JIRA user password encryption code

The Jira 4.0 version is available online. Because the project needs to find Jira to transform the user-encrypted code. I google it n times online, but I didn't find the code.

 

But after two days of exploration, hey. Still done... Share with you now ~!

 

First talk about the encryption code location: (starting from the installation directory) Atlassian-Jira/WEB-INF/lib/atlassian-osuser-1.1.1.jar

 

Many files are class files. I opened them directly with JD. Decompilation.

Open the atlassian-osuser-1.1.1.jar, Open Com. opensymphony. User. provider. EJB. util in turn.

Base64.java and passworddigester. Java are the codes used to encrypt user passwords.

However, there is a problem with passworddigester. Java compiled by JD. Later, I checked the information on the Internet and replaced the original code. I pasted it below...

 

 Package COM. JIRA. encrypt; <br/>/** <br/> * password digester Based on bouncycastle's SHA1-512 implementation <br/> * @ author Victor salaman (salaman@qoretech.com) <br/> */<br/> public class passworddigesterfrominternet {<br/> //~ Static fields/initializers //////////////////////////////////// //////// <br/> Private Static final int digest_length = 64; <br/> static final long [] K = {<br/> average, 0x7137449123ef65cdl, 0xb5c0fbcfec4d3b2fl, <br/> average, minimum, minimum, <br/> average, minimum, 0xd807aa98a3030242l, <br/> 0x12835b0145706fbel, 0x243185be 4ee4b28cl, large, <br/> large, small, large, <br/> 0xc19bf174cf692694l, large, small, <br/> large, 0x240ca1cc77ac9c65l, large, <br/> large, listen, 0x76f988da831153b5l, <br/> 0x983e5152ee66dfabl, 0xa831c66d2db43210l, 0xb00327c898fb1_fl, <br/> 0xbf597fc7beef0ee 4l, 0xc6e00bf33da88fc2l, clerk, <br/> clerk, <br/> clerk, 0x4d2c6dfc5ac42aedl, clerk, <br/> 0x0000a73548baf63del, clerk, <br/> 0x92722c851482108bl, 0xa2bfe8a14cf10364l, 0xa81a664bbc423001l, <br/> values, 0xc76c51a30654be30l, expires, <br/> 0xd Hour, 0xf40e35855771202al, hour, <br/> Hour, hour, 0x2748774cdf8eeb99l, <br/> Hour, hour, 0x4ed8aa4ae3418acbl, <br/> Hour, hour, <br/> 0x78a5636f43172f60l, 0x84c87814a1f0ab72l, 0x8cc702081a6439ecl, <br/> 0x90befffa23631e28l, expires, 0xbef9a3f7b2c679 15l, <br/> numbers, <br/> numbers, numbers, 0x06f067aa72176fbal, <br/> numbers, 0x113f9804bef90dael, numbers, <br/> 0x28db77f523047d84l, expires, 0x3c9ebe0a15c9bebcl, <br/> 0x431d67c49c100d4cl, primary, 0x597f299cfc657e2al, <br/> Primary, 0x6c44198c4a475817l <br />}; <Br/> //~ Instance fields ////////////////////////////////////// //////////////// <br/> protected long H1; <br/> protected long H2; <br/> protected long H3; <br/> protected long H4; <br/> protected long H5; <br/> protected long H6; <br/> protected long H7; <br/> protected long H8; <br/> private long [] W = new long [80]; <br/> private byte [] xbuf; <br/> private int woff; <br/> private int xbufoff; <br/> priv Ate long bytecount1; <br/> private long bytecount2; <br/> //~ Constructors /////////////////////////////////////// ///////////////// <br/> protected passworddigesterfrominternet () {<br/> xbuf = new byte [8]; <br/> xbufoff = 0; <br/> Reset (); <br/>}< br/> protected passworddigesterfrominternet (passworddigesterfrominternet t) {<br/> xbuf = new byte [T. xbuf. length]; <br/> system. arraycopy (T. xbuf, 0, xbuf, 0, T. xbuf. length); <br/> xbufoff = T. xbufoff; <br/> B Ytecount1 = T. bytecount1; <br/> bytecount2 = T. bytecount2; <br/> H1 = T. h1; <br/> H2 = T. h2; <br/> h3 = T. h3; <br/> h4 = T. h4; <br/> h5 = T. h5; <br/> h6 = T. h6; <br/> H7 = T. h7; <br/> h8 = T. h8; <br/> system. arraycopy (T. w, 0, W, 0, T. w. length); <br/> woff = T. woff; <br/>}< br/> //~ Methods /////////////////////////////////////// /// // <br/> Public static byte [] Digest (byte [] Input) {<br/> passworddigesterfrominternet digester = new passworddigesterfrominternet (); <br/> byte [] Output = new byte [digester. getdigestsize ()]; <br/> digester. update (input, 0, input. length); <br/> digester. dofinal (output, 0); <br/> return output; <br/>}< br/> Public int getdigest Size () {<br/> return digest_length; <br/>}< br/> Public int dofinal (byte [] Out, int outoff) {<br/> finish (); <br/> unpackword (H1, out, outoff); <br/> unpackword (H2, out, outoff + 8 ); <br/> unpackword (H3, out, outoff + 16); <br/> unpackword (H4, out, outoff + 24); <br/> unpackword (H5, out, outoff + 32); <br/> unpackword (h6, out, outoff + 40); <br/> unpackword (H7, out, outoff + 48); <br/> unpackwo Rd (H8, out, outoff + 56); <br/> Reset (); <br/> return digest_length; <br/>}< br/> Public void finish () {<br/> adjustbytecounts (); <br/> long lowbitlength = bytecount1 <3; <br/> long hibitlength = bytecount2; <br/> // Add the pad bytes. <br/> // <br/> Update (byte) 128); <br/> while (xbufoff! = 0) {<br/> Update (byte) 0); <br/>}< br/> processlength (lowbitlength, hibitlength); <br/> processblock (); <br/>}< br/> Public void reset () {<br/> bytecount1 = 0; <br/> bytecount2 = 0; <br/> xbufoff = 0; <br/> for (INT I = 0; I <xbuf. length; I ++) {<br/> xbuf [I] = 0; <br/>}< br/> woff = 0; <br/> for (INT I = 0; I! = W. length; I ++) {<br/> W [I] = 0; <br/>}< br/> H1 = 0x6a09e667f3bcc908l; <br/> H2 = 0xbb67ae8584caa73bl; <br/> h3 = 0x3c6ef372fe94f82bl; <br/> h4 = Beijing; <br/> h5 = Beijing; <br/> h6 = Beijing; <br/> H7 = 0x1f83d9abfb41bd6bl; <br/> h8 = 0x5be0cd19137e2179l; <br/>}< br/> Public void Update (byte in) {<br/> xbuf [xbufoff ++] = in; <br/> If (xbufoff = xbuf. leng Th) {<br/> processword (xbuf, 0); <br/> xbufoff = 0; <br/>}< br/> bytecount1 ++; <br/>}< br/> Public void Update (byte [] In, int inoff, int Len) {<br/> // fill the current word <br/> // <br/> while (xbufoff! = 0) & (LEN> 0) {<br/> Update (in [inoff]); <br/> inoff ++; <br/> Len --; <br/>}< br/> // <br/> // process whole words. <br/> // <br/> while (LEN> xbuf. length) {<br/> processword (in, inoff); <br/> inoff + = xbuf. length; <br/> len-= xbuf. length; <br/> bytecount1 + = xbuf. length; <br/>}< br/> // <br/> // load in the remainder. <br/> // <br/> while (LEN> 0) {<br/> Update (in [inoff]); <br/> inoff ++; <Br/> Len --; <br/>}< br/> protected void processblock () {<br/> adjustbytecounts (); <br/> // expand 16 word block into 80 word blocks. <br/> // <br/> for (int t = 16; t <= 79; t ++) {<br/> W [T] = sigma1 (W [T-2]) + W [T-7] + sigma0 (W [T-15]) + W [T-16]; <br/>}< br/> // <br/> // set up working variables. <br/> // <br/> long a = h1; <br/> long B = h2; <br/> long c = H3; <br/> Long d = H4; <br/> long e = H5; <br/> long F = H6; <br/> long G = H7; <br/> long H = H8; <br/> for (int t = 0; t <= 79; t ++) {<br/> long T1; <br/> long T2; <br/> T1 = H + sum1 (e) + CH (E, F, G) + K [T] + W [T]; <br/> T2 = sum0 (A) + maj (A, B, C); <br/> H = g; <br/> G = F; <br/> F = E; <br/> E = d + T1; <br/> d = C; <br/> C = B; <br/> B = A; <br/> A = t1 + T2; <br/>}< br/> H1 + =; <br/> H2 + = B; <br /> H3 + = C; <br/> H4 + = D; <br/> H5 + = E; <br/> h6 + = F; <br/> H7 + = g; <br/> H8 + = H; <br/> // reset the offset and clean out the word buffer. <br/> // <br/> woff = 0; <br/> for (INT I = 0; I! = W. length; I ++) {<br/> W [I] = 0; <br/>}< br/> protected void processlength (long loww, long hiw) {<br/> If (woff> 14) {<br/> processblock (); <br/>}< br/> W [14] = hiw; <br/> W [15] = loww; <br/>}< br/> protected void processword (byte [] In, int inoff) {<br/> W [woff ++] = (long) (in [inoff] & 0xff) <56) | (long) (In [inoff + 1] & 0xff) <48) | (long) (in [inoff + 2] & 0xff) <40) | ((Long) (in [inoff + 3] & 0xff) <32) | (long) (in [inoff + 4] & 0xff) <24) | (long) (in [inoff + 5] & 0xff) <16) | (long) (in [inoff + 6] & 0xff) <8) | (long) (in [inoff + 7] & 0xff); <br/> If (woff = 16) {<br/> processblock (); <br/>}< br/> protected void unpackword (long word, byte [] Out, int outoff) {<br/> out [outoff] = (byte) (word >>> 56); <br/> out [outoff + 1] = (byte) (Word >>> 48); <br/> out [outoff + 2] = (byte) (word >>> 40 ); <br/> out [outoff + 3] = (byte) (word >>> 32); <br/> out [outoff + 4] = (byte) (Word >>> 24); <br/> out [outoff + 5] = (byte) (word >>> 16 ); <br/> out [outoff + 6] = (byte) (word >>> 8); <br/> out [outoff + 7] = (byte) word; <br/>}< br/> private long CH (long X, long y, long Z) {<br/> return (X & Y) ^ ((~ X) & Z); <br/>}< br/> private long maj (long X, long y, long Z) {<br/> return (X & Y) ^ (X & Z) ^ (Y & Z )); <br/>}< br/> private long sigma0 (long x) {<br/> return rotateright (x, 1) ^ rotateright (x, 8) ^ (x >>> 7); <br/>}< br/> private long sigma1 (long x) {<br/> return rotateright (x, 19) ^ rotateright (x, 61) ^ (x >>> 6); <br/>}< br/> private long sum0 (long X) {<br/> return rotateright (x, 28) ^ rotateright (x, 34) ^ rotateright (x, 39 ); <br/>}< br/> private long sum1 (long x) {<br/> return rotateright (x, 14) ^ rotateright (x, 18) ^ rotateright (X, 41 ); <br/>}< br/>/** <br/> * adjust the byte counts so that bytecount2 represents the <br/> * upper long (less 3 bits) word of the byte count. <br/> */<br/> private void adjustbytecounts () {<br/> If (bytecount1> 0x1fffffffffffffffl) {<br/> bytecount2 + = (bytecount1> 61); <br/> bytecount1 & = 0x1fffffffffffffffl; <br/>}< br/> private long rotateright (long X, int N) {<br/> return (x> N) | (x <(64-N); <br/>}< br/> 

 

The following is the portal to encrypt passwords:

Open the package: COM. opensymphony. User. provider. hibernate. impl, hibernateuserimpl. Java is the encryption method entry. Paste some code:

Public Boolean authenticate (string password) <br/>{< br/> If (Password = NULL) | (getpasswordhash () = NULL) | (password. length () = 0) {<br/> return false; <br/>}< br/> return comparehash (getpasswordhash (), password ); <br/>}< br/> Public void removegroup (hibernategroup group) <br/>{< br/> If (this. groups! = NULL) & (this. groups. contains (Group) <br/> This. groups. remove (Group); <br/>}< br/> private Boolean comparehash (string hashedvalue, string unhashedvalue) <br/>{< br/> return hashedvalue. equals (createhash (unhashedvalue); <br/>}< br/> private string createhash (string original) {<br/> byte [] digested = passworddigester. digest (original. getbytes (); <br/> byte [] encoded = base64.encode (digested); <br/> return new string (encoded); <br/>} 

 

 

If you want to test the encrypted code, you only need to create a Java project in myeclipse and import base64.java and passwordigester. java.

Create test. Java, and write the createhash () method shown above...

 

// The userutils class is called in many places. This is under Atlassian-Jira/WEB-INF/lib/atlassian-core-4.5.2.jar, Com. Atlassian. Core. User.

 

 

Remarks: This article Reprinted from: http://blog.csdn.net/laolu90/archive/2010/03/05/5349444.aspx