PBEKeySpecCrypt.java

  1. /*
  2.  * GovWay - A customizable API Gateway 
  3.  * https://govway.org
  4.  * 
  5.  * Copyright (c) 2005-2025 Link.it srl (https://link.it). 
  6.  * 
  7.  * This program is free software: you can redistribute it and/or modify
  8.  * it under the terms of the GNU General Public License version 3, as published by
  9.  * the Free Software Foundation.
  10.  *
  11.  * This program is distributed in the hope that it will be useful,
  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14.  * GNU General Public License for more details.
  15.  *
  16.  * You should have received a copy of the GNU General Public License
  17.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18.  *
  19.  */

  21. package org.openspcoop2.utils.crypt;

  23. import javax.crypto.SecretKeyFactory;
  24. import javax.crypto.spec.PBEKeySpec;

  26. import org.openspcoop2.utils.UtilsException;
  27. import org.openspcoop2.utils.io.Base64Utilities;
  28. import org.openspcoop2.utils.io.HexBinaryUtilities;
  29. import org.openspcoop2.utils.random.RandomGenerator;
  30. import org.slf4j.Logger;

  32. /**
  33.  * PBEKeySpecCrypt
  34.  *
  35.  * @author Poli Andrea (apoli@link.it)
  36.  * @author $Author$
  37.  * @version $Rev$, $Date$
  38.  */
  39. public class PBEKeySpecCrypt implements ICrypt {

  41.     private static final String PBE_ALGORITHM = "PBKDF2WithHmacSHA1";
  42.     
  43.     private Logger log;
  44.     private CryptConfig config;
  45.     private RandomGenerator randomGenerator;

  47.     public PBEKeySpecCrypt(){
  48.         
  49.     }
  50.     
  51.     @Override
  52.     public void init(Logger log, CryptConfig config) {
  53.         this.log = log;
  54.         
  55.         this.config = config;
  56.         if(this.config == null) {
  57.             this.config = new CryptConfig();
  58.         }
  59.         
  60.         this.randomGenerator = new RandomGenerator(this.config.isUseSecureRandom(), this.config.getAlgorithmSecureRandom());
  61.     }
  62.     
  63.     @Override
  64.     public String crypt(String password) throws UtilsException {
  65.         
  66.         int iterations = 1000;
  67.         if(this.config.getIteration()!=null && this.config.getIteration()>0) {
  68.             iterations = this.config.getIteration().intValue();
  69.         }
  70.         
  71.         char[] chars = password.toCharArray();
  72.         
  73.         int saltLength = 16;
  74.         if(this.config.getSaltLength()!=null && this.config.getSaltLength()>0) {
  75.             saltLength = this.config.getSaltLength().intValue();
  76.         }
  77.         byte[] salt = this.randomGenerator.nextRandomBytes(saltLength);
  78.         
  79.         try {
  80.             PBEKeySpec spec = new PBEKeySpec(chars, salt, iterations, 64 * 8);
  81.             String algo = PBE_ALGORITHM;
  82.             if(this.config.getDigestAlgorithm()!=null) {
  83.                 algo = this.config.getDigestAlgorithm();
  84.             }
  85.             SecretKeyFactory skf = SecretKeyFactory.getInstance(algo);
  86.             byte[] hash = skf.generateSecret(spec).getEncoded();
  87.             String prefix = iterations + ":";
  88.             if(this.config.isUseBase64Encoding()) {
  89.                 return prefix +  Base64Utilities.encodeAsString(salt) + ":" + Base64Utilities.encodeAsString(hash);
  90.             }
  91.             else {
  92.                 return prefix +  HexBinaryUtilities.encodeAsString(salt) + ":" + HexBinaryUtilities.encodeAsString(hash);
  93.             }
  94.         }catch(Exception e) {
  95.             throw new UtilsException(e.getMessage(),e);
  96.         }
  97.         
  98.     }
  99.     
  100.     @Override
  101.     public boolean check(String password, String pwcrypt) {
  102.         try {
  103.             String[] parts = pwcrypt.split(":");
  104.             if(parts.length!=3) {
  105.                 throw new Exception("Wrong format");
  106.             }
  107.             int iterations = Integer.parseInt(parts[0]);
  108.             byte[] salt = null;
  109.             byte[] hash = null;
  110.             if(this.config.isUseBase64Encoding()) {
  111.                 salt = Base64Utilities.decode(parts[1]);
  112.                 hash = Base64Utilities.decode(parts[2]);
  113.             }
  114.             else {
  115.                 salt = HexBinaryUtilities.decode(parts[1]);
  116.                 hash = HexBinaryUtilities.decode(parts[2]);
  117.             }
  118.             
  119.             PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterations, hash.length * 8);
  120.             
  121.             String algo = PBE_ALGORITHM;
  122.             if(this.config.getDigestAlgorithm()!=null) {
  123.                 algo = this.config.getDigestAlgorithm();
  124.             }
  125.             SecretKeyFactory skf = SecretKeyFactory.getInstance(algo);
  126.             
  127.             byte[] testHash = skf.generateSecret(spec).getEncoded();
  128.             
  129.             int diff = hash.length ^ testHash.length;
  130.             
  131.             for(int i = 0; i < hash.length && i < testHash.length; i++)
  132.             {
  133.                 diff |= hash[i] ^ testHash[i];
  134.             }
  135.             
  136.             return diff == 0;
  137.         }catch(Throwable e){
  138.             if(this.log!=null) {
  139.                 this.log.error("Verifica password '"+pwcrypt+"' fallita: "+e.getMessage(),e);
  140.             }
  141.             return false;
  142.         }
  143.     }
  144.     
  145. }
Created with JaCoCo 0.8.8.202204050719