KomanRudden/Password Hashing

## Password Hashing
    final byte[] hashedPassword = PasswordUtil.getHashedPassword(password, user.getSalt());
    String encodedPassword = Base64.encodeBase64String(hashedPassword);
    if (user.getPassword() == null || !user.getPassword().equals(encodedPassword)) {
        throw new SmartDevicesSalesSecurityException("Incorrect password entered");
    }

## Password Hashing Util
package za.co.fnb.cbs.smartdevices.common.utils;

import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import org.apache.commons.codec.binary.Base64;
import java.security.SecureRandom;
import java.util.Random;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.commons.lang.StringUtils;
import org.slf4j.LoggerFactory;
import za.co.fnb.cbs.smartdevices.common.ApplicationConstants;

/**
 *
 * @author Koman Rudden [f3240479]
 */
public class PasswordUtil {

    protected static org.slf4j.Logger log = LoggerFactory.getLogger(PasswordUtil.class);

    public static void main(String[] args) {
        PasswordUtil.createPassword("2014@cbs");
    }

    public static void createPassword(String password) {

        final String salt = createSalt();
        System.out.println(salt);
        final byte[] hashedPassword = getHashedPassword(password, salt);
        System.out.println(Base64.encodeBase64String(hashedPassword));
    }

    public static String createSalt() {

        Long seed = System.nanoTime();
        Random random = new SecureRandom(new byte[]{seed.byteValue()});
        byte[] saltBytes = new byte[ApplicationConstants.HASHING_SALT_BYTE_LENGTH];
        random.nextBytes(saltBytes);
        return Base64.encodeBase64String(saltBytes);
    }

    public static byte[] getHashedPassword(String inputPassword, String salt) {

        byte[] passwordBytes = null;
        if (StringUtils.isNotBlank(inputPassword)) {
            try {
                MessageDigest digest = MessageDigest.getInstance(ApplicationConstants.HASHING_ALGORITHM);
                digest.reset();

                if (StringUtils.isNotBlank(salt)) {
                    digest.update(salt.getBytes(ApplicationConstants.HASHING_ENCODING));
                }
                passwordBytes = digest.digest(inputPassword.getBytes());

                for (int n = 0; n < ApplicationConstants.HASHING_ITERATIONS; n++) {
                    digest.reset();
                    passwordBytes = digest.digest(passwordBytes);
                }
            } catch (NoSuchAlgorithmException | UnsupportedEncodingException ex) {
                log.error(ex.getMessage());
            }
        }
        return passwordBytes;
    }
}


package za.co.fnb.cbs.smartdevices.common;

/**
 *
 * @author Koman Rudden [f3240479]
 */
public interface ApplicationConstants {

    public static final Integer HASHING_SALT_BYTE_LENGTH = 20;
    public static final String HASHING_ALGORITHM = "SHA-256";
    public static final String HASHING_ENCODING = "UTF-8";
    public static final Integer HASHING_ITERATIONS = 1031;
}
	final byte[] hashedPassword = PasswordUtil.getHashedPassword(password, user.getSalt());
	String encodedPassword = Base64.encodeBase64String(hashedPassword);
	if (user.getPassword() == null \|\| !user.getPassword().equals(encodedPassword)) {
	throw new SmartDevicesSalesSecurityException("Incorrect password entered");
	}
	package za.co.fnb.cbs.smartdevices.common.utils;

	import java.io.UnsupportedEncodingException;
	import java.security.MessageDigest;
	import java.security.NoSuchAlgorithmException;
	import org.apache.commons.codec.binary.Base64;
	import java.security.SecureRandom;
	import java.util.Random;
	import java.util.logging.Level;
	import java.util.logging.Logger;
	import org.apache.commons.lang.StringUtils;
	import org.slf4j.LoggerFactory;
	import za.co.fnb.cbs.smartdevices.common.ApplicationConstants;

	/**
	*
	* @author Koman Rudden [f3240479]
	*/
	public class PasswordUtil {

	protected static org.slf4j.Logger log = LoggerFactory.getLogger(PasswordUtil.class);

	public static void main(String[] args) {
	PasswordUtil.createPassword("2014@cbs");
	}

	public static void createPassword(String password) {

	final String salt = createSalt();
	System.out.println(salt);
	final byte[] hashedPassword = getHashedPassword(password, salt);
	System.out.println(Base64.encodeBase64String(hashedPassword));
	}

	public static String createSalt() {

	Long seed = System.nanoTime();
	Random random = new SecureRandom(new byte[]{seed.byteValue()});
	byte[] saltBytes = new byte[ApplicationConstants.HASHING_SALT_BYTE_LENGTH];
	random.nextBytes(saltBytes);
	return Base64.encodeBase64String(saltBytes);
	}

	public static byte[] getHashedPassword(String inputPassword, String salt) {

	byte[] passwordBytes = null;
	if (StringUtils.isNotBlank(inputPassword)) {
	try {
	MessageDigest digest = MessageDigest.getInstance(ApplicationConstants.HASHING_ALGORITHM);
	digest.reset();

	if (StringUtils.isNotBlank(salt)) {
	digest.update(salt.getBytes(ApplicationConstants.HASHING_ENCODING));
	}
	passwordBytes = digest.digest(inputPassword.getBytes());

	for (int n = 0; n < ApplicationConstants.HASHING_ITERATIONS; n++) {
	digest.reset();
	passwordBytes = digest.digest(passwordBytes);
	}
	} catch (NoSuchAlgorithmException \| UnsupportedEncodingException ex) {
	log.error(ex.getMessage());
	}
	}
	return passwordBytes;
	}
	}


	package za.co.fnb.cbs.smartdevices.common;

	/**
	*
	* @author Koman Rudden [f3240479]
	*/
	public interface ApplicationConstants {

	public static final Integer HASHING_SALT_BYTE_LENGTH = 20;
	public static final String HASHING_ALGORITHM = "SHA-256";
	public static final String HASHING_ENCODING = "UTF-8";
	public static final Integer HASHING_ITERATIONS = 1031;
	}