Coverage Summary for Class: TransitioningPasswordEncryptor (com.acciente.oacc.encryptor)

1 /* 2  * Copyright 2009-2018, Acciente LLC 3  * 4  * Acciente LLC licenses this file to you under the 5  * Apache License, Version 2.0 (the "License"); you 6  * may not use this file except in compliance with the 7  * License. You may obtain a copy of the License at 8  * 9  * http://www.apache.org/licenses/LICENSE-2.0 10  * 11  * Unless required by applicable law or agreed to in 12  * writing, software distributed under the License is 13  * distributed on an "AS IS" BASIS, WITHOUT WARRANTIES 14  * OR CONDITIONS OF ANY KIND, either express or implied. 15  * See the License for the specific language governing 16  * permissions and limitations under the License. 17  */ 18  19 package com.acciente.oacc.encryptor; 20  21 import java.io.Serializable; 22  23 /** 24  * The purpose of this password encryptor is to provide a means to transition from an existing (aka "old") password 25  * encryptor to a new password encryptor in an environment where OACC is already deployed -- where existing passwords 26  * in the tables are encrypted using the old password encryptor. 27  */ 28 public class TransitioningPasswordEncryptor implements PasswordEncryptor, Serializable { 29  private final PasswordEncryptor newPasswordEncryptor; 30  private final PasswordEncryptor oldPasswordEncryptor; 31  32  /** 33  * Creates a password encryptor that delegates all password hash encryption to the password encryptor provided in the 34  * <code>newPasswordEncryptor</code> parameter. For decryption/comparison of existing passwords this password 35  * encryptor first delegates to the password encryptor provided in the <code>newPasswordEncryptor</code> parameter if 36  * that attempts fails by throwing an {@link IllegalArgumentException}, this password encryptor retries by 37  * delegating to the password encryptor provided in the <code>oldPasswordEncryptor</code> parameter. 38  * 39  * @param newPasswordEncryptor the new password encryptor to use for hashing all new passwords hashes for storage 40  * @param oldPasswordEncryptor the password encryptor that was to hash the passwords already stored in the tables, in 41  * other words passwords that have not yet been updated since the transition to the 42  * <code>newPasswordEncryptor</code> began. 43  * @return a {@link TransitioningPasswordEncryptor} instance. 44  */ 45  public static TransitioningPasswordEncryptor newInstance(PasswordEncryptor newPasswordEncryptor, 46  PasswordEncryptor oldPasswordEncryptor) { 47  return new TransitioningPasswordEncryptor(newPasswordEncryptor, oldPasswordEncryptor); 48  } 49  50  private TransitioningPasswordEncryptor(PasswordEncryptor newPasswordEncryptor, 51  PasswordEncryptor oldPasswordEncryptor) { 52  this.newPasswordEncryptor = newPasswordEncryptor; 53  this.oldPasswordEncryptor = oldPasswordEncryptor; 54  } 55  56  @Override 57  public String encryptPassword(char[] password) { 58  // encryption always uses the new password encryptor 59  return newPasswordEncryptor.encryptPassword(password); 60  } 61  62  @Override 63  public boolean checkPassword(char[] plainPassword, String encryptedPassword) { 64  try { 65  // first try the new password encryptor, this will work if the password was created by new password encryptor 66  return newPasswordEncryptor.checkPassword(plainPassword, encryptedPassword); 67  } 68  catch (IllegalArgumentException e) { 69  // if the new password encryptor fails with a password format exception, it is likely an old password, so 70  // use the old password encryptor to decrypt the password 71  return oldPasswordEncryptor.checkPassword(plainPassword, encryptedPassword); 72  } 73  } 74 }