001
014
015 package com.liferay.portal.security.pwd;
016
017 import com.liferay.portal.UserPasswordException;
018 import com.liferay.portal.kernel.exception.PortalException;
019 import com.liferay.portal.kernel.exception.SystemException;
020 import com.liferay.portal.kernel.util.ArrayUtil;
021 import com.liferay.portal.kernel.util.Randomizer;
022 import com.liferay.portal.kernel.util.StringBundler;
023 import com.liferay.portal.kernel.util.Validator;
024 import com.liferay.portal.model.PasswordPolicy;
025 import com.liferay.portal.model.User;
026 import com.liferay.portal.service.PasswordTrackerLocalServiceUtil;
027 import com.liferay.portal.service.UserLocalServiceUtil;
028 import com.liferay.portal.util.PropsValues;
029 import com.liferay.portal.words.WordsUtil;
030 import com.liferay.util.PwdGenerator;
031
032 import java.util.Arrays;
033 import java.util.Date;
034
035
039 public class PasswordPolicyToolkit extends BasicToolkit {
040
041 public PasswordPolicyToolkit() {
042 _lowerCaseCharsetArray = getSortedCharArray(
043 PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_CHARSET_LOWERCASE);
044 _numbersCharsetArray = getSortedCharArray(
045 PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_CHARSET_NUMBERS);
046 _symbolsCharsetArray = getSortedCharArray(
047 PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_CHARSET_SYMBOLS);
048 _upperCaseCharsetArray = getSortedCharArray(
049 PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_CHARSET_UPPERCASE);
050
051 _alphanumericCharsetArray = ArrayUtil.append(
052 _lowerCaseCharsetArray, _upperCaseCharsetArray,
053 _numbersCharsetArray);
054
055 Arrays.sort(_alphanumericCharsetArray);
056
057 StringBundler sb = new StringBundler(4);
058
059 sb.append(
060 PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_CHARSET_LOWERCASE);
061 sb.append(PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_CHARSET_NUMBERS);
062 sb.append(PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_CHARSET_SYMBOLS);
063 sb.append(
064 PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_CHARSET_UPPERCASE);
065
066 _completeCharset = sb.toString();
067 }
068
069 @Override
070 public String generate(PasswordPolicy passwordPolicy) {
071 if (PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_GENERATOR.equals(
072 "static")) {
073
074 return generateStatic(passwordPolicy);
075 }
076 else {
077 return generateDynamic(passwordPolicy);
078 }
079 }
080
081 @Override
082 public void validate(
083 long userId, String password1, String password2,
084 PasswordPolicy passwordPolicy)
085 throws PortalException, SystemException {
086
087 if (passwordPolicy.isCheckSyntax()) {
088 if (!passwordPolicy.isAllowDictionaryWords() &&
089 WordsUtil.isDictionaryWord(password1)) {
090
091 throw new UserPasswordException(
092 UserPasswordException.PASSWORD_CONTAINS_TRIVIAL_WORDS);
093 }
094
095 if (password1.length() < passwordPolicy.getMinLength()) {
096 throw new UserPasswordException(
097 UserPasswordException.PASSWORD_LENGTH);
098 }
099
100 if ((getUsageCount(password1, _alphanumericCharsetArray) <
101 passwordPolicy.getMinAlphanumeric()) ||
102 (getUsageCount(password1, _lowerCaseCharsetArray) <
103 passwordPolicy.getMinLowerCase()) ||
104 (getUsageCount(password1, _numbersCharsetArray) <
105 passwordPolicy.getMinNumbers()) ||
106 (getUsageCount(password1, _symbolsCharsetArray) <
107 passwordPolicy.getMinSymbols()) ||
108 (getUsageCount(password1, _upperCaseCharsetArray) <
109 passwordPolicy.getMinUpperCase())) {
110
111 throw new UserPasswordException(
112 UserPasswordException.PASSWORD_TOO_TRIVIAL);
113 }
114
115 if (Validator.isNotNull(passwordPolicy.getRegex()) &&
116 !password1.matches(passwordPolicy.getRegex())) {
117
118 throw new UserPasswordException(
119 UserPasswordException.PASSWORD_INVALID);
120 }
121 }
122
123 if (!passwordPolicy.isChangeable()) {
124 throw new UserPasswordException(
125 UserPasswordException.PASSWORD_NOT_CHANGEABLE);
126 }
127
128 if (userId == 0) {
129 return;
130 }
131
132 User user = UserLocalServiceUtil.getUserById(userId);
133
134 Date passwordModfiedDate = user.getPasswordModifiedDate();
135
136 if (passwordModfiedDate != null) {
137
138
139
140 Date now = new Date();
141
142 long passwordModificationElapsedTime =
143 now.getTime() - passwordModfiedDate.getTime();
144
145 long userCreationElapsedTime =
146 now.getTime() - user.getCreateDate().getTime();
147
148 long minAge = passwordPolicy.getMinAge() * 1000;
149
150 if ((passwordModificationElapsedTime < minAge) &&
151 (userCreationElapsedTime > minAge)) {
152
153 throw new UserPasswordException(
154 UserPasswordException.PASSWORD_TOO_YOUNG);
155 }
156 }
157
158 if (PasswordTrackerLocalServiceUtil.isSameAsCurrentPassword(
159 userId, password1)) {
160
161 throw new UserPasswordException(
162 UserPasswordException.PASSWORD_SAME_AS_CURRENT);
163 }
164 else if (!PasswordTrackerLocalServiceUtil.isValidPassword(
165 userId, password1)) {
166
167 throw new UserPasswordException(
168 UserPasswordException.PASSWORD_ALREADY_USED);
169 }
170 }
171
172 protected String generateDynamic(PasswordPolicy passwordPolicy) {
173 int alphanumericActualMinLength =
174 passwordPolicy.getMinLowerCase() + passwordPolicy.getMinNumbers() +
175 passwordPolicy.getMinUpperCase();
176
177 int alphanumericMinLength = Math.max(
178 passwordPolicy.getMinAlphanumeric(), alphanumericActualMinLength);
179 int passwordMinLength = Math.max(
180 passwordPolicy.getMinLength(),
181 alphanumericMinLength + passwordPolicy.getMinSymbols());
182
183 StringBundler sb = new StringBundler(6);
184
185 if (passwordPolicy.getMinLowerCase() > 0) {
186 sb.append(
187 getRandomString(
188 passwordPolicy.getMinLowerCase(), _lowerCaseCharsetArray));
189 }
190
191 if (passwordPolicy.getMinNumbers() > 0) {
192 sb.append(
193 getRandomString(
194 passwordPolicy.getMinNumbers(), _numbersCharsetArray));
195 }
196
197 if (passwordPolicy.getMinSymbols() > 0) {
198 sb.append(
199 getRandomString(
200 passwordPolicy.getMinSymbols(), _symbolsCharsetArray));
201 }
202
203 if (passwordPolicy.getMinUpperCase() > 0) {
204 sb.append(
205 getRandomString(
206 passwordPolicy.getMinUpperCase(), _upperCaseCharsetArray));
207 }
208
209 if (alphanumericMinLength > alphanumericActualMinLength) {
210 int count = alphanumericMinLength - alphanumericActualMinLength;
211
212 sb.append(getRandomString(count, _alphanumericCharsetArray));
213 }
214
215 if (passwordMinLength >
216 (alphanumericMinLength + passwordPolicy.getMinSymbols())) {
217
218 int count =
219 passwordMinLength -
220 (alphanumericMinLength + passwordPolicy.getMinSymbols());
221
222 sb.append(PwdGenerator.getPassword(_completeCharset, count));
223 }
224
225 if (sb.index() == 0) {
226 sb.append(
227 PwdGenerator.getPassword(
228 _completeCharset,
229 PropsValues.PASSWORDS_DEFAULT_POLICY_MIN_LENGTH));
230 }
231
232 Randomizer randomizer = Randomizer.getInstance();
233
234 return randomizer.randomize(sb.toString());
235 }
236
237 protected String generateStatic(PasswordPolicy passwordPolicy) {
238 return PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_STATIC;
239 }
240
241 protected String getRandomString(int count, char[] chars) {
242 StringBundler sb = new StringBundler(count);
243
244 Randomizer randomizer = Randomizer.getInstance();
245
246 for (int i = 0; i < count; i++) {
247 int index = randomizer.nextInt(chars.length);
248
249 sb.append(chars[index]);
250 }
251
252 return sb.toString();
253 }
254
255 protected char[] getSortedCharArray(String s) {
256 char[] chars = s.toCharArray();
257
258 Arrays.sort(chars);
259
260 return chars;
261 }
262
263 protected int getUsageCount(String s, char[] chars) {
264 int count = 0;
265
266 for (int i = 0; i < s.length(); i++) {
267 if (Arrays.binarySearch(chars, s.charAt(i)) >= 0) {
268 count++;
269 }
270 }
271
272 return count;
273 }
274
275 private char[] _alphanumericCharsetArray;
276 private String _completeCharset;
277 private char[] _lowerCaseCharsetArray;
278 private char[] _numbersCharsetArray;
279 private char[] _symbolsCharsetArray;
280 private char[] _upperCaseCharsetArray;
281
282 }