ARTEMIS-3899 improve salt calculation
Update the salt calculation to more closely align with the
"Randomness Recommendations for Security" at
https://www.ietf.org/rfc/rfc1750.txt.
This was inadvertently changed in
5965a45894
.
This commit is contained in:
parent
a2262612ca
commit
a49066e6b7
|
@ -23,6 +23,7 @@ import javax.crypto.spec.SecretKeySpec;
|
||||||
|
|
||||||
import java.math.BigInteger;
|
import java.math.BigInteger;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
|
import java.security.SecureRandom;
|
||||||
import java.security.spec.InvalidKeySpecException;
|
import java.security.spec.InvalidKeySpecException;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
|
@ -111,7 +112,7 @@ public class DefaultSensitiveStringCodec implements SensitiveDataCodec<String> {
|
||||||
return algorithm.verify(inputValue, storedValue);
|
return algorithm.verify(inputValue, storedValue);
|
||||||
}
|
}
|
||||||
|
|
||||||
private abstract class CodecAlgorithm {
|
private abstract static class CodecAlgorithm {
|
||||||
|
|
||||||
protected Map<String, String> params;
|
protected Map<String, String> params;
|
||||||
|
|
||||||
|
@ -202,7 +203,7 @@ public class DefaultSensitiveStringCodec implements SensitiveDataCodec<String> {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private class PBKDF2Algorithm extends CodecAlgorithm {
|
private static class PBKDF2Algorithm extends CodecAlgorithm {
|
||||||
private static final String SEPARATOR = ":";
|
private static final String SEPARATOR = ":";
|
||||||
private String sceretKeyAlgorithm = "PBKDF2WithHmacSHA1";
|
private String sceretKeyAlgorithm = "PBKDF2WithHmacSHA1";
|
||||||
private String randomScheme = "SHA1PRNG";
|
private String randomScheme = "SHA1PRNG";
|
||||||
|
@ -210,10 +211,14 @@ public class DefaultSensitiveStringCodec implements SensitiveDataCodec<String> {
|
||||||
private int saltLength = 32;
|
private int saltLength = 32;
|
||||||
private int iterations = 1024;
|
private int iterations = 1024;
|
||||||
private SecretKeyFactory skf;
|
private SecretKeyFactory skf;
|
||||||
|
private static SecureRandom sr;
|
||||||
|
|
||||||
PBKDF2Algorithm(Map<String, String> params) throws NoSuchAlgorithmException {
|
PBKDF2Algorithm(Map<String, String> params) throws NoSuchAlgorithmException {
|
||||||
super(params);
|
super(params);
|
||||||
skf = SecretKeyFactory.getInstance(sceretKeyAlgorithm);
|
skf = SecretKeyFactory.getInstance(sceretKeyAlgorithm);
|
||||||
|
if (sr == null) {
|
||||||
|
sr = SecureRandom.getInstance(randomScheme);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -221,8 +226,9 @@ public class DefaultSensitiveStringCodec implements SensitiveDataCodec<String> {
|
||||||
throw new IllegalArgumentException("Algorithm doesn't support decoding");
|
throw new IllegalArgumentException("Algorithm doesn't support decoding");
|
||||||
}
|
}
|
||||||
|
|
||||||
public byte[] getSalt() throws NoSuchAlgorithmException {
|
public byte[] getSalt() {
|
||||||
byte[] salt = RandomUtil.randomBytes(this.saltLength);
|
byte[] salt = new byte[this.saltLength];
|
||||||
|
sr.nextBytes(salt);
|
||||||
return salt;
|
return salt;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue