1 /************************************************************************
2 * Copyright (c) 2000-2006 The Apache Software Foundation. *
3 * All rights reserved. *
4 * ------------------------------------------------------------------- *
5 * Licensed under the Apache License, Version 2.0 (the "License"); you *
6 * may not use this file except in compliance with the License. You *
7 * may obtain a copy of the License at: *
8 * *
9 * http://www.apache.org/licenses/LICENSE-2.0 *
10 * *
11 * Unless required by applicable law or agreed to in writing, software *
12 * distributed under the License is distributed on an "AS IS" BASIS, *
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or *
14 * implied. See the License for the specific language governing *
15 * permissions and limitations under the License. *
16 ***********************************************************************/
17
18 package org.apache.james.userrepository;
19
20 import org.apache.james.security.DigestUtil;
21 import org.apache.james.services.User;
22
23 import java.io.Serializable;
24 import java.security.NoSuchAlgorithmException;
25
26 /***
27 * Implementation of User Interface. Instances of this class do not allow
28 * the the user name to be reset.
29 *
30 *
31 * @version CVS $Revision: 450935 $
32 */
33
34 public class DefaultUser implements User, Serializable {
35
36 private static final long serialVersionUID = 5178048915868531270L;
37
38 private String userName;
39 private String hashedPassword;
40 private String algorithm ;
41
42 /***
43 * Standard constructor.
44 *
45 * @param name the String name of this user
46 * @param hashAlg the algorithm used to generate the hash of the password
47 */
48 public DefaultUser(String name, String hashAlg) {
49 userName = name;
50 algorithm = hashAlg;
51 }
52
53 /***
54 * Constructor for repositories that are construcing user objects from
55 * separate fields, e.g. databases.
56 *
57 * @param name the String name of this user
58 * @param passwordHash the String hash of this users current password
59 * @param hashAlg the String algorithm used to generate the hash of the
60 * password
61 */
62 public DefaultUser(String name, String passwordHash, String hashAlg) {
63 userName = name;
64 hashedPassword = passwordHash;
65 algorithm = hashAlg;
66 }
67
68 /***
69 * Accessor for immutable name
70 *
71 * @return the String of this users name
72 */
73 public String getUserName() {
74 return userName;
75 }
76
77 /***
78 * Method to verify passwords.
79 *
80 * @param pass the String that is claimed to be the password for this user
81 * @return true if the hash of pass with the current algorithm matches
82 * the stored hash.
83 */
84 public boolean verifyPassword(String pass) {
85 try {
86 String hashGuess = DigestUtil.digestString(pass, algorithm);
87 return hashedPassword.equals(hashGuess);
88 } catch (NoSuchAlgorithmException nsae) {
89 throw new RuntimeException("Security error: " + nsae);
90 }
91 }
92
93 /***
94 * Sets new password from String. No checks made on guessability of
95 * password.
96 *
97 * @param newPass the String that is the new password.
98 * @return true if newPass successfuly hashed
99 */
100 public boolean setPassword(String newPass) {
101 try {
102 hashedPassword = DigestUtil.digestString(newPass, algorithm);
103 return true;
104 } catch (NoSuchAlgorithmException nsae) {
105 throw new RuntimeException("Security error: " + nsae);
106 }
107 }
108
109 /***
110 * Method to access hash of password
111 *
112 * @return the String of the hashed Password
113 */
114 protected String getHashedPassword() {
115 return hashedPassword;
116 }
117
118 /***
119 * Method to access the hashing algorithm of the password.
120 *
121 * @return the name of the hashing algorithm used for this user's password
122 */
123 protected String getHashAlgorithm() {
124 return algorithm;
125 }
126
127
128 }