/**
* Password alphabet
*/
- private static final String PASSWORD_ALPHABET =
- UserUtils.PASSWORD_ALPHABET_PARTS[0] +
- UserUtils.PASSWORD_ALPHABET_PARTS[1] +
- UserUtils.PASSWORD_ALPHABET_PARTS[2] +
- UserUtils.PASSWORD_ALPHABET_PARTS[3];
+ private static String PASSWORD_ALPHABET;
/**
* Password alphabet parts
"0123456789", //NOI18N
// characters
- "!\"$%&/()=?{[]}@+*#-_,.;:<|>" //NOI18N
+ "~^!$%&/()=?{[]}@+*#-_,.;:<|>" //NOI18N
};
/**
static {
// Init RNG
RANDOM_NUMBER_GENERATOR = new SecureRandom();
+
+ // Init alphabet
+ PASSWORD_ALPHABET = UserUtils.PASSWORD_ALPHABET_PARTS[0] +
+ UserUtils.PASSWORD_ALPHABET_PARTS[1] +
+ UserUtils.PASSWORD_ALPHABET_PARTS[2] +
+ UserUtils.PASSWORD_ALPHABET_PARTS[3];
}
/**
return entropyFactor;
}
- /**
- * Creates a pseudo-random password with given length
- * <p>
- * @param length Length of the password
- * <p>
- * @return Pseudo-random password
- */
- public static String createRandomPassword (final Integer length) {
- // Parameter should be valid
- if (null == length) {
- // Throw NPE
- throw new NullPointerException("length is null"); //NOI18N
- } else if (length < PASSWORD_MINIMUM_LENGTH) {
- // To weak passwords
- throw new IllegalArgumentException(MessageFormat.format("Password length {0} is to short, minimum: {1}", length, PASSWORD_MINIMUM_LENGTH)); //NOI18N
- }
-
- // Init variable
- StringBuilder password = new StringBuilder(length);
-
- // Start creating it
- for (int i = 0; i < length; i++) {
- // Take random part
- String alphabet = PASSWORD_ALPHABET_PARTS[RANDOM_NUMBER_GENERATOR.nextInt(PASSWORD_ALPHABET_PARTS.length)];
-
- // Generate random number
- int pos = RANDOM_NUMBER_GENERATOR.nextInt(alphabet.length());
-
- // Get char at this position and add it to the final password
- password.append(String.valueOf(alphabet.charAt(pos)));
- }
-
- // Should have the wanted length
- assert (password.length() == length) : MessageFormat.format("Password length {0} doesn't match requested: {1}", password.length(), length); //NOI18N
-
- // Return it
- return password.toString();
- }
-
/**
* Determines given password's strength: 0 = bad, 100 = best. This method is
* based on
* <p>
* @return Strength of password
*/
- public static float determinePasswordStrength (final String password) {
+ public static double calculatePasswordScore (final String password) {
+ // Log message
+ System.out.println(UserUtils.class.getSimpleName() + ".calculatePasswordScore: password=" + password + " - CALLED!");
+
// Should not be null
if (null == password) {
// Throw NPE
}
// Init score
- float score = 0.0f;
+ double score = 0.0f;
//password length
- score += password.length() * calculateEntropyFactor(password);
+ score += password.length() * calculateEntropyFactor(password) / 100;
+
+ // Log message
+ System.out.println(UserUtils.class.getSimpleName() + ".calculatePasswordScore: score=" + score + " - after length");
//password has 3 numbers
- if (Pattern.matches("/(.*[0-9].*[0-9].*[0-9])/", password)) { //NOI18N
+ if (Pattern.matches("(.*[0-9].*[0-9].*[0-9].*)+", password)) { //NOI18N
score += 5;
}
+ // Log message
+ System.out.println(UserUtils.class.getSimpleName() + ".calculatePasswordScore: score=" + score + " - after 3 numbers");
+
//password has 2 symbols
- if (Pattern.matches("/(.*[!,@,#,$,%,^,&,*,?,_,~].*[!,@,#,$,%,^,&,*,?,_,~])/", password)) { //NOI18N
+ if (Pattern.matches("(.*[!,@,#,$,%,^,&,*,?,_,~,=,.,-,;,:].*[!,@,#,$,%,^,&,*,?,_,~,=,.,-,;,:].*)+", password)) { //NOI18N
score += 5;
}
+ // Log message
+ System.out.println(UserUtils.class.getSimpleName() + ".calculatePasswordScore: score=" + score + " - after 2 symbols");
+
//password has Upper and Lower chars
- if (Pattern.matches("/([a-z].*[A-Z])|([A-Z].*[a-z])/", password)) { //NOI18N
+ if (Pattern.matches("(.*[a-z].*[A-Z])|([A-Z].*[a-z].*)+", password)) { //NOI18N
score += 10;
}
+ // Log message
+ System.out.println(UserUtils.class.getSimpleName() + ".calculatePasswordScore: score=" + score + " - after upper/lower");
+
//password has number and chars
- if (Pattern.matches("/([a-zA-Z])/", password) && Pattern.matches("/([0-9])/", password)) { //NOI18N
+ if (Pattern.matches("(.*[a-zA-Z].*)+", password) && Pattern.matches("(.*[0-9].*)+", password)) { //NOI18N
score += 15;
}
+ // Log message
+ System.out.println(UserUtils.class.getSimpleName() + ".calculatePasswordScore: score=" + score + " - after number+chars");
+
//password has number and symbol
- if (Pattern.matches("/([!,@,#,$,%,^,&,*,?,_,~])/", password) && Pattern.matches("/([0-9])/", password)) { //NOI18N
+ if (Pattern.matches("(.*[!,@,#,$,%,^,&,*,?,_,~,=,.,-,;,:].*)+", password) && Pattern.matches("(.*[0-9].*)+", password)) { //NOI18N
score += 15;
}
+ // Log message
+ System.out.println(UserUtils.class.getSimpleName() + ".calculatePasswordScore: score=" + score + " - after number+symbol");
+
//password has char and symbol
- if (Pattern.matches("/([!,@,#,$,%,^,&,*,?,_,~])/", password) && Pattern.matches("/([a-zA-Z])/", password)) { //NOI18N
+ if (Pattern.matches("(.*[!,@,#,$,%,^,&,*,?,_,~,=,.,-,;,:].*)+", password) && Pattern.matches("(.*[a-zA-Z].*)+", password)) { //NOI18N
score += 15;
}
- //password is just a nubers or chars
- if (Pattern.matches("/^[a-zA-Z]+$/", password) || Pattern.matches("/^[0-9]+$/", password)) { //NOI18N
+ // Log message
+ System.out.println(UserUtils.class.getSimpleName() + ".calculatePasswordScore: score=" + score + " - after char+symbol");
+
+ //password is just numbers or chars
+ if (Pattern.matches("^[a-zA-Z]+$", password) || Pattern.matches("^[0-9]+$", password)) { //NOI18N
score -= 10;
}
+ // Log message
+ System.out.println(UserUtils.class.getSimpleName() + ".calculatePasswordScore: score=" + score + " - after number/char");
+
// Larger than 100 is not allowed
- score = Math.max(score, 100.0f);
+ score = Math.max(Math.min(score, 100.0f), 0.0f);
+
+ // Log message
+ System.out.println(UserUtils.class.getSimpleName() + ".calculatePasswordScore: score=" + score + " - EXIT!");
// Return it
return score;
}
+ /**
+ * Creates a pseudo-random password with given length
+ * <p>
+ * @param length Length of the password
+ * <p>
+ * @return Pseudo-random password
+ */
+ public static String createRandomPassword (final Integer length) {
+ // Parameter should be valid
+ if (null == length) {
+ // Throw NPE
+ throw new NullPointerException("length is null"); //NOI18N
+ } else if (length < PASSWORD_MINIMUM_LENGTH) {
+ // To weak passwords
+ throw new IllegalArgumentException(MessageFormat.format("Password length {0} is to short, minimum: {1}", length, PASSWORD_MINIMUM_LENGTH)); //NOI18N
+ }
+
+ // Init variable
+ StringBuilder password = new StringBuilder(length);
+
+ // Start creating it
+ for (int i = 0; i < length; i++) {
+ // Take random part
+ String alphabet = PASSWORD_ALPHABET_PARTS[RANDOM_NUMBER_GENERATOR.nextInt(PASSWORD_ALPHABET_PARTS.length)];
+
+ // Generate random number
+ int pos = RANDOM_NUMBER_GENERATOR.nextInt(alphabet.length());
+
+ // Get char at this position and add it to the final password
+ password.append(String.valueOf(alphabet.charAt(pos)));
+ }
+
+ // Should have the wanted length
+ assert (password.length() == length) : MessageFormat.format("Password length {0} doesn't match requested: {1}", password.length(), length); //NOI18N
+
+ // Return it
+ return password.toString();
+ }
+
/**
* Hashes given user password and adds a salt to it
* <p>
projects / juser-core.git / commitdiff