001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.pwd;
016    
017    import com.liferay.portal.kernel.exception.PwdEncryptorException;
018    import com.liferay.portal.kernel.io.BigEndianCodec;
019    import com.liferay.portal.kernel.security.SecureRandomUtil;
020    import com.liferay.portal.kernel.security.pwd.PasswordEncryptor;
021    import com.liferay.portal.kernel.security.pwd.PasswordEncryptorUtil;
022    import com.liferay.portal.kernel.util.ArrayUtil;
023    import com.liferay.portal.kernel.util.Base64;
024    import com.liferay.portal.kernel.util.Digester;
025    import com.liferay.portal.kernel.util.Validator;
026    
027    import java.io.UnsupportedEncodingException;
028    
029    import java.security.MessageDigest;
030    import java.security.NoSuchAlgorithmException;
031    
032    /**
033     * @author Michael C. Han
034     * @author Tomas Polesovsky
035     */
036    public class SSHAPasswordEncryptor
037            extends BasePasswordEncryptor implements PasswordEncryptor {
038    
039            @Override
040            public String[] getSupportedAlgorithmTypes() {
041                    return new String[] {PasswordEncryptorUtil.TYPE_SSHA};
042            }
043    
044            @Override
045            protected String doEncrypt(
046                            String algorithm, String plainTextPassword,
047                            String encryptedPassword)
048                    throws PwdEncryptorException {
049    
050                    byte[] saltBytes = getSaltBytes(encryptedPassword);
051    
052                    try {
053                            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
054    
055                            byte[] plainTextPasswordBytes = plainTextPassword.getBytes(
056                                    Digester.ENCODING);
057    
058                            byte[] messageDigestBytes = messageDigest.digest(
059                                    ArrayUtil.append(plainTextPasswordBytes, saltBytes));
060    
061                            return Base64.encode(
062                                    ArrayUtil.append(messageDigestBytes, saltBytes));
063                    }
064                    catch (NoSuchAlgorithmException nsae) {
065                            throw new PwdEncryptorException(nsae.getMessage(), nsae);
066                    }
067                    catch (UnsupportedEncodingException uee) {
068                            throw new PwdEncryptorException(uee.getMessage(), uee);
069                    }
070            }
071    
072            protected byte[] getSaltBytes(String encryptedPassword)
073                    throws PwdEncryptorException {
074    
075                    byte[] saltBytes = new byte[8];
076    
077                    if (Validator.isNull(encryptedPassword)) {
078                            BigEndianCodec.putLong(saltBytes, 0, SecureRandomUtil.nextLong());
079                    }
080                    else {
081                            try {
082                                    byte[] encryptedPasswordBytes = Base64.decode(
083                                            encryptedPassword);
084    
085                                    System.arraycopy(
086                                            encryptedPasswordBytes, encryptedPasswordBytes.length - 8,
087                                            saltBytes, 0, saltBytes.length);
088                            }
089                            catch (Exception e) {
090                                    throw new PwdEncryptorException(
091                                            "Unable to extract salt from encrypted password " +
092                                                    e.getMessage(),
093                                            e);
094                            }
095                    }
096    
097                    return saltBytes;
098            }
099    
100    }