001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.pwd;
016    
017    import com.liferay.portal.PwdEncryptorException;
018    import com.liferay.portal.kernel.io.BigEndianCodec;
019    import com.liferay.portal.kernel.security.SecureRandomUtil;
020    import com.liferay.portal.kernel.util.ArrayUtil;
021    import com.liferay.portal.kernel.util.Base64;
022    import com.liferay.portal.kernel.util.Digester;
023    import com.liferay.portal.kernel.util.Validator;
024    
025    import java.io.UnsupportedEncodingException;
026    
027    import java.security.MessageDigest;
028    import java.security.NoSuchAlgorithmException;
029    
030    /**
031     * @author Michael C. Han
032     * @author Tomas Polesovsky
033     */
034    public class SSHAPasswordEncryptor
035            extends BasePasswordEncryptor implements PasswordEncryptor {
036    
037            @Override
038            public String[] getSupportedAlgorithmTypes() {
039                    return new String[] {PasswordEncryptorUtil.TYPE_SSHA};
040            }
041    
042            @Override
043            protected String doEncrypt(
044                            String algorithm, String plainTextPassword,
045                            String encryptedPassword)
046                    throws PwdEncryptorException {
047    
048                    byte[] saltBytes = getSaltBytes(encryptedPassword);
049    
050                    try {
051                            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
052    
053                            byte[] plainTextPasswordBytes = plainTextPassword.getBytes(
054                                    Digester.ENCODING);
055    
056                            byte[] messageDigestBytes = messageDigest.digest(
057                                    ArrayUtil.append(plainTextPasswordBytes, saltBytes));
058    
059                            return Base64.encode(
060                                    ArrayUtil.append(messageDigestBytes, saltBytes));
061                    }
062                    catch (NoSuchAlgorithmException nsae) {
063                            throw new PwdEncryptorException(nsae.getMessage(), nsae);
064                    }
065                    catch (UnsupportedEncodingException uee) {
066                            throw new PwdEncryptorException(uee.getMessage(), uee);
067                    }
068            }
069    
070            protected byte[] getSaltBytes(String encryptedPassword)
071                    throws PwdEncryptorException {
072    
073                    byte[] saltBytes = new byte[8];
074    
075                    if (Validator.isNull(encryptedPassword)) {
076                            BigEndianCodec.putLong(saltBytes, 0, SecureRandomUtil.nextLong());
077                    }
078                    else {
079                            try {
080                                    byte[] encryptedPasswordBytes = Base64.decode(
081                                            encryptedPassword);
082    
083                                    System.arraycopy(
084                                            encryptedPasswordBytes, encryptedPasswordBytes.length - 8,
085                                            saltBytes, 0, saltBytes.length);
086                            }
087                            catch (Exception e) {
088                                    throw new PwdEncryptorException(
089                                            "Unable to extract salt from encrypted password " +
090                                                    e.getMessage(),
091                                            e);
092                            }
093                    }
094    
095                    return saltBytes;
096            }
097    
098    }