diff --git a/pom.xml b/pom.xml index 5a25cb2f..2191eead 100644 --- a/pom.xml +++ b/pom.xml @@ -30,12 +30,12 @@ org.jruby jruby-complete - 1.7.10 + 1.7.12 com.google.guava guava - 16.0 + 17.0 io.netty @@ -43,5 +43,10 @@ 4.0.15.Final compile + + com.lambdaworks + scrypt + 1.4.0 + \ No newline at end of file diff --git a/src/org/apollo/io/player/impl/BinaryPlayerLoader.java b/src/org/apollo/io/player/impl/BinaryPlayerLoader.java index f0e67cc9..6c800da2 100644 --- a/src/org/apollo/io/player/impl/BinaryPlayerLoader.java +++ b/src/org/apollo/io/player/impl/BinaryPlayerLoader.java @@ -25,6 +25,8 @@ import org.apollo.security.PlayerCredentials; import org.apollo.util.NameUtil; import org.apollo.util.StreamUtil; +import com.lambdaworks.crypto.SCryptUtil; + /** * A {@link PlayerLoader} implementation that loads data from a binary file. * @@ -51,9 +53,12 @@ public final class BinaryPlayerLoader implements PlayerLoader { String name = StreamUtil.readString(in); String pass = StreamUtil.readString(in); - if (!name.equalsIgnoreCase(credentials.getUsername()) || !pass.equalsIgnoreCase(credentials.getPassword())) { + if (!name.equalsIgnoreCase(credentials.getUsername()) || !SCryptUtil.check(credentials.getPassword(), pass)) { return new PlayerLoaderResponse(LoginConstants.STATUS_INVALID_CREDENTIALS); } + + // set the credentials password to the scrypted one + credentials.setPassword(pass); PrivilegeLevel privilegeLevel = PrivilegeLevel.valueOf(in.readByte()); boolean members = in.readBoolean(); diff --git a/src/org/apollo/io/player/impl/BinaryPlayerSaver.java b/src/org/apollo/io/player/impl/BinaryPlayerSaver.java index 825bc3b7..301c2526 100644 --- a/src/org/apollo/io/player/impl/BinaryPlayerSaver.java +++ b/src/org/apollo/io/player/impl/BinaryPlayerSaver.java @@ -17,6 +17,8 @@ import org.apollo.io.player.PlayerSaver; import org.apollo.util.NameUtil; import org.apollo.util.StreamUtil; +import com.lambdaworks.crypto.SCryptUtil; + /** * A {@link PlayerSaver} implementation that saves player data to a binary file. * @@ -31,7 +33,7 @@ public final class BinaryPlayerSaver implements PlayerSaver { try (DataOutputStream out = new DataOutputStream(new FileOutputStream(file))) { // write credentials and privileges StreamUtil.writeString(out, player.getUsername()); - StreamUtil.writeString(out, player.getCredentials().getPassword()); + StreamUtil.writeString(out, player.getCredentials().getCryptedPassword()); out.writeByte(player.getPrivilegeLevel().toInteger()); out.writeBoolean(player.isMembers()); diff --git a/src/org/apollo/security/PlayerCredentials.java b/src/org/apollo/security/PlayerCredentials.java index 080eefe5..0b59b030 100644 --- a/src/org/apollo/security/PlayerCredentials.java +++ b/src/org/apollo/security/PlayerCredentials.java @@ -2,6 +2,8 @@ package org.apollo.security; import org.apollo.util.NameUtil; +import com.lambdaworks.crypto.SCryptUtil; + /** * Holds the credentials for a player. * @@ -17,7 +19,7 @@ public final class PlayerCredentials { /** * The player's password. */ - private final String password; + private String password; /** * The computer's unique identifier. @@ -59,6 +61,23 @@ public final class PlayerCredentials { return encodedUsername; } + /** + * Gets the crypted password + * @return The password (either the original loaded from file or scrypted) + */ + public String getCryptedPassword() { + return password.startsWith("$s0$") ? password : SCryptUtil.scrypt(password, 16384, 8, 1); + } + + /** + * Sets the player's password + * + * @param password The player's new password + */ + public void setPassword(String password) { + this.password = password; + } + /** * Gets the player's password. *