Project

General

Profile

Revision 8424

Added by Jing Tao almost 7 years ago

Encrypt the password.

View differences:

src/edu/ucsb/nceas/metacat/authentication/AuthFile.java
24 24
import java.io.FileOutputStream;
25 25
import java.io.IOException;
26 26
import java.io.OutputStreamWriter;
27
import java.io.UnsupportedEncodingException;
27 28
import java.net.ConnectException;
29
import java.security.GeneralSecurityException;
28 30
import java.util.HashMap;
29 31
import java.util.List;
30 32
import java.util.Properties;
31 33
import java.util.Vector;
32 34

  
35
import javax.crypto.Cipher;
36
import javax.crypto.SecretKey;
37
import javax.crypto.SecretKeyFactory;
38
import javax.crypto.spec.PBEKeySpec;
39
import javax.crypto.spec.PBEParameterSpec;
40

  
41
import org.apache.commons.codec.binary.Base64;
33 42
import org.apache.commons.configuration.ConfigurationException;
34 43
import org.apache.commons.configuration.XMLConfiguration;
35 44
import org.apache.commons.configuration.tree.xpath.XPathExpressionEngine;
36 45

  
46

  
37 47
import edu.ucsb.nceas.metacat.AuthInterface;
38 48
import edu.ucsb.nceas.metacat.properties.PropertyService;
39 49
import edu.ucsb.nceas.utilities.PropertyNotFoundException;
......
70 80
    private static final String GROUP = "group";
71 81
    private static final String INITCONTENT = "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n"+
72 82
                                    "<"+SUBJECTS+">\n"+"<"+USERS+">\n"+"</"+USERS+">\n"+"<"+GROUPS+">\n"+"</"+GROUPS+">\n"+"</"+SUBJECTS+">\n";
83
    private static final char[] MASTER = "enfldsgbnlsngdlksdsgm".toCharArray();
84
    private static final byte[] SALT = {
85
        (byte) 0xde, (byte) 0x33, (byte) 0x10, (byte) 0x12,
86
        (byte) 0xde, (byte) 0x33, (byte) 0x10, (byte) 0x12,
87
    };
73 88
    
74 89
    private static AuthFile authFile = null;
75 90
    private XMLConfiguration userpassword = null;
......
145 160
                    throws AuthenticationException {
146 161
        String passwordRecord = userpassword.getString(USERS+SLASH+USER+"["+AT+NAME+"='"+user+"']"+SLASH+PASSWORD);
147 162
        if(passwordRecord != null) {
163
            try {
164
                passwordRecord = decrypt(passwordRecord);
165
            } catch (Exception e) {
166
                throw new AuthenticationException("AuthFile.authenticate - can't decrypt the password for the user "+user+" since "+e.getMessage());
167
            }
148 168
            if(passwordRecord.equals(password)) {
149 169
                return true;
150 170
            }
......
221 241
        if(password == null || password.trim().equals("")) {
222 242
            throw new AuthenticationException("AuthFile.addUser - can't add a user whose password is null or blank.");
223 243
        }
244
        try {
245
            password = encrypt(password);
246
        } catch (Exception e) {
247
            throw new AuthenticationException("AuthFile.addUser - can't encript the password since "+e.getMessage());
248
        }
249
        
224 250
        if(!userExists(userName)) {
225 251
            if(userpassword != null) {
226 252
              userpassword.addProperty(USERS+" "+USER+AT+NAME, userName);
......
321 347
            return false;
322 348
        }
323 349
    }
350
    
351
    /*
352
     * Encrypt a string
353
     */
354
    private static String encrypt(String property) throws GeneralSecurityException, UnsupportedEncodingException {
355
        SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
356
        SecretKey key = keyFactory.generateSecret(new PBEKeySpec(MASTER));
357
        Cipher pbeCipher = Cipher.getInstance("PBEWithMD5AndDES");
358
        pbeCipher.init(Cipher.ENCRYPT_MODE, key, new PBEParameterSpec(SALT, 20));
359
        return base64Encode(pbeCipher.doFinal(property.getBytes("UTF-8")));
360
    }
361

  
362
    /*
363
     * Transform a byte array to a string
364
     */
365
    private static String base64Encode(byte[] bytes) {
366
        return Base64.encodeBase64String(bytes);
367
    }
368

  
369
    /*
370
     * Decrypt a string
371
     */
372
    private static String decrypt(String property) throws GeneralSecurityException, IOException {
373
        SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
374
        SecretKey key = keyFactory.generateSecret(new PBEKeySpec(MASTER));
375
        Cipher pbeCipher = Cipher.getInstance("PBEWithMD5AndDES");
376
        pbeCipher.init(Cipher.DECRYPT_MODE, key, new PBEParameterSpec(SALT, 20));
377
        return new String(pbeCipher.doFinal(base64Decode(property)), "UTF-8");
378
    }
379

  
380
    /*
381
     * Transform a string to a byte array
382
     */
383
    private static byte[] base64Decode(String property) throws IOException {
384
        return Base64.decodeBase64(property);
385
    }
386

  
324 387
}

Also available in: Unified diff