Quedo la Password

backoffice/src/main/java/uy/edu/fing/tse/jsf/UserLoginBean.java

 package uy.edu.fing.tse.jsf;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import uy.edu.fing.tse.central.business.security.SecurityLocal;
+import uy.edu.fing.tse.dto.UserBO;
+
+import javax.ejb.EJB;
 import javax.enterprise.context.RequestScoped;
 import javax.inject.Named;
 import java.io.Serializable;
@@ -10,24 +16,15 @@ public class UserLoginBean implements Serializable {
 
     private static final long serialVersionUID = -7674319505640122631L;
 
-    private String username;
-    private String password;
-    private String repassword;
+    private static final Logger LOG = LoggerFactory.getLogger(UserLoginBean.class);
+    @EJB
+    private SecurityLocal securityLocal;
 
-    public String getUsername() {
-        return username;
-    }
-
-    public void setUsername(String username) {
-        this.username = username;
-    }
-
-    public String getPassword() {
-        return password;
-    }
+    final UserBO user = new UserBO();
+    private String repassword;
 
-    public void setPassword(String password) {
-        this.password = password;
+    public UserBO getUser() {
+        return user;
     }
 
     public String getRepassword() {
@@ -40,11 +37,13 @@ public class UserLoginBean implements Serializable {
 
 
     public void login() {
-        //aca va el login
+
+        final var s = securityLocal.login(user);
+        LOG.info(s);
     }
 
     public void register() {
-        //aca va el register
+        final var s = securityLocal.register(user);
     }
 
 }

backoffice/src/main/webapp/jsf/login.xhtml

@@ -14,14 +14,14 @@
             <h:panelGrid columns="2" cellpadding="5" id="form">
 
                 <h:outputLabel for="username" value="Username:"/>
-                <p:inputText id="username" value="#{userLoginView.username}" required="true" label="username"/>
+                <p:inputText id="username" value="#{userLoginView.user.mail}" required="true" label="username"/>
 
                 <h:outputLabel for="password" value="Password:"/>
-                <p:password id="password" value="#{userLoginView.password}" required="true" label="password"/>
+                <p:password id="password" value="#{userLoginView.user.password}" required="true" label="password"/>
 
                 <f:facet name="footer">
                     <p:commandButton value="Register" action="register.xhmtl?faces-redirect=true" update="form"/>
-                    <p:commandButton value="Login" action="#{userLoginView.login}"/>
+                    <p:commandButton value="Login" action="#{userLoginView.login()}"/>
                 </f:facet>
             </h:panelGrid>
         </h:form>

backoffice/src/main/webapp/jsf/register.xhtml

@@ -14,16 +14,16 @@
             <h:panelGrid columns="2" cellpadding="5" id="form">
 
                 <h:outputLabel for="username" value="Username:"/>
-                <p:inputText id="username" value="#{userLoginView.username}" required="true" label="username"/>
+                <p:inputText id="username" value="#{userLoginView.user.mail}" required="true" label="username"/>
 
                 <h:outputLabel for="password" value="Password:"/>
-                <p:password id="password" value="#{userLoginView.password}" required="true" label="password"/>
+                <p:password id="password" value="#{userLoginView.user.password}" required="true" label="password"/>
 
                 <h:outputLabel for="repassword" value="RePassword:"/>
                 <p:password id="repassword" value="#{userLoginView.repassword}" required="true" label="repassword"/>
 
                 <f:facet name="footer">
-                    <p:commandButton value="Register" action="#{userLoginView.register}"/>
+                    <p:commandButton value="Register" action="#{userLoginView.register()}"/>
                 </f:facet>
             </h:panelGrid>
         </h:form>

central-db/src/main/java/uy/edu/fing/tse/central/db/dao/user/UserDAOBean.java

+package uy.edu.fing.tse.central.db.dao.user;
+
+import uy.edu.fing.tse.central.db.entity.Usuario;
+import uy.edu.fing.tse.central.db.mapper.MyMapper;
+import uy.edu.fing.tse.dto.User;
+
+import javax.annotation.PostConstruct;
+import javax.ejb.Stateless;
+import javax.persistence.EntityManager;
+import javax.persistence.PersistenceContext;
+import java.util.List;
+import java.util.stream.Collectors;
+
+@Stateless
+public class UserDAOBean implements UserDaoLocal {
+
+    @PersistenceContext(unitName = "central")
+    private EntityManager em;
+
+    @PostConstruct
+    void init() {
+        //Despues del constructor hace esto
+    }
+
+
+    @Override
+    public void register(User user) {
+
+        final var newUser = MyMapper.INSTANCE.convert(user);
+        em.persist(newUser);
+        em.flush();
+
+    }
+
+    @Override
+    public User find(String mail) {
+        final var query = em.createNamedQuery("Usuario.findByMail", Usuario.class);
+        query.setParameter("mail", mail);
+        final Usuario usuario = query.getSingleResult();
+        return MyMapper.INSTANCE.convert(usuario);
+    }
+
+    @Override
+    public List<User> findAll() {
+        final var query = em.createNamedQuery("Usuario.findAll", Usuario.class);
+        final List<Usuario> usuarios = query.getResultList();
+
+        return usuarios.stream().map(MyMapper.INSTANCE::convert).collect(Collectors.toList());
+    }
+
+}

central-db/src/main/java/uy/edu/fing/tse/central/db/dao/user/UserDaoLocal.java

+package uy.edu.fing.tse.central.db.dao.user;
+
+import uy.edu.fing.tse.dto.User;
+
+import javax.ejb.Local;
+import java.util.List;
+
+@Local
+public interface UserDaoLocal {
+
+    void register(User user);
+
+    User find(String mail);
+
+    List<User> findAll();
+}

central-db/src/main/java/uy/edu/fing/tse/central/db/entity/Usuario.java

@@ -4,7 +4,12 @@ import javax.persistence.*;
 
 @Entity
 @Inheritance(strategy = InheritanceType.TABLE_PER_CLASS)
+@NamedQueries({
+        @NamedQuery(name = "Usuario.findByMail", query = "SELECT u FROM Usuario u WHERE u.mail = :mail"),
+        @NamedQuery(name = "Usuario.findAll", query = "SELECT u FROM Usuario u")
+})
 public abstract class Usuario {
+
     @Id
     @GeneratedValue(strategy = GenerationType.AUTO)
     private Long id;

central-db/src/main/java/uy/edu/fing/tse/central/db/entity/UsuarioBO.java

@@ -3,13 +3,12 @@ package uy.edu.fing.tse.central.db.entity;
 import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.ManyToOne;
-import java.util.UUID;
 
 @Entity
 public class UsuarioBO extends Usuario {
 
     @Column(nullable = false)
-    private String salt = UUID.randomUUID().toString();
+    private String salt;
 
     @Column(nullable = false)
     private String password;
@@ -21,6 +20,10 @@ public class UsuarioBO extends Usuario {
         return salt;
     }
 
+    public void setSalt(String salt) {
+        this.salt = salt;
+    }
+
     public String getPassword() {
         return password;
     }

central-ejb/pom.xml

@@ -54,6 +54,12 @@
             <artifactId>javax.annotation-api</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>at.favre.lib</groupId>
+            <artifactId>bcrypt</artifactId>
+            <version>0.8.0</version>
+        </dependency>
+
         <!-- Test scope dependencies -->
         <dependency>
             <groupId>junit</groupId>

central-ejb/src/main/java/uy/edu/fing/tse/central/business/common/Secure.java

+package uy.edu.fing.tse.central.business.common;
+
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import java.nio.charset.Charset;
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
+import java.util.Base64;
+
+public final class Secure {
+    private static final Charset CHARSET = StandardCharsets.UTF_8;
+
+    private Secure() {
+    }
+
+    public static String generateSalt() {
+        final SecureRandom random = new SecureRandom();
+        final byte[] salt = new byte[16];
+        random.nextBytes(salt);
+
+        return new String(Base64.getEncoder().encode(salt), CHARSET);
+    }
+
+
+    public static String encriptSHA(final String pass, final String salt) {
+        try {
+            MessageDigest md = MessageDigest.getInstance("SHA-512");
+            md.update(salt.getBytes(CHARSET));
+
+            byte[] hashedPassword = md.digest(pass.getBytes(CHARSET));
+            return new String(Base64.getEncoder().encode(hashedPassword), CHARSET);
+        } catch (NoSuchAlgorithmException e) {
+            e.printStackTrace();
+        }
+        return null;
+    }
+
+    public static String encriptPBKDF(final String pass, final String salt) {
+        try {
+            KeySpec spec = new PBEKeySpec(pass.toCharArray(), salt.getBytes(CHARSET), 65536, 128);
+            SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
+
+            byte[] hashedPassword = factory.generateSecret(spec).getEncoded();
+            return new String(Base64.getEncoder().encode(hashedPassword), CHARSET);
+        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
+            e.printStackTrace();
+        }
+        return null;
+    }
+
+
+}

central-ejb/src/main/java/uy/edu/fing/tse/central/business/mq/RabbitConfig.java

@@ -39,4 +39,5 @@ final class RabbitConfig {
         return factory;
     }
 
+
 }

central-ejb/src/main/java/uy/edu/fing/tse/central/business/security/Security.java

+package uy.edu.fing.tse.central.business.security;
+
+
+import uy.edu.fing.tse.dto.User;
+import uy.edu.fing.tse.dto.UserBO;
+
+public interface Security {
+
+    User register(UserBO p);
+
+    String login(UserBO p);
+
+}
+

central-ejb/src/main/java/uy/edu/fing/tse/central/business/security/SecurityBean.java

+package uy.edu.fing.tse.central.business.security;
+
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import uy.edu.fing.tse.central.business.common.Secure;
+import uy.edu.fing.tse.central.db.dao.user.UserDaoLocal;
+import uy.edu.fing.tse.dto.User;
+import uy.edu.fing.tse.dto.UserBO;
+
+import javax.annotation.PostConstruct;
+import javax.ejb.EJB;
+import javax.ejb.Stateless;
+import java.util.Objects;
+
+@Stateless
+public class SecurityBean implements SecurityLocal, SecurityRemote {
+
+    private static final Logger LOG = LoggerFactory.getLogger(Security.class);
+
+    @EJB
+    private UserDaoLocal dao;
+
+    @PostConstruct
+    void init() {
+        //Despues Hace esto
+    }
+
+    @Override
+    public User register(UserBO p) {
+        final var salt = Secure.generateSalt();
+        p.setSalt(salt);
+        final var newPassword = Secure.encriptPBKDF(p.getPassword(), salt);
+        p.setPassword(newPassword);
+        dao.register(p);
+        return dao.find(p.getMail());
+    }
+
+    @Override
+    public String login(UserBO p) {
+        //Valido la password
+        final var user = (UserBO) dao.find(p.getMail());
+        final var salt = user.getSalt();
+        final var thisPassword = Secure.encriptPBKDF(p.getPassword(), salt);
+
+        if (Objects.equals(thisPassword, user.getPassword())) {
+            return thisPassword;
+        }
+        return null;
+    }
+
+}

central-ejb/src/main/java/uy/edu/fing/tse/central/business/security/SecurityLocal.java

+package uy.edu.fing.tse.central.business.security;
+
+import javax.ejb.Local;
+
+@Local
+public interface SecurityLocal extends Security {
+}

central-ejb/src/main/java/uy/edu/fing/tse/central/business/security/SecurityRemote.java

+package uy.edu.fing.tse.central.business.security;
+
+//@Remote
+public interface SecurityRemote extends Security {
+}