Merge branch 'saltpassword' into 'master'

Prøvde å fiske salt og hash (TEST) See merge request !6

Merge branch 'saltpassword' into 'master'
2a7904da · Sigurd Almåsbakk Skogmo · 21ea65dc · 68a8843b · 2a7904da · 2a7904da
Commit 2a7904da authored 5 years ago by Sigurd Almåsbakk Skogmo
--- a/src/main/java/dao/UserDAO.java
+++ b/src/main/java/dao/UserDAO.java
@@ -19,6 +19,7 @@ public class UserDAO {
    /**
     * Returns a List of all registered users
+     *
     * @return List of Users
     */
    public List<User> getUsers() {
@@ -49,6 +50,7 @@ public class UserDAO {
    /**
     * Returns a User object for given username
+     *
     * @param username Username as String
     * @return requested user object if found, null if not found
     */
@@ -73,6 +75,7 @@ public class UserDAO {
    /**
     * Returns a User object for given userId
+     *
     * @param userId userId as int
     * @return requested user object if found, null if not found
     */
@@ -97,6 +100,7 @@ public class UserDAO {
    /**
     * Helping method to get a User from a ResultSet
+     *
     * @param resultSet ResultSet with the user
     * @return User object, or null if unsuccessful
     */
@@ -120,6 +124,7 @@ public class UserDAO {
    /**
     * Adds a new user to database with default ID
+     *
     * @param user User object
     * @return new User or already registered user
     */
@@ -181,24 +186,52 @@ public class UserDAO {
    /**
     * Generates a salt, for hashing
+     *
     * @return a random salt
     */
    public byte[] generateSalt() {
-        return null;
+        SecureRandom random = new SecureRandom();
+        byte[] saltArray = new byte[16];
+        random.nextBytes(saltArray);
+        return saltArray;
    }
    /**
     * Method to hash a password with salt
+     *
     * @param password password to be hashed
     * @param salt     salt to use when hashing
     * @return hashedPassword, null if unsuccessful
     */
    public String hashPassword(String password, byte[] salt) {
+        try {
+            MessageDigest md = MessageDigest.getInstance("SHA-512");
+            md.update(password.getBytes());
+            byte[] bytes = md.digest();
+            StringBuilder sb = new StringBuilder();
+            for (int i = 0; i < bytes.length; i++) {
+                sb.append(Integer.toString((bytes[i] & 0xff) + 0x100));
+            }
+            String hashedPassword = sb.toString();
+            StringBuilder hb = new StringBuilder();
+            for (byte b : salt) {
+                hb.append(String.format("%02x", b));
+            }
+            String salted = hb.toString();
+            System.out.println(salted);
+            return hashedPassword+"|"+salted;
+        }catch (NoSuchAlgorithmException e){
+            e.printStackTrace();
+        }
        return null;
    }
    /**
     * Edits the users username or password
+     *
     * @param userId   userId as int
     * @param username Username as String
     * @param password password as String, if null it should not be updated

--- a/src/test/java/UserDAOTest.java
+++ b/src/test/java/UserDAOTest.java
@@ -9,10 +9,12 @@ import org.junit.Before;
 import org.junit.Test;
 import javax.ws.rs.core.Application;
+import java.security.SecureRandom;
 import java.sql.Connection;
 import java.sql.SQLException;
 import java.sql.Statement;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.List;
 import static org.junit.Assert.*;
@@ -194,4 +196,9 @@ public class UserDAOTest extends JerseyTest {
        assertEquals(expectedUsername,actualUsername);
        assertNotEquals(beforeNewUser,afterNewUser);
    }
+    @Test
+    public void testSaltPassword(){
+       byte[] salt =  userDAO.generateSalt();
+    }
 }