001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portal.security.pwd;
016    
017    import com.liferay.portal.PwdEncryptorException;
018    import com.liferay.portal.kernel.io.BigEndianCodec;
019    import com.liferay.portal.kernel.security.SecureRandomUtil;
020    import com.liferay.portal.kernel.util.ArrayUtil;
021    import com.liferay.portal.kernel.util.Base64;
022    import com.liferay.portal.kernel.util.Digester;
023    import com.liferay.portal.kernel.util.Validator;
024    
025    import java.io.UnsupportedEncodingException;
026    
027    import java.security.MessageDigest;
028    import java.security.NoSuchAlgorithmException;
029    
030    /**
031     * @author Michael C. Han
032     * @author Tomas Polesovsky
033     */
034    public class SSHAPasswordEncryptor
035            extends BasePasswordEncryptor implements PasswordEncryptor {
036    
037            @Override
038            public String[] getSupportedAlgorithmTypes() {
039                    return new String[] {PasswordEncryptorUtil.TYPE_SSHA};
040            }
041    
042            @Override
043            protected String doEncrypt(
044                            String algorithm, String plainTextPassword,
045                            String encryptedPassword)
046                    throws PwdEncryptorException {
047    
048                    byte[] saltBytes = getSaltBytes(encryptedPassword);
049    
050                    try {
051                            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
052    
053                            byte[] plainTextPasswordBytes = plainTextPassword.getBytes(
054                                    Digester.ENCODING);
055    
056                            byte[] messageDigestBytes = messageDigest.digest(
057                                    ArrayUtil.append(plainTextPasswordBytes, saltBytes));
058    
059                            return Base64.encode(
060                                    ArrayUtil.append(messageDigestBytes, saltBytes));
061                    }
062                    catch (NoSuchAlgorithmException nsae) {
063                            throw new PwdEncryptorException(nsae.getMessage(), nsae);
064                    }
065                    catch (UnsupportedEncodingException uee) {
066                            throw new PwdEncryptorException(uee.getMessage(), uee);
067                    }
068            }
069    
070            protected byte[] getSaltBytes(String encryptedPassword)
071                    throws PwdEncryptorException {
072    
073                    byte[] saltBytes = new byte[8];
074    
075                    if (Validator.isNull(encryptedPassword)) {
076                            BigEndianCodec.putLong(saltBytes, 0, SecureRandomUtil.nextLong());
077                    }
078                    else {
079                            try {
080                                    byte[] encryptedPasswordBytes = Base64.decode(
081                                            encryptedPassword);
082    
083                                    System.arraycopy(
084                                            encryptedPasswordBytes, encryptedPasswordBytes.length - 8,
085                                            saltBytes, 0, saltBytes.length);
086                            }
087                            catch (Exception e) {
088                                    throw new PwdEncryptorException(
089                                            "Unable to extract salt from encrypted password " +
090                                                    e.getMessage(),
091                                            e);
092                            }
093                    }
094    
095                    return saltBytes;
096            }
097    
098    }