BcryptCommand.java example

Explorer
usergrid-master
/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.usergrid.security.crypto.command;


import java.nio.charset.Charset;
import java.util.UUID;

import org.mindrot.jbcrypt.BCrypt;
import org.springframework.stereotype.Component;
import org.springframework.util.Assert;
import org.apache.usergrid.persistence.CredentialsInfo;

import static org.apache.commons.codec.binary.Base64.decodeBase64;


/**
 * Simple bcrypt command.  Runtime encoding of bytes is expected to convert to a UTF8 string
 *
 * @author tnine
 */
@Component("org.apache.usergrid.security.crypto.command.BcryptCommand")
public class BcryptCommand extends EncryptionCommand {

    private static final Charset UTF8 = Charset.forName( "UTF-8" );

    /**
     * 2^12 seems to be far too slow on modern processors.  Approximately 1.8 seconds per crypt on a 2.2 GHZ intel i7.
     * 2^11 is less than 1 second
     */
    private int defaultIterations = 2 ^ 11;


    /* (non-Javadoc)
     * @see org.apache.usergrid.security.crypto.command.EncryptionCommand#hash(byte[],
     * org.apache.usergrid.persistence.CredentialsInfo, java.util.UUID, java.util.UUID)
     */
    @Override
    public byte[] hash( byte[] input, CredentialsInfo info, UUID userId, UUID applicationId ) {
        return BCrypt.hashpw(new String(input, UTF8), BCrypt.gensalt(defaultIterations)).getBytes();
    }


    /* (non-Javadoc)
     * @see org.apache.usergrid.security.crypto.command.EncryptionCommand#auth(byte[],
     * org.apache.usergrid.persistence.CredentialsInfo, java.util.UUID, java.util.UUID)
     */
    public byte[] auth( byte[] input, CredentialsInfo info, UUID userId, UUID applicationId ) {
        //our existing has the salt in it, extract it and re-use it

        String infoSecret = info.getSecret();

        Assert.notNull( infoSecret, "The credentials info must have a bcrypt compatible secret to perform auth" );

        String existing = new String( decodeBase64( infoSecret ), UTF8 );

        return BCrypt.hashpw( new String( input, UTF8 ), existing ).getBytes( UTF8 );
    }


    /**
     * Set the number of default iterations to use.  If the password was previously hashed, the number of iterations
     * will be in the CredentialsInfo.  Otherwise the default is used
     *
     * @param defaultIterations the defaultIterations to set
     */
    public void setDefaultIterations( int defaultIterations ) {
        this.defaultIterations = defaultIterations;
    }


    /* (non-Javadoc)
     * @see org.apache.usergrid.security.crypto.command.EncryptionCommand#getName()
     */
    @Override
    public String getName() {
        return BCRYPT;
    }
}