更改 Password 实现。
parent
104bffb0e8
commit
30f29bb4b3
|
|
@ -1,6 +1,6 @@
|
|||
package xyz.zhouxy.plusone.util;
|
||||
|
||||
import java.util.concurrent.ThreadLocalRandom;
|
||||
import java.security.SecureRandom;
|
||||
|
||||
public final class RandomUtil {
|
||||
private RandomUtil() {
|
||||
|
|
@ -8,7 +8,7 @@ public final class RandomUtil {
|
|||
}
|
||||
|
||||
public static String randomStr(char[] sourceCharacters, int length) {
|
||||
ThreadLocalRandom random = ThreadLocalRandom.current();
|
||||
SecureRandom random = new SecureRandom();
|
||||
char[] result = new char[length];
|
||||
for (int i = 0; i < length; i++) {
|
||||
result[i] = sourceCharacters[random.nextInt(sourceCharacters.length)];
|
||||
|
|
|
|||
|
|
@ -1,15 +1,12 @@
|
|||
package xyz.zhouxy.plusone.system.util;
|
||||
|
||||
import java.math.BigInteger;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.security.MessageDigest;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.util.Objects;
|
||||
import java.util.Arrays;
|
||||
|
||||
import javax.annotation.Nonnull;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
import com.google.common.hash.Hashing;
|
||||
|
||||
import xyz.zhouxy.plusone.constant.ErrorCodeConsts;
|
||||
import xyz.zhouxy.plusone.exception.BizException;
|
||||
import xyz.zhouxy.plusone.util.RandomUtil;
|
||||
|
||||
/**
|
||||
|
|
@ -28,19 +25,18 @@ public final class PasswordUtil {
|
|||
* @param salt 随机盐
|
||||
* @return 哈希加密的结果
|
||||
*/
|
||||
@Nonnull
|
||||
public static String hashPassword(@Nonnull String password, @Nonnull String salt) {
|
||||
int length = salt.length();
|
||||
int i = length > 0 ? length / 2 : 0;
|
||||
var passwordWithSalt = salt.substring(0, i)
|
||||
+ password
|
||||
+ salt.substring(1);
|
||||
|
||||
try {
|
||||
return sha512Hex(passwordWithSalt);
|
||||
} catch (Exception e) {
|
||||
throw new BizException(ErrorCodeConsts.DEFAULT_ERROR_CODE, "哈希加密失败!", e);
|
||||
}
|
||||
public static String hashPassword(String password, String salt) {
|
||||
Assert.notNull(password, "Password must not be null");
|
||||
Assert.notNull(salt, "Salt must not be null");
|
||||
return Hashing.sha512().newHasher()
|
||||
.putInt(Arrays.hashCode(salt.toCharArray()))
|
||||
.putString(password, StandardCharsets.UTF_8)
|
||||
.putInt(password.length())
|
||||
.putBoolean(password.length() % 2 == 0)
|
||||
.putString(salt, StandardCharsets.UTF_8)
|
||||
.putInt(Arrays.hashCode(password.toCharArray()))
|
||||
.hash()
|
||||
.toString();
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -56,13 +52,4 @@ public final class PasswordUtil {
|
|||
// 不允许实例化
|
||||
throw new IllegalStateException("Utility class");
|
||||
}
|
||||
|
||||
@Nonnull
|
||||
private static String sha512Hex(String data) throws NoSuchAlgorithmException {
|
||||
MessageDigest messageDigest = MessageDigest.getInstance("SHA-512");
|
||||
messageDigest.update(data.getBytes(StandardCharsets.UTF_8));
|
||||
byte[] result = messageDigest.digest();
|
||||
var sha512Hex = new BigInteger(1, result).toString(16);
|
||||
return Objects.requireNonNull(sha512Hex);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,15 +3,11 @@ package xyz.zhouxy.plusone.system.domain.model.account;
|
|||
import java.util.Objects;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
import javax.annotation.Nonnull;
|
||||
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
import xyz.zhouxy.plusone.commons.annotation.StaticFactoryMethod;
|
||||
import xyz.zhouxy.plusone.commons.constant.PatternConsts;
|
||||
import xyz.zhouxy.plusone.constant.ErrorCodeConsts;
|
||||
import xyz.zhouxy.plusone.domain.IValueObject;
|
||||
import xyz.zhouxy.plusone.exception.BizException;
|
||||
import xyz.zhouxy.plusone.system.util.PasswordUtil;
|
||||
|
||||
/**
|
||||
|
|
@ -24,30 +20,19 @@ public class Password implements IValueObject {
|
|||
private static final Pattern PATTERN = PatternConsts.PASSWORD;
|
||||
private static final String DEFAULT_PASSWORD = "A1b2C3d4";
|
||||
|
||||
@Nonnull
|
||||
private final String passwordVal;
|
||||
@Nonnull
|
||||
private final String saltVal;
|
||||
|
||||
private Password(String password) {
|
||||
if (password == null) {
|
||||
throw new IllegalArgumentException("密码不能为空");
|
||||
}
|
||||
if (!PATTERN.matcher(password).matches()) {
|
||||
throw new IllegalArgumentException("密码格式不符合要求");
|
||||
}
|
||||
var salt = PasswordUtil.generateRandomSalt();
|
||||
if (salt == null) {
|
||||
throw new BizException(ErrorCodeConsts.DEFAULT_ERROR_CODE, "未知错误:生成随机盐失败");
|
||||
}
|
||||
Assert.notNull(password, "密码不能为空");
|
||||
Assert.isTrue(PATTERN.matcher(password).matches(), "密码格式不符合要求");
|
||||
String salt = PasswordUtil.generateRandomSalt();
|
||||
this.saltVal = salt;
|
||||
this.passwordVal = PasswordUtil.hashPassword(password, salt);
|
||||
}
|
||||
|
||||
private Password(String password, String salt) {
|
||||
if (password == null || salt == null) {
|
||||
throw new IllegalArgumentException("password 和 salt 不能为空");
|
||||
}
|
||||
Assert.isTrue(password != null && salt != null, "password 和 salt 不能为空");
|
||||
this.passwordVal = password;
|
||||
this.saltVal = salt;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue