001
014
015 package com.liferay.portal.security.pwd;
016
017 import com.liferay.portal.PwdEncryptorException;
018 import com.liferay.portal.kernel.log.Log;
019 import com.liferay.portal.kernel.log.LogFactoryUtil;
020 import com.liferay.portal.kernel.util.CharPool;
021 import com.liferay.portal.kernel.util.PropsKeys;
022 import com.liferay.portal.kernel.util.StringBundler;
023 import com.liferay.portal.kernel.util.StringPool;
024 import com.liferay.portal.kernel.util.Validator;
025 import com.liferay.portal.util.PropsValues;
026
027
030 public class LegacyAlgorithmAwarePasswordEncryptor
031 extends BasePasswordEncryptor {
032
033 @Override
034 public String[] getSupportedAlgorithmTypes() {
035 return _parentPasswordEncryptor.getSupportedAlgorithmTypes();
036 }
037
038 public void setParentPasswordEncryptor(
039 PasswordEncryptor defaultPasswordEncryptor) {
040
041 _parentPasswordEncryptor = defaultPasswordEncryptor;
042 }
043
044 @Override
045 protected String doEncrypt(
046 String algorithm, String plainTextPassword,
047 String encryptedPassword)
048 throws PwdEncryptorException {
049
050 if (Validator.isNull(
051 PropsValues.PASSWORDS_ENCRYPTION_ALGORITHM_LEGACY)) {
052
053 if (_log.isDebugEnabled()) {
054 _log.debug(
055 "Skipping passwords upgrade scheme because " +
056 PropsKeys.PASSWORDS_ENCRYPTION_ALGORITHM_LEGACY +
057 " is blank");
058 }
059
060 try {
061 return _parentPasswordEncryptor.encrypt(
062 algorithm, plainTextPassword, encryptedPassword);
063 }
064 catch (Exception e) {
065 StringBundler sb = new StringBundler(5);
066
067 sb.append("Password upgrade was not successfully configured. ");
068 sb.append("Please set the property ");
069 sb.append("\"passwords.encryption.algorithm.legacy\" with ");
070 sb.append("the previous password encryption algorithm and ");
071 sb.append("restart.");
072
073 throw new PwdEncryptorException(sb.toString(), e);
074 }
075 }
076
077 if (_log.isDebugEnabled()) {
078 String message =
079 "Using legacy detection scheme for algorithm " + algorithm +
080 " with current password ";
081
082 if (Validator.isNull(encryptedPassword)) {
083 message += "empty";
084 }
085 else {
086 message += "provided";
087 }
088
089 _log.debug(message);
090 }
091
092 boolean prependAlgorithm = true;
093
094 if (Validator.isNotNull(encryptedPassword) &&
095 (encryptedPassword.charAt(0) != CharPool.OPEN_CURLY_BRACE)) {
096
097 algorithm = PropsValues.PASSWORDS_ENCRYPTION_ALGORITHM_LEGACY;
098
099 prependAlgorithm = false;
100
101 if (_log.isDebugEnabled()) {
102 _log.debug("Using legacy algorithm " + algorithm);
103 }
104 }
105 else if (Validator.isNotNull(encryptedPassword) &&
106 (encryptedPassword.charAt(0) == CharPool.OPEN_CURLY_BRACE)) {
107
108 int index = encryptedPassword.indexOf(CharPool.CLOSE_CURLY_BRACE);
109
110 if (index > 0) {
111 algorithm = encryptedPassword.substring(1, index);
112
113 encryptedPassword = encryptedPassword.substring(index + 1);
114 }
115
116 if (_log.isDebugEnabled()) {
117 _log.debug("Upgraded password to use algorithm " + algorithm);
118 }
119 }
120
121 String newEncryptedPassword = _parentPasswordEncryptor.encrypt(
122 algorithm, plainTextPassword, encryptedPassword);
123
124 if (!prependAlgorithm) {
125 if (_log.isDebugEnabled()) {
126 _log.debug(
127 "Generated password without algorithm prefix using " +
128 algorithm);
129 }
130
131 return newEncryptedPassword;
132 }
133
134 if (_log.isDebugEnabled()) {
135 _log.debug(
136 "Generated password with algorithm prefix using " + algorithm);
137 }
138
139 StringBundler sb = new StringBundler(4);
140
141 sb.append(StringPool.OPEN_CURLY_BRACE);
142 sb.append(getAlgorithmName(algorithm));
143 sb.append(StringPool.CLOSE_CURLY_BRACE);
144 sb.append(newEncryptedPassword);
145
146 return sb.toString();
147 }
148
149 protected String getAlgorithmName(String algorithm) {
150 int index = algorithm.indexOf(CharPool.SLASH);
151
152 if (index > 0) {
153 return algorithm.substring(0, index);
154 }
155
156 return algorithm;
157 }
158
159 private static Log _log = LogFactoryUtil.getLog(
160 LegacyAlgorithmAwarePasswordEncryptor.class);
161
162 private PasswordEncryptor _parentPasswordEncryptor;
163
164 }