Skip to content
/ hash Public

Common Lib to Hash passwords which is compatible to Java EE/ CDI (e.g. payara, wildfly) and Spring Boot.

License

Notifications You must be signed in to change notification settings

sterlp/hash

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Hash Lib CI CodeQL

Hash Lib Cli

Tool to create BCrypt and PBKDF2 hashes of passwords directly in the command line:

Create a password hash

BCrpyt

java -jar hash-cli.jar mypassword
> $2a$10$m4hjjVjjGD36bgHlblJaweMDrGelSO1lx4osfpNi/7DN9ZvTzMqA6

PBKDF2WithHmacSHA512

java -jar hash-cli.jar -a PBKDF2WithHmacSHA512 -p mypassword
> PBKDF2WithHmacSHA512:2048:ilIYz4CirlKeZfa59Tu9Dlruc69zaAxGyDb0OOcpppM=:HMv6yD8WUKSM2XY6jHIuzz9ShXX1wj120Njb0TptJ6hBBWAFnOdx0xR1hvz9ICtp91sdBxRaMyU8LsYZCIuP9g==

Verify a password hash

BCrypt

java -jar hash-cli.jar -p foo -h "$2a$10$At1ZDrj3taopwLzeZ237KekybhWlF6quEd8bv9eAIWrTVzvtKyTEi"
> true

PBKDF2WithHmacSHA512

java -jar hash-cli.jar -a PBKDF2WithHmacSHA512 -p mypassword -h PBKDF2WithHmacSHA512:2048:ilIYz4CirlKeZfa59Tu9Dlruc69zaAxGyDb0OOcpppM=:HMv6yD8WUKSM2XY6jHIuzz9ShXX1wj120Njb0TptJ6hBBWAFnOdx0xR1hvz9ICtp91sdBxRaMyU8LsYZCIuP9g==
> true

hash-lib

Common lib which provides a common Hash algorithms for JEE and Spring Boot:

  • BCrypt
  • PBKDF2WithHmacSHA224
  • PBKDF2WithHmacSHA256
  • PBKDF2WithHmacSHA384
  • PBKDF2WithHmacSHA512

jee-hash-lib

Support BCrypt and PBKDF2 password hash and verification. As so be compatible with existing JEE JDBC user stores and Spring Boot user stores.

Usage

import javax.annotation.security.DeclareRoles;
import javax.enterprise.context.ApplicationScoped;
import javax.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition;
import javax.security.enterprise.identitystore.DatabaseIdentityStoreDefinition;
import javax.ws.rs.ApplicationPath;
import javax.ws.rs.core.Application;
import org.sterl.jee.hash.BCryptAndPbkdf2PasswordHash;

@ApplicationScoped
@BasicAuthenticationMechanismDefinition(realmName = "jee-basic")
@DeclareRoles({ "admin", "user" }) // this authorities are allowed
@DatabaseIdentityStoreDefinition(
    callerQuery = "select password from users where enabled = true AND username = ?",
    groupsQuery = "select authority from authorities where username = ?",
    dataSourceLookup = "jdbc/identity-store",
    hashAlgorithm = BCryptAndPbkdf2PasswordHash.class,
    hashAlgorithmParameters = {
        "Algorithm=PBKDF2WithHmacSHA512"
    }
)
@ApplicationPath("")
public class ApplicationConfiguration extends Application {
    
}

Maven import JEE

<dependency>
  <groupId>org.sterl.hash</groupId>
  <artifactId>jee-hash-lib</artifactId>
  <version>0.1.0</version>
</dependency>

Base Lib

<dependency>
  <groupId>org.sterl.hash</groupId>
  <artifactId>hash-lib</artifactId>
  <version>0.1.0</version>
</dependency>

How to release

  • mvn versions:set -DnewVersion=x.x.x-SNAPSHOT
  • mvn clean install -Prelease
  • mvn deploy