001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.pwd;
016    
017    import com.liferay.portal.PwdEncryptorException;
018    import com.liferay.portal.kernel.util.ArrayUtil;
019    import com.liferay.portal.kernel.util.Base64;
020    import com.liferay.portal.kernel.util.Digester;
021    import com.liferay.portal.kernel.util.Validator;
022    
023    import java.io.UnsupportedEncodingException;
024    
025    import java.security.MessageDigest;
026    import java.security.NoSuchAlgorithmException;
027    import java.security.SecureRandom;
028    
029    import java.util.Random;
030    
031    /**
032     * @author Michael C. Han
033     * @author Tomas Polesovsky
034     */
035    public class SSHAPasswordEncryptor
036            extends BasePasswordEncryptor implements PasswordEncryptor {
037    
038            @Override
039            public String[] getSupportedAlgorithmTypes() {
040                    return new String[] {PasswordEncryptorUtil.TYPE_SSHA};
041            }
042    
043            @Override
044            protected String doEncrypt(
045                            String algorithm, String plainTextPassword,
046                            String encryptedPassword)
047                    throws PwdEncryptorException {
048    
049                    byte[] saltBytes = getSaltBytes(encryptedPassword);
050    
051                    try {
052                            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
053    
054                            byte[] plainTextPasswordBytes = plainTextPassword.getBytes(
055                                    Digester.ENCODING);
056    
057                            byte[] messageDigestBytes = messageDigest.digest(
058                                    ArrayUtil.append(plainTextPasswordBytes, saltBytes));
059    
060                            return Base64.encode(
061                                    ArrayUtil.append(messageDigestBytes, saltBytes));
062                    }
063                    catch (NoSuchAlgorithmException nsae) {
064                            throw new PwdEncryptorException(nsae.getMessage(), nsae);
065                    }
066                    catch (UnsupportedEncodingException uee) {
067                            throw new PwdEncryptorException(uee.getMessage(), uee);
068                    }
069            }
070    
071            protected byte[] getSaltBytes(String encryptedPassword)
072                    throws PwdEncryptorException {
073    
074                    byte[] saltBytes = new byte[8];
075    
076                    if (Validator.isNull(encryptedPassword)) {
077                            Random random = new SecureRandom();
078    
079                            random.nextBytes(saltBytes);
080                    }
081                    else {
082                            try {
083                                    byte[] encryptedPasswordBytes = Base64.decode(
084                                            encryptedPassword);
085    
086                                    System.arraycopy(
087                                            encryptedPasswordBytes, encryptedPasswordBytes.length - 8,
088                                            saltBytes, 0, saltBytes.length);
089                            }
090                            catch (Exception e) {
091                                    throw new PwdEncryptorException(
092                                            "Unable to extract salt from encrypted password " +
093                                                    e.getMessage(),
094                                            e);
095                            }
096                    }
097    
098                    return saltBytes;
099            }
100    
101    }