From 781ab2712777f6d0cfd66d2c362b51a83d1036ca Mon Sep 17 00:00:00 2001 From: Tenebrius Date: Mon, 14 Jun 2021 13:59:53 +0500 Subject: [PATCH 1/2] =?UTF-8?q?[Fix]=20=D0=A5=D0=B5=D1=88=D0=B8=D1=80?= =?UTF-8?q?=D0=BE=D0=B2=D0=B0=D0=BD=D0=B8=D0=B5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../auth/password/DigestPasswordVerifier.java | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/auth/password/DigestPasswordVerifier.java b/LaunchServer/src/main/java/pro/gravit/launchserver/auth/password/DigestPasswordVerifier.java index 7d3e0ea5..d144fe5f 100644 --- a/LaunchServer/src/main/java/pro/gravit/launchserver/auth/password/DigestPasswordVerifier.java +++ b/LaunchServer/src/main/java/pro/gravit/launchserver/auth/password/DigestPasswordVerifier.java @@ -4,6 +4,8 @@ import org.apache.logging.log4j.Logger; import pro.gravit.utils.helper.SecurityHelper; +import javax.xml.bind.DatatypeConverter; +import java.io.UnsupportedEncodingException; import java.nio.charset.StandardCharsets; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; @@ -17,8 +19,11 @@ public class DigestPasswordVerifier extends PasswordVerifier { public boolean check(String encryptedPassword, String password) { try { MessageDigest digest = MessageDigest.getInstance(algo); - byte[] bytes = SecurityHelper.fromHex(encryptedPassword); - return Arrays.equals(password.getBytes(StandardCharsets.UTF_8), digest.digest(bytes)); + digest.update(password.getBytes(StandardCharsets.UTF_8)); + byte[] bytes = digest.digest(); + String myHash = DatatypeConverter + .printHexBinary(bytes); + return myHash.equalsIgnoreCase(encryptedPassword); } catch (NoSuchAlgorithmException e) { logger.error("Digest algorithm {} not supported", algo); return false; From 8c259a770265a4c92987f4fcc8fa0cb5bed49499 Mon Sep 17 00:00:00 2001 From: Tenebrius Date: Mon, 14 Jun 2021 14:22:08 +0500 Subject: [PATCH 2/2] =?UTF-8?q?[Fix]=20=D0=A5=D0=B5=D1=88=D0=B8=D1=80?= =?UTF-8?q?=D0=BE=D0=B2=D0=B0=D0=BD=D0=B8=D0=B5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../auth/password/DigestPasswordVerifier.java | 9 ++------- .../auth/password/DoubleDigestPasswordVerifier.java | 4 ++-- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/auth/password/DigestPasswordVerifier.java b/LaunchServer/src/main/java/pro/gravit/launchserver/auth/password/DigestPasswordVerifier.java index d144fe5f..abca8a42 100644 --- a/LaunchServer/src/main/java/pro/gravit/launchserver/auth/password/DigestPasswordVerifier.java +++ b/LaunchServer/src/main/java/pro/gravit/launchserver/auth/password/DigestPasswordVerifier.java @@ -4,8 +4,6 @@ import org.apache.logging.log4j.Logger; import pro.gravit.utils.helper.SecurityHelper; -import javax.xml.bind.DatatypeConverter; -import java.io.UnsupportedEncodingException; import java.nio.charset.StandardCharsets; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; @@ -19,11 +17,8 @@ public class DigestPasswordVerifier extends PasswordVerifier { public boolean check(String encryptedPassword, String password) { try { MessageDigest digest = MessageDigest.getInstance(algo); - digest.update(password.getBytes(StandardCharsets.UTF_8)); - byte[] bytes = digest.digest(); - String myHash = DatatypeConverter - .printHexBinary(bytes); - return myHash.equalsIgnoreCase(encryptedPassword); + byte[] bytes = SecurityHelper.fromHex(encryptedPassword); + return Arrays.equals(bytes, digest.digest(password.getBytes(StandardCharsets.UTF_8))); } catch (NoSuchAlgorithmException e) { logger.error("Digest algorithm {} not supported", algo); return false; diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/auth/password/DoubleDigestPasswordVerifier.java b/LaunchServer/src/main/java/pro/gravit/launchserver/auth/password/DoubleDigestPasswordVerifier.java index cc8bb5dd..071664fd 100644 --- a/LaunchServer/src/main/java/pro/gravit/launchserver/auth/password/DoubleDigestPasswordVerifier.java +++ b/LaunchServer/src/main/java/pro/gravit/launchserver/auth/password/DoubleDigestPasswordVerifier.java @@ -18,9 +18,9 @@ public class DoubleDigestPasswordVerifier extends PasswordVerifier { public boolean check(String encryptedPassword, String password) { try { MessageDigest digest = MessageDigest.getInstance(algo); - byte[] bytes = SecurityHelper.fromHex(encryptedPassword); + byte[] bytes = SecurityHelper.fromHex(password); byte[] firstDigest = digest.digest(bytes); - return Arrays.equals(password.getBytes(StandardCharsets.UTF_8), toHexMode ? digest.digest(SecurityHelper.toHex(firstDigest).getBytes(StandardCharsets.UTF_8)) : digest.digest(firstDigest)); + return Arrays.equals(encryptedPassword.getBytes(StandardCharsets.UTF_8), toHexMode ? digest.digest(SecurityHelper.toHex(firstDigest).getBytes(StandardCharsets.UTF_8)) : digest.digest(firstDigest)); } catch (NoSuchAlgorithmException e) { logger.error("Digest algorithm {} not supported", algo); return false;