001 package net.databinder.auth.data.hib;
002
003 import java.io.Serializable;
004 import java.security.MessageDigest;
005
006 import javax.persistence.Column;
007 import javax.persistence.Embeddable;
008
009 import net.databinder.auth.AuthApplication;
010 import net.databinder.auth.data.DataPassword;
011
012 import org.apache.wicket.Application;
013 import org.apache.wicket.util.crypt.Base64;
014
015 /**
016 * Simple, optional implementation of {@link DataPassword}. Maps as an embedded
017 * property to the single field "passwordHash".
018 * @author Nathan Hamblen
019 */
020 @Embeddable
021 public class BasicPassword implements DataPassword, Serializable {
022 private String passwordHash;
023
024 public BasicPassword() { }
025
026 public BasicPassword(String password) {
027 change(password);
028 }
029
030 public void change(String password) {
031 MessageDigest md = ((AuthApplication)Application.get()).getDigest();
032 byte[] hash = md.digest(password.getBytes());
033 passwordHash = new String(Base64.encodeBase64(hash));
034 }
035
036 public void update(MessageDigest md) {
037 md.update(passwordHash.getBytes());
038 }
039
040 @Column(length = 28, nullable = false)
041 private String getPasswordHash() {
042 return passwordHash;
043 }
044
045 @SuppressWarnings("unused")
046 private void setPasswordHash(String passwordHash) {
047 this.passwordHash = passwordHash;
048 }
049
050 public boolean matches(String password) {
051 return passwordHash != null &&
052 passwordHash.equals(new BasicPassword(password).getPasswordHash());
053 }
054 }