001
014
015 package com.liferay.portal.security.pwd;
016
017 import com.liferay.portal.PwdEncryptorException;
018 import com.liferay.portal.kernel.io.BigEndianCodec;
019 import com.liferay.portal.kernel.security.SecureRandomUtil;
020 import com.liferay.portal.kernel.util.ArrayUtil;
021 import com.liferay.portal.kernel.util.Base64;
022 import com.liferay.portal.kernel.util.Digester;
023 import com.liferay.portal.kernel.util.Validator;
024
025 import java.io.UnsupportedEncodingException;
026
027 import java.security.MessageDigest;
028 import java.security.NoSuchAlgorithmException;
029
030
034 public class SSHAPasswordEncryptor
035 extends BasePasswordEncryptor implements PasswordEncryptor {
036
037 @Override
038 public String[] getSupportedAlgorithmTypes() {
039 return new String[] {PasswordEncryptorUtil.TYPE_SSHA};
040 }
041
042 @Override
043 protected String doEncrypt(
044 String algorithm, String plainTextPassword,
045 String encryptedPassword)
046 throws PwdEncryptorException {
047
048 byte[] saltBytes = getSaltBytes(encryptedPassword);
049
050 try {
051 MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
052
053 byte[] plainTextPasswordBytes = plainTextPassword.getBytes(
054 Digester.ENCODING);
055
056 byte[] messageDigestBytes = messageDigest.digest(
057 ArrayUtil.append(plainTextPasswordBytes, saltBytes));
058
059 return Base64.encode(
060 ArrayUtil.append(messageDigestBytes, saltBytes));
061 }
062 catch (NoSuchAlgorithmException nsae) {
063 throw new PwdEncryptorException(nsae.getMessage(), nsae);
064 }
065 catch (UnsupportedEncodingException uee) {
066 throw new PwdEncryptorException(uee.getMessage(), uee);
067 }
068 }
069
070 protected byte[] getSaltBytes(String encryptedPassword)
071 throws PwdEncryptorException {
072
073 byte[] saltBytes = new byte[8];
074
075 if (Validator.isNull(encryptedPassword)) {
076 BigEndianCodec.putLong(saltBytes, 0, SecureRandomUtil.nextLong());
077 }
078 else {
079 try {
080 byte[] encryptedPasswordBytes = Base64.decode(
081 encryptedPassword);
082
083 System.arraycopy(
084 encryptedPasswordBytes, encryptedPasswordBytes.length - 8,
085 saltBytes, 0, saltBytes.length);
086 }
087 catch (Exception e) {
088 throw new PwdEncryptorException(
089 "Unable to extract salt from encrypted password " +
090 e.getMessage(),
091 e);
092 }
093 }
094
095 return saltBytes;
096 }
097
098 }