在yii2中使用generatePasswordHash和validatePassword来验证密码,这样加密后保存在数据库中,密码为password_hash
$2y$13$1hVeVwvuKQUE.kJfaQLje.b8iLlTauTOksddD5Gqn6UC416NsnAR2 auth_key oEx6MM0pGs6jHvApr2anxJEINpTpqGUO
现在如何使用java来验证密码?还有auth_key是什么意思,因为验证时不需要输入auth_key。
z6psavjg1#
所有您需要的是创建您的自定义类在Java采取和转换从PHP类\yii\base\Security(source is here).关于验证密钥这个问题已经问过here in SO
\yii\base\Security
3z6pesqy2#
最后用下面的方法解决了,棘手的部分是替换标头。公共类检查密码{
public static boolean checkPassword(String passwordText, String DbHash) { boolean password_verified = false; if (null != DbHash) { if (DbHash.startsWith("$2y$")) { DbHash = "$2a$" + DbHash.substring(4); } } if (null == DbHash || !DbHash.startsWith("$2a$")) { throw new java.lang.IllegalArgumentException("Invalid hash provided for comparison"); } password_verified = BCrypt.checkpw(passwordText, DbHash); return (password_verified); } public static void main(String[] args) { CheckPassword.checkPassword("xxxxx", "$2y$13$5mqgv2wZve89Bz.g1MUcg.7xNich7/nxxxxxxxxxx"); try { String salt = getSalt(); System.out.println("salt:" + salt);//获取salt String miwen = getPBKDF2("111", salt); //明文密码加密 System.out.println("miwen:" + miwen); System.out.println(salt + miwen); System.out.println(verify("111", salt + miwen));//解密 } catch (Exception e) { e.printStackTrace(); } } public static final String PBKDF2_ALGORITHM = "PBKDF2WithHmacSHA1"; //盐的长度 public static final int SALT_SIZE = 16; //生成密文的长度 public static final int HASH_SIZE = 16; // 迭代次数 public static final int PBKDF2_ITERATIONS = 1000; /** * 对输入的密码进行验证 * password 密码明文 * dataPassWord 密码加密 */ public static boolean verify(String password, String dataPassWord) throws NoSuchAlgorithmException, InvalidKeySpecException { // 用相同的盐值对用户输入的密码进行加密 String result = getPBKDF2(password, dataPassWord.substring(0, 16)); // 把加密后的密文和原密文进行比较,相同则验证成功,否则失败 return result.equals(dataPassWord.substring(16, dataPassWord.length())); } /** * 根据password和salt生成密文 */ public static String getPBKDF2(String password, String salt) throws NoSuchAlgorithmException, InvalidKeySpecException { //将16进制字符串形式的salt转换成byte数组 byte[] bytes = DatatypeConverter.parseHexBinary(salt); KeySpec spec = new PBEKeySpec(password.toCharArray(), bytes, PBKDF2_ITERATIONS, HASH_SIZE * 4); SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(PBKDF2_ALGORITHM); byte[] hash = secretKeyFactory.generateSecret(spec).getEncoded(); //将byte数组转换为16进制的字符串 return DatatypeConverter.printHexBinary(hash); } /** * 生成随机盐值 */ public static String getSalt() throws NoSuchAlgorithmException { SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); byte[] bytes = new byte[SALT_SIZE / 2]; random.nextBytes(bytes); //将byte数组转换为16进制的字符串 String salt = DatatypeConverter.printHexBinary(bytes); return salt; }
}
2条答案
按热度按时间z6psavjg1#
所有您需要的是创建您的自定义类在Java采取和转换从PHP类
\yii\base\Security(source is here).关于验证密钥这个问题已经问过here in SO3z6pesqy2#
最后用下面的方法解决了,棘手的部分是替换标头。
公共类检查密码{
}