MD5Crypt.java

  1. /*
  2.  * GovWay - A customizable API Gateway 
  3.  * https://govway.org
  4.  * 
  5.  * Copyright (c) 2005-2025 Link.it srl (https://link.it). 
  6.  * 
  7.  * This program is free software: you can redistribute it and/or modify
  8.  * it under the terms of the GNU General Public License version 3, as published by
  9.  * the Free Software Foundation.
  10.  *
  11.  * This program is distributed in the hope that it will be useful,
  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14.  * GNU General Public License for more details.
  15.  *
  16.  * You should have received a copy of the GNU General Public License
  17.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18.  *
  19.  */


  22. package org.openspcoop2.utils.crypt;

  24. import java.security.MessageDigest;
  25. import java.security.NoSuchAlgorithmException;
  26. import java.security.SecureRandom;

  28. import org.openspcoop2.utils.random.RandomGenerator;

  30. /**
  31.  * A Java Implementation of the MD5Crypt function Modified from the GANYMEDE
  32.  * network directory management system released under the GNU General Public
  33.  * License by the University of Texas at Austin
  34.  * http://tools.arlut.utexas.edu/gash2/ Original version from :Jonathan Abbey,
  35.  * jonabbey@arlut.utexas.edu Modified by: Vladimir Silva,
  36.  * vladimir_silva@yahoo.com Modification history: 9/2005 - Removed dependencies
  37.  * on a MD5 private implementation - Added built-in java.security.MessageDigest
  38.  * (MD5) support - Code cleanup
  39.  *
  40.  * @author Sandra Giangrandi (sandra@link.it)
  41.  * @author $Author$
  42.  * @version $Rev$, $Date$
  43.  */

  45. @Deprecated
  46. public class MD5Crypt {
  47.     // Character set allowed for the salt string
  48.     static private final String SALTCHARS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";

  50.     // Character set of the encrypted password: A-Za-z0-9./
  51.     static private final String itoa64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";

  53.     public static String newSalt() {

  55.         int c = 0;
  56.         byte[] arrByte = new byte[2];

  58.         RandomGenerator randomGenerator = new RandomGenerator(false);
  59.         randomGenerator.nextRandomBytes(arrByte);
  60.         
  61.         for (int i = 0; i<2; i++) {
  62.             c = arrByte[i] >> 6;  // div(64)
  63.             c = ((arrByte[i] & 0xff) - (c<<6));
  64.             if ( c <= 11 ) // 46-57 ./0..9
  65.                 c+=46;
  66.             if ( c >= 12 && c <= 37 ) // 65-90 a..z
  67.                c+=(65-12);     
  68.             if ( c >= 38 && c <= 63 ) // 97-122 A..Z
  69.                 c+=(97-38);
  70.             arrByte[i] = (byte) c;
  71.         }

  73.         String pw = new String(arrByte);
  74.         return pw;
  75.     }
  76.     
  77.     /**
  78.      * Function to return a string from the set: A-Za-z0-9./
  79.      * 
  80.      * @return A string of size (size) from the set A-Za-z0-9./
  81.      * @param size
  82.      *            Length of the string
  83.      * @param v
  84.      *            value to be converted
  85.      */
  86.     static private final String to64(long v, int size) {
  87.         StringBuilder result = new StringBuilder();

  89.         while (--size >= 0) {
  90.             result.append(MD5Crypt.itoa64.charAt((int) (v & 0x3f)));
  91.             v >>>= 6;
  92.         }

  94.         return result.toString();
  95.     }

  97.     static private final void clearbits(byte bits[]) {
  98.         for (int i = 0; i < bits.length; i++) {
  99.             bits[i] = 0;
  100.         }
  101.     }

  103.     /**
  104.      * convert an encoded unsigned byte value into a int with the unsigned
  105.      * value.
  106.      */
  107.     static private final int bytes2u(byte inp) {
  108.         return inp & 0xff;
  109.     }

  111.     private static SecureRandom _rnd = null;
  112.     private static synchronized void initRandom() {
  113.         if(_rnd==null) {
  114.             _rnd = new SecureRandom();
  115.         }
  116.     }
  117.     private static java.util.Random getRandom() {
  118.         if(_rnd==null) {
  119.             initRandom();
  120.         }
  121.         return _rnd;
  122.     }
  123.     
  124.     /**
  125.      * LINUX/BSD MD5Crypt function
  126.      * 
  127.      * @return The encrypted password as an MD5 hash
  128.      * @param password
  129.      *            Password to be encrypted
  130.      */
  131.     static public final String crypt(String password) {
  132.         StringBuilder salt = new StringBuilder();

  134.         // build a random 8 chars salt
  135.         while (salt.length() < 8) {
  136.             int index = (int) (getRandom().nextFloat() * MD5Crypt.SALTCHARS.length());
  137.             salt.append(MD5Crypt.SALTCHARS.substring(index, index + 1));
  138.         }

  140.         // crypt
  141.         return MD5Crypt.crypt(password, salt.toString(), "$1$");
  142.     }

  144.     /**
  145.      * LINUX/BSD MD5Crypt function
  146.      * 
  147.      * @return The encrypted password as an MD5 hash
  148.      * @param salt
  149.      *            Random string used to initialize the MD5 engine
  150.      * @param password
  151.      *            Password to be encrypted
  152.      */
  153.     static public final String crypt(String password, String salt) {
  154.         return MD5Crypt.crypt(password, salt, "$1$");
  155.     }

  157.     /**
  158.      * Linux/BSD MD5Crypt function
  159.      * 
  160.      * @throws java.lang.Exception
  161.      * @return The encrypted password as an MD5 hash
  162.      * @param magic
  163.      *            $1$ for Linux/BSB, $apr1$ for Apache crypt
  164.      * @param salt
  165.      *            8 byte permutation string
  166.      * @param password
  167.      *            user password
  168.      */
  169.     static public final String crypt(String password, String salt, String magic) {

  171.         byte finalState[];
  172.         long l;

  174.         /**
  175.          * Two MD5 hashes are used
  176.          */
  177.         MessageDigest ctx, ctx1;

  179.         try {
  180.             ctx = MessageDigest.getInstance("MD5");
  181.             ctx1 = MessageDigest.getInstance("MD5");
  182.         } catch (NoSuchAlgorithmException ex) {
  183.             System.err.println(ex);
  184.             return null;
  185.         }

  187.         /* Refine the Salt first */
  188.         /* If it starts with the magic string, then skip that */

  190.         if (salt.startsWith(magic)) {
  191.             salt = salt.substring(magic.length());
  192.         }

  194.         /* It stops at the first '$', max 8 chars */

  196.         if (salt.indexOf('$') != -1) {
  197.             salt = salt.substring(0, salt.indexOf('$'));
  198.         }

  200.         if (salt.length() > 8) {
  201.             salt = salt.substring(0, 8);
  202.         }

  204.         /**
  205.          * Transformation set #1: The password first, since that is what is most
  206.          * unknown Magic string Raw salt
  207.          */
  208.         ctx.update(password.getBytes());
  209.         ctx.update(magic.getBytes());
  210.         ctx.update(salt.getBytes());

  212.         /* Then just as many characters of the MD5(pw,salt,pw) */

  214.         ctx1.update(password.getBytes());
  215.         ctx1.update(salt.getBytes());
  216.         ctx1.update(password.getBytes());
  217.         finalState = ctx1.digest(); // ctx1.Final();

  219.         for (int pl = password.length(); pl > 0; pl -= 16) {
  220.             ctx.update(finalState, 0, pl > 16 ? 16 : pl);
  221.         }

  223.         /**
  224.          * the original code claimed that finalState was being cleared to keep
  225.          * dangerous bits out of memory, but doing this is also required in
  226.          * order to get the right output.
  227.          */

  229.         MD5Crypt.clearbits(finalState);

  231.         /* Then something really weird... */

  233.         for (int i = password.length(); i != 0; i >>>= 1) {
  234.             if ((i & 1) != 0) {
  235.                 ctx.update(finalState, 0, 1);
  236.             } else {
  237.                 ctx.update(password.getBytes(), 0, 1);
  238.             }
  239.         }

  241.         finalState = ctx.digest();

  243.         /**
  244.          * and now, just to make sure things don't run too fast On a 60 Mhz
  245.          * Pentium this takes 34 msec, so you would need 30 seconds to build a
  246.          * 1000 entry dictionary... (The above timings from the C version)
  247.          */

  249.         for (int i = 0; i < 1000; i++) {
  250.             try {
  251.                 ctx1 = MessageDigest.getInstance("MD5");
  252.             } catch (NoSuchAlgorithmException e0) {
  253.                 return null;
  254.             }

  256.             if ((i & 1) != 0) {
  257.                 ctx1.update(password.getBytes());
  258.             } else {
  259.                 ctx1.update(finalState, 0, 16);
  260.             }

  262.             if ((i % 3) != 0) {
  263.                 ctx1.update(salt.getBytes());
  264.             }

  266.             if ((i % 7) != 0) {
  267.                 ctx1.update(password.getBytes());
  268.             }

  270.             if ((i & 1) != 0) {
  271.                 ctx1.update(finalState, 0, 16);
  272.             } else {
  273.                 ctx1.update(password.getBytes());
  274.             }

  276.             finalState = ctx1.digest(); // Final();
  277.         }

  279.         /* Now make the output string */

  281.         StringBuilder result = new StringBuilder();

  283.         result.append(magic);
  284.         result.append(salt);
  285.         result.append("$");

  287.         /**
  288.          * Build a 22 byte output string from the set: A-Za-z0-9./
  289.          */
  290.         l = (MD5Crypt.bytes2u(finalState[0]) << 16) | (MD5Crypt.bytes2u(finalState[6]) << 8) | MD5Crypt.bytes2u(finalState[12]);
  291.         result.append(MD5Crypt.to64(l, 4));

  293.         l = (MD5Crypt.bytes2u(finalState[1]) << 16) | (MD5Crypt.bytes2u(finalState[7]) << 8) | MD5Crypt.bytes2u(finalState[13]);
  294.         result.append(MD5Crypt.to64(l, 4));

  296.         l = (MD5Crypt.bytes2u(finalState[2]) << 16) | (MD5Crypt.bytes2u(finalState[8]) << 8) | MD5Crypt.bytes2u(finalState[14]);
  297.         result.append(MD5Crypt.to64(l, 4));

  299.         l = (MD5Crypt.bytes2u(finalState[3]) << 16) | (MD5Crypt.bytes2u(finalState[9]) << 8) | MD5Crypt.bytes2u(finalState[15]);
  300.         result.append(MD5Crypt.to64(l, 4));

  302.         l = (MD5Crypt.bytes2u(finalState[4]) << 16) | (MD5Crypt.bytes2u(finalState[10]) << 8) | MD5Crypt.bytes2u(finalState[5]);
  303.         result.append(MD5Crypt.to64(l, 4));

  305.         l = MD5Crypt.bytes2u(finalState[11]);
  306.         result.append(MD5Crypt.to64(l, 2));

  308.         /* Don't leave anything around in vm they could use. */
  309.         MD5Crypt.clearbits(finalState);

  311.         return result.toString();
  312.     }

  314.     /**
  315.      * Test subroutine
  316.      * 
  317.      * @param args
  318.      */
  319.     static final String USAGE = "MD5Crypt <password> <salt>";

  321.     public static void main(String[] args) {
  322.         try {
  323.             if (args.length != 2) {
  324.                 System.err.println(MD5Crypt.USAGE);
  325.             } else {
  326.                 System.out.println(MD5Crypt.crypt(args[0], args[1]));
  327.             }

  329.         } catch (Exception ex) {
  330.             System.err.println(ex);
  331.         }
  332.     }

  334. }
Created with JaCoCo 0.8.8.202204050719