2 * Copyright (C) 2016 Roland Haeder
4 * This program is free software: you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation, either version 3 of the License, or
7 * (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program. If not, see <http://www.gnu.org/licenses/>.
17 package org.mxchange.jusercore.model.user;
19 import org.apache.commons.codec.digest.Crypt;
20 import org.mxchange.jcore.BaseFrameworkSystem;
21 import org.mxchange.jusercore.container.login.LoginContainer;
24 * An utilities class for customers
26 * @author Roland Haeder<roland@mxchange.org>
28 public class UserUtils extends BaseFrameworkSystem {
33 private static final int SALT_LENGTH = 10;
36 * Hashes given user password and adds a salt to it
38 * @param userPassword User password to be hashed
40 * @return Hashed user password
42 public static String encryptPassword (final String userPassword) {
43 // Is it null or empty?
44 if (null == userPassword) {
46 throw new NullPointerException("userPassword is null");
47 } else if (userPassword.isEmpty()) {
48 // Empty passwords are hardcoded not allowed due to security risks
49 throw new IllegalArgumentException("userPassword is empty");
52 // Generate large number
53 String number = Long.toString(Math.round(Math.random() * 10_000_000_000L));
56 String salt = Crypt.crypt(number);
58 // First encrypt password
59 String encryptedPassword = Crypt.crypt(userPassword, salt);
62 return encryptedPassword;
66 * Checks if password from container matches the updatedUser's password
68 * @param container Container holding user instance and unencrypted password
69 * @param updatedUser Updated user instance from database
71 * @return Whethet the password matches
73 public static boolean ifPasswordMatches (final LoginContainer container, final User updatedUser) {
74 // Validate parameters
75 if (null == container) {
77 throw new NullPointerException("container is null");
78 } else if (null == updatedUser) {
80 throw new NullPointerException("updatedUser is null");
81 } else if (container.getUser() == null) {
82 // NPE for user in container
83 throw new NullPointerException("container.user is null");
84 } else if (container.getUserPassword() == null) {
85 // NPE for user password in container
86 throw new NullPointerException("container.userPassword is null");
87 } else if (container.getUserPassword().isEmpty()) {
88 // Empty password in container
89 throw new IllegalArgumentException("container.userPassword is empty");
92 // First encrypt password
93 String encryptedPassword = Crypt.crypt(container.getUserPassword(), updatedUser.getUserEncryptedPassword());
96 return encryptedPassword.equals(updatedUser.getUserEncryptedPassword());
100 * No instance from this class
102 private UserUtils () {