diff --git a/plusone-basic/plusone-basic-common/src/main/java/xyz/zhouxy/plusone/util/RandomUtil.java b/plusone-basic/plusone-basic-common/src/main/java/xyz/zhouxy/plusone/util/RandomUtil.java index df9253d..d4a023d 100644 --- a/plusone-basic/plusone-basic-common/src/main/java/xyz/zhouxy/plusone/util/RandomUtil.java +++ b/plusone-basic/plusone-basic-common/src/main/java/xyz/zhouxy/plusone/util/RandomUtil.java @@ -1,6 +1,6 @@ package xyz.zhouxy.plusone.util; -import java.util.concurrent.ThreadLocalRandom; +import java.security.SecureRandom; public final class RandomUtil { private RandomUtil() { @@ -8,7 +8,7 @@ public final class RandomUtil { } public static String randomStr(char[] sourceCharacters, int length) { - ThreadLocalRandom random = ThreadLocalRandom.current(); + SecureRandom random = new SecureRandom(); char[] result = new char[length]; for (int i = 0; i < length; i++) { result[i] = sourceCharacters[random.nextInt(sourceCharacters.length)]; diff --git a/plusone-system/plusone-system-common/src/main/java/xyz/zhouxy/plusone/system/util/PasswordUtil.java b/plusone-system/plusone-system-common/src/main/java/xyz/zhouxy/plusone/system/util/PasswordUtil.java index bf34ac9..c0b7509 100644 --- a/plusone-system/plusone-system-common/src/main/java/xyz/zhouxy/plusone/system/util/PasswordUtil.java +++ b/plusone-system/plusone-system-common/src/main/java/xyz/zhouxy/plusone/system/util/PasswordUtil.java @@ -1,15 +1,12 @@ package xyz.zhouxy.plusone.system.util; -import java.math.BigInteger; import java.nio.charset.StandardCharsets; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.util.Objects; +import java.util.Arrays; -import javax.annotation.Nonnull; +import org.springframework.util.Assert; + +import com.google.common.hash.Hashing; -import xyz.zhouxy.plusone.constant.ErrorCodeConsts; -import xyz.zhouxy.plusone.exception.BizException; import xyz.zhouxy.plusone.util.RandomUtil; /** @@ -28,19 +25,18 @@ public final class PasswordUtil { * @param salt 随机盐 * @return 哈希加密的结果 */ - @Nonnull - public static String hashPassword(@Nonnull String password, @Nonnull String salt) { - int length = salt.length(); - int i = length > 0 ? length / 2 : 0; - var passwordWithSalt = salt.substring(0, i) - + password - + salt.substring(1); - - try { - return sha512Hex(passwordWithSalt); - } catch (Exception e) { - throw new BizException(ErrorCodeConsts.DEFAULT_ERROR_CODE, "哈希加密失败!", e); - } + public static String hashPassword(String password, String salt) { + Assert.notNull(password, "Password must not be null"); + Assert.notNull(salt, "Salt must not be null"); + return Hashing.sha512().newHasher() + .putInt(Arrays.hashCode(salt.toCharArray())) + .putString(password, StandardCharsets.UTF_8) + .putInt(password.length()) + .putBoolean(password.length() % 2 == 0) + .putString(salt, StandardCharsets.UTF_8) + .putInt(Arrays.hashCode(password.toCharArray())) + .hash() + .toString(); } /** @@ -56,13 +52,4 @@ public final class PasswordUtil { // 不允许实例化 throw new IllegalStateException("Utility class"); } - - @Nonnull - private static String sha512Hex(String data) throws NoSuchAlgorithmException { - MessageDigest messageDigest = MessageDigest.getInstance("SHA-512"); - messageDigest.update(data.getBytes(StandardCharsets.UTF_8)); - byte[] result = messageDigest.digest(); - var sha512Hex = new BigInteger(1, result).toString(16); - return Objects.requireNonNull(sha512Hex); - } } diff --git a/plusone-system/plusone-system-domain/src/main/java/xyz/zhouxy/plusone/system/domain/model/account/Password.java b/plusone-system/plusone-system-domain/src/main/java/xyz/zhouxy/plusone/system/domain/model/account/Password.java index ba0b109..a4b555a 100644 --- a/plusone-system/plusone-system-domain/src/main/java/xyz/zhouxy/plusone/system/domain/model/account/Password.java +++ b/plusone-system/plusone-system-domain/src/main/java/xyz/zhouxy/plusone/system/domain/model/account/Password.java @@ -3,15 +3,11 @@ package xyz.zhouxy.plusone.system.domain.model.account; import java.util.Objects; import java.util.regex.Pattern; -import javax.annotation.Nonnull; - import org.springframework.util.Assert; import xyz.zhouxy.plusone.commons.annotation.StaticFactoryMethod; import xyz.zhouxy.plusone.commons.constant.PatternConsts; -import xyz.zhouxy.plusone.constant.ErrorCodeConsts; import xyz.zhouxy.plusone.domain.IValueObject; -import xyz.zhouxy.plusone.exception.BizException; import xyz.zhouxy.plusone.system.util.PasswordUtil; /** @@ -24,30 +20,19 @@ public class Password implements IValueObject { private static final Pattern PATTERN = PatternConsts.PASSWORD; private static final String DEFAULT_PASSWORD = "A1b2C3d4"; - @Nonnull private final String passwordVal; - @Nonnull private final String saltVal; private Password(String password) { - if (password == null) { - throw new IllegalArgumentException("密码不能为空"); - } - if (!PATTERN.matcher(password).matches()) { - throw new IllegalArgumentException("密码格式不符合要求"); - } - var salt = PasswordUtil.generateRandomSalt(); - if (salt == null) { - throw new BizException(ErrorCodeConsts.DEFAULT_ERROR_CODE, "未知错误:生成随机盐失败"); - } + Assert.notNull(password, "密码不能为空"); + Assert.isTrue(PATTERN.matcher(password).matches(), "密码格式不符合要求"); + String salt = PasswordUtil.generateRandomSalt(); this.saltVal = salt; this.passwordVal = PasswordUtil.hashPassword(password, salt); } private Password(String password, String salt) { - if (password == null || salt == null) { - throw new IllegalArgumentException("password 和 salt 不能为空"); - } + Assert.isTrue(password != null && salt != null, "password 和 salt 不能为空"); this.passwordVal = password; this.saltVal = salt; }