an Implementation:
</p>
@@ -53,24 +53,39 @@
<![CDATA[
package org.apache.openmeetings.util.crypt;
+import static org.apache.openmeetings.util.OpenmeetingsVariables.webAppRootKey;
+
import java.security.NoSuchAlgorithmException;
-public class MD5Implementation implements ICryptString {
- @Override
- public String createPassPhrase(String userGivenPass) {
- String passPhrase = null;
- try {
- passPhrase = MD5.do_checksum(userGivenPass);
- } catch (NoSuchAlgorithmException e) {
- e.printStackTrace();
- }
- return passPhrase;
- }
-
- @Override
- public Boolean verifyPassword(String passGiven, String passwdFromDb) {
- return (passwdFromDb.equals(createPassPhrase(passGiven)));
- }
+import org.red5.logging.Red5LoggerFactory;
+import org.slf4j.Logger;
+
+public class MD5Implementation implements ICrypt {
+ private static final Logger log = Red5LoggerFactory.getLogger(MD5Implementation.class, webAppRootKey);
+
+ /*
+ * (non-Javadoc)
+ * @see org.apache.openmeetings.utils.crypt.ICrypt#hash(java.lang.String)
+ */
+ @Override
+ public String hash(String str) {
+ String passPhrase = null;
+ try {
+ passPhrase = MD5.checksum(str);
+ } catch (NoSuchAlgorithmException e) {
+ log.error("Error", e);
+ }
+ return passPhrase;
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.apache.openmeetings.utils.crypt.ICrypt#verify(java.lang.String, java.lang.String)
+ */
+ @Override
+ public boolean verify(String str, String hash) {
+ return hash != null && hash.equals(hash(str));
+ }
}
]]>
</source>
Modified: openmeetings/application/trunk/openmeetings-service/src/main/java/org/apache/openmeetings/service/room/InvitationManager.java
URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-service/src/main/java/org/apache/openmeetings/service/room/InvitationManager.java?rev=1738512&r1=1738511&r2=1738512&view=diff
==============================================================================
--- openmeetings/application/trunk/openmeetings-service/src/main/java/org/apache/openmeetings/service/room/InvitationManager.java (original)
+++ openmeetings/application/trunk/openmeetings-service/src/main/java/org/apache/openmeetings/service/room/InvitationManager.java Mon Apr 11 05:38:22 2016
@@ -51,7 +51,7 @@ import org.apache.openmeetings.service.m
import org.apache.openmeetings.service.mail.template.InvitationTemplate;
import org.apache.openmeetings.service.mail.template.UpdatedAppointmentTemplate;
import org.apache.openmeetings.util.CalendarHelper;
-import org.apache.openmeetings.util.crypt.ManageCryptStyle;
+import org.apache.openmeetings.util.crypt.CryptProvider;
import org.apache.openmeetings.util.mail.IcalHandler;
import org.apache.wicket.Application;
import org.apache.wicket.util.string.Strings;
@@ -260,7 +260,7 @@ public class InvitationManager implement
if (obj instanceof Invitation) {
Invitation invitation = (Invitation) obj;
- if (ManageCryptStyle.getInstanceOfCrypt().verifyPassword(pass, invitation.getPassword())) {
+ if (CryptProvider.get().verify(pass, invitation.getPassword())) {
return new Long(1);
} else {
return new Long(-34);
@@ -325,7 +325,7 @@ public class InvitationManager implement
invitation.setPasswordProtected(isPasswordProtected);
if (isPasswordProtected) {
- invitation.setPassword(ManageCryptStyle.getInstanceOfCrypt().createPassPhrase(invitationpass));
+ invitation.setPassword(CryptProvider.get().hash(invitationpass));
}
invitation.setUsed(false);