Hej igen nu har jag byggt om lite baserat på denna länk. Så valde jag att jämföra strängar istället. Så HashHandler ser nu ut:
package database;
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Random;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
public class HashHandling {
private static final Random RANDOM = new SecureRandom();
private static final int ITERATIONS = 10000;
private static final int KEY_LENGTH = 256;
private static final char[] hexArray = "0123456789ABCDEF".toCharArray();
private static final byte[] idSalt = getNextSalt();
public static byte[] getNextSalt() {
byte[] salt = new byte[16];
RANDOM.nextBytes(salt);
return salt;
}
public static byte[] passwordHashing(char[] password, byte[] salt) {
PBEKeySpec spec = new PBEKeySpec(password, salt, ITERATIONS, KEY_LENGTH);
Arrays.fill(password, Character.MIN_VALUE);
try {
SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
return skf.generateSecret(spec).getEncoded();
} catch(NoSuchAlgorithmException | InvalidKeySpecException e) {
throw new AssertionError("Error whil hashing a password: "+e.getMessage(), e);
} finally {
spec.clearPassword();
}
}
public static boolean isExpectedPassword(String pw, String expectedHash) {
return expectedHash.equals(pw);
}
public static byte[] idHashing(char[] id) {
return passwordHashing(id, idSalt);
}
public static String hashToString(byte[] toConvert) {
char[] hexChars = new char[toConvert.length * 2];
for ( int j = 0; j < toConvert.length; j++ ) {
int v = toConvert[j] & 0xFF;
hexChars[j * 2] = hexArray[v >>> 4];
hexChars[j * 2 + 1] = hexArray[v & 0x0F];
}
return new String(hexChars);
}
public static byte[] stringToHashByteVal(String toConvert) {
byte[] b = new byte[toConvert.length() / 2];
for (int i = 0; i < b.length; i++) {
int index = i * 2;
int v = Integer.parseInt(toConvert.substring(index, index + 2), 16);
b[i] = (byte) v;
}
return b;
}
}
Och test main:
package main;
import database.DatabaseHandler;
import database.HashHandling;
import database.PostTableRow;
import database.UsersTableRow;
import java.math.BigInteger;
import java.sql.Timestamp;
import java.util.ArrayList;
import database.TableRow;
public class Main {
public static void main(String[] args) throws Exception{
byte[] salt = HashHandling.idHashing(HashHandling.hashToString(HashHandling.getNextSalt()).toCharArray());
String orgiPw = new String("test");
byte[] hashPw = HashHandling.passwordHashing(orgiPw.toCharArray(), salt);
String HashStr = HashHandling.hashToString(hashPw);
byte[] conBack = HashHandling.stringToHashByteVal(HashStr);
String conBackStr = HashHandling.hashToString(conBack);
System.out.println("Orgi string: "+HashStr+" converted string: "+conBackStr);
if(HashStr.equals(conBackStr)) {
System.out.println("Their the same!");
}
if(HashHandling.isExpectedPassword(conBackStr, HashStr)) {
System.out.println("Converter seam to work.");
} else {
System.out.println("Failed");
System.out.println("\t Conback:\t"+conBackStr);
System.out.println("\t Orgi: \t"+conBackStr);
}
}
}
Vilket get outputen:
Orgi string: A6F3EF6B2E7F7C4EF47968F4DF4A0F12E8D316E2C2755FFF7C2B7F4366ACE3F6 converted string: A6F3EF6B2E7F7C4EF47968F4DF4A0F12E8D316E2C2755FFF7C2B7F4366ACE3F6
Their the same!
Converter seam to work.
Vilket känns vettigt men ni får gärna säga till om ni ser något som verka konstigt eller rent utsagt fel.