001
014
015 package com.liferay.portal.security.pwd;
016
017 import com.liferay.portal.kernel.exception.PwdEncryptorException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.kernel.log.Log;
020 import com.liferay.portal.kernel.log.LogFactoryUtil;
021 import com.liferay.portal.kernel.security.pwd.PasswordEncryptorUtil;
022 import com.liferay.portal.kernel.util.Base64;
023 import com.liferay.portal.kernel.util.GetterUtil;
024 import com.liferay.portal.kernel.util.PropsKeys;
025 import com.liferay.portal.kernel.util.StringPool;
026 import com.liferay.portal.kernel.util.Validator;
027 import com.liferay.portal.util.PropsUtil;
028
029 import java.io.UnsupportedEncodingException;
030
031 import java.security.MessageDigest;
032 import java.security.NoSuchAlgorithmException;
033
034
037 public class PwdAuthenticator {
038
039 public static boolean authenticate(
040 String login, String clearTextPassword,
041 String currentEncryptedPassword)
042 throws PwdEncryptorException {
043
044 String encryptedPassword = PasswordEncryptorUtil.encrypt(
045 clearTextPassword, currentEncryptedPassword);
046
047 if (currentEncryptedPassword.equals(encryptedPassword)) {
048 return true;
049 }
050 else if (GetterUtil.getBoolean(
051 PropsUtil.get(PropsKeys.AUTH_MAC_ALLOW))) {
052
053 try {
054 MessageDigest digester = MessageDigest.getInstance(
055 PropsUtil.get(PropsKeys.AUTH_MAC_ALGORITHM));
056
057 digester.update(login.getBytes(StringPool.UTF8));
058
059 String shardKey = PropsUtil.get(PropsKeys.AUTH_MAC_SHARED_KEY);
060
061 if (Validator.isNull(shardKey)) {
062 if (_log.isWarnEnabled()) {
063 _log.warn(
064 "Please set the property " +
065 PropsKeys.AUTH_MAC_SHARED_KEY);
066 }
067
068 return false;
069 }
070
071 encryptedPassword = Base64.encode(
072 digester.digest(shardKey.getBytes(StringPool.UTF8)));
073
074 if (clearTextPassword.equals(encryptedPassword)) {
075 return true;
076 }
077 else {
078 return false;
079 }
080 }
081 catch (NoSuchAlgorithmException nsae) {
082 throw new SystemException(nsae);
083 }
084 catch (UnsupportedEncodingException uee) {
085 throw new SystemException(uee);
086 }
087 }
088
089 return false;
090 }
091
092 private static final Log _log = LogFactoryUtil.getLog(
093 PwdAuthenticator.class.getName());
094
095 }