001
014
015 package com.liferay.portal.security.pwd;
016
017 import com.liferay.portal.kernel.exception.PwdEncryptorException;
018 import com.liferay.portal.kernel.io.BigEndianCodec;
019 import com.liferay.portal.kernel.security.SecureRandomUtil;
020 import com.liferay.portal.kernel.security.pwd.PasswordEncryptor;
021 import com.liferay.portal.kernel.security.pwd.PasswordEncryptorUtil;
022 import com.liferay.portal.kernel.util.ArrayUtil;
023 import com.liferay.portal.kernel.util.Base64;
024 import com.liferay.portal.kernel.util.Digester;
025 import com.liferay.portal.kernel.util.Validator;
026
027 import java.io.UnsupportedEncodingException;
028
029 import java.security.MessageDigest;
030 import java.security.NoSuchAlgorithmException;
031
032
036 public class SSHAPasswordEncryptor
037 extends BasePasswordEncryptor implements PasswordEncryptor {
038
039 @Override
040 public String[] getSupportedAlgorithmTypes() {
041 return new String[] {PasswordEncryptorUtil.TYPE_SSHA};
042 }
043
044 @Override
045 protected String doEncrypt(
046 String algorithm, String plainTextPassword,
047 String encryptedPassword)
048 throws PwdEncryptorException {
049
050 byte[] saltBytes = getSaltBytes(encryptedPassword);
051
052 try {
053 MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
054
055 byte[] plainTextPasswordBytes = plainTextPassword.getBytes(
056 Digester.ENCODING);
057
058 byte[] messageDigestBytes = messageDigest.digest(
059 ArrayUtil.append(plainTextPasswordBytes, saltBytes));
060
061 return Base64.encode(
062 ArrayUtil.append(messageDigestBytes, saltBytes));
063 }
064 catch (NoSuchAlgorithmException nsae) {
065 throw new PwdEncryptorException(nsae.getMessage(), nsae);
066 }
067 catch (UnsupportedEncodingException uee) {
068 throw new PwdEncryptorException(uee.getMessage(), uee);
069 }
070 }
071
072 protected byte[] getSaltBytes(String encryptedPassword)
073 throws PwdEncryptorException {
074
075 byte[] saltBytes = new byte[8];
076
077 if (Validator.isNull(encryptedPassword)) {
078 BigEndianCodec.putLong(saltBytes, 0, SecureRandomUtil.nextLong());
079 }
080 else {
081 try {
082 byte[] encryptedPasswordBytes = Base64.decode(
083 encryptedPassword);
084
085 System.arraycopy(
086 encryptedPasswordBytes, encryptedPasswordBytes.length - 8,
087 saltBytes, 0, saltBytes.length);
088 }
089 catch (Exception e) {
090 throw new PwdEncryptorException(
091 "Unable to extract salt from encrypted password " +
092 e.getMessage(),
093 e);
094 }
095 }
096
097 return saltBytes;
098 }
099
100 }