001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.pwd;
016    
017    import com.liferay.portal.PwdEncryptorException;
018    import com.liferay.portal.kernel.log.Log;
019    import com.liferay.portal.kernel.log.LogFactoryUtil;
020    import com.liferay.portal.kernel.util.CharPool;
021    import com.liferay.portal.kernel.util.PropsKeys;
022    import com.liferay.portal.kernel.util.StringBundler;
023    import com.liferay.portal.kernel.util.StringPool;
024    import com.liferay.portal.kernel.util.Validator;
025    import com.liferay.portal.util.PropsValues;
026    
027    /**
028     * @author Tomas Polesovsky
029     */
030    public class LegacyAlgorithmAwarePasswordEncryptor
031            extends BasePasswordEncryptor {
032    
033            @Override
034            public String[] getSupportedAlgorithmTypes() {
035                    return _parentPasswordEncryptor.getSupportedAlgorithmTypes();
036            }
037    
038            public void setParentPasswordEncryptor(
039                    PasswordEncryptor defaultPasswordEncryptor) {
040    
041                    _parentPasswordEncryptor = defaultPasswordEncryptor;
042            }
043    
044            @Override
045            protected String doEncrypt(
046                            String algorithm, String plainTextPassword,
047                            String encryptedPassword)
048                    throws PwdEncryptorException {
049    
050                    if (Validator.isNull(
051                                    PropsValues.PASSWORDS_ENCRYPTION_ALGORITHM_LEGACY)) {
052    
053                            if (_log.isDebugEnabled()) {
054                                    _log.debug(
055                                            "Skipping passwords upgrade scheme because " +
056                                                    PropsKeys.PASSWORDS_ENCRYPTION_ALGORITHM_LEGACY +
057                                                            " is blank");
058                            }
059    
060                            try {
061                                    return _parentPasswordEncryptor.encrypt(
062                                            algorithm, plainTextPassword, encryptedPassword);
063                            }
064                            catch (Exception e) {
065                                    StringBundler sb = new StringBundler(5);
066    
067                                    sb.append("Password upgrade was not successfully configured. ");
068                                    sb.append("Please set the property ");
069                                    sb.append("\"passwords.encryption.algorithm.legacy\" with ");
070                                    sb.append("the previous password encryption algorithm and ");
071                                    sb.append("restart.");
072    
073                                    throw new PwdEncryptorException(sb.toString(), e);
074                            }
075                    }
076    
077                    if (_log.isDebugEnabled()) {
078                            String message =
079                                    "Using legacy detection scheme for algorithm " + algorithm +
080                                            " with current password ";
081    
082                            if (Validator.isNull(encryptedPassword)) {
083                                    message += "empty";
084                            }
085                            else {
086                                    message += "provided";
087                            }
088    
089                            _log.debug(message);
090                    }
091    
092                    boolean prependAlgorithm = true;
093    
094                    if (Validator.isNotNull(encryptedPassword) &&
095                            (encryptedPassword.charAt(0) != CharPool.OPEN_CURLY_BRACE)) {
096    
097                            algorithm = PropsValues.PASSWORDS_ENCRYPTION_ALGORITHM_LEGACY;
098    
099                            prependAlgorithm = false;
100    
101                            if (_log.isDebugEnabled()) {
102                                    _log.debug("Using legacy algorithm " + algorithm);
103                            }
104                    }
105                    else if (Validator.isNotNull(encryptedPassword) &&
106                                     (encryptedPassword.charAt(0) == CharPool.OPEN_CURLY_BRACE)) {
107    
108                            int index = encryptedPassword.indexOf(CharPool.CLOSE_CURLY_BRACE);
109    
110                            if (index > 0) {
111                                    algorithm = encryptedPassword.substring(1, index);
112    
113                                    encryptedPassword = encryptedPassword.substring(index + 1);
114                            }
115    
116                            if (_log.isDebugEnabled()) {
117                                    _log.debug("Upgraded password to use algorithm " + algorithm);
118                            }
119                    }
120    
121                    String newEncryptedPassword = _parentPasswordEncryptor.encrypt(
122                            algorithm, plainTextPassword, encryptedPassword);
123    
124                    if (!prependAlgorithm) {
125                            if (_log.isDebugEnabled()) {
126                                    _log.debug(
127                                            "Generated password without algorithm prefix using " +
128                                                    algorithm);
129                            }
130    
131                            return newEncryptedPassword;
132                    }
133    
134                    if (_log.isDebugEnabled()) {
135                            _log.debug(
136                                    "Generated password with algorithm prefix using " + algorithm);
137                    }
138    
139                    StringBundler sb = new StringBundler(4);
140    
141                    sb.append(StringPool.OPEN_CURLY_BRACE);
142                    sb.append(getAlgorithmName(algorithm));
143                    sb.append(StringPool.CLOSE_CURLY_BRACE);
144                    sb.append(newEncryptedPassword);
145    
146                    return sb.toString();
147            }
148    
149            protected String getAlgorithmName(String algorithm) {
150                    int index = algorithm.indexOf(CharPool.SLASH);
151    
152                    if (index > 0) {
153                            return algorithm.substring(0, index);
154                    }
155    
156                    return algorithm;
157            }
158    
159            private static Log _log = LogFactoryUtil.getLog(
160                    LegacyAlgorithmAwarePasswordEncryptor.class);
161    
162            private PasswordEncryptor _parentPasswordEncryptor;
163    
164    }