Commit 77e9a594 authored by michael.simon's avatar michael.simon
Browse files

Set hashed password also in registry

parent 89814e7b
package edu.kit.scc.webreg.service.reg;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import javax.enterprise.context.ApplicationScoped;
import org.apache.commons.codec.binary.Base64;
@ApplicationScoped
public class PasswordUtil {
public String generatePassword(String hashMethod, String password)
throws NoSuchAlgorithmException, UnsupportedEncodingException {
MessageDigest md = MessageDigest.getInstance(hashMethod);
byte[] bytes = password.getBytes(("UTF-8"));
md.update(bytes);
byte[] digest = md.digest();
String hash = "{" + hashMethod + "|" + new String(Base64.encodeBase64(digest)) + "}";
return hash;
}
// public Boolean comparePassword(String password1, String password2) {
//
// }
}
......@@ -63,6 +63,7 @@ import edu.kit.scc.webreg.exc.RegisterException;
import edu.kit.scc.webreg.service.reg.ApprovalService;
import edu.kit.scc.webreg.service.reg.GroupCapable;
import edu.kit.scc.webreg.service.reg.GroupUtil;
import edu.kit.scc.webreg.service.reg.PasswordUtil;
import edu.kit.scc.webreg.service.reg.RegisterUserService;
import edu.kit.scc.webreg.service.reg.RegisterUserWorkflow;
import edu.kit.scc.webreg.service.reg.SetPasswordCapable;
......@@ -94,6 +95,9 @@ public class RegisterUserServiceImpl implements RegisterUserService {
@Inject
private GroupUtil groupUtil;
@Inject
private PasswordUtil passwordUtil;
@Inject
private ApprovalService approvalService;
......@@ -455,8 +459,11 @@ public class RegisterUserServiceImpl implements RegisterUserService {
auditor.setDetail("Setting service password for user " + registry.getUser().getEppn() + " for service " + serviceEntity.getName());
auditor.setRegistry(registry);
registry.getRegistryValues().put("userPassword", passwordUtil.generatePassword("SHA-512", password));
((SetPasswordCapable) workflow).setPassword(userEntity, serviceEntity, registry, auditor, password);
registry = registryDao.persist(registry);
auditor.finishAuditTrail();
} catch (RegisterException e) {
throw e;
......@@ -481,8 +488,11 @@ public class RegisterUserServiceImpl implements RegisterUserService {
auditor.setDetail("Delete service password for user " + registry.getUser().getEppn() + " for service " + serviceEntity.getName());
auditor.setRegistry(registry);
registry.getRegistryValues().remove("userPassword");
((SetPasswordCapable) workflow).deletePassword(userEntity, serviceEntity, registry, auditor);
registry = registryDao.persist(registry);
auditor.finishAuditTrail();
} catch (RegisterException e) {
throw e;
......
......@@ -12,7 +12,6 @@ package edu.kit.scc.webreg.bean.admin;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Provider.Service;
......@@ -25,7 +24,6 @@ import javax.faces.bean.ViewScoped;
import javax.faces.event.ComponentSystemEvent;
import javax.inject.Inject;
import org.apache.commons.codec.binary.Base64;
import org.primefaces.event.TransferEvent;
import org.primefaces.model.DualListModel;
import org.slf4j.Logger;
......@@ -34,6 +32,7 @@ import edu.kit.scc.webreg.entity.AdminUserEntity;
import edu.kit.scc.webreg.entity.RoleEntity;
import edu.kit.scc.webreg.service.AdminUserService;
import edu.kit.scc.webreg.service.RoleService;
import edu.kit.scc.webreg.service.reg.PasswordUtil;
@ManagedBean
@ViewScoped
......@@ -50,6 +49,9 @@ public class ShowAdminUserBean implements Serializable {
@Inject
private RoleService roleService;
@Inject
private PasswordUtil passwordUtil;
private AdminUserEntity entity;
private DualListModel<RoleEntity> roleList;
......@@ -123,11 +125,7 @@ public class ShowAdminUserBean implements Serializable {
if (hashPassword) {
try {
MessageDigest md = MessageDigest.getInstance(selectedHashMethod);
byte[] bytes = newPassword.getBytes(("UTF-8"));
md.update(bytes);
byte[] digest = md.digest();
String hash = "{" + selectedHashMethod + "|" + new String(Base64.encodeBase64(digest)) + "}";
String hash = passwordUtil.generatePassword(selectedHashMethod, newPassword);
entity.setPassword(hash);
} catch (NoSuchAlgorithmException e) {
logger.warn("Oh no", e);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment