Add salt and hash function for passwords

1 files changed, 36 insertions, 0 deletions

diff --git a/src/de/fhswf/in/inf/fit/aufgabe3/LoginServlet.java b/src/de/fhswf/in/inf/fit/aufgabe3/LoginServlet.java
index 3106ecb..c5900c7 100644
--- a/src/de/fhswf/in/inf/fit/aufgabe3/LoginServlet.java
+++ b/src/de/fhswf/in/inf/fit/aufgabe3/LoginServlet.java
@@ -2,6 +2,8 @@ package de.fhswf.in.inf.fit.aufgabe3;
 
 import java.io.IOException;
 import java.io.PrintWriter;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
 
 import javax.servlet.ServletException;
 import javax.servlet.annotation.WebInitParam;
@@ -81,4 +83,38 @@ public class LoginServlet extends HttpServlet
       pw.println("</body>");
       pw.println("</html>");
    }
+
+   /**
+    * Generate a SHA-1 encoded password that is salted.
+    *
+    * @param password
+    *           The password to encode.
+    * @param salt
+    *           The salt for salting the password.
+    * @return The salted and encoded password hash.
+    */
+   public static String createSaltedPasswordHash(String password, String salt)
+   {
+      if (password == null)
+      {
+         throw new IllegalArgumentException("Password can't be null");
+      }
+
+      if (salt == null)
+      {
+         throw new IllegalArgumentException("Salt can't be null");
+      }
+
+      try
+      {
+         MessageDigest md = MessageDigest.getInstance("SHA-1");
+         md.update((password + salt).getBytes());
+         return new String(md.digest());
+      }
+      catch (NoSuchAlgorithmException e)
+      {
+         throw new IllegalStateException(
+               "SHA-1 for some reason is not supported.", e);
+      }
+   }
 }