Coverage Summary for Class: LegacyJasyptPasswordEncryptor (com.acciente.oacc.encryptor.jasypt)

Class	Class, %	Method, %	Line, %
LegacyJasyptPasswordEncryptor	100% (1/ 1)	100% (5/ 5)	100% (24/ 24)
1 /*
2  * Copyright 2009-2018, Acciente LLC
3  *
4  * Acciente LLC licenses this file to you under the
5  * Apache License, Version 2.0 (the "License"); you
6  * may not use this file except in compliance with the
7  * License. You may obtain a copy of the License at
8  *
9  *     http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in
12  * writing, software distributed under the License is
13  * distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
14  * OR CONDITIONS OF ANY KIND, either express or implied.
15  * See the License for the specific language governing
16  * permissions and limitations under the License.
17  */
18 package com.acciente.oacc.encryptor.jasypt;
19 
20 import com.acciente.oacc.encryptor.PasswordEncryptor;
21 import com.acciente.oacc.normalizer.TextNormalizer;
22 import org.jasypt.contrib.org.apache.commons.codec_1_3.binary.Base64;
23 import org.jasypt.digest.StandardByteDigester;
24 
25 import java.nio.ByteBuffer;
26 import java.nio.CharBuffer;
27 import java.nio.charset.StandardCharsets;
28 import java.util.Arrays;
29 
30 /**
31  * Password encryptor implementation that was the sole password encryptor in OACC v2.0.0.rc7 and prior.
32  */
33 public final class LegacyJasyptPasswordEncryptor implements PasswordEncryptor {
34    private final StandardByteDigester digester;
35    private final Base64               base64;
36 
37    /**
38     * Returns an instance of the legacy password encryptor implementation used in OACC v2.0.0.rc7 (and prior).
39     */
40    public static LegacyJasyptPasswordEncryptor newInstance() {
41       return new LegacyJasyptPasswordEncryptor();
42    }
43 
44    private LegacyJasyptPasswordEncryptor() {
45       this.digester = new StandardByteDigester();
46       this.digester.setAlgorithm("SHA-256");
47       this.digester.setIterations(100000);
48       this.digester.setSaltSizeBytes(16);
49       this.digester.initialize();
50       this.base64 = new Base64();
51    }
52 
53    @Override
54    public String encryptPassword(final char[] password) {
55       if (password == null) {
56          return null;
57       }
58 
59       final byte[] digest = this.digester.digest(getCleanedBytes(password));
60 
61       return new String(this.base64.encode(digest), StandardCharsets.US_ASCII);
62    }
63 
64    @Override
65    public boolean checkPassword(final char[] plainPassword,
66                                 final String encryptedPassword) {
67       if (plainPassword == null) {
68          return (encryptedPassword == null);
69       }
70       else if (encryptedPassword == null) {
71          return false;
72       }
73 
74       return this.digester.matches(getCleanedBytes(plainPassword),
75                                    this.base64.decode(encryptedPassword.getBytes(StandardCharsets.US_ASCII)));
76    }
77 
78    private byte[] getCleanedBytes(char[] password) {
79       final char[] normalizedChars = TextNormalizer.getInstance().normalizeToNfc(password);
80       final ByteBuffer byteBuffer = StandardCharsets.UTF_8.encode(CharBuffer.wrap(normalizedChars));
81       final byte[] byteArray = new byte[byteBuffer.remaining()];
82       byteBuffer.get(byteArray);
83       Arrays.fill(byteBuffer.array(), (byte) 0);
84       return byteArray;
85    }
86 }