PBKDF2PasswordEncryptor.java

/*******************************************************************************
 * Copyright (c) 2012-2017 Codenvy, S.A.
 * All rights reserved. This program and the accompanying materials
 * are made available under the terms of the Eclipse Public License v1.0
 * which accompanies this distribution, and is available at
 * http://www.eclipse.org/legal/epl-v10.html
 *
 * Contributors:
 *   Codenvy, S.A. - initial API and implementation
 *******************************************************************************/
package org.eclipse.che.security;

import com.google.common.hash.HashCode;

import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import static com.google.common.base.MoreObjects.firstNonNull;
import static com.google.common.primitives.Ints.tryParse;
import static java.lang.String.format;
import static java.util.Objects.requireNonNull;

/**
 * Encrypts password using <a href="https://en.wikipedia.org/wiki/PBKDF2">Password-based-Key-Derivative-Function</a>
 * with <b>SHA512</b> as pseudorandom function.
 * See <a href="https://www.ietf.org/rfc/rfc2898.txt">rfc2898</a>.
 *
 * @author Yevhenii Voevodin
 */
public class PBKDF2PasswordEncryptor implements PasswordEncryptor {

    private static final String  PWD_FMT   = "%s:%s:%d";
    private static final Pattern PWD_REGEX = Pattern.compile("(?<pwdHash>\\w+):(?<saltHash>\\w+):(?<iterations>[0-9]+)");

    private static final String       SECRET_KEY_FACTORY_NAME = "PBKDF2WithHmacSHA512";
    private static final SecureRandom SECURE_RANDOM           = new SecureRandom();
    /**
     * Minimum number of iterations required is 1_000(rfc2898),
     * pick greater as potentially safer in the case of brute-force attacks .
     */
    private static final int          ITERATIONS_COUNT        = 10_000;
    /** 64bit salt length based on the rfc2898 spec . */
    private static final int          SALT_LENGTH             = 64 / 8;

    @Override
    public String encrypt(String password) {
        requireNonNull(password, "Required non-null password");
        final byte[] salt = new byte[SALT_LENGTH];
        SECURE_RANDOM.nextBytes(salt);
        final HashCode hash = computeHash(password.toCharArray(), salt, ITERATIONS_COUNT);
        final HashCode saltHash = HashCode.fromBytes(salt);
        return format(PWD_FMT, hash, saltHash, ITERATIONS_COUNT);
    }

    @Override
    public boolean test(String password, String encryptedPassword) {
        requireNonNull(password, "Required non-null password");
        requireNonNull(password, "Required non-null encrypted password");
        final Matcher matcher = PWD_REGEX.matcher(encryptedPassword);
        if (!matcher.matches()) {
            return false;
        }
        // retrieve salt, password hash and iterations count from hash
        final Integer iterations = tryParse(matcher.group("iterations"));
        final String salt = matcher.group("saltHash");
        final String pwdHash = matcher.group("pwdHash");
        // compute password's hash and test whether it matches to given hash
        final HashCode hash = computeHash(password.toCharArray(), HashCode.fromString(salt).asBytes(), iterations);
        return hash.toString().equals(pwdHash);
    }

    private HashCode computeHash(char[] password, byte[] salt, int iterations) {
        try {
            final SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(SECRET_KEY_FACTORY_NAME);
            final KeySpec keySpec = new PBEKeySpec(password, salt, iterations, 512);
            return HashCode.fromBytes(keyFactory.generateSecret(keySpec).getEncoded());
        } catch (NoSuchAlgorithmException | InvalidKeySpecException x) {
            throw new RuntimeException(x.getMessage(), x);
        }
    }
}