CodecCrypt.java

  1. /*
  2.  * GovWay - A customizable API Gateway 
  3.  * https://govway.org
  4.  * 
  5.  * Copyright (c) 2005-2025 Link.it srl (https://link.it). 
  6.  * 
  7.  * This program is free software: you can redistribute it and/or modify
  8.  * it under the terms of the GNU General Public License version 3, as published by
  9.  * the Free Software Foundation.
  10.  *
  11.  * This program is distributed in the hope that it will be useful,
  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14.  * GNU General Public License for more details.
  15.  *
  16.  * You should have received a copy of the GNU General Public License
  17.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18.  *
  19.  */

  21. package org.openspcoop2.utils.crypt;

  23. import org.openspcoop2.utils.UtilsException;
  24. import org.openspcoop2.utils.random.RandomGenerator;
  25. import org.slf4j.Logger;

  27. /**
  28.  * CodecCrypt
  29.  *
  30.  * @author Poli Andrea (apoli@link.it)
  31.  * @author $Author$
  32.  * @version $Rev$, $Date$
  33.  */
  34. public class CodecCrypt implements ICrypt {

  36.     private static final String ITERATOR = "rounds=";
  37.     
  38.     private Logger log;
  39.     private CodecType type;
  40.     private CryptConfig config;
  41.     private RandomGenerator randomGenerator;

  43.     public CodecCrypt(CodecType type){
  44.         this.type = type;
  45.         if(this.type == null) {
  46.             this.type = CodecType.SHA2_BASED_UNIX_CRYPT_SHA256;
  47.         }
  48.     }
  49.     
  50.     @Override
  51.     public void init(Logger log, CryptConfig config) {
  52.         this.log = log;
  53.         
  54.         this.config = config;
  55.         if(this.config == null) {
  56.             this.config = new CryptConfig();
  57.         }
  58.         
  59.         this.randomGenerator = new RandomGenerator(this.config.isUseSecureRandom(), this.config.getAlgorithmSecureRandom());
  60.     }
  61.     
  62.     @Override
  63.     public String crypt(String password) throws UtilsException {
  64.         
  65.         Integer saltLength = this.config.getSaltLength();
  66.         if(saltLength==null) {
  67.             switch (this.type) {
  68.             case LIBC_CRYPT_MD5:
  69.             case LIBC_CRYPT_MD5_APACHE:
  70.                 saltLength = 8;
  71.                 break;
  72.             case SHA2_BASED_UNIX_CRYPT_SHA256:
  73.             case SHA2_BASED_UNIX_CRYPT_SHA512:
  74.                 saltLength = 16;
  75.                 break;
  76.             case DES_UNIX_CRYPT:
  77.                 saltLength = 2;
  78.                 break;
  79.             }
  80.         }
  81.         
  82.         if(this.randomGenerator==null) {
  83.             throw new UtilsException("RandomGenerator undefined");
  84.         }
  85.         String salt = this.randomGenerator.nextRandom(saltLength);
  86.                 
  87.         if(!CodecType.DES_UNIX_CRYPT.equals(this.type)) {
  88.             
  89.             //   a) the salt salt_prefix, $5$ or $6$ respectively
  90.             //   b) the rounds=<N> specification, if one was present in the input salt string. A trailing '$' is added in this case to separate the rounds specification from the following text.
  91.             //   c) the salt string truncated to 16 characters (solo per SHA2)
  92.             //   d) a '$' character
  93.             
  94.             StringBuilder sb = new StringBuilder();
  95.             String prefix = this.type.getPrefix();
  96.             if(salt.startsWith(prefix) && salt.length()>prefix.length()) {
  97.                 salt = salt.substring(prefix.length());
  98.             }
  99.             sb.append(prefix);
  100.             
  101.             if(this.config.getIteration()!=null && this.config.getIteration().intValue()>0 &&
  102.                     (CodecType.SHA2_BASED_UNIX_CRYPT_SHA256.equals(this.type) || CodecType.SHA2_BASED_UNIX_CRYPT_SHA512.equals(this.type)) &&
  103.                     !salt.startsWith(ITERATOR)) {
  104.                 sb.append(ITERATOR).append(this.config.getIteration().intValue()).append("$");
  105.                 sb.append(salt);
  106.             }
  107.             else {
  108.                 sb.append(salt);
  109.             }
  110.             
  111.             if(!salt.endsWith("$")) {
  112.                 sb.append("$");
  113.             }
  114.             
  115.             salt = sb.toString();
  116.         }
  117.         return this._crypt(password, salt);
  118.     }

  120.     @Override
  121.     public boolean check(String password, String pwcrypt) {
  122.         try{
  123.             boolean checkPwS = false;
  124.             String newPw = this._crypt(password, pwcrypt);
  125.             if (newPw.equals(pwcrypt)) {
  126.                 checkPwS = true;
  127.             }
  128.             return checkPwS;
  129.         }catch(Throwable e){
  130.             if(this.log!=null) {
  131.                 this.log.error("Verifica password '"+pwcrypt+"' fallita: "+e.getMessage(),e);
  132.             }
  133.             return false;
  134.         }
  135.     }

  137.     private String _crypt(String password, String salt) throws UtilsException {
  138.         
  139.         byte [] keyBytes = null;
  140.         try {
  141.             keyBytes = password.getBytes(this.config.getCharsetName());
  142.         }catch(Throwable e){
  143.             throw new UtilsException(e.getMessage(), e);
  144.         }
  145.         switch (this.type) {
  146.             case LIBC_CRYPT_MD5:
  147.                 if(salt!=null) {
  148.                     return org.apache.commons.codec.digest.Md5Crypt.md5Crypt(keyBytes, salt);
  149.                 }
  150.                 else {
  151.                     return org.apache.commons.codec.digest.Md5Crypt.md5Crypt(keyBytes);
  152.                 }
  153.             case LIBC_CRYPT_MD5_APACHE:
  154.                 if(salt!=null) {
  155.                     return org.apache.commons.codec.digest.Md5Crypt.apr1Crypt(keyBytes, salt);
  156.                 }
  157.                 else {
  158.                     return org.apache.commons.codec.digest.Md5Crypt.apr1Crypt(keyBytes);
  159.                 }
  160.             case SHA2_BASED_UNIX_CRYPT_SHA256:
  161.                 if(salt!=null) {
  162.                     return org.apache.commons.codec.digest.Sha2Crypt.sha256Crypt(keyBytes, salt);
  163.                 }
  164.                 else {
  165.                     return org.apache.commons.codec.digest.Sha2Crypt.sha256Crypt(keyBytes);
  166.                 }
  167.             case SHA2_BASED_UNIX_CRYPT_SHA512:
  168.                 if(salt!=null) {
  169.                     return org.apache.commons.codec.digest.Sha2Crypt.sha512Crypt(keyBytes, salt);
  170.                 }
  171.                 else {
  172.                     return org.apache.commons.codec.digest.Sha2Crypt.sha512Crypt(keyBytes);
  173.                 }
  174.             case DES_UNIX_CRYPT:
  175.                 if(salt!=null) {
  176.                     return org.apache.commons.codec.digest.UnixCrypt.crypt(keyBytes, salt);
  177.                 }
  178.                 else {
  179.                     return org.apache.commons.codec.digest.UnixCrypt.crypt(keyBytes);
  180.                 }
  181.         }
  182.         
  183.         throw new UtilsException("Unsupported type '"+this.type+"'");
  184.     }

  186. }
Created with JaCoCo 0.8.8.202204050719