GeoStoreDigestPasswordEncoder.java

/*
 *  Copyright (C) 2007 - 2011 GeoSolutions S.A.S.
 *  http://www.geo-solutions.it
 * 
 *  GPLv3 + Classpath exception
 * 
 *  This program is free software: you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation, either version 3 of the License, or
 *  (at your option) any later version.
 * 
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 * 
 *  You should have received a copy of the GNU General Public License
 *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
package it.geosolutions.geostore.core.security.password;

import org.apache.commons.codec.binary.Base64;
import org.jasypt.digest.StandardByteDigester;
import org.jasypt.spring.security3.PasswordEncoder;
import org.jasypt.util.password.StrongPasswordEncryptor;
import static it.geosolutions.geostore.core.security.password.SecurityUtils.toBytes;

/**
 * This Encoder provide encription and check of password using a digest
 * @author Lorenzo Natali (lorenzo.natali at geo-solutions.it)
 *
 */
public class GeoStoreDigestPasswordEncoder extends AbstractGeoStorePasswordEncoder{
	

		/**
		 * The digest is not reversible
		 */
	    public GeoStoreDigestPasswordEncoder() {
	        setReversible(false);
	    }

	    @Override
	    protected PasswordEncoder createStringEncoder() {
	        PasswordEncoder encoder = new PasswordEncoder();
	        encoder.setPasswordEncryptor(new StrongPasswordEncryptor());
	        return encoder;
	    }

	    @Override
	    protected CharArrayPasswordEncoder createCharEncoder() {
	        return new CharArrayPasswordEncoder() {
	            StandardByteDigester digester = new StandardByteDigester();
	            {
	                digester.setAlgorithm("SHA-256");
	                digester.setIterations(100000);
	                digester.setSaltSizeBytes(16);
	                digester.initialize();
	            }
	            
	            @Override
	            public String encodePassword(char[] rawPass, Object salt) {
	                return new String(Base64.encodeBase64(digester.digest(toBytes(rawPass))));
	            }
	            @Override
	            public boolean isPasswordValid(String encPass, char[] rawPass, Object salt) {
	                return digester.matches(toBytes(rawPass), Base64.decodeBase64(encPass.getBytes())); 
	            }
	        };
	    }

	    @Override
	    public PasswordEncodingType getEncodingType() {
	        return PasswordEncodingType.DIGEST;
	    }
	
}