1 | package com.renomad.minum.utils; | |
2 | ||
3 | import javax.crypto.SecretKeyFactory; | |
4 | import javax.crypto.spec.PBEKeySpec; | |
5 | import java.nio.charset.StandardCharsets; | |
6 | import java.security.spec.KeySpec; | |
7 | ||
8 | /** | |
9 | * Handy helpers for dealing with cryptographic functions | |
10 | */ | |
11 | public final class CryptoUtils { | |
12 | ||
13 | private CryptoUtils() { | |
14 | // cannot construct | |
15 | } | |
16 | ||
17 | /** | |
18 | * Converts an array of bytes to their corresponding hex string | |
19 | * @param bytes an array of bytes | |
20 | * @return a hex string of that array | |
21 | */ | |
22 | public static String bytesToHex(byte[] bytes) { | |
23 | StringBuilder hexString = new StringBuilder(); | |
24 | for (byte b : bytes) { | |
25 |
1
1. bytesToHex : Replaced bitwise AND with OR → KILLED |
String hex = Integer.toHexString(0xff & b); |
26 |
1
1. bytesToHex : negated conditional → KILLED |
if (hex.length() == 1) hexString.append('0'); |
27 | hexString.append(hex); | |
28 | } | |
29 |
1
1. bytesToHex : replaced return value with "" for com/renomad/minum/utils/CryptoUtils::bytesToHex → KILLED |
return hexString.toString(); |
30 | } | |
31 | ||
32 | /** | |
33 | * Hash the input string with the provided PBKDF2 algorithm, and return a string representation | |
34 | * Note that the PBKDF2WithHmacSHA1 algorithm is specifically designed to take a long time, | |
35 | * to slow down an attacker. | |
36 | * <p> | |
37 | * See docs/http_protocol/password_storage_cheat_sheet | |
38 | * </p> | |
39 | */ | |
40 | public static String createPasswordHash(String password, String salt) { | |
41 |
1
1. createPasswordHash : replaced return value with "" for com/renomad/minum/utils/CryptoUtils::createPasswordHash → KILLED |
return createPasswordHash(password, salt, "PBKDF2WithHmacSHA1"); |
42 | } | |
43 | ||
44 | static String createPasswordHash(String password, String salt, String algorithm) { | |
45 | final KeySpec spec = new PBEKeySpec(password.toCharArray(), salt.getBytes(StandardCharsets.UTF_8), 65536, 128); | |
46 | final SecretKeyFactory factory; | |
47 | ||
48 | try { | |
49 | factory = SecretKeyFactory.getInstance(algorithm); | |
50 | final byte[] hashed = factory.generateSecret(spec).getEncoded(); | |
51 |
1
1. createPasswordHash : replaced return value with "" for com/renomad/minum/utils/CryptoUtils::createPasswordHash → KILLED |
return bytesToHex(hashed); |
52 | } catch (Exception e) { | |
53 | throw new UtilsException(e); | |
54 | } | |
55 | } | |
56 | ||
57 | } | |
Mutations | ||
25 |
1.1 |
|
26 |
1.1 |
|
29 |
1.1 |
|
41 |
1.1 |
|
51 |
1.1 |