1 /****************************************************************
2 * Licensed to the Apache Software Foundation (ASF) under one *
3 * or more contributor license agreements. See the NOTICE file *
4 * distributed with this work for additional information *
5 * regarding copyright ownership. The ASF licenses this file *
6 * to you under the Apache License, Version 2.0 (the *
7 * "License"); you may not use this file except in compliance *
8 * with the License. You may obtain a copy of the License at *
9 * *
10 * http://www.apache.org/licenses/LICENSE-2.0 *
11 * *
12 * Unless required by applicable law or agreed to in writing, *
13 * software distributed under the License is distributed on an *
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY *
15 * KIND, either express or implied. See the License for the *
16 * specific language governing permissions and limitations *
17 * under the License. *
18 ****************************************************************/
19
20 package org.apache.james.jcr;
21
22 import org.apache.jackrabbit.util.Text;
23 import org.apache.james.api.user.User;
24
25 /**
26 * User backed by JCR data.
27 * Differs from standard James by improved hash.
28 * TODO: think about improving DefaultUser.
29 */
30 class JCRUser implements User {
31
32 /**
33 * Static salt for hashing password.
34 * Modifying this value will render all passwords unrecognizable.
35 */
36 public static final String SALT = "JCRUsersRepository";
37
38 /**
39 * Hashes salted password.
40 * @param username not null
41 * @param password not null
42 * @return not null
43 */
44 public static String hashPassword(String username, String password) {
45 // Combine dynamic and static salt
46 final String hashedSaltedPassword = Text.md5(Text.md5(username + password) + SALT);
47 return hashedSaltedPassword;
48 }
49
50 private final String userName;
51 private String hashedSaltedPassword;
52
53 public JCRUser(final String userName, String hashedSaltedPassword) {
54 super();
55 this.userName = userName;
56 this.hashedSaltedPassword = hashedSaltedPassword;
57 }
58
59 public String getUserName() {
60 return userName;
61 }
62
63 /**
64 * Gets salted, hashed password.
65 * @return the hashedSaltedPassword
66 */
67 public final String getHashedSaltedPassword() {
68 return hashedSaltedPassword;
69 }
70
71 public boolean setPassword(String newPass) {
72 final boolean result;
73 if (newPass == null) {
74 result = false;
75 } else {
76 hashedSaltedPassword = hashPassword(userName, newPass);
77 result = true;
78 }
79 return result;
80 }
81
82 public boolean verifyPassword(String pass) {
83 final boolean result;
84 if (pass == null) {
85 result = false;
86 } else {
87 result = hashedSaltedPassword == hashPassword(userName, pass);
88 }
89 return result;
90 }
91 }