001
014
015 package com.liferay.portal.security.pwd;
016
017 import com.liferay.portal.PwdEncryptorException;
018 import com.liferay.portal.kernel.util.ArrayUtil;
019 import com.liferay.portal.kernel.util.Base64;
020 import com.liferay.portal.kernel.util.Digester;
021 import com.liferay.portal.kernel.util.Validator;
022
023 import java.io.UnsupportedEncodingException;
024
025 import java.security.MessageDigest;
026 import java.security.NoSuchAlgorithmException;
027 import java.security.SecureRandom;
028
029 import java.util.Random;
030
031
035 public class SSHAPasswordEncryptor
036 extends BasePasswordEncryptor implements PasswordEncryptor {
037
038 @Override
039 public String[] getSupportedAlgorithmTypes() {
040 return new String[] {PasswordEncryptorUtil.TYPE_SSHA};
041 }
042
043 @Override
044 protected String doEncrypt(
045 String algorithm, String plainTextPassword,
046 String encryptedPassword)
047 throws PwdEncryptorException {
048
049 byte[] saltBytes = getSaltBytes(encryptedPassword);
050
051 try {
052 MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
053
054 byte[] plainTextPasswordBytes = plainTextPassword.getBytes(
055 Digester.ENCODING);
056
057 byte[] messageDigestBytes = messageDigest.digest(
058 ArrayUtil.append(plainTextPasswordBytes, saltBytes));
059
060 return Base64.encode(
061 ArrayUtil.append(messageDigestBytes, saltBytes));
062 }
063 catch (NoSuchAlgorithmException nsae) {
064 throw new PwdEncryptorException(nsae.getMessage(), nsae);
065 }
066 catch (UnsupportedEncodingException uee) {
067 throw new PwdEncryptorException(uee.getMessage(), uee);
068 }
069 }
070
071 protected byte[] getSaltBytes(String encryptedPassword)
072 throws PwdEncryptorException {
073
074 byte[] saltBytes = new byte[8];
075
076 if (Validator.isNull(encryptedPassword)) {
077 Random random = new SecureRandom();
078
079 random.nextBytes(saltBytes);
080 }
081 else {
082 try {
083 byte[] encryptedPasswordBytes = Base64.decode(
084 encryptedPassword);
085
086 System.arraycopy(
087 encryptedPasswordBytes, encryptedPasswordBytes.length - 8,
088 saltBytes, 0, saltBytes.length);
089 }
090 catch (Exception e) {
091 throw new PwdEncryptorException(
092 "Unable to extract salt from encrypted password " +
093 e.getMessage(),
094 e);
095 }
096 }
097
098 return saltBytes;
099 }
100
101 }