001
014
015 package com.liferay.portal.security.pwd;
016
017 import com.liferay.portal.UserPasswordException;
018 import com.liferay.portal.kernel.exception.PortalException;
019 import com.liferay.portal.kernel.security.RandomUtil;
020 import com.liferay.portal.kernel.security.SecureRandom;
021 import com.liferay.portal.kernel.util.ArrayUtil;
022 import com.liferay.portal.kernel.util.PwdGenerator;
023 import com.liferay.portal.kernel.util.StringBundler;
024 import com.liferay.portal.kernel.util.Validator;
025 import com.liferay.portal.kernel.words.WordsUtil;
026 import com.liferay.portal.model.PasswordPolicy;
027 import com.liferay.portal.model.User;
028 import com.liferay.portal.service.PasswordTrackerLocalServiceUtil;
029 import com.liferay.portal.service.UserLocalServiceUtil;
030 import com.liferay.portal.util.PropsValues;
031
032 import java.util.Arrays;
033 import java.util.Date;
034 import java.util.Random;
035
036
040 public class PasswordPolicyToolkit extends BasicToolkit {
041
042 public PasswordPolicyToolkit() {
043 _lowerCaseCharsetArray = getSortedCharArray(
044 PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_CHARSET_LOWERCASE);
045 _numbersCharsetArray = getSortedCharArray(
046 PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_CHARSET_NUMBERS);
047 _symbolsCharsetArray = getSortedCharArray(
048 PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_CHARSET_SYMBOLS);
049 _upperCaseCharsetArray = getSortedCharArray(
050 PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_CHARSET_UPPERCASE);
051
052 _alphanumericCharsetArray = ArrayUtil.append(
053 _lowerCaseCharsetArray, _upperCaseCharsetArray,
054 _numbersCharsetArray);
055
056 Arrays.sort(_alphanumericCharsetArray);
057
058 StringBundler sb = new StringBundler(4);
059
060 sb.append(
061 PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_CHARSET_LOWERCASE);
062 sb.append(PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_CHARSET_NUMBERS);
063 sb.append(PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_CHARSET_SYMBOLS);
064 sb.append(
065 PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_CHARSET_UPPERCASE);
066
067 _completeCharset = sb.toString();
068 }
069
070 @Override
071 public String generate(PasswordPolicy passwordPolicy) {
072 if (PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_GENERATOR.equals(
073 "static")) {
074
075 return generateStatic(passwordPolicy);
076 }
077 else {
078 return generateDynamic(passwordPolicy);
079 }
080 }
081
082 @Override
083 public void validate(
084 long userId, String password1, String password2,
085 PasswordPolicy passwordPolicy)
086 throws PortalException {
087
088 if (passwordPolicy.isCheckSyntax()) {
089 if (!passwordPolicy.isAllowDictionaryWords() &&
090 WordsUtil.isDictionaryWord(password1)) {
091
092 throw new UserPasswordException.MustNotContainDictionaryWords(
093 userId, WordsUtil.getDictionaryList());
094 }
095
096 if (password1.length() < passwordPolicy.getMinLength()) {
097 throw new UserPasswordException.MustBeLonger(
098 userId, passwordPolicy.getMinLength());
099 }
100
101 if ((getUsageCount(password1, _alphanumericCharsetArray) <
102 passwordPolicy.getMinAlphanumeric()) ||
103 (getUsageCount(password1, _lowerCaseCharsetArray) <
104 passwordPolicy.getMinLowerCase()) ||
105 (getUsageCount(password1, _numbersCharsetArray) <
106 passwordPolicy.getMinNumbers()) ||
107 (getUsageCount(password1, _symbolsCharsetArray) <
108 passwordPolicy.getMinSymbols()) ||
109 (getUsageCount(password1, _upperCaseCharsetArray) <
110 passwordPolicy.getMinUpperCase())) {
111
112 throw new UserPasswordException.MustNotBeTrivial(userId);
113 }
114
115 String regex = passwordPolicy.getRegex();
116
117 if (Validator.isNotNull(regex) && !password1.matches(regex)) {
118 throw new UserPasswordException.MustComplyWithRegex(
119 userId, regex);
120 }
121 }
122
123 if (!passwordPolicy.isChangeable() && (userId != 0)) {
124 throw new UserPasswordException.MustNotBeChanged(userId);
125 }
126
127 if (userId == 0) {
128 return;
129 }
130
131 User user = UserLocalServiceUtil.getUserById(userId);
132
133 Date passwordModfiedDate = user.getPasswordModifiedDate();
134
135 if (passwordModfiedDate != null) {
136 Date now = new Date();
137
138 long passwordModificationElapsedTime =
139 now.getTime() - passwordModfiedDate.getTime();
140
141 long minAge = passwordPolicy.getMinAge() * 1000;
142
143 if ((passwordModificationElapsedTime < minAge) &&
144 !user.getPasswordReset()) {
145
146 throw new UserPasswordException.MustNotBeChangedYet(
147 userId, new Date(passwordModfiedDate.getTime() + minAge));
148 }
149 }
150
151 if (PasswordTrackerLocalServiceUtil.isSameAsCurrentPassword(
152 userId, password1)) {
153
154 throw new UserPasswordException.MustNotBeEqualToCurrent(userId);
155 }
156 else if (!PasswordTrackerLocalServiceUtil.isValidPassword(
157 userId, password1)) {
158
159 throw new UserPasswordException.MustNotBeRecentlyUsed(userId);
160 }
161 }
162
163 protected String generateDynamic(PasswordPolicy passwordPolicy) {
164 int alphanumericActualMinLength =
165 passwordPolicy.getMinLowerCase() + passwordPolicy.getMinNumbers() +
166 passwordPolicy.getMinUpperCase();
167
168 int alphanumericMinLength = Math.max(
169 passwordPolicy.getMinAlphanumeric(), alphanumericActualMinLength);
170 int passwordMinLength = Math.max(
171 passwordPolicy.getMinLength(),
172 alphanumericMinLength + passwordPolicy.getMinSymbols());
173
174 StringBundler sb = new StringBundler(6);
175
176 if (passwordPolicy.getMinLowerCase() > 0) {
177 sb.append(
178 getRandomString(
179 passwordPolicy.getMinLowerCase(), _lowerCaseCharsetArray));
180 }
181
182 if (passwordPolicy.getMinNumbers() > 0) {
183 sb.append(
184 getRandomString(
185 passwordPolicy.getMinNumbers(), _numbersCharsetArray));
186 }
187
188 if (passwordPolicy.getMinSymbols() > 0) {
189 sb.append(
190 getRandomString(
191 passwordPolicy.getMinSymbols(), _symbolsCharsetArray));
192 }
193
194 if (passwordPolicy.getMinUpperCase() > 0) {
195 sb.append(
196 getRandomString(
197 passwordPolicy.getMinUpperCase(), _upperCaseCharsetArray));
198 }
199
200 if (alphanumericMinLength > alphanumericActualMinLength) {
201 int count = alphanumericMinLength - alphanumericActualMinLength;
202
203 sb.append(getRandomString(count, _alphanumericCharsetArray));
204 }
205
206 if (passwordMinLength >
207 (alphanumericMinLength + passwordPolicy.getMinSymbols())) {
208
209 int count =
210 passwordMinLength -
211 (alphanumericMinLength + passwordPolicy.getMinSymbols());
212
213 sb.append(PwdGenerator.getPassword(_completeCharset, count));
214 }
215
216 if (sb.index() == 0) {
217 sb.append(
218 PwdGenerator.getPassword(
219 _completeCharset,
220 PropsValues.PASSWORDS_DEFAULT_POLICY_MIN_LENGTH));
221 }
222
223 return RandomUtil.shuffle(new SecureRandom(), sb.toString());
224 }
225
226 protected String generateStatic(PasswordPolicy passwordPolicy) {
227 return PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_STATIC;
228 }
229
230 protected String getRandomString(int count, char[] chars) {
231 Random random = new SecureRandom();
232
233 StringBundler sb = new StringBundler(count);
234
235 for (int i = 0; i < count; i++) {
236 int index = random.nextInt(chars.length);
237
238 sb.append(chars[index]);
239 }
240
241 return sb.toString();
242 }
243
244 protected char[] getSortedCharArray(String s) {
245 char[] chars = s.toCharArray();
246
247 Arrays.sort(chars);
248
249 return chars;
250 }
251
252 protected int getUsageCount(String s, char[] chars) {
253 int count = 0;
254
255 for (int i = 0; i < s.length(); i++) {
256 if (Arrays.binarySearch(chars, s.charAt(i)) >= 0) {
257 count++;
258 }
259 }
260
261 return count;
262 }
263
264 private char[] _alphanumericCharsetArray;
265 private String _completeCharset;
266 private char[] _lowerCaseCharsetArray;
267 private char[] _numbersCharsetArray;
268 private char[] _symbolsCharsetArray;
269 private char[] _upperCaseCharsetArray;
270
271 }