001
014
015 package com.liferay.portal.security.pwd;
016
017 import com.liferay.portal.UserPasswordException;
018 import com.liferay.portal.kernel.exception.PortalException;
019 import com.liferay.portal.kernel.exception.SystemException;
020 import com.liferay.portal.kernel.security.RandomUtil;
021 import com.liferay.portal.kernel.security.SecureRandomUtil;
022 import com.liferay.portal.kernel.util.ArrayUtil;
023 import com.liferay.portal.kernel.util.StringBundler;
024 import com.liferay.portal.kernel.util.Validator;
025 import com.liferay.portal.model.PasswordPolicy;
026 import com.liferay.portal.model.User;
027 import com.liferay.portal.service.PasswordTrackerLocalServiceUtil;
028 import com.liferay.portal.service.UserLocalServiceUtil;
029 import com.liferay.portal.util.PropsValues;
030 import com.liferay.portal.words.WordsUtil;
031 import com.liferay.util.PwdGenerator;
032
033 import java.util.Arrays;
034 import java.util.Date;
035 import java.util.Random;
036
037
041 public class PasswordPolicyToolkit extends BasicToolkit {
042
043 public PasswordPolicyToolkit() {
044 _lowerCaseCharsetArray = getSortedCharArray(
045 PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_CHARSET_LOWERCASE);
046 _numbersCharsetArray = getSortedCharArray(
047 PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_CHARSET_NUMBERS);
048 _symbolsCharsetArray = getSortedCharArray(
049 PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_CHARSET_SYMBOLS);
050 _upperCaseCharsetArray = getSortedCharArray(
051 PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_CHARSET_UPPERCASE);
052
053 _alphanumericCharsetArray = ArrayUtil.append(
054 _lowerCaseCharsetArray, _upperCaseCharsetArray,
055 _numbersCharsetArray);
056
057 Arrays.sort(_alphanumericCharsetArray);
058
059 StringBundler sb = new StringBundler(4);
060
061 sb.append(
062 PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_CHARSET_LOWERCASE);
063 sb.append(PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_CHARSET_NUMBERS);
064 sb.append(PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_CHARSET_SYMBOLS);
065 sb.append(
066 PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_CHARSET_UPPERCASE);
067
068 _completeCharset = sb.toString();
069 }
070
071 @Override
072 public String generate(PasswordPolicy passwordPolicy) {
073 if (PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_GENERATOR.equals(
074 "static")) {
075
076 return generateStatic(passwordPolicy);
077 }
078 else {
079 return generateDynamic(passwordPolicy);
080 }
081 }
082
083 @Override
084 public void validate(
085 long userId, String password1, String password2,
086 PasswordPolicy passwordPolicy)
087 throws PortalException, SystemException {
088
089 if (passwordPolicy.isCheckSyntax()) {
090 if (!passwordPolicy.isAllowDictionaryWords() &&
091 WordsUtil.isDictionaryWord(password1)) {
092
093 throw new UserPasswordException(
094 UserPasswordException.PASSWORD_CONTAINS_TRIVIAL_WORDS);
095 }
096
097 if (password1.length() < passwordPolicy.getMinLength()) {
098 throw new UserPasswordException(
099 UserPasswordException.PASSWORD_LENGTH);
100 }
101
102 if ((getUsageCount(password1, _alphanumericCharsetArray) <
103 passwordPolicy.getMinAlphanumeric()) ||
104 (getUsageCount(password1, _lowerCaseCharsetArray) <
105 passwordPolicy.getMinLowerCase()) ||
106 (getUsageCount(password1, _numbersCharsetArray) <
107 passwordPolicy.getMinNumbers()) ||
108 (getUsageCount(password1, _symbolsCharsetArray) <
109 passwordPolicy.getMinSymbols()) ||
110 (getUsageCount(password1, _upperCaseCharsetArray) <
111 passwordPolicy.getMinUpperCase())) {
112
113 throw new UserPasswordException(
114 UserPasswordException.PASSWORD_TOO_TRIVIAL);
115 }
116
117 if (Validator.isNotNull(passwordPolicy.getRegex()) &&
118 !password1.matches(passwordPolicy.getRegex())) {
119
120 throw new UserPasswordException(
121 UserPasswordException.PASSWORD_INVALID);
122 }
123 }
124
125 if (!passwordPolicy.isChangeable()) {
126 throw new UserPasswordException(
127 UserPasswordException.PASSWORD_NOT_CHANGEABLE);
128 }
129
130 if (userId == 0) {
131 return;
132 }
133
134 User user = UserLocalServiceUtil.getUserById(userId);
135
136 Date passwordModfiedDate = user.getPasswordModifiedDate();
137
138 if (passwordModfiedDate != null) {
139
140
141
142 Date now = new Date();
143
144 long passwordModificationElapsedTime =
145 now.getTime() - passwordModfiedDate.getTime();
146
147 long userCreationElapsedTime =
148 now.getTime() - user.getCreateDate().getTime();
149
150 long minAge = passwordPolicy.getMinAge() * 1000;
151
152 if ((passwordModificationElapsedTime < minAge) &&
153 (userCreationElapsedTime > minAge)) {
154
155 throw new UserPasswordException(
156 UserPasswordException.PASSWORD_TOO_YOUNG);
157 }
158 }
159
160 if (PasswordTrackerLocalServiceUtil.isSameAsCurrentPassword(
161 userId, password1)) {
162
163 throw new UserPasswordException(
164 UserPasswordException.PASSWORD_SAME_AS_CURRENT);
165 }
166 else if (!PasswordTrackerLocalServiceUtil.isValidPassword(
167 userId, password1)) {
168
169 throw new UserPasswordException(
170 UserPasswordException.PASSWORD_ALREADY_USED);
171 }
172 }
173
174 protected String generateDynamic(PasswordPolicy passwordPolicy) {
175 int alphanumericActualMinLength =
176 passwordPolicy.getMinLowerCase() + passwordPolicy.getMinNumbers() +
177 passwordPolicy.getMinUpperCase();
178
179 int alphanumericMinLength = Math.max(
180 passwordPolicy.getMinAlphanumeric(), alphanumericActualMinLength);
181 int passwordMinLength = Math.max(
182 passwordPolicy.getMinLength(),
183 alphanumericMinLength + passwordPolicy.getMinSymbols());
184
185 StringBundler sb = new StringBundler(6);
186
187 if (passwordPolicy.getMinLowerCase() > 0) {
188 sb.append(
189 getRandomString(
190 passwordPolicy.getMinLowerCase(), _lowerCaseCharsetArray));
191 }
192
193 if (passwordPolicy.getMinNumbers() > 0) {
194 sb.append(
195 getRandomString(
196 passwordPolicy.getMinNumbers(), _numbersCharsetArray));
197 }
198
199 if (passwordPolicy.getMinSymbols() > 0) {
200 sb.append(
201 getRandomString(
202 passwordPolicy.getMinSymbols(), _symbolsCharsetArray));
203 }
204
205 if (passwordPolicy.getMinUpperCase() > 0) {
206 sb.append(
207 getRandomString(
208 passwordPolicy.getMinUpperCase(), _upperCaseCharsetArray));
209 }
210
211 if (alphanumericMinLength > alphanumericActualMinLength) {
212 int count = alphanumericMinLength - alphanumericActualMinLength;
213
214 sb.append(getRandomString(count, _alphanumericCharsetArray));
215 }
216
217 if (passwordMinLength >
218 (alphanumericMinLength + passwordPolicy.getMinSymbols())) {
219
220 int count =
221 passwordMinLength -
222 (alphanumericMinLength + passwordPolicy.getMinSymbols());
223
224 sb.append(PwdGenerator.getPassword(_completeCharset, count));
225 }
226
227 if (sb.index() == 0) {
228 sb.append(
229 PwdGenerator.getPassword(
230 _completeCharset,
231 PropsValues.PASSWORDS_DEFAULT_POLICY_MIN_LENGTH));
232 }
233
234 return RandomUtil.shuffle(
235 new Random(SecureRandomUtil.nextLong()), sb.toString());
236 }
237
238 protected String generateStatic(PasswordPolicy passwordPolicy) {
239 return PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_STATIC;
240 }
241
242 protected String getRandomString(int count, char[] chars) {
243 Random random = new Random(SecureRandomUtil.nextInt());
244
245 StringBundler sb = new StringBundler(count);
246
247 for (int i = 0; i < count; i++) {
248 int index = random.nextInt(chars.length);
249
250 sb.append(chars[index]);
251 }
252
253 return sb.toString();
254 }
255
256 protected char[] getSortedCharArray(String s) {
257 char[] chars = s.toCharArray();
258
259 Arrays.sort(chars);
260
261 return chars;
262 }
263
264 protected int getUsageCount(String s, char[] chars) {
265 int count = 0;
266
267 for (int i = 0; i < s.length(); i++) {
268 if (Arrays.binarySearch(chars, s.charAt(i)) >= 0) {
269 count++;
270 }
271 }
272
273 return count;
274 }
275
276 private char[] _alphanumericCharsetArray;
277 private String _completeCharset;
278 private char[] _lowerCaseCharsetArray;
279 private char[] _numbersCharsetArray;
280 private char[] _symbolsCharsetArray;
281 private char[] _upperCaseCharsetArray;
282
283 }