🛡️ Sentinel: CRITICAL Fix Insecure Password Hashing

.gitignore

@@ -31,3 +31,4 @@ log.txt
 secureData*.txt
 logfile.txt
 rmc_log.txt
+logfileConf.txt

JFramework/auth/src/main/java/it/richkmeli/jframework/auth/AuthDatabaseJframeworkManager.java

@@ -54,7 +54,7 @@ public User getUser(String email) throws AuthDatabaseException, ModelException {
     public boolean addUser(User user) throws AuthDatabaseException {
         //Logger.info("AuthDatabaseManager, addUser. User: " + user.email);
         //String hash = Crypto.hash(user.getPassword());
-        String password = Crypto.hashPassword(user.getPassword(), false);
+        String password = Crypto.hashPassword(user.getPassword());
         user.setPassword(password);
         try {
             return create(user);
@@ -81,7 +81,7 @@ public boolean isUserPresent(String email) throws AuthDatabaseException, ModelEx
 
     @Override
     public boolean editPassword(String email, String pass) throws AuthDatabaseException, ModelException {
-        String password = Crypto.hashPassword(pass, false);
+        String password = Crypto.hashPassword(pass);
         try {
             return update(new User(email, password, null));
         } catch (DatabaseException e) {
@@ -102,7 +102,7 @@ public boolean editAdmin(String email, Boolean isAdmin) throws AuthDatabaseExcep
     public boolean checkPassword(String email, String pass) throws AuthDatabaseException, ModelException {
         User user = getUser(email);
         if (user != null) {
-            return Crypto.verifyPassword(user.getPassword(), pass);
+            return Crypto.verifyPassword(pass, user.getPassword());
         } else {
             return false;
         }

JFramework/crypto/clientSecureData.txt

@@ -0,0 +1 @@
+VYzW-zeQQB-VJqJRdJ6ZkiXXRXeqstwrEPLfHKqhSBEfzaMDt3UORaHsKfyZchJYOOuyHCZ2OahrCRb3A8grKoYMtUnWIjDcEVplKTB5HwL-ToheMXyidRwcBvvOm5_TJtZzEcV--_PXoJ9eyYj_1tvL7b-XgbrzOa_1DZhpmgN7bRP3Za1JfXZv2rttr_4NwY76EVHQY5VnmBVo6sfwZ5x_j8PEpAHv61MAKS5jxDHEi4ovQPwQDFg6_GflcAhlGmtl0njRKKeNKbZMACO0sjk-dq7Ox80aOqAGpMF1MVeYKeiHKug2fQuK1DjkeOEuhdjpXwuKOM0DV4jlWYtvPBJTcLeQ_W6ibWnamA4_MINqOjredmLqCykt4cGrJSuTF_99E81rZtVfwoIQ2DBPTaCd0wNwmvetLW-pgepQVY6bZQwTfvYgbHiSsEW2-nr1IyYjXzJ8VowKLkTyX7Vs9k-Y-Ab2nYkx7-w6pkS-tqYSVdakBUUbTFhqBw96T49orbZXUZdLPoNB1VFjHj8gdraPLr5dI8p8JoWULbU9W1Nlhe2DfwNXkqW6-pw78cqkOufxoF5YH1VcwBXjhfQgCtoNSpAcB9eAcv-YXTf1zxyD_L8j4pJWGlNFmyQ8_pIdXLkZCjOBjODtdKbU39JsD9ycxfx3ZOE4PLiofQ8tKbxLLCNJaCnGf17FSnm3QPb-AnaaPL0rvdxRej4JBxmCZ5I7jh_PY9FbIDnHgmrzXT8OtiizLyja6rMAIXqOT-Dwh4XC0YxvwLfdqELJj8t6hdRwD-D-wGGRsY-fsQBUREZ31u9LiEuzrw-Z9vr4WYbauIT4ABJ5o_91C4bzTJXnJkz0Qth9LkdjYEjVeeukRLni0jWkoYBB3vfryyQCV2fJ5o6eiUjQ9Iljoado_8YcyQk7kzq8kyHC1ZfugPwFAXL8vfSh_Qwc94fd4gUnGl6OnGDfaHMQNV4i5S7rXFAzBWs8Jbcv6pIHJotRVOAZ4bbfWWKu6P7_5kgZKgjt_Fa2zqDR-F-X71iy_B0mAR7c9Tc4wwz7wAKsMHwPo-2wr-NZgfI10QUzOhz1uKzIsOPuxQtqt1jdOaw0ksA5ZGfn9usz0io5Le-Jfbn9AUmdhszHR1M00C9CWOx7E2nN7t3BMtOcAozQ6Fl0HczCzTMYlIcjop1qOw7YUj__caV6PLqRGt4B89DHNvCh7gEWo5KzTEavVGfPFpT53NVk3bT298_KGl3PRPsdLw8uPDuniZ97YNWXGXmRkeCLI7fmliXf58FObGFO9aZx5H-CX-uCHiqY7pOlH9RmTNmZv2w_2px5O9wIh197mVeWsimFbuomIy2wBllOcDXbnX82gehYCMSPTygOic3K5alny-Nua_1l-j1Nv0kHEP6FP-TLRXkeXUa6iwhHOSyhc5njgnVWRnzf_sFjXlrvalPyC7bb6M5aCjEQ3C-lFl9-6wLTgnGL2AlsQOWNLUxdGguwgBT2jaAp1jmfvtAsP5MtV-1Lhtz-2AK0conEr_yx9_6AYawvuv1Tz3mycLHQR25VBw-UmTztOsLAQVF1kIPN0VURwi1Pp9M6si53Ee9N0dSL3ktDyv-8ue9bcFm1X4g9zUQIyJRmBPPVmTiqmJtKq7LrawCmrRQORw99G9ULuI6wYB_VAubNJWHesEPJsWxUJS2IoJtzZUq7XAFCugJF6QyAKmxivZ2WNWkCsHJRSGbEZIr9Ihvlt01ZNy0h7ol9k4D7a0X6miqp-BoqZVDlODKt6y6zsFpOkOS9PsVEfQlJU4CJOyI9VMaZgixGll2I9AX_CtT4jq-io0X8xxZfYTtxSwW-Qu9SXQtur9Zl1gUD97Q9VB4boCPY5Uvl4dbcbXc0Vf1_w0-6eU7lCPTWCyYY6Nut6_jnHvQGTtJWEnyDHD8Y5fhDrdu9GeVEm7tL5nGF5vWfzlmgaf4aHXQqEoP6EeKh3UVT3Utu3_C9iQ9UeGtnQchTYY9sdxK2n9wpLqvhhaWjzKUPAvdrW2pvixf5jPhjMmr9coyrv_d80SiSHFDtaPjGqZclcOiM7fnQW6UG23KidCh3soZ_vcVackaDPDp7rIqSac4eWpHX8AGWwti3itqajPBmtqTMR6KJS9mh2fEvfNPJVAb6Jl3X_jP6EnwtotVtwT8TGZ-3J15AT_hYJ7DTdzh6J7mIEnuFfzfk90KrVARAwdFjRqt9nN9s-OTayNU3jfS4FrFgaeWv6B7BuHPBz0guesFGg-GrT3mlOwpJObvKSdlRKG75qyljw-BahD_4QKhA9Fvoh6gc7_u-5aknypZwAKfsSm7yjItEcHCU9Elq5i4ry8zNJgIZKRZdWzpARFkHYgJey17fD-aaqM3L2D60bAhA4WWli7kxhE9yynk4ysVzGtWjYg1iJ539HZTb31JVBCIBF0Zise8KsHTVHO08rNnAJos9VNkdZ-xGUvWq_3OdtUdLmWxozQDXrIP-2NhvO64ROJEb9YA9EEVpKyIn-BJwvqgngp65ghZVuw_eeK4X9uG-oeWeytev6OpJyAoyMqH7BtfxXEpMWlW96nAjpymn6szlF57xvU0uoEiSv3SU15rsPl8W7h6irnLadOBHAcjIhMuVhLDq3qEbLh6edPtPEy1G1SytlKGgyebcSk1GwofdDh_4xeOUbiJ3UkSGSbvUOc0xv79b7BVxO_f66tYg7NAahhAgX7bTI5r5Pb7WKbOL6Htv41voNvPwi8S9dswMKgkA9i0LSdhSmG4v6latEpVdOAQhui1ed2bX-w9ZhE-HoeM4wfnNBFsTrBVsdjH3jHJ_PJpKMFJF751uURuy4tfwyopfKEOrkwktJm9jI0NMu58u2frYFqebC2_64269HlE9ejNrUygbbIXSd6D1tdmkoGDJvYvgqLJF9UdvzNt4ee41bD-hEgtTU6Grl7aonmHJ9xzJodqTCroP2Z_rD27W8RfYn2dPoxMgDpWQhfOkpDruahWOSSBAx_VoBqOW0zHqnqHVPa6cxyi4pNnfY6QxdrxTHtMdTfrRxR849Hn7MX-8n5yoXm8J4vThWFCYfVcHhHT-5G8DsfgIq8gVsiE4VQPrIXB1HNzUMzG5Wi0B8gpagO4aHfr9JasL6pkpvhWhhCxiDjG8vZl1BIg9NK-wIBRClVgjYcAbPrIHsslPqpQHR-dlc6OJZW0A00rWQ7XIxkU6wiczsJcZYzG0zqCTvBMgSaPox99TycG_EojdtCLKAn-SK_V_pYzoPzGvyV7iRLNLB7VWTvtV8b5Ro5iz-2s2KrottJm3gor1ZFHi8P9Cpd0QEz5lXCzBAUJqtyFsAhqTrCgGklkz6xO6ORDUoR3vcJqMJ5IXp_DQrWGF8qhEHgP0HR5qVAt06FYUeDceSiHSN7fM85Ox74Caofd47rXInbgSzcWfj8RtuwYAAicazIUb73WEqZIY5kptQCe8lPuaXhkuC6wmpLWeZb3fWUXyRZeLN9Bq99Vif_TuJOeHNJgF4_AW4ADKJkaL1c0xkEOjb7dn1rw98fyK72GV72hgomHL3Y-PEuO8FScOeScdslpVfi5c2L0ka3Wq9CEF5PgOP1Qn8dbgQNy_sYxEJsj06qRffN_Z-qsKwdzLY-QwrO82y14Bp2vaV7RjrU_uh8yHA32MIq-Zl58FcCgIQRaaPwjoat5ygjOY1Uv5gHmUq9wFzvp14TRvO7tPHnS7SKnb7191xBQ0SccDu8klGKpH1gYFO7PMlxHjDVazt03CguZJgl3O7FskJWoXiSXN-6Nnrt_KZpENNQ4KoCLLDHfv9KXGKUhJmUP1sGfF2uy2OKwfXziUVB3VMSAlgnRZ0oqRZTxZM67TqXG4VYC5DGN09aYmLrBBPGNE1AGKjh2fOPyTf9lNUWx3994LtjnFWSSgwNEeC1dxkhxN0ePnSP3Dnuo1d5w52vJuxBtJBI8imAMWEJcDFcbRljZ8jZ2lj119Hdw4ASPNPDu6U3UxgooFfTGUtbV6omLCLfUAxtpMr8fGBoCI6thebb90ieTbKQOxg-Dzt6xJz6L0HDMU2IiIvObSHM4N9KedrpZz4wxdTt5qBuw0MIV4l-FjmZOGsmwj1h2s89nsOlDpUrT2dfxZUBRGPvRVpFgTNR4AtkIYVfdwtgto5LCUuQcXnB5xDzjoUNr-UYVEgBheRJcAbkyxx8vULSCz0LmPKznaMZn7bug_-hwdXJRuCOKdVQAvnAzfgHBOmqcrUR0q_b5_UpwspefxxLzLSWJZ7xwinCbuzTrvIjDDMd6dgARzCOOMM5sK

JFramework/crypto/serverSecureData.txt

@@ -0,0 +1 @@
+hgUJwgWXn4TvhzhWbzpBvJHz18lVkVoQVG7302TE2Ys1rXb9gXzhvfG1LFMsipXUlX_YE_OPC9dWRshh_FQyXdz9-jPKayupNPA_NAMt5nISIfN0CuE_1tumiM-Do28igMzoXZUanyT_ySfxgAFCb-JdJ29jO6FZ1hay1CWDvpcEof6g-72W9ngCxGpcCBRKHbQynpzaHnSs0h7ESdDQiW2v-Yb2KYx-G_Ls7nMsadnhtd2lM0nIOLo2dbBZFGSRInAPXvED6jokb6oklNEv2ySzXG9a8s85ReE1Oinb4cFxOEnsaNRMkQtEoCSbh4aBG0f91vYcpanI2UoMjXsyhqbgUCWGVMVIkg3WSNpeeGWn_pNo9wv9-dzSXQgFKy8P-mABYBTzF8QhZttEjiM-IyZgj_NALDaH6FFAkwLH5tu2VZDrX61CcyYMGjUSW7GCr-1SBMOMgAfdvWFhQ40PH8pj1CNJ1tfJBDN3kx7wiiv74ASw4b4WMxIfJ3t33D6T4lga1Z8fiyuLKHeSPqYLcFpQ0kINokMX-0YIaCiE1Axj57svm2Qm6VmpimPxtrqwlQwcuLknqPKUBNDB3I_yOSVByusWDRgv3Xk8e8Ych2RYmgCAGtYevSNaK65a8NJfkdvIUajgAuFrwjg8nemHgIaC6lZyS8oNvGnjpeMdvGigPhhI2BYlpOW5-abkuYjPFWwNM_DwMs3K4bs0won6CU0qlMnC5a-0NYv-bPnYjbPKcJRYq09SQc44-21Qg8JnakygqkD1YsfEywz-vCRzoUF0nX5_La26Zr8GpECKjNnFzG3bKmgWW1QzK-PVWtcCaLkeW-lkS7XyY_DCMxDQI6hNRs3eyQO2G7xRIwNJGbTKIEZmB4pvEgTJD86QO3Z63FCu4qLdW0uQrvp4edK1Pu3RS8v38ANTSNAXnY7x04rHaNeCM8FYBghj4EcoTwTSIoblSGA5u2Gcuyk9b2TopxoaSTfS87YXcnYUw_yYVP90X9OAW9k6eQK3vqkWPocLkAYDOh6KlYNUmQS_vDnYbDRmIsPa4CPvdFNA8jOewBcfY_m3hK6jwYGmsVdqrP4a8ntWJ7Fck3XUkS7KgtnpUz14Ceijr7xU5vZkvRdrOyuIxogpFKp8UsZVaMfN45H6AQ8m8hlF5QgSp-6KX425UDSmmOK-FFJyvFgDYn5UcUHjyYk57Yj2-HC5HsNUHEAa1Hdyn9O0I1Om6InTPPbdYyg26CyVG2uMrpD_8bP2A4a5oDnn-7TVK_Iw2kDgL60dvWaWKbG7vrxyYPgpp4TdCw_US00zy2caXdgGt8-522RZeqorYUAQNHXijcgr_eRP7TGT8J0BBsSeLZOKeSrPzQUjcZPMOO7bmjGFlviwcrB_5nFMCdLyw4yl0t1WvjW4qljhM-6_Jef6ctwhJiTWVVEA4HY8EP6vA4D6ebyhJy_bVmvBcONa4zJfhzsW5NDnHF8-suRF3SR5aWZ5LnB1R5vQc9nyzT2n91zjwMtQLLc_qyEaieNuIWVVr9rH43qfbo0xgn6OPYvv4xPAABhtgXe0WLvG8tADPoo4L7iW0u8JT0V8pzHitAbbPqZXVH8Jnu9lhxOi109V4wHfo47kwtZiM1_AKUdbFtmaC2h2WoOhmBeiHfFZ98av8R3GvFKCf3SnSBhS7jBBDwbcYZHrmeCHKSAJjw9ibnyXJxp3HuBhJfCAQzfp7SrlfpLnslAcJlpEgKNwmPJBwQ_Gvd0apYLeCgdJPBGu8d3T8CXETEvt0-TJq3ti5tgxJEQtDkKVMZ0uHch6VZ1uGr6MiMaZjCIXmBuHKf_49EJdpf2N7vXKtwCXZDgqf4Kx0qu6pNTzDKn7l7B82si7iv9EHiwY9no3zmAKNLll7N8YXzxgPkvZTemqJNC44BKWXlBwsi47sDlljh8SfZzKHOnlF3Vr4aFzXEJux6XC0Epmvv8kPuT-DSHimaqscS57TqfX3gnezUnOkw3ibwGz_tpQYXgX1WJ06XFv-wVFu235ZYw2__7qhZ4CK233S0DMUuSEEwDGOovU_E_sUSLSLDBND8dV5rDXZnV5av2uMKRy68ZAvqoKGlWh8i-oKxPEY7AQ6u1FgHxybuWGdBn6MxPrypn9uYlabZXfxBNfYuAwWYqzLV1jx41rty2tL85Iyd_m3XBaq69oTzvKG3AyMaUMFOHRJOD20X2XonqKXunOGOWsF2m6q5ci-bKmBaH67BbQUPcXT-r0F0fS6K1L9d06up0LpV8zBU_RFU6cembisQP3kO06AXNoiDsT2OAVjFqGDDlnOJgWq2SZQUSqoakegSHCdu3V7igzdJtZ6Z6wc3qHzcl17KGAerjeaRnMQ7Pz2ykL6BNS70BgoFL3-l3QiT9LhRUyByzPwdWzv0KeBpuOI8S_D3wWoNiwS0JoThKEkIDRuWaFjXPkanUg5Uk44zZulbHmfDEzaKhcb-TPBm2yWqvTCliDg-F447u3Vpn-UKXDB-VajV3gHU5H6_qYtObzYU5e8pNl4qkSzcpjVpTFWL0YT4LXWxfvXwSVWc249ZgEpscAnwRqTyhqoW4YnGbyTw8RWbH0K5hDGhzesXnLeM5Ld65TRoaTMkHgWSycN7IoffziTlgfTQKVAhM2h-PFHm2jBwN4lm2Eo-samNFYX8cEsDkILX8NstP1JeAIerHYkReP8ixXWdIkfKrfQJaMCOZsMkHat5KL0Qvx5vb7k2-qF-57JL2vk9l1agJlc5kkkdFrYV-_Zv7OjSYCdNNS0x3RGzdzrsR4mUeT7OcCLqLhggonmT1fC7B1du53POzMWksSLmZ5qhAc0Mrk6fD5sLkzOXegxpaBZXAcBH2_g57rx1W3Rr1NMqGz9XGmD57AbpddFB4AZTeCovE87QstOC47diJ5_QBBmifBmL98oeo38YHIvNujEoLljfSwM9ll8pp8Ha03a1Z4iMfwZFvr36r1N3JW9RcYnZL2y3eIZUe8mmtKSkNZ-YE3gZ9tihz_dyOhTPBgU9-yRJofn3ePnaflxfkW2bJJ2aCWxS-riOv7HqJNn9Ffk-Da7_vgNl9MT6ML-cqNruwU0Mmbkya2Gu8ATY3uklVLNHEVQPQN8mKMiyABhWmqV7Ethl8XpVs9Is2iKQFdXZLsxER2i_2RZE8ZSqkD7krXc1hgUjngA7iK-Rw3lsK7dQBp9RUefXh_OY2wTpMrwmAwqSE_EgLVt7hD18Ri2BFaA7mEaRbD_v8Y_abrJ-20Ifkk-feJ5tN5-r_U9I_j5wvkAkSBfqZIfFbdXR5xIuvCEinpcbNZ93pA5qUK_XhshYPp-KoU2iLkQMSpppATuyUiaVRS3UP7hPxZds78sxGX1-iyWHazKKX32xaRQh6HPZWQ_gVoffif1EGjMlXxXIo88DvLI0HR-jbJTY3SwIoeNN1HsYU_QkCGdOrtAUBPi9Z6ZD819O-aidn-MGEp6L6JYYZjoE4h0QmwXHBeyzccOhcErfNWzbFyJ1Jd7NrzVuQBss2B-ZViN-P6BZksEvynQ7IYCXzw7JJwnwdftBuBwlV5ArujtDU4GtOozWyKzLPEYz3-DEj2a3812nKSXtGFbNDiYa-FN4uKC3t-jSFbapaVSjotjq3R0b841H2a2oij_7c_eN9u0uJ7TzHQcYgoITAvSqVbhqGM1YO6LN5obuvzcOnFsxtyHkA4VQEF4eeEXnkkm8ECus5QpRdt0MKYgfxYAo4Y-wWZxQkGTQIBzlAlpoXPa3f28jvcZ72cM2B1hRvIYuU2nMrpggtR5VykDXRe8ddAoH7KDSBMxaX9Lzr7rfcbc_9WhbFTCpJ0cx7_Wjzyyj63mNP5_qvfhg6KH8fOIToRIpI8SYXuUqjE7Tgl8O8SbSbOQ7SKXJG1apH_q3_1u9uicz7wsrJLTKCV-j8yH9993gSN9GekY4MCqB1sfF28-68BHla1Wz_NnKCSQNEGm7MNWnqnU_ik3fal_Nvvvc9mX5u8S9MBmnoKMHR_nQAUOctBicYf8qFxFclOHG8Whnec

JFramework/crypto/src/main/java/it/richkmeli/jframework/crypto/Crypto.java

@@ -195,15 +195,12 @@ public static String hash(String input) {
         return SHA256.hash(input);
     }
 
-    // salt is enabled only during login process, instead set it as false for saving
-    // passwords into DB
-    public static String hashPassword(String password, boolean saltEnabled) {
-        return PasswordManager.hashPassword(password, saltEnabled);
+    public static String hashPassword(String password) {
+        return PasswordManager.hashPassword(password);
     }
 
-    // hashedPassword = db password, hashedSaltPassword = login password
-    public static boolean verifyPassword(String hashedPassword, String hashedSaltPassword) {
-        return PasswordManager.verifyPassword(hashedPassword, hashedSaltPassword);
+    public static boolean verifyPassword(String password, String storedHash) {
+        return PasswordManager.verifyPassword(password, storedHash);
     }
 
     public static void putData(File file, String secretKey, String key, String value) {

JFramework/crypto/src/main/java/it/richkmeli/jframework/crypto/controller/CryptoControllerClient.java

@@ -169,23 +169,15 @@ public static String init(File secureData, String secretKey, String serverPayloa
 */
 
     protected static int checkState(File secureDataFile, String secretKey) {
-        int state = SecureDataState.NOT_INITIALIZED;
         ClientSecureData clientSecureData = SecureDataManager.getClientSecureData(secureDataFile, secretKey);
 
-        // check if it is present keypair, so public key
-        if (/*clientSecureData.getPublicKeyServer() != null &&*/ clientSecureData.getKeyPairClient() != null) {
-            state = SecureDataState.PUBLIC_KEY_GENERATED;//PUBLIC_KEYS_EXCHANGED;
-        } else {
-            Logger.error("checkState, getKeyPairClient null");
-        }
-
         if (clientSecureData.getSecretKey() != null) {
-            state = SecureDataState.SECRET_KEY_EXCHANGED;
+            return SecureDataState.SECRET_KEY_EXCHANGED;
+        } else if (clientSecureData.getKeyPairClient() != null) {
+            return SecureDataState.PUBLIC_KEY_GENERATED;
         } else {
-            Logger.error("checkState, getSecretKey null");
+            return SecureDataState.NOT_INITIALIZED;
         }
-
-        return state;
     }
 
     public static String send(String message, int timeout, File secureDataFile, String secretKey) throws CryptoException {

JFramework/crypto/src/main/java/it/richkmeli/jframework/crypto/controller/CryptoControllerServer.java

@@ -146,32 +146,19 @@ public static String init(File secureData, String secretKey, String clientID, St
 
 
     private static int checkState(File secureDataFile, String secretKey, String clientID) {
-        int state = SecureDataState.NOT_INITIALIZED;
         ServerSecureData serverSecureData = SecureDataManager.getServerSecureData(secureDataFile, secretKey);
 
-        Map<String, DiffieHellmanPayload> map = serverSecureData.getDiffieHellmanPayloadMap();
-        if (map != null) {
-            if (map.containsKey(clientID)) {
-                state = SecureDataState.PUBLIC_KEYS_EXCHANGED;
-            } else {
-                Logger.error("checkState, DiffieHellmanPayloadMap is not containing " + clientID);
-            }
-        } else {
-            Logger.error("checkState, DiffieHellmanPayloadMap null");
+        Map<String, SecretKey> secretKeyMap = serverSecureData.getSecretKeyClientMap();
+        if (secretKeyMap != null && secretKeyMap.containsKey(clientID)) {
+            return SecureDataState.SECRET_KEY_EXCHANGED;
         }
 
-        Map<String, SecretKey> map2 = serverSecureData.getSecretKeyClientMap();
-        if (map2 != null) {
-            if (map2.containsKey(clientID)) {
-                state = SecureDataState.SECRET_KEY_EXCHANGED;
-            } else {
-                Logger.error("checkState, SecretKey_ClientMap is not containing " + clientID);
-            }
-        } else {
-            Logger.error("checkState, SecretKey_ClientMap null");
+        Map<String, DiffieHellmanPayload> payloadMap = serverSecureData.getDiffieHellmanPayloadMap();
+        if (payloadMap != null && payloadMap.containsKey(clientID)) {
+            return SecureDataState.PUBLIC_KEYS_EXCHANGED;
         }
 
-        return state;
+        return SecureDataState.NOT_INITIALIZED;
     }
 
 

JFramework/crypto/src/main/java/it/richkmeli/jframework/crypto/controller/PasswordManager.java

@@ -8,38 +8,18 @@
 
 public class PasswordManager {
 
-    // salt is enabled only during login process, instead set it as false for saving passwords into DB
-    public static String hashPassword(String password, boolean saltEnabled) {
-        // salt generation
-        /*Random r = new SecureRandom();
-        byte[] salt = new byte[9];
-        r.nextBytes(salt);*/
-        String saltS = "";
-        String hashedPassword = "";
-        if (saltEnabled) {
-            saltS = RandomStringGenerator.generateAlphanumericString(9);//new String(salt);
-            hashedPassword = SHA256.hash(SHA256.hash(password) + saltS);
-        } else {
-            saltS = "000000000";
-            hashedPassword = SHA256.hash(password);
-        }
-
-        //System.out.println("hashPassword, saltS: " + saltS + " " + saltS.length() + " | hashedPassword: " + hashedPassword + " " + hashedPassword.length());
-        String out = saltS + hashedPassword;
+    public static String hashPassword(String password) {
+        String salt = RandomStringGenerator.generateAlphanumericString(9);
+        String hashedPassword = SHA256.hash(password + salt);
+        String out = salt + hashedPassword;
         return Base64.getUrlEncoder().encodeToString(out.getBytes(Charset.defaultCharset()));
     }
 
-    // hashedPassword = db password, hashedSaltPassword = login password
-    public static boolean verifyPassword(String hashedPassword, String hashedSaltPassword) {
-        String decodedHashedPassword = new String(Base64.getUrlDecoder().decode(hashedPassword));
-        String decodedHashedSaltPassword = new String(Base64.getUrlDecoder().decode(hashedSaltPassword));
-        String salt = decodedHashedSaltPassword.substring(0, 9);
-        String hashSP = decodedHashedSaltPassword.substring(9);
-        String hashP = decodedHashedPassword.substring(9);
-
-        //System.out.println("verifyPassword, saltS: " + salt + " " + salt.length() + " | hashedSaltPassword: " + hashSP + " " + hashSP.length());
-        String hp = SHA256.hash(hashP + salt);
-
-        return hashSP.equalsIgnoreCase(hp);
+    public static boolean verifyPassword(String password, String storedHash) {
+        String decodedStoredHash = new String(Base64.getUrlDecoder().decode(storedHash));
+        String salt = decodedStoredHash.substring(0, 9);
+        String originalHash = decodedStoredHash.substring(9);
+        String loginHash = SHA256.hash(password + salt);
+        return originalHash.equalsIgnoreCase(loginHash);
     }
 }

JFramework/crypto/src/test/java/crypto/CryptoTest.java

@@ -237,13 +237,8 @@ private void payloadExchange(File secureDataClient, File secureDataServer, Strin
     @Test
     public void passwordTest() {
         for (String s : cryptoStrings) {
-            // password for DB
-            String dbPW = Crypto.hashPassword(s, false);
-
-            // password for login
-            String loginPW = Crypto.hashPassword(s, true);
-
-            assertTrue(Crypto.verifyPassword(dbPW, loginPW));
+            String storedHash = Crypto.hashPassword(s);
+            assertTrue(Crypto.verifyPassword(s, storedHash));
         }
     }