我必须在 Adobe ColdFusion 2018 中实现 Argon2 散列。我发现了两个可以使用的 Java 绑定:
- argon2-jvm:https ://github.com/phxql/argon2-jvm
- jargon2-api: https://github.com/kosprov/jargon2-api
第一个我已经成功集成。它运作良好,唯一的问题是它不允许传递“胡椒”字符串(又名“秘密”)。
所以我也尝试集成其他绑定。为了解决依赖问题,我使用了 JavaLoader ( https://github.com/markmandel/JavaLoader )。我通过 Maven 获得的罐子。
但是,我得到以下异常:
Typ | java.lang.UnsatisfiedLinkError
Diagnose | Unable to load library 'argon2': Das angegebene Modul wurde nicht gefunden. Das angegebene Modul wurde nicht gefunden. Das angegebene Modul wurde nicht gefunden. Native library (win32-x86-64/argon2.dll) not found in resource path ([file:/D:/ColdFusion2018/cfusion/lib/updates/chf20180010.jar,
代码如下所示:
component name="Argon2Kosprov" output="false" {
public function init(string pepper = "pepper") {
getJavaLoader();
// More info about the API: https://github.com/kosprov/jargon2-api
local.jargon2 = variables.javaLoader.create("com.kosprov.jargon2.api.Jargon2");
variables.hasher = local.jargon2.jargon2Hasher();
initConstants();
variables.hasher.type(variables.argon2Type);
// Parameters
variables.hasher.memoryCost(65536); // 64MB memory cost
variables.hasher.timeCost(3); // 3 passes through memory
variables.hasher.parallelism(4); // use 4 lanes and 4 threads
variables.hasher.saltLength(16); // 16 random bytes salt
variables.hasher.hashLength(16); // 16 bytes output hash
applyPepper(arguments.pepper);
// Just get a hold on the verifier. No special configuration needed.
variables.verifier = local.jargon2.jargon2Verifier();
return this;
}
public void function applyPepper(required string pepper) {
local.binaryValue = stringToBinary(arguments.pepper);
variables.hasher.secret(local.binaryValue);
}
public string function hashString(required string string) {
// Set the password and calculate the encoded hash
local.binaryValue = stringToBinary(arguments.string);
local.encodedHash = variables.hasher.password(local.binaryValue).encodedHash();
return local.encodedHash;
}
public boolean function checkString(required string string, required string hash) {
// Set the encoded hash, the password and verify
return variables.verifier.hash(arguments.hash).password(arguments.string).verifyEncoded();
}
// private functions
private void function initConstants() {
local.argon2Types = variables.javaLoader.create("com.kosprov.jargon2.api.Jargon2$Type");
final variables.argon2Type = local.argon2Types.ARGON2id
}
/**
* @hint Load specific .jar files using JavaLoader
* */
private component function getJavaLoader() {
if (NOT StructKeyExists(variables, "javaLoader")) {
local.jarArray = [
ExpandPath("/jars/net/java/dev/jna/jna/5.6.0/jna-5.6.0.jar"),
ExpandPath("/jars/com/nativelibs4java/ochafik-util/0.12/ochafik-util-0.12.jar"),
ExpandPath("/jars/com/nativelibs4java/jnaerator-runtime/0.12/jnaerator-runtime-0.12.jar"),
ExpandPath("/jars/com/kosprov/jargon2/jargon2-native-ri-backend/1.1.1/jargon2-native-ri-backend-1.1.1.jar"),
ExpandPath("/jars/com/kosprov/jargon2/jargon2-native-ri-binaries-generic/1.1.1/jargon2-native-ri-binaries-generic-1.1.1.jar"),
ExpandPath("/jars/com/kosprov/jargon2/jargon2-api/1.1.1/jargon2-api-1.1.1.jar")
];
variables.javaLoader = CreateObject("component", "lib.shared.javaloader.JavaLoader").init(local.jarArray);
}
return variables.javaLoader;
}
private any function stringToBinary(required string) {
local.base64Value = toBase64(arguments.string);
local.binaryValue = toBinary(base64Value);
return local.binaryValue;
}
}
它被称为:
<cfset local.argon = new lib.shared.argon2.Argon2Kosprov()>
<cfset local.password = "alabala">
<cfset local.hash = local.argon.hashString(local.password).encodedHash()>
然后出现异常说找不到DLL。DLL 在 JAR 中,不应单独加载。
有没有人偶然成功地将这种 Argon2 绑定集成到 Coldfusion 中?