1 /*****************************************************************
2 * Licensed to the Apache Software Foundation (ASF) under one *
3 * or more contributor license agreements. See the NOTICE file *
4 * distributed with this work for additional information *
5 * regarding copyright ownership. The ASF licenses this file *
6 * to you under the Apache License, Version 2.0 (the *
7 * "License"); you may not use this file except in compliance *
8 * with the License. You may obtain a copy of the License at *
9 * *
10 * http://www.apache.org/licenses/LICENSE-2.0 *
11 * *
12 * Unless required by applicable law or agreed to in writing, *
13 * software distributed under the License is distributed on an *
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY *
15 * KIND, either express or implied. See the License for the *
16 * specific language governing permissions and limitations *
17 * under the License. *
18 ****************************************************************/
19
20 package org.apache.james.userrepository;
21
22 import org.apache.james.security.DigestUtil;
23 import org.apache.james.services.User;
24
25 import java.io.Serializable;
26 import java.security.NoSuchAlgorithmException;
27
28 /***
29 * Implementation of User Interface. Instances of this class do not allow
30 * the the user name to be reset.
31 *
32 *
33 * @version CVS $Revision: 494012 $
34 */
35
36 public class DefaultUser implements User, Serializable {
37
38 private static final long serialVersionUID = 5178048915868531270L;
39
40 private String userName;
41 private String hashedPassword;
42 private String algorithm ;
43
44 /***
45 * Standard constructor.
46 *
47 * @param name the String name of this user
48 * @param hashAlg the algorithm used to generate the hash of the password
49 */
50 public DefaultUser(String name, String hashAlg) {
51 userName = name;
52 algorithm = hashAlg;
53 }
54
55 /***
56 * Constructor for repositories that are construcing user objects from
57 * separate fields, e.g. databases.
58 *
59 * @param name the String name of this user
60 * @param passwordHash the String hash of this users current password
61 * @param hashAlg the String algorithm used to generate the hash of the
62 * password
63 */
64 public DefaultUser(String name, String passwordHash, String hashAlg) {
65 userName = name;
66 hashedPassword = passwordHash;
67 algorithm = hashAlg;
68 }
69
70 /***
71 * Accessor for immutable name
72 *
73 * @return the String of this users name
74 */
75 public String getUserName() {
76 return userName;
77 }
78
79 /***
80 * Method to verify passwords.
81 *
82 * @param pass the String that is claimed to be the password for this user
83 * @return true if the hash of pass with the current algorithm matches
84 * the stored hash.
85 */
86 public boolean verifyPassword(String pass) {
87 try {
88 String hashGuess = DigestUtil.digestString(pass, algorithm);
89 return hashedPassword.equals(hashGuess);
90 } catch (NoSuchAlgorithmException nsae) {
91 throw new RuntimeException("Security error: " + nsae);
92 }
93 }
94
95 /***
96 * Sets new password from String. No checks made on guessability of
97 * password.
98 *
99 * @param newPass the String that is the new password.
100 * @return true if newPass successfuly hashed
101 */
102 public boolean setPassword(String newPass) {
103 try {
104 hashedPassword = DigestUtil.digestString(newPass, algorithm);
105 return true;
106 } catch (NoSuchAlgorithmException nsae) {
107 throw new RuntimeException("Security error: " + nsae);
108 }
109 }
110
111 /***
112 * Method to access hash of password
113 *
114 * @return the String of the hashed Password
115 */
116 protected String getHashedPassword() {
117 return hashedPassword;
118 }
119
120 /***
121 * Method to access the hashing algorithm of the password.
122 *
123 * @return the name of the hashing algorithm used for this user's password
124 */
125 protected String getHashAlgorithm() {
126 return algorithm;
127 }
128
129
130 }