1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
|
|
15 |
|
|
16 |
|
|
17 |
|
|
18 |
|
|
19 |
|
|
20 |
|
package com.xpn.xwiki.objects.classes; |
21 |
|
|
22 |
|
import java.security.MessageDigest; |
23 |
|
import java.security.NoSuchAlgorithmException; |
24 |
|
import java.security.SecureRandom; |
25 |
|
|
26 |
|
import org.apache.commons.lang3.StringUtils; |
27 |
|
import org.apache.ecs.xhtml.input; |
28 |
|
import org.slf4j.Logger; |
29 |
|
import org.slf4j.LoggerFactory; |
30 |
|
|
31 |
|
import com.xpn.xwiki.XWikiContext; |
32 |
|
import com.xpn.xwiki.internal.xml.XMLAttributeValueFilter; |
33 |
|
import com.xpn.xwiki.objects.BaseCollection; |
34 |
|
import com.xpn.xwiki.objects.BaseProperty; |
35 |
|
import com.xpn.xwiki.objects.ElementInterface; |
36 |
|
import com.xpn.xwiki.objects.meta.PasswordMetaClass; |
37 |
|
import com.xpn.xwiki.objects.meta.PropertyMetaClass; |
38 |
|
|
|
|
| 72.8% |
Uncovered Elements: 43 (158) |
Complexity: 47 |
Complexity Density: 0.47 |
|
39 |
|
public class PasswordClass extends StringClass |
40 |
|
{ |
41 |
|
private static final String XCLASSNAME = "password"; |
42 |
|
|
43 |
|
protected static Logger LOGGER = LoggerFactory.getLogger(PasswordClass.class); |
44 |
|
|
45 |
|
protected static final String DEFAULT_STORAGE = PasswordMetaClass.HASH; |
46 |
|
|
47 |
|
protected static final String DEFAULT_HASH_ALGORITHM = "SHA-512"; |
48 |
|
|
49 |
|
protected static final String DEFAULT_CRYPT_ALGORITHM = "AES"; |
50 |
|
|
51 |
|
protected static final String HASH_IDENTIFIER = "hash"; |
52 |
|
|
53 |
|
protected static final String CRYPT_IDENTIFIER = "crypt"; |
54 |
|
|
55 |
|
protected static final String SEPARATOR = ":"; |
56 |
|
|
57 |
|
protected static final String FORM_PASSWORD_PLACEHODLER = "********"; |
58 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (2) |
Complexity: 1 |
Complexity Density: 0.5 |
|
59 |
2981 |
public PasswordClass(PropertyMetaClass wclass)... |
60 |
|
{ |
61 |
2981 |
super(XCLASSNAME, "Password", wclass); |
62 |
2981 |
setxWikiClass(wclass); |
63 |
|
} |
64 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (1) |
Complexity: 1 |
Complexity Density: 1 |
|
65 |
2981 |
public PasswordClass()... |
66 |
|
{ |
67 |
2981 |
this(null); |
68 |
|
} |
69 |
|
|
|
|
| 81.8% |
Uncovered Elements: 2 (11) |
Complexity: 5 |
Complexity Density: 0.71 |
|
70 |
36 |
@Override... |
71 |
|
public BaseProperty fromString(String value) |
72 |
|
{ |
73 |
36 |
if (value.equals(FORM_PASSWORD_PLACEHODLER)) { |
74 |
0 |
return null; |
75 |
|
} |
76 |
36 |
BaseProperty property = newProperty(); |
77 |
36 |
if (value.isEmpty() || value.startsWith(HASH_IDENTIFIER + SEPARATOR) |
78 |
|
|| value.startsWith(CRYPT_IDENTIFIER + SEPARATOR)) { |
79 |
3 |
property.setValue(value); |
80 |
|
} else { |
81 |
33 |
property.setValue(getProcessedPassword(value)); |
82 |
|
} |
83 |
36 |
return property; |
84 |
|
} |
85 |
|
|
|
|
| - |
Uncovered Elements: 0 (0) |
Complexity: 1 |
Complexity Density: - |
|
86 |
0 |
@Override... |
87 |
|
public void displayHidden(StringBuffer buffer, String name, String prefix, BaseCollection object, |
88 |
|
XWikiContext context) |
89 |
|
{ |
90 |
|
|
91 |
|
} |
92 |
|
|
|
|
| 0% |
Uncovered Elements: 5 (5) |
Complexity: 2 |
Complexity Density: 0.67 |
|
93 |
0 |
@Override... |
94 |
|
public void displayView(StringBuffer buffer, String name, String prefix, BaseCollection object, XWikiContext context) |
95 |
|
{ |
96 |
0 |
ElementInterface prop = object.safeget(name); |
97 |
0 |
if (prop != null) { |
98 |
0 |
buffer.append(FORM_PASSWORD_PLACEHODLER); |
99 |
|
} |
100 |
|
} |
101 |
|
|
|
|
| 84.6% |
Uncovered Elements: 2 (13) |
Complexity: 3 |
Complexity Density: 0.27 |
|
102 |
125 |
@Override... |
103 |
|
public void displayEdit(StringBuffer buffer, String name, String prefix, BaseCollection object, XWikiContext context) |
104 |
|
{ |
105 |
125 |
input input = new input(); |
106 |
125 |
input.setAttributeFilter(new XMLAttributeValueFilter()); |
107 |
125 |
BaseProperty prop = (BaseProperty) object.safeget(name); |
108 |
|
|
109 |
|
|
110 |
125 |
if (prop != null && !StringUtils.isEmpty(prop.toText())) { |
111 |
0 |
input.setValue(FORM_PASSWORD_PLACEHODLER); |
112 |
|
} |
113 |
|
|
114 |
125 |
input.setType("password"); |
115 |
125 |
input.setName(prefix + name); |
116 |
125 |
input.setID(prefix + name); |
117 |
125 |
input.setSize(getSize()); |
118 |
125 |
input.setDisabled(isDisabled()); |
119 |
125 |
buffer.append(input.toString()); |
120 |
|
} |
121 |
|
|
122 |
|
|
123 |
|
@return |
124 |
|
|
|
|
| 90% |
Uncovered Elements: 1 (10) |
Complexity: 3 |
Complexity Density: 0.5 |
|
125 |
33 |
public String getStorageType()... |
126 |
|
{ |
127 |
33 |
BaseProperty st = (BaseProperty) this.getField(PasswordMetaClass.STORAGE_TYPE); |
128 |
33 |
if (st != null) { |
129 |
2 |
String type = st.getValue().toString().trim(); |
130 |
2 |
if (!type.equals("")) { |
131 |
2 |
return type; |
132 |
|
} |
133 |
|
} |
134 |
31 |
return DEFAULT_STORAGE; |
135 |
|
} |
136 |
|
|
137 |
|
|
138 |
|
@return |
139 |
|
|
|
|
| 66.7% |
Uncovered Elements: 2 (6) |
Complexity: 4 |
Complexity Density: 1 |
|
140 |
33 |
public String getHashAlgorithm()... |
141 |
|
{ |
142 |
33 |
BaseProperty alg = (BaseProperty) this.getField(PasswordMetaClass.ALGORITHM_KEY); |
143 |
33 |
if (alg != null && alg.getValue() != null && !alg.getValue().toString().trim().equals("")) { |
144 |
0 |
return alg.getValue().toString(); |
145 |
|
} |
146 |
33 |
return DEFAULT_HASH_ALGORITHM; |
147 |
|
} |
148 |
|
|
149 |
|
|
150 |
|
@return |
151 |
|
|
|
|
| 0% |
Uncovered Elements: 6 (6) |
Complexity: 4 |
Complexity Density: 1 |
|
152 |
0 |
public String getCryptAlgorithm()... |
153 |
|
{ |
154 |
0 |
BaseProperty alg = (BaseProperty) this.getField(PasswordMetaClass.ALGORITHM_KEY); |
155 |
0 |
if (alg != null && alg.getValue() != null && !alg.getValue().toString().trim().equals("")) { |
156 |
0 |
return alg.getValue().toString(); |
157 |
|
} |
158 |
0 |
return DEFAULT_CRYPT_ALGORITHM; |
159 |
|
} |
160 |
|
|
161 |
|
|
162 |
|
@param |
163 |
|
@return |
164 |
|
|
|
|
| 70% |
Uncovered Elements: 3 (10) |
Complexity: 3 |
Complexity Density: 0.5 |
|
165 |
2643 |
public String getAlgorithmFromPassword(String password)... |
166 |
|
{ |
167 |
2643 |
int beginIndex = password.indexOf(SEPARATOR) + 1; |
168 |
2643 |
if (beginIndex >= 0) { |
169 |
2643 |
int endIndex = password.indexOf(SEPARATOR, beginIndex); |
170 |
2643 |
if (endIndex >= 0) { |
171 |
2643 |
return password.substring(beginIndex, endIndex); |
172 |
|
} |
173 |
|
} |
174 |
0 |
return DEFAULT_HASH_ALGORITHM; |
175 |
|
} |
176 |
|
|
177 |
|
|
178 |
|
@param |
179 |
|
@return |
180 |
|
|
|
|
| 66.7% |
Uncovered Elements: 2 (6) |
Complexity: 2 |
Complexity Density: 0.5 |
|
181 |
2643 |
public String getSaltFromPassword(String password)... |
182 |
|
{ |
183 |
2643 |
String[] components = password.split(SEPARATOR); |
184 |
2643 |
if (components.length == 4) { |
185 |
2643 |
return components[2]; |
186 |
|
} else { |
187 |
0 |
return ""; |
188 |
|
} |
189 |
|
} |
190 |
|
|
191 |
|
|
192 |
|
|
193 |
|
|
194 |
|
|
195 |
|
|
196 |
|
@param |
197 |
|
@param |
198 |
|
@return |
199 |
|
|
|
|
| 80% |
Uncovered Elements: 2 (10) |
Complexity: 3 |
Complexity Density: 0.5 |
|
200 |
2648 |
public String getEquivalentPassword(String storedPassword, String plainPassword)... |
201 |
|
{ |
202 |
2648 |
String result = plainPassword; |
203 |
2648 |
if (storedPassword.startsWith(HASH_IDENTIFIER + SEPARATOR)) { |
204 |
2643 |
result = |
205 |
|
getPasswordHash(result, getAlgorithmFromPassword(storedPassword), getSaltFromPassword(storedPassword)); |
206 |
5 |
} else if (storedPassword.startsWith(CRYPT_IDENTIFIER + SEPARATOR)) { |
207 |
0 |
result = getPasswordCrypt(result, getAlgorithmFromPassword(storedPassword)); |
208 |
|
} |
209 |
2648 |
return result; |
210 |
|
} |
211 |
|
|
|
|
| 54.5% |
Uncovered Elements: 5 (11) |
Complexity: 3 |
Complexity Density: 0.43 |
|
212 |
33 |
public String getProcessedPassword(String password)... |
213 |
|
{ |
214 |
33 |
String storageType = getStorageType(); |
215 |
33 |
String result = password; |
216 |
33 |
if (storageType.equals(PasswordMetaClass.HASH)) { |
217 |
33 |
result = getPasswordHash(result); |
218 |
0 |
} else if (storageType.equals(PasswordMetaClass.ENCRYPTED)) { |
219 |
0 |
result = getPasswordCrypt(result); |
220 |
|
} |
221 |
33 |
return result; |
222 |
|
} |
223 |
|
|
|
|
| 0% |
Uncovered Elements: 1 (1) |
Complexity: 1 |
Complexity Density: 1 |
|
224 |
0 |
public String getPasswordCrypt(String password)... |
225 |
|
{ |
226 |
0 |
return getPasswordCrypt(password, getCryptAlgorithm()); |
227 |
|
} |
228 |
|
|
|
|
| 0% |
Uncovered Elements: 1 (1) |
Complexity: 1 |
Complexity Density: 1 |
|
229 |
0 |
public String getPasswordCrypt(String password, String algorithmName)... |
230 |
|
{ |
231 |
|
|
232 |
0 |
return password; |
233 |
|
} |
234 |
|
|
235 |
|
|
236 |
|
@param |
237 |
|
@return |
238 |
|
@link |
239 |
|
|
240 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (1) |
Complexity: 1 |
Complexity Density: 1 |
|
241 |
33 |
public String getPasswordHash(String password)... |
242 |
|
{ |
243 |
33 |
return getPasswordHash(password, getHashAlgorithm(), null); |
244 |
|
} |
245 |
|
|
246 |
|
|
247 |
|
@param |
248 |
|
@param@link |
249 |
|
@return |
250 |
|
|
251 |
|
|
252 |
|
|
|
|
| 0% |
Uncovered Elements: 1 (1) |
Complexity: 1 |
Complexity Density: 1 |
|
253 |
0 |
public String getPasswordHash(String password, String algorithmName)... |
254 |
|
{ |
255 |
0 |
return getPasswordHash(password, algorithmName, null); |
256 |
|
} |
257 |
|
|
258 |
|
|
259 |
|
@param |
260 |
|
@param@link |
261 |
|
@param |
262 |
|
|
263 |
|
@return |
264 |
|
|
265 |
|
@since |
266 |
|
|
|
|
| 87.1% |
Uncovered Elements: 4 (31) |
Complexity: 6 |
Complexity Density: 0.24 |
|
267 |
2676 |
public String getPasswordHash(String password, String algorithmName, String salt)... |
268 |
|
{ |
269 |
|
|
270 |
2676 |
if (salt == null) { |
271 |
33 |
salt = randomSalt(); |
272 |
|
} |
273 |
|
|
274 |
2676 |
try { |
275 |
2676 |
LOGGER.debug("Hashing password"); |
276 |
|
|
277 |
2676 |
String saltedPassword = salt + password; |
278 |
|
|
279 |
2676 |
MessageDigest hashAlgorithm = MessageDigest.getInstance(algorithmName); |
280 |
2676 |
hashAlgorithm.update(saltedPassword.getBytes()); |
281 |
2676 |
byte[] digest = hashAlgorithm.digest(); |
282 |
|
|
283 |
|
|
284 |
2676 |
StringBuilder sb = new StringBuilder(); |
285 |
|
|
286 |
2676 |
sb.append(HASH_IDENTIFIER); |
287 |
2676 |
sb.append(SEPARATOR); |
288 |
2676 |
sb.append(algorithmName); |
289 |
2676 |
sb.append(SEPARATOR); |
290 |
|
|
291 |
2676 |
if (!salt.equals("")) { |
292 |
2676 |
sb.append(salt); |
293 |
2676 |
sb.append(SEPARATOR); |
294 |
|
} |
295 |
|
|
296 |
2676 |
for (byte element : digest) { |
297 |
171264 |
int b = element & 0xFF; |
298 |
171264 |
if (b < 0x10) { |
299 |
8076 |
sb.append('0'); |
300 |
|
} |
301 |
171264 |
sb.append(Integer.toHexString(b)); |
302 |
|
} |
303 |
|
|
304 |
2676 |
return sb.toString(); |
305 |
|
} catch (NoSuchAlgorithmException ex) { |
306 |
0 |
LOGGER.error("Wrong hash algorithm [{}] specified in property [{}] of class [{}]", algorithmName, |
307 |
|
getName(), getXClassReference(), ex); |
308 |
|
} catch (NullPointerException ex) { |
309 |
0 |
LOGGER.error("Error hashing password", ex); |
310 |
|
} |
311 |
0 |
return password; |
312 |
|
} |
313 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (13) |
Complexity: 2 |
Complexity Density: 0.18 |
|
314 |
33 |
public static String randomSalt()... |
315 |
|
{ |
316 |
33 |
StringBuilder salt = new StringBuilder(); |
317 |
33 |
SecureRandom random = new SecureRandom(); |
318 |
33 |
byte bytes[] = new byte[32]; |
319 |
33 |
random.nextBytes(bytes); |
320 |
33 |
for (byte temp : bytes) { |
321 |
1056 |
String s = Integer.toHexString(new Byte(temp)); |
322 |
1116 |
while (s.length() < 2) { |
323 |
60 |
s = "0" + s; |
324 |
|
} |
325 |
1056 |
s = s.substring(s.length() - 2); |
326 |
1056 |
salt.append(s); |
327 |
|
} |
328 |
33 |
return salt.toString(); |
329 |
|
} |
330 |
|
} |