1 /************************************************************************ 2 * Copyright (c) 2000-2006 The Apache Software Foundation. * 3 * All rights reserved. * 4 * ------------------------------------------------------------------- * 5 * Licensed under the Apache License, Version 2.0 (the "License"); you * 6 * may not use this file except in compliance with the License. You * 7 * may obtain a copy of the License at: * 8 * * 9 * http://www.apache.org/licenses/LICENSE-2.0 * 10 * * 11 * Unless required by applicable law or agreed to in writing, software * 12 * distributed under the License is distributed on an "AS IS" BASIS, * 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or * 14 * implied. See the License for the specific language governing * 15 * permissions and limitations under the License. * 16 ***********************************************************************/ 17 18 package org.apache.james.userrepository; 19 20 import org.apache.james.security.DigestUtil; 21 import org.apache.james.services.User; 22 23 import java.io.Serializable; 24 import java.security.NoSuchAlgorithmException; 25 26 /*** 27 * Implementation of User Interface. Instances of this class do not allow 28 * the the user name to be reset. 29 * 30 * 31 * @version CVS $Revision: 450935 $ 32 */ 33 34 public class DefaultUser implements User, Serializable { 35 36 private static final long serialVersionUID = 5178048915868531270L; 37 38 private String userName; 39 private String hashedPassword; 40 private String algorithm ; 41 42 /*** 43 * Standard constructor. 44 * 45 * @param name the String name of this user 46 * @param hashAlg the algorithm used to generate the hash of the password 47 */ 48 public DefaultUser(String name, String hashAlg) { 49 userName = name; 50 algorithm = hashAlg; 51 } 52 53 /*** 54 * Constructor for repositories that are construcing user objects from 55 * separate fields, e.g. databases. 56 * 57 * @param name the String name of this user 58 * @param passwordHash the String hash of this users current password 59 * @param hashAlg the String algorithm used to generate the hash of the 60 * password 61 */ 62 public DefaultUser(String name, String passwordHash, String hashAlg) { 63 userName = name; 64 hashedPassword = passwordHash; 65 algorithm = hashAlg; 66 } 67 68 /*** 69 * Accessor for immutable name 70 * 71 * @return the String of this users name 72 */ 73 public String getUserName() { 74 return userName; 75 } 76 77 /*** 78 * Method to verify passwords. 79 * 80 * @param pass the String that is claimed to be the password for this user 81 * @return true if the hash of pass with the current algorithm matches 82 * the stored hash. 83 */ 84 public boolean verifyPassword(String pass) { 85 try { 86 String hashGuess = DigestUtil.digestString(pass, algorithm); 87 return hashedPassword.equals(hashGuess); 88 } catch (NoSuchAlgorithmException nsae) { 89 throw new RuntimeException("Security error: " + nsae); 90 } 91 } 92 93 /*** 94 * Sets new password from String. No checks made on guessability of 95 * password. 96 * 97 * @param newPass the String that is the new password. 98 * @return true if newPass successfuly hashed 99 */ 100 public boolean setPassword(String newPass) { 101 try { 102 hashedPassword = DigestUtil.digestString(newPass, algorithm); 103 return true; 104 } catch (NoSuchAlgorithmException nsae) { 105 throw new RuntimeException("Security error: " + nsae); 106 } 107 } 108 109 /*** 110 * Method to access hash of password 111 * 112 * @return the String of the hashed Password 113 */ 114 protected String getHashedPassword() { 115 return hashedPassword; 116 } 117 118 /*** 119 * Method to access the hashing algorithm of the password. 120 * 121 * @return the name of the hashing algorithm used for this user's password 122 */ 123 protected String getHashAlgorithm() { 124 return algorithm; 125 } 126 127 128 }