[mina-ftpserver] branch 1.2.X updated: Add stronger hashing methods (will be used for the HASH method implementation)

Thu, 29 Jun 2023 02:51:11 -0700 

This is an automated email from the ASF dual-hosted git repository.

elecharny pushed a commit to branch 1.2.X
in repository https://gitbox.apache.org/repos/asf/mina-ftpserver.git


The following commit(s) were added to refs/heads/1.2.X by this push:
     new 7ca8176b Add stronger hashing methods (will be used for the HASH 
method implementation)
7ca8176b is described below

commit 7ca8176be75f193ca296bb36e810a0a3a910dbdb
Author: emmanuel lecharny <elecha...@apache.org>
AuthorDate: Thu Jun 29 11:51:03 2023 +0200

    Add stronger hashing methods (will be used for the HASH method
    implementation)
---
 .../usermanager/Sha1PasswordEncryptor.java         | 54 ++++++++++++++++++++++
 .../usermanager/Sha256PasswordEncryptor.java       | 53 +++++++++++++++++++++
 .../usermanager/Sha512PasswordEncryptor.java       | 53 +++++++++++++++++++++
 3 files changed, 160 insertions(+)

diff --git 
a/core/src/main/java/org/apache/ftpserver/usermanager/Sha1PasswordEncryptor.java
 
b/core/src/main/java/org/apache/ftpserver/usermanager/Sha1PasswordEncryptor.java
new file mode 100644
index 00000000..f5a4841d
--- /dev/null
+++ 
b/core/src/main/java/org/apache/ftpserver/usermanager/Sha1PasswordEncryptor.java
@@ -0,0 +1,54 @@
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ftpserver.usermanager;
+
+import org.apache.ftpserver.util.EncryptUtils;
+import org.apache.ftpserver.util.PasswordUtil;
+
+/**
+ * Password encryptor that hashes the password using SHA-1. Please note that 
this
+ * form of encryption is sensitive to lookup attacks.
+ * 
+ * @author <a href="http://mina.apache.org";>Apache MINA Project</a>
+ */
+public class Sha1PasswordEncryptor implements PasswordEncryptor {
+
+    /**
+     * Hashes the password using SHA-1
+     */
+    public String encrypt(String password) {
+        return EncryptUtils.encryptSHA(password);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean matches(String passwordToCheck, String storedPassword) {
+        if (storedPassword == null) {
+            throw new NullPointerException("storedPassword can not be null");
+        }
+        if (passwordToCheck == null) {
+            throw new NullPointerException("passwordToCheck can not be null");
+        }
+
+        return 
PasswordUtil.secureCompareFast(encrypt(passwordToCheck).toLowerCase(), 
storedPassword.toLowerCase());
+    }
+}
diff --git 
a/core/src/main/java/org/apache/ftpserver/usermanager/Sha256PasswordEncryptor.java
 
b/core/src/main/java/org/apache/ftpserver/usermanager/Sha256PasswordEncryptor.java
new file mode 100644
index 00000000..19317022
--- /dev/null
+++ 
b/core/src/main/java/org/apache/ftpserver/usermanager/Sha256PasswordEncryptor.java
@@ -0,0 +1,53 @@
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ftpserver.usermanager;
+
+import org.apache.ftpserver.util.EncryptUtils;
+import org.apache.ftpserver.util.PasswordUtil;
+
+/**
+ * Password encryptor that hashes the password using SHA-256.
+ * 
+ * @author <a href="http://mina.apache.org";>Apache MINA Project</a>
+ */
+public class Sha256PasswordEncryptor implements PasswordEncryptor {
+
+    /**
+     * Hashes the password using SHA-256
+     */
+    public String encrypt(String password) {
+        return EncryptUtils.encryptSHA256(password);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean matches(String passwordToCheck, String storedPassword) {
+        if (storedPassword == null) {
+            throw new NullPointerException("storedPassword can not be null");
+        }
+        if (passwordToCheck == null) {
+            throw new NullPointerException("passwordToCheck can not be null");
+        }
+
+        return 
PasswordUtil.secureCompareFast(encrypt(passwordToCheck).toLowerCase(), 
storedPassword.toLowerCase());
+    }
+}
diff --git 
a/core/src/main/java/org/apache/ftpserver/usermanager/Sha512PasswordEncryptor.java
 
b/core/src/main/java/org/apache/ftpserver/usermanager/Sha512PasswordEncryptor.java
new file mode 100644
index 00000000..7d3d2d99
--- /dev/null
+++ 
b/core/src/main/java/org/apache/ftpserver/usermanager/Sha512PasswordEncryptor.java
@@ -0,0 +1,53 @@
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ftpserver.usermanager;
+
+import org.apache.ftpserver.util.EncryptUtils;
+import org.apache.ftpserver.util.PasswordUtil;
+
+/**
+ * Password encryptor that hashes the password using SHA-512.
+ * 
+ * @author <a href="http://mina.apache.org";>Apache MINA Project</a>
+ */
+public class Sha512PasswordEncryptor implements PasswordEncryptor {
+
+    /**
+     * Hashes the password using SHA-512
+     */
+    public String encrypt(String password) {
+        return EncryptUtils.encryptSHA512(password);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean matches(String passwordToCheck, String storedPassword) {
+        if (storedPassword == null) {
+            throw new NullPointerException("storedPassword can not be null");
+        }
+        if (passwordToCheck == null) {
+            throw new NullPointerException("passwordToCheck can not be null");
+        }
+
+        return 
PasswordUtil.secureCompareFast(encrypt(passwordToCheck).toLowerCase(), 
storedPassword.toLowerCase());
+    }
+}

Reply via email to