svn commit: r1327741 - in /ofbiz/trunk: applications/securityext/src/org/ofbiz/securityext/login/ framework/base/src/org/ofbiz/base/crypto/ framework/common/src/org/ofbiz/common/login/ specialpurpose/ldap/src/org/ofbiz/ldap/commons/

Author: doogie
Date: Wed Apr 18 23:49:22 2012
New Revision: 1327741

URL: http://svn.apache.org/viewvc?rev=1327741&view=rev
Log:
FEATURE: Make use of new HashCrypt cryptPassword functionality.

Modified:
    ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
    ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/HashCrypt.java
    ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LdapAuthenticationServices.java
    ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java
    ofbiz/trunk/specialpurpose/ldap/src/org/ofbiz/ldap/commons/AbstractOFBizAuthenticationHandler.java

Modified: ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java?rev=1327741&r1=1327740&r2=1327741&view=diff
==============================================================================
--- ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java (original)
+++ ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java Wed Apr 18 23:49:22 2012
@@ -212,7 +212,7 @@ public class LoginEvents {
             if (useEncryption) {
                 // password encrypted, can't send, generate new password and email to user
                 passwordToSend = RandomStringUtils.randomAlphanumeric(Integer.parseInt(UtilProperties.getPropertyValue("security", "password.length.min", "5")));
-                supposedUserLogin.set("currentPassword", HashCrypt.getDigestHash(passwordToSend, LoginServices.getHashType()));
+                supposedUserLogin.set("currentPassword", HashCrypt.cryptPassword(LoginServices.getHashType(), passwordToSend));
                 supposedUserLogin.set("passwordHint", "Auto-Generated Password");
                 if ("true".equals(UtilProperties.getPropertyValue("security.properties", "password.email_password.require_password_change"))){
                     supposedUserLogin.set("requirePasswordChange", "Y");

Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/HashCrypt.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/HashCrypt.java?rev=1327741&r1=1327740&r2=1327741&view=diff
==============================================================================
--- ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/HashCrypt.java (original)
+++ ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/HashCrypt.java Wed Apr 18 23:49:22 2012
@@ -118,10 +118,18 @@ public class HashCrypt {
         }
     }
 
+    /**
+     * @deprecated use cryptPassword
+     */
+    @Deprecated
     public static String getDigestHash(String str) {
         return getDigestHash(str, "SHA");
     }
 
+    /**
+     * @deprecated use cryptPassword
+     */
+    @Deprecated
     public static String getDigestHash(String str, String hashType) {
         if (str == null) return null;
         try {
@@ -141,6 +149,10 @@ public class HashCrypt {
         }
     }
 
+    /**
+     * @deprecated use cryptPassword
+     */
+    @Deprecated
     public static String getDigestHash(String str, String code, String hashType) {
         if (str == null) return null;
         try {
@@ -162,6 +174,10 @@ public class HashCrypt {
         }
     }
 
+    /**
+     * @deprecated use cryptPassword
+     */
+    @Deprecated
     public static String getHashTypeFromPrefix(String hashString) {
         if (UtilValidate.isEmpty(hashString) || hashString.charAt(0) != '{') {
             return null;
@@ -170,6 +186,10 @@ public class HashCrypt {
         return hashString.substring(1, hashString.indexOf('}'));
     }
 
+    /**
+     * @deprecated use cryptPassword
+     */
+    @Deprecated
     public static String removeHashTypePrefix(String hashString) {
         if (UtilValidate.isEmpty(hashString) || hashString.charAt(0) != '{') {
             return hashString;
@@ -178,6 +198,10 @@ public class HashCrypt {
         return hashString.substring(hashString.indexOf('}') + 1);
     }
 
+    /**
+     * @deprecated no replacement, logic moved into comparePassword
+     */
+    @Deprecated
     public static String getDigestHashOldFunnyHexEncode(String str, String hashType) {
         if (UtilValidate.isEmpty(hashType)) hashType = "SHA";
         if (str == null) return null;

Modified: ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LdapAuthenticationServices.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LdapAuthenticationServices.java?rev=1327741&r1=1327740&r2=1327741&view=diff
==============================================================================
--- ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LdapAuthenticationServices.java (original)
+++ ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LdapAuthenticationServices.java Wed Apr 18 23:49:22 2012
@@ -94,24 +94,16 @@ public class LdapAuthenticationServices
         // Synchronize user's OFBiz password with user's LDAP password
         if (userLogin != null) {
             boolean useEncryption = "true".equals(UtilProperties.getPropertyValue("security.properties", "password.encrypt"));
-            String encodedPassword = useEncryption ? HashCrypt.getDigestHash(password, LoginServices.getHashType()) : password;
-            String encodedPasswordOldFunnyHexEncode = useEncryption ? HashCrypt.getDigestHashOldFunnyHexEncode(password, LoginServices.getHashType()) : password;
-            String encodedPasswordUsingDbHashType = encodedPassword;
             String currentPassword = userLogin.getString("currentPassword");
-            if (useEncryption && currentPassword != null && currentPassword.startsWith("{")) {
-                String dbHashType = HashCrypt.getHashTypeFromPrefix(currentPassword);
-                if (dbHashType != null) {
-                    encodedPasswordUsingDbHashType = HashCrypt.getDigestHash(password, dbHashType);
-                }
+            boolean samePassword;
+            if (useEncryption) {
+                samePassword = HashCrypt.comparePassword(currentPassword, LoginServices.getHashType(), password);
+            } else {
+                samePassword = currentPassword.equals(password);
             }
-            boolean samePassword = currentPassword != null &&
-                    (HashCrypt.removeHashTypePrefix(encodedPassword).equals(HashCrypt.removeHashTypePrefix(currentPassword)) ||
-                            HashCrypt.removeHashTypePrefix(encodedPasswordOldFunnyHexEncode).equals(HashCrypt.removeHashTypePrefix(currentPassword)) ||
-                            HashCrypt.removeHashTypePrefix(encodedPasswordUsingDbHashType).equals(HashCrypt.removeHashTypePrefix(currentPassword)) ||
-                        ("true".equals(UtilProperties.getPropertyValue("security.properties", "password.accept.encrypted.and.plain")) && password.equals(currentPassword)));
             if (!samePassword) {
                 Debug.logVerbose("Starting password synchronization", module);
-                userLogin.set("currentPassword", useEncryption ? HashCrypt.getDigestHash(password, LoginServices.getHashType()) : password, false);
+                userLogin.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(LoginServices.getHashType(), password) : password, false);
                 Transaction parentTx = null;
                 boolean beganTransaction = false;
                 try {

Modified: ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java?rev=1327741&r1=1327740&r2=1327741&view=diff
==============================================================================
--- ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java (original)
+++ ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java Wed Apr 18 23:49:22 2012
@@ -456,7 +456,7 @@ public class LoginServices {
         // save this password in history
         GenericValue userLoginPwdHistToCreate = delegator.makeValue("UserLoginPasswordHistory", UtilMisc.toMap("userLoginId", userLoginId,"fromDate", nowTimestamp));
         boolean useEncryption = "true".equals(UtilProperties.getPropertyValue("security.properties", "password.encrypt"));
-        userLoginPwdHistToCreate.set("currentPassword", useEncryption ? HashCrypt.getDigestHash(currentPassword, getHashType()) : currentPassword);
+        userLoginPwdHistToCreate.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(getHashType(), currentPassword) : currentPassword);
         userLoginPwdHistToCreate.create();
     }
 
@@ -520,7 +520,7 @@ public class LoginServices {
         userLoginToCreate.set("passwordHint", passwordHint);
         userLoginToCreate.set("enabled", enabled);
         userLoginToCreate.set("requirePasswordChange", requirePasswordChange);
-        userLoginToCreate.set("currentPassword", useEncryption ? HashCrypt.getDigestHash(currentPassword, getHashType()) : currentPassword);
+        userLoginToCreate.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(getHashType(), currentPassword) : currentPassword);
         try {
             userLoginToCreate.set("partyId", partyId);
         } catch (Exception e) {
@@ -672,7 +672,7 @@ public class LoginServices {
                 return ServiceUtil.returnError(errMsg);
             }
         } else {
-            userLoginToUpdate.set("currentPassword", useEncryption ? HashCrypt.getDigestHash(newPassword, getHashType()) : newPassword, false);
+            userLoginToUpdate.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(getHashType(), newPassword) : newPassword, false);
             userLoginToUpdate.set("passwordHint", passwordHint, false);
             userLoginToUpdate.set("requirePasswordChange", "N");
 
@@ -925,7 +925,7 @@ public class LoginServices {
             Delegator delegator = userLogin.getDelegator();
             String newPasswordHash = newPassword;
             if (useEncryption) {
-                newPasswordHash = HashCrypt.getDigestHash(newPassword, getHashType());
+                newPasswordHash = HashCrypt.cryptPassword(getHashType(), newPassword);
             }
             try {
                 List<GenericValue> pwdHistList = delegator.findByAnd("UserLoginPasswordHistory", UtilMisc.toMap("userLoginId",userLogin.getString("userLoginId"),"currentPassword",newPasswordHash));
@@ -984,21 +984,7 @@ public class LoginServices {
         boolean passwordMatches = false;
         if (oldPassword != null) {
             if (useEncryption) {
-                String encodedPassword = HashCrypt.getDigestHash(currentPassword, getHashType());
-                String encodedPasswordOldFunnyHexEncode = HashCrypt.getDigestHashOldFunnyHexEncode(currentPassword, getHashType());
-                String encodedPasswordUsingDbHashType = encodedPassword;
-                if (oldPassword.startsWith("{")) {
-                    // get encode according to the type in the database
-                    String dbHashType = HashCrypt.getHashTypeFromPrefix(oldPassword);
-                    if (dbHashType != null) {
-                        encodedPasswordUsingDbHashType = HashCrypt.getDigestHash(currentPassword, dbHashType);
-                    }
-                }
-                passwordMatches = HashCrypt.removeHashTypePrefix(encodedPassword).equals(HashCrypt.removeHashTypePrefix(oldPassword)) ||
-                        HashCrypt.removeHashTypePrefix(encodedPasswordOldFunnyHexEncode).equals(HashCrypt.removeHashTypePrefix(oldPassword)) ||
-                        HashCrypt.removeHashTypePrefix(encodedPasswordUsingDbHashType).equals(HashCrypt.removeHashTypePrefix(oldPassword)) ||
-                    ("true".equals(UtilProperties.getPropertyValue("security.properties", "password.accept.encrypted.and.plain")) && oldPassword.equals(currentPassword));
-                //passwordMatches = HashCrypt.comparePassword(oldPassword, getHashType(), currentPassword);
+                passwordMatches = HashCrypt.comparePassword(oldPassword, getHashType(), currentPassword);
             } else {
                 passwordMatches = oldPassword.equals(currentPassword);
             }

Modified: ofbiz/trunk/specialpurpose/ldap/src/org/ofbiz/ldap/commons/AbstractOFBizAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/ldap/src/org/ofbiz/ldap/commons/AbstractOFBizAuthenticationHandler.java?rev=1327741&r1=1327740&r2=1327741&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/ldap/src/org/ofbiz/ldap/commons/AbstractOFBizAuthenticationHandler.java (original)
+++ ofbiz/trunk/specialpurpose/ldap/src/org/ofbiz/ldap/commons/AbstractOFBizAuthenticationHandler.java Wed Apr 18 23:49:22 2012
@@ -101,7 +101,7 @@ public abstract class AbstractOFBizAuthe
         userLoginToCreate.set("passwordHint", "");
         userLoginToCreate.set("enabled", "Y");
         userLoginToCreate.set("partyId", getPartyId(rootElement, result));
-        userLoginToCreate.set("currentPassword", useEncryption ? HashCrypt.getDigestHash(password, LoginServices.getHashType()) : password);
+        userLoginToCreate.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(LoginServices.getHashType(), password) : password);
 
         GenericValue userTryToLogin = delegator.findOne("UserLogin", false, "userLoginId", username);
         if (userTryToLogin == null) {
@@ -119,7 +119,7 @@ public abstract class AbstractOFBizAuthe
                 throw new GenericEntityException(e.getLocalizedMessage());
             }
         } else {
-            userTryToLogin.setString("currentPassword", useEncryption ? HashCrypt.getDigestHash(password, LoginServices.getHashType()) : password);
+            userTryToLogin.setString("currentPassword", useEncryption ? HashCrypt.cryptPassword(LoginServices.getHashType(), password) : password);
             userTryToLogin.store();
         }