001
014
015 package com.liferay.portal.security.pwd;
016
017 import com.liferay.portal.exception.PwdEncryptorException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.kernel.log.Log;
020 import com.liferay.portal.kernel.log.LogFactoryUtil;
021 import com.liferay.portal.kernel.util.Base64;
022 import com.liferay.portal.kernel.util.GetterUtil;
023 import com.liferay.portal.kernel.util.PropsKeys;
024 import com.liferay.portal.kernel.util.StringPool;
025 import com.liferay.portal.kernel.util.Validator;
026 import com.liferay.portal.util.PropsUtil;
027
028 import java.io.UnsupportedEncodingException;
029
030 import java.security.MessageDigest;
031 import java.security.NoSuchAlgorithmException;
032
033
036 public class PwdAuthenticator {
037
038 public static boolean authenticate(
039 String login, String clearTextPassword,
040 String currentEncryptedPassword)
041 throws PwdEncryptorException {
042
043 String encryptedPassword = PasswordEncryptorUtil.encrypt(
044 clearTextPassword, currentEncryptedPassword);
045
046 if (currentEncryptedPassword.equals(encryptedPassword)) {
047 return true;
048 }
049 else if (GetterUtil.getBoolean(
050 PropsUtil.get(PropsKeys.AUTH_MAC_ALLOW))) {
051
052 try {
053 MessageDigest digester = MessageDigest.getInstance(
054 PropsUtil.get(PropsKeys.AUTH_MAC_ALGORITHM));
055
056 digester.update(login.getBytes(StringPool.UTF8));
057
058 String shardKey = PropsUtil.get(PropsKeys.AUTH_MAC_SHARED_KEY);
059
060 if (Validator.isNull(shardKey)) {
061 if (_log.isWarnEnabled()) {
062 _log.warn(
063 "Please set the property " +
064 PropsKeys.AUTH_MAC_SHARED_KEY);
065 }
066
067 return false;
068 }
069
070 encryptedPassword = Base64.encode(
071 digester.digest(shardKey.getBytes(StringPool.UTF8)));
072
073 if (clearTextPassword.equals(encryptedPassword)) {
074 return true;
075 }
076 else {
077 return false;
078 }
079 }
080 catch (NoSuchAlgorithmException nsae) {
081 throw new SystemException(nsae);
082 }
083 catch (UnsupportedEncodingException uee) {
084 throw new SystemException(uee);
085 }
086 }
087
088 return false;
089 }
090
091 private static final Log _log = LogFactoryUtil.getLog(
092 PwdAuthenticator.class.getName());
093
094 }