You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mina.apache.org by el...@apache.org on 2023/06/29 09:51:07 UTC
[mina-ftpserver] branch 1.2.X updated: Add stronger hashing methods (will be used for the HASH method implementation)
This is an automated email from the ASF dual-hosted git repository.
elecharny pushed a commit to branch 1.2.X
in repository https://gitbox.apache.org/repos/asf/mina-ftpserver.git
The following commit(s) were added to refs/heads/1.2.X by this push:
new 7ca8176b Add stronger hashing methods (will be used for the HASH method implementation)
7ca8176b is described below
commit 7ca8176be75f193ca296bb36e810a0a3a910dbdb
Author: emmanuel lecharny <el...@apache.org>
AuthorDate: Thu Jun 29 11:51:03 2023 +0200
Add stronger hashing methods (will be used for the HASH method
implementation)
---
.../usermanager/Sha1PasswordEncryptor.java | 54 ++++++++++++++++++++++
.../usermanager/Sha256PasswordEncryptor.java | 53 +++++++++++++++++++++
.../usermanager/Sha512PasswordEncryptor.java | 53 +++++++++++++++++++++
3 files changed, 160 insertions(+)
diff --git a/core/src/main/java/org/apache/ftpserver/usermanager/Sha1PasswordEncryptor.java b/core/src/main/java/org/apache/ftpserver/usermanager/Sha1PasswordEncryptor.java
new file mode 100644
index 00000000..f5a4841d
--- /dev/null
+++ b/core/src/main/java/org/apache/ftpserver/usermanager/Sha1PasswordEncryptor.java
@@ -0,0 +1,54 @@
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ftpserver.usermanager;
+
+import org.apache.ftpserver.util.EncryptUtils;
+import org.apache.ftpserver.util.PasswordUtil;
+
+/**
+ * Password encryptor that hashes the password using SHA-1. Please note that this
+ * form of encryption is sensitive to lookup attacks.
+ *
+ * @author <a href="http://mina.apache.org">Apache MINA Project</a>
+ */
+public class Sha1PasswordEncryptor implements PasswordEncryptor {
+
+ /**
+ * Hashes the password using SHA-1
+ */
+ public String encrypt(String password) {
+ return EncryptUtils.encryptSHA(password);
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public boolean matches(String passwordToCheck, String storedPassword) {
+ if (storedPassword == null) {
+ throw new NullPointerException("storedPassword can not be null");
+ }
+ if (passwordToCheck == null) {
+ throw new NullPointerException("passwordToCheck can not be null");
+ }
+
+ return PasswordUtil.secureCompareFast(encrypt(passwordToCheck).toLowerCase(), storedPassword.toLowerCase());
+ }
+}
diff --git a/core/src/main/java/org/apache/ftpserver/usermanager/Sha256PasswordEncryptor.java b/core/src/main/java/org/apache/ftpserver/usermanager/Sha256PasswordEncryptor.java
new file mode 100644
index 00000000..19317022
--- /dev/null
+++ b/core/src/main/java/org/apache/ftpserver/usermanager/Sha256PasswordEncryptor.java
@@ -0,0 +1,53 @@
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ftpserver.usermanager;
+
+import org.apache.ftpserver.util.EncryptUtils;
+import org.apache.ftpserver.util.PasswordUtil;
+
+/**
+ * Password encryptor that hashes the password using SHA-256.
+ *
+ * @author <a href="http://mina.apache.org">Apache MINA Project</a>
+ */
+public class Sha256PasswordEncryptor implements PasswordEncryptor {
+
+ /**
+ * Hashes the password using SHA-256
+ */
+ public String encrypt(String password) {
+ return EncryptUtils.encryptSHA256(password);
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public boolean matches(String passwordToCheck, String storedPassword) {
+ if (storedPassword == null) {
+ throw new NullPointerException("storedPassword can not be null");
+ }
+ if (passwordToCheck == null) {
+ throw new NullPointerException("passwordToCheck can not be null");
+ }
+
+ return PasswordUtil.secureCompareFast(encrypt(passwordToCheck).toLowerCase(), storedPassword.toLowerCase());
+ }
+}
diff --git a/core/src/main/java/org/apache/ftpserver/usermanager/Sha512PasswordEncryptor.java b/core/src/main/java/org/apache/ftpserver/usermanager/Sha512PasswordEncryptor.java
new file mode 100644
index 00000000..7d3d2d99
--- /dev/null
+++ b/core/src/main/java/org/apache/ftpserver/usermanager/Sha512PasswordEncryptor.java
@@ -0,0 +1,53 @@
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ftpserver.usermanager;
+
+import org.apache.ftpserver.util.EncryptUtils;
+import org.apache.ftpserver.util.PasswordUtil;
+
+/**
+ * Password encryptor that hashes the password using SHA-512.
+ *
+ * @author <a href="http://mina.apache.org">Apache MINA Project</a>
+ */
+public class Sha512PasswordEncryptor implements PasswordEncryptor {
+
+ /**
+ * Hashes the password using SHA-512
+ */
+ public String encrypt(String password) {
+ return EncryptUtils.encryptSHA512(password);
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public boolean matches(String passwordToCheck, String storedPassword) {
+ if (storedPassword == null) {
+ throw new NullPointerException("storedPassword can not be null");
+ }
+ if (passwordToCheck == null) {
+ throw new NullPointerException("passwordToCheck can not be null");
+ }
+
+ return PasswordUtil.secureCompareFast(encrypt(passwordToCheck).toLowerCase(), storedPassword.toLowerCase());
+ }
+}