ZhouXY108
/
plusone-admin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

更改 Password 实现。

dev
ZhouXY108 2023-04-19 06:05:02 +08:00
parent 104bffb0e8
commit 30f29bb4b3
3 changed files with 22 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
plusone-basic/plusone-basic-common/src/main/java/xyz/zhouxy/plusone/util/RandomUtil.java
View File

@ -1,6 +1,6 @@
package xyz.zhouxy.plusone.util; package xyz.zhouxy.plusone.util;
import java.util.concurrent.ThreadLocalRandom; import java.security.SecureRandom;
public final class RandomUtil { public final class RandomUtil {
private RandomUtil() { private RandomUtil() {
@ -8,7 +8,7 @@ public final class RandomUtil {
} }
public static String randomStr(char[] sourceCharacters, int length) { public static String randomStr(char[] sourceCharacters, int length) {
ThreadLocalRandom random = ThreadLocalRandom.current(); SecureRandom random = new SecureRandom();
char[] result = new char[length]; char[] result = new char[length];
for (int i = 0; i < length; i++) { for (int i = 0; i < length; i++) {
result[i] = sourceCharacters[random.nextInt(sourceCharacters.length)]; result[i] = sourceCharacters[random.nextInt(sourceCharacters.length)];

45
plusone-system/plusone-system-common/src/main/java/xyz/zhouxy/plusone/system/util/PasswordUtil.java
View File

@ -1,15 +1,12 @@
package xyz.zhouxy.plusone.system.util; package xyz.zhouxy.plusone.system.util;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.security.MessageDigest; import java.util.Arrays;
import java.security.NoSuchAlgorithmException;
import java.util.Objects;
import javax.annotation.Nonnull; import org.springframework.util.Assert;
import com.google.common.hash.Hashing;
import xyz.zhouxy.plusone.constant.ErrorCodeConsts;
import xyz.zhouxy.plusone.exception.BizException;
import xyz.zhouxy.plusone.util.RandomUtil; import xyz.zhouxy.plusone.util.RandomUtil;
/** /**
@ -28,19 +25,18 @@ public final class PasswordUtil {
* @param salt * @param salt
* @return * @return
*/ */
@Nonnull public static String hashPassword(String password, String salt) {
public static String hashPassword(@Nonnull String password, @Nonnull String salt) { Assert.notNull(password, "Password must not be null");
int length = salt.length(); Assert.notNull(salt, "Salt must not be null");
int i = length > 0 ? length / 2 : 0; return Hashing.sha512().newHasher()
var passwordWithSalt = salt.substring(0, i) .putInt(Arrays.hashCode(salt.toCharArray()))
+ password .putString(password, StandardCharsets.UTF_8)
+ salt.substring(1); .putInt(password.length())
.putBoolean(password.length() % 2 == 0)
try { .putString(salt, StandardCharsets.UTF_8)
return sha512Hex(passwordWithSalt); .putInt(Arrays.hashCode(password.toCharArray()))
} catch (Exception e) { .hash()
throw new BizException(ErrorCodeConsts.DEFAULT_ERROR_CODE, "哈希加密失败!", e); .toString();
}
} }
/** /**
@ -56,13 +52,4 @@ public final class PasswordUtil {
// 不允许实例化 // 不允许实例化
throw new IllegalStateException("Utility class"); throw new IllegalStateException("Utility class");
} }
@Nonnull
private static String sha512Hex(String data) throws NoSuchAlgorithmException {
MessageDigest messageDigest = MessageDigest.getInstance("SHA-512");
messageDigest.update(data.getBytes(StandardCharsets.UTF_8));
byte[] result = messageDigest.digest();
var sha512Hex = new BigInteger(1, result).toString(16);
return Objects.requireNonNull(sha512Hex);
}
} }

23
plusone-system/plusone-system-domain/src/main/java/xyz/zhouxy/plusone/system/domain/model/account/Password.java
View File

@ -3,15 +3,11 @@ package xyz.zhouxy.plusone.system.domain.model.account;
import java.util.Objects; import java.util.Objects;
import java.util.regex.Pattern; import java.util.regex.Pattern;
import javax.annotation.Nonnull;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import xyz.zhouxy.plusone.commons.annotation.StaticFactoryMethod; import xyz.zhouxy.plusone.commons.annotation.StaticFactoryMethod;
import xyz.zhouxy.plusone.commons.constant.PatternConsts; import xyz.zhouxy.plusone.commons.constant.PatternConsts;
import xyz.zhouxy.plusone.constant.ErrorCodeConsts;
import xyz.zhouxy.plusone.domain.IValueObject; import xyz.zhouxy.plusone.domain.IValueObject;
import xyz.zhouxy.plusone.exception.BizException;
import xyz.zhouxy.plusone.system.util.PasswordUtil; import xyz.zhouxy.plusone.system.util.PasswordUtil;
/** /**
@ -24,30 +20,19 @@ public class Password implements IValueObject {
private static final Pattern PATTERN = PatternConsts.PASSWORD; private static final Pattern PATTERN = PatternConsts.PASSWORD;
private static final String DEFAULT_PASSWORD = "A1b2C3d4"; private static final String DEFAULT_PASSWORD = "A1b2C3d4";
@Nonnull
private final String passwordVal; private final String passwordVal;
@Nonnull
private final String saltVal; private final String saltVal;
private Password(String password) { private Password(String password) {
if (password == null) { Assert.notNull(password, "密码不能为空");
throw new IllegalArgumentException("密码不能为空"); Assert.isTrue(PATTERN.matcher(password).matches(), "密码格式不符合要求");
} String salt = PasswordUtil.generateRandomSalt();
if (!PATTERN.matcher(password).matches()) {
throw new IllegalArgumentException("密码格式不符合要求");
}
var salt = PasswordUtil.generateRandomSalt();
if (salt == null) {
throw new BizException(ErrorCodeConsts.DEFAULT_ERROR_CODE, "未知错误:生成随机盐失败");
}
this.saltVal = salt; this.saltVal = salt;
this.passwordVal = PasswordUtil.hashPassword(password, salt); this.passwordVal = PasswordUtil.hashPassword(password, salt);
} }
private Password(String password, String salt) { private Password(String password, String salt) {
if (password == null || salt == null) { Assert.isTrue(password != null && salt != null, "password 和 salt 不能为空");
throw new IllegalArgumentException("password 和 salt 不能为空");
}
this.passwordVal = password; this.passwordVal = password;
this.saltVal = salt; this.saltVal = salt;
} }