我想创建一个第三方登录应用程序,为此我需要将密码的哈希值与用户输入的哈希值相匹配。据我所知 xenforo 使用
sha1(sha1(password) . salt)
or:
sha256(sha256(password) . salt)
但是如何在我的 java 程序中实现相同的加密。我找到了一些答案,例如使用
$password = substr($password, 22, -3);
但这现在不起作用。对于那些想知道 xenforo 使用的加密方法的人,这里是代码
protected $_data = array();
/**
* Hash function to use for generating salts and passwords
*
* @var string
*/
protected $_hashFunc = '';
/**
* Setup the hash function
*/
protected function _setupHash()
{
if ($this->_hashFunc)
{
return;
}
if (extension_loaded('hash'))
{
$this->_hashFunc = 'sha256';
}
else
{
$this->_hashFunc = 'sha1';
}
}
/**
* Perform the hashing based on the function set
*
* @param string
*
* @return string The new hashed string
*/
protected function _createHash($data)
{
$this->_setupHash();
switch ($this->_hashFunc)
{
case 'sha256':
return hash('sha256', $data);
case 'sha1':
return sha1($data);
default:
throw new XenForo_Exception("Unknown hash type");
}
}
protected function _newPassword($password, $salt)
{
$hash = $this->_createHash($this->_createHash($password) . $salt);
return array('hash' => $hash, 'salt' => $salt, 'hashFunc' => $this->_hashFunc);
}
/**
* Initialize data for the authentication object.
*
* @param string Binary data from the database
*/
public function setData($data)
{
$this->_data = unserialize($data);
$this->_hashFunc = $this->_data['hashFunc'];
}
/**
* Generate new authentication data
* @see XenForo_Authentication_Abstract::generate()
*/
public function generate($password)
{
if (!is_string($password) || $password === '')
{
return false;
}
$salt = $this->_createHash(self::generateSalt());
$data = $this->_newPassword($password, $salt);
return serialize($data);
}
/**
* Authenticate against the given password
* @see XenForo_Authentication_Abstract::authenticate()
*/
public function authenticate($userId, $password)
{
if (!is_string($password) || $password === '' || empty($this->_data))
{
return false;
}
$userHash = $this->_createHash($this->_createHash($password) . $this->_data['salt']);
return ($userHash === $this->_data['hash']);
}