AlgorithmUpgradePBEPasswordService xref

View Javadoc

1   /* 
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8    *
9    *     http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  package org.apache.jetspeed.security.spi.impl;
18  
19  import java.security.NoSuchAlgorithmException;
20  import java.security.spec.InvalidKeySpecException;
21  import java.sql.Timestamp;
22  import java.text.ParseException;
23  import java.text.SimpleDateFormat;
24  import org.apache.jetspeed.security.AlgorithmUpgradePasswordEncodingService;
25  import org.apache.jetspeed.security.PasswordCredential;
26  import org.apache.jetspeed.security.SecurityException;
27  import org.apache.jetspeed.security.om.InternalCredential;
28  import org.apache.jetspeed.security.spi.AlgorithmUpgradeCredentialPasswordEncoder;
29  import org.apache.jetspeed.security.spi.CredentialPasswordEncoder;
30  
31  /***
32   * <p>
33   * MessageDigestToPBEPasswordUpgradeService allows for migrating from a MessageDigestCredentialPasswordEncoder
34   * to the PBEPasswordService
35   * </p>
36   * 
37   * @author <a href="mailto:ate@douma.nu">Ate Douma</a>
38   * @version $Id:$
39   */
40  public class AlgorithmUpgradePBEPasswordService extends PBEPasswordService implements AlgorithmUpgradeCredentialPasswordEncoder, AlgorithmUpgradePasswordEncodingService
41  {
42      private CredentialPasswordEncoder oldEncoder;
43      private Timestamp startPBEPasswordEncoding;
44      
45      public AlgorithmUpgradePBEPasswordService(String pbePassword, CredentialPasswordEncoder oldEncoder, String startPBEPasswordEncoding) throws InvalidKeySpecException,
46              NoSuchAlgorithmException, ParseException
47      {
48          super(pbePassword);
49          this.oldEncoder = oldEncoder;
50          SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
51          this.startPBEPasswordEncoding = new Timestamp(df.parse(startPBEPasswordEncoding).getTime());
52      }
53      
54      /* (non-Javadoc)
55       * @see org.apache.jetspeed.security.AlgorithmUpgradePasswordEncodingService#usesOldEncodingAlgorithm(org.apache.jetspeed.security.PasswordCredential)
56       */
57      public boolean usesOldEncodingAlgorithm(PasswordCredential credential)
58      {
59          return usesOldEncodingAlgorithm(credential.isEnabled(), credential.getLastAuthenticationDate(), credential.getPreviousAuthenticationDate());
60      }
61  
62      /* (non-Javadoc)
63       * @see org.apache.jetspeed.security.spi.AlgorithmUpgradeCredentialPasswordEncoder#encode(java.lang.String, java.lang.String, org.apache.jetspeed.security.om.InternalCredential)
64       */
65      public String encode(String userName, String clearTextPassword, InternalCredential credential) throws SecurityException
66      {
67          if ( usesOldEncodingAlgorithm(credential.isEnabled(), credential.getLastAuthenticationDate(), credential.getPreviousAuthenticationDate()))
68          {
69              return oldEncoder.encode(userName, clearTextPassword);
70          }
71          else
72          {
73              return encode(userName, clearTextPassword);
74          }
75      }
76  
77      /* (non-Javadoc)
78       * @see org.apache.jetspeed.security.spi.AlgorithmUpgradeCredentialPasswordEncoder#recodeIfNeeded(java.lang.String, java.lang.String, org.apache.jetspeed.security.om.InternalCredential)
79       */
80      public void recodeIfNeeded(String userName, String clearTextPassword, InternalCredential credential) throws SecurityException
81      {
82          if ( usesOldEncodingAlgorithm(credential.isEnabled(), credential.getLastAuthenticationDate(), credential.getPreviousAuthenticationDate()))
83          {
84              credential.setValue(encode(userName, clearTextPassword));
85          }
86      }
87      
88      private boolean usesOldEncodingAlgorithm(boolean encoded, Timestamp lastAuthDate, Timestamp prevAuthDate )
89      {
90          if ( encoded )
91          {
92              if ( lastAuthDate != null )
93              {
94                  return lastAuthDate.before(startPBEPasswordEncoding);
95              }
96              else if ( prevAuthDate != null )
97              {
98                  // password was created, but the user is not authenticated yet
99                  return prevAuthDate.before(startPBEPasswordEncoding);
100             }
101             else
102             {
103                 // not yet upgraded encoded password
104                 return true;
105             }
106         }
107         else
108         {
109             return false;
110         }
111     }
112 }