OxPasswordEncryptor.java

/**
 * Copyright (c) 2014 by the original author or authors.
 *
 * This code is free software; you can redistribute it and/or modify it under the terms of the
 * GNU Lesser General Public License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * The above copyright notice and this permission notice shall be included in all copies or
 * substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING
 * BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
 * DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 */

package ch.sdi.plugins.oxwall.pw;

import java.security.NoSuchAlgorithmException;

import org.apache.commons.codec.digest.DigestUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.ConfigurableEnvironment;
import org.springframework.stereotype.Component;

import ch.sdi.plugins.oxwall.OxTargetConfiguration;


/**
 * A component which implements oxwalls password encryption strategy.
 * <p>
 * The configuration of the ox.passwordsalt property in target.properties is mandatory.
 * <p>
 *
 * @version 1.0 (01.11.2014)
 * @author  Heri
 */
@Component
public class OxPasswordEncryptor implements ch.sdi.core.intf.PasswordEncryptor
{

    private Logger myLog = LogManager.getLogger( OxPasswordEncryptor.class );
    @Autowired
    private ConfigurableEnvironment  myEnv;

    /**
     * @throws NoSuchAlgorithmException
     * @see ch.sdi.core.intf.PasswordEncryptor#encrypt(java.lang.String)
     */
    @Override
    public String encrypt( String aPassword )
    {
        String salt = myEnv.getRequiredProperty( OxTargetConfiguration.KEY_PW_SALT );
        String hash = DigestUtils.sha256Hex( salt + aPassword );
        myLog.debug( "hashed password: " + hash );
        return new String( hash );
    }

}