PasswordHasher.java

/* 
 * The MIT License
 *
 * Copyright 2013 Tim Boudreau.
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 * THE SOFTWARE.
 */
package com.mastfrog.acteur.util;

import com.mastfrog.settings.Settings;
import com.mastfrog.util.ConfigurationError;
import com.mastfrog.util.Exceptions;
import com.mastfrog.util.GUIDFactory;
import java.nio.charset.Charset;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
//import java.util.Base64;
import javax.inject.Inject;
import javax.inject.Singleton;
import org.apache.commons.codec.binary.Base64;

/**
 * Hashes passwords into hashes which can be tested for matching but which the
 * original password cannot be easily decrypted from. The default algorithm is
 * SHA-512.
 *
 * @author Tim Boudreau
 */
@Singleton
public final class PasswordHasher {

    private final byte[] saltBytes;
    private final String algorithm;
    // A plokta def salt:
    static final String DEFAULT_SALT = "wlkefjasdfhadasdlkfjhwa,l.e,u.f,2.o3ads[]90as!!_$GHJM"
            + "<$^UJCMM<>OIUHGC^#YUJKTGYSUCINJd9f0awe0f9aefansjneaiw"
            + "aoeifa222222222222o(#(#(&@^!";
    private final Charset charset;
    public static final String SETTINGS_KEY_PASSWORD_SALT = "salt";
    public static final String SETTINGS_KEY_HASHING_ALGORITHM = "passwordHashingAlgorithm";
    public static final String DEFAULT_HASHING_ALGORITHM = "SHA-512";
    public static final String SETTINGS_KEY_RANDOM_SALT_LENGTH = "randomSaltLength";
    public static final int DEFAULT_RANDOM_SALT_LENGTH = 48;
    private final GUIDFactory guids;
    private final int saltLength;

    @Inject
    PasswordHasher(Settings settings, Charset charset, GUIDFactory guids) throws NoSuchAlgorithmException {
        this.charset = charset;
        saltLength = settings.getInt(SETTINGS_KEY_RANDOM_SALT_LENGTH, DEFAULT_RANDOM_SALT_LENGTH);
        if (saltLength <= 0) {
            throw new ConfigurationError("Salt length must be > 0");
        }
        String salt = settings.getString(SETTINGS_KEY_PASSWORD_SALT, DEFAULT_SALT);
        String alg = settings.getString(SETTINGS_KEY_HASHING_ALGORITHM, DEFAULT_HASHING_ALGORITHM);
        if (settings.getBoolean("productionMode", false) && DEFAULT_SALT.equals(salt)) {
            throw new ConfigurationError("Default password salt should not be used in "
                    + "production mode.");
        }
        saltBytes = salt.getBytes(charset);
        this.algorithm = alg;
        // fail early
        hash("abcd", alg);
        this.guids = guids;
    }

    private String[] findSalt(String hashed) {
        String[] result = hashed.split(":", 3);
        return result;
    }

    /**
     * Check an unhashed password against a stored, hashed one
     *
     * @param unhashed The unhashed password
     * @param hashed
     * @return
     */
    public boolean checkPassword(String unhashed, String hashed) {
        try {
            String[] saltAndPassAndAlgorithm = findSalt(hashed);
            if (saltAndPassAndAlgorithm.length == 1) {
                // Backward compatibility
                byte[] bytes = hash(unhashed, algorithm);
                byte[] check = org.apache.commons.codec.binary.Base64.decodeBase64(hashed);
//                byte[] check = Base64.getDecoder().decode(hashed);
                return Arrays.equals(bytes, check);
            }
            if (saltAndPassAndAlgorithm.length != 3) {
                // Ensure a failed attempt takes the same amount of time
                encryptPassword("DaCuBYLAlxBbT6lTyatauRp2iXCsf9WGDi8a2SyWeFVsoxGBk3Y3l1l9IHie"
                        + "+aVuOGQBD8mZlrhj8yGjl1ghjw==", "3J5pgcx0", algorithm);
                return false;
            }
            String enc = encryptPassword(unhashed, saltAndPassAndAlgorithm[1], decodeAlgorithm(saltAndPassAndAlgorithm[0]));
            return slowEquals(enc, hashed);
        } catch (NoSuchAlgorithmException ex) {
            return Exceptions.chuck(ex);
        }
    }
    
    private boolean slowEquals(String a, String b) {
        // Compare all the characters of the string, so that
        // the comparison time is the same whether equal or not
        boolean result = true;
        int max = Math.min(a.length(), b.length());
        for (int i = 0; i < max; i++) {
            char ca = a.charAt(i);
            char cb = b.charAt(i);
            result &= ca == cb;
        }
        return result && a.length() == b.length();
    }

    private String encryptPassword(String password, String randomSalt, String algorithm) throws NoSuchAlgorithmException {
//        return encodeAlgorithm(algorithm) + ":" + randomSalt + ":" + Base64.getEncoder().encodeToString(hash(password + randomSalt, algorithm));
        return encodeAlgorithm(algorithm) + ":" + randomSalt + ":" + Base64.encodeBase64String(hash(password + randomSalt, algorithm));
    }
    
    public String hash(String s) {
        try {
//            return Base64.getEncoder().encodeToString(hash(s, algorithm));
            return org.apache.commons.codec.binary.Base64.encodeBase64String(hash(s, algorithm));
        } catch (NoSuchAlgorithmException ex) {
            return Exceptions.chuck(ex);
        }
    }

    private String encodeAlgorithm(String alg) {
        // SHorten the stored strings a smidgen
        switch (alg) {
            case "SHA-512":
                return "a";
            case "SHA-1":
                return "b";
            case "MD2":
                return "c";
            case "MD5":
                return "d";
            case "SHA-256":
                return "e";
            case "SHA-384":
                return "f";
        }
        return alg;
    }

    private String decodeAlgorithm(String alg) {
        // Reconstitute algorithm strings
        switch (alg) {
            case "a":
                return "SHA-512";
            case "b":
                return "SHA-1";
            case "c":
                return "MD2";
            case "d":
                return "MD5";
            case "e":
                return "SHA-256";
            case "f":
                return "SHA-384";
        }
        return alg;
    }

    public String encryptPassword(String password) {
        try {
            String randomSalt = guids.newGUID(1, saltLength);
            String result = encryptPassword(password, randomSalt, algorithm);
            return result;
        } catch (NoSuchAlgorithmException ex) {
            return Exceptions.chuck(ex);
        }
    }

    private byte[] hash(String unhashed, String algorithm) throws NoSuchAlgorithmException {
        MessageDigest dg = MessageDigest.getInstance(algorithm);
        byte[] b = (unhashed + ":" + new String(saltBytes)).getBytes(charset);
        byte[] check = dg.digest(b);
        return check;
    }
}