I am developing a web application in the play framework 1.4 and implemented the password encryption using CRYPTO, but it is not encrypting and consequently decrypting, where am I wrong?
In the Employees class, when registering a new user, the encryption method was implemented.
@With(Seguranca.class)
public class Funcionarios extends Controller {
final static String chave = "0123456789abcdef";
private static final String ALGORITMO = "AES";
private static byte[] mensagemEncriptada;
private static byte[] mensagemDescriptada;
private static SecretKey key;
public static void formFuncionarios() {
render();
}
public static void salvarFuncionarios(@Valid Funcionario funcionario, String senha) throws Exception {
if (validation.hasErrors() || !funcionario.senha.equals(senha)) {
params.flash();
validation.keep();
formFuncionarios();
}
String mensagem = "Cadastro realizado com sucesso!";
flash.success(mensagem);
funcionario.senha = criptografar(senha);
System.out.println(senha);
funcionario.save();
listagemFuncionarios(null);
}
public static String criptografar(String mensagem) throws Exception {
key = new SecretKeySpec(chave.getBytes(), "AES");
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.ENCRYPT_MODE, key);
mensagemEncriptada = cipher.doFinal(mensagem.getBytes());
return StringUtils.trim(Base64.encodeBase64String(mensagemEncriptada));
}
}
and in my official Model in the authentication method where it is verified if the user is logged in he decrypts the encrypted password.
package models;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.persistence.Entity;
import javax.persistence.EnumType;
import javax.persistence.Enumerated;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
import play.data.validation.MinSize;
import play.data.validation.Required;
import play.db.jpa.Model;
import sun.util.calendar.BaseCalendar.Date;
@Entity
public class Funcionario extends Model {
final static String chave = "0123456789abcdef";
private static final String ALGORITMO = "AES";
private static byte[] mensagemEncriptada;
private static byte[] mensagemDescriptada;
private static SecretKey key;
public String nome;
public String funcao;
public String nivelAcesso;
public String login;
@MinSize(4)
public String senha;
public String email;
@Enumerated(EnumType.STRING)
public Status status;
public Funcionario() {
status = Status.ATIVO;
}
public boolean autenticar() throws Exception {
Funcionario u = Funcionario.find("login = ? and senha = ?", login, descriptografar(senha)).first();
if (u == null) {
return false;
} else {
return true;
}
}
public static String descriptografar(String mensagem) throws Exception {
key = new SecretKeySpec(chave.getBytes(), "AES");
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.ENCRYPT_MODE, key);
mensagemDescriptada = cipher.doFinal(mensagem.getBytes());
return StringUtils.trim(Base64.encodeBase64String(mensagemDescriptada));
}
}