我有以下要求。
1. save a user password converted to hash(digested)
2. when comparing with data base, add random bytes with the password given from user
3. now send the random bytes added password to DAO class
4. separate the random byte from password
5. compare with the stored hashed(digested) password
我尝试了类似的东西,但它给出了数组超出限制的异常。
package poc;
import com.sun.xml.internal.ws.message.ByteArrayAttachment;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Arrays;
public class HashedPassword {
public static final String CRYPTOGRAPHY_ALGORITHM = "MD5";
public static final String CHAR_SET = "UTF8";
public static void main(String[] arg){
System.out.println(createPassword("r14@17*$"));
}
public static byte[] createPassword(String password){
byte[] salt = new byte[12];
byte[] digestedPassword =null;
byte[] digestedPasswordPwd =null;
try {
SecureRandom random = new SecureRandom();
random.nextBytes(salt);
MessageDigest mdPassword = MessageDigest.getInstance(CRYPTOGRAPHY_ALGORITHM);
MessageDigest mdPasswordPawd = MessageDigest.getInstance(CRYPTOGRAPHY_ALGORITHM);
mdPassword.update(salt);
mdPassword.update(password.getBytes(CHAR_SET));
mdPasswordPawd.update(password.getBytes(CHAR_SET));
digestedPassword = mdPassword.digest();
digestedPasswordPwd = mdPasswordPawd.digest();
byte[] resultBytes= new byte[1000];
System.arraycopy(digestedPassword, 11, resultBytes,0,digestedPassword.length);
if(Arrays.equals(resultBytes, digestedPasswordPwd)){
System.out.println("match");
}else{
System.out.println("no-match");
}
} catch (Exception ex) {
ex.printStackTrace();
}
System.out.println("digestedPassword : "+digestedPassword);
System.out.println("digestedPasswordPwd : "+digestedPasswordPwd);
return digestedPassword;
}
}
Stacktrace:
java.lang.ArrayIndexOutOfBoundsException
digestedPassword : [B@9980d5
digestedPasswordPwd : [B@1d95492
[B@9980d5
at java.lang.System.arraycopy(Native Method)
at poc.HashedPassword.createPassword(HashedPassword.java:43)
at poc.HashedPassword.main(HashedPassword.java:23)
所以请帮我解决这个问题
亲切的问候
答案 0 :(得分:1)
此行有错:
System.arraycopy(digestedPassword, 11, resultBytes,0,digestedPassword.length);
它尝试从位置11开始从digestedPassword.length
复制digestedPassword
个字节。因此它会尝试复制不存在的11个字节。
试试这个:
System.arraycopy(digestedPassword, 11, resultBytes,0,digestedPassword.length-11);
从API doc for System.arraycopy复制:
否则,如果满足以下任何条件,则抛出IndexOutOfBoundsException并且不修改目标:
srcPos参数为负数 destPos参数是否定的 长度参数是否定的。
srcPos + length大于src.length,即源数组的长度 destPos + length大于dest.length,即目标数组的长度。
答案 1 :(得分:1)
首先,我认为从您的代码中,您遗漏了与从密码中删除/分离随机字节相关的位。因此它可能永远不会相等。
关于我建议的ArrayIndexOutOfBoundsException,请使用
System.arraycopy(digestedPassword, 0, resultBytes,0,digestedPassword.length);