From 93a49b7397a4d6d83a89d572384a039be0cfd2f4 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Fri, 2 Sep 2016 16:36:01 +0200 Subject: [PATCH] Continued a bit: - no, the string must be initialized in e.g. static initializer - added logging for debugging regex (came from JavaScript) - maybe now they work? --- .../jusercore/model/user/UserUtils.java | 146 +++++++++++------- 1 file changed, 89 insertions(+), 57 deletions(-) diff --git a/src/org/mxchange/jusercore/model/user/UserUtils.java b/src/org/mxchange/jusercore/model/user/UserUtils.java index d0f72e2..b4484a1 100644 --- a/src/org/mxchange/jusercore/model/user/UserUtils.java +++ b/src/org/mxchange/jusercore/model/user/UserUtils.java @@ -37,11 +37,7 @@ public class UserUtils implements Serializable { /** * Password alphabet */ - private static final String PASSWORD_ALPHABET = - UserUtils.PASSWORD_ALPHABET_PARTS[0] + - UserUtils.PASSWORD_ALPHABET_PARTS[1] + - UserUtils.PASSWORD_ALPHABET_PARTS[2] + - UserUtils.PASSWORD_ALPHABET_PARTS[3]; + private static String PASSWORD_ALPHABET; /** * Password alphabet parts @@ -57,7 +53,7 @@ public class UserUtils implements Serializable { "0123456789", //NOI18N // characters - "!\"$%&/()=?{[]}@+*#-_,.;:<|>" //NOI18N + "~^!$%&/()=?{[]}@+*#-_,.;:<|>" //NOI18N }; /** @@ -81,6 +77,12 @@ public class UserUtils implements Serializable { static { // Init RNG RANDOM_NUMBER_GENERATOR = new SecureRandom(); + + // Init alphabet + PASSWORD_ALPHABET = UserUtils.PASSWORD_ALPHABET_PARTS[0] + + UserUtils.PASSWORD_ALPHABET_PARTS[1] + + UserUtils.PASSWORD_ALPHABET_PARTS[2] + + UserUtils.PASSWORD_ALPHABET_PARTS[3]; } /** @@ -106,45 +108,6 @@ public class UserUtils implements Serializable { return entropyFactor; } - /** - * Creates a pseudo-random password with given length - *

- * @param length Length of the password - *

- * @return Pseudo-random password - */ - public static String createRandomPassword (final Integer length) { - // Parameter should be valid - if (null == length) { - // Throw NPE - throw new NullPointerException("length is null"); //NOI18N - } else if (length < PASSWORD_MINIMUM_LENGTH) { - // To weak passwords - throw new IllegalArgumentException(MessageFormat.format("Password length {0} is to short, minimum: {1}", length, PASSWORD_MINIMUM_LENGTH)); //NOI18N - } - - // Init variable - StringBuilder password = new StringBuilder(length); - - // Start creating it - for (int i = 0; i < length; i++) { - // Take random part - String alphabet = PASSWORD_ALPHABET_PARTS[RANDOM_NUMBER_GENERATOR.nextInt(PASSWORD_ALPHABET_PARTS.length)]; - - // Generate random number - int pos = RANDOM_NUMBER_GENERATOR.nextInt(alphabet.length()); - - // Get char at this position and add it to the final password - password.append(String.valueOf(alphabet.charAt(pos))); - } - - // Should have the wanted length - assert (password.length() == length) : MessageFormat.format("Password length {0} doesn't match requested: {1}", password.length(), length); //NOI18N - - // Return it - return password.toString(); - } - /** * Determines given password's strength: 0 = bad, 100 = best. This method is * based on @@ -154,7 +117,10 @@ public class UserUtils implements Serializable { *

* @return Strength of password */ - public static float determinePasswordStrength (final String password) { + public static double calculatePasswordScore (final String password) { + // Log message + System.out.println(UserUtils.class.getSimpleName() + ".calculatePasswordScore: password=" + password + " - CALLED!"); + // Should not be null if (null == password) { // Throw NPE @@ -165,53 +131,119 @@ public class UserUtils implements Serializable { } // Init score - float score = 0.0f; + double score = 0.0f; //password length - score += password.length() * calculateEntropyFactor(password); + score += password.length() * calculateEntropyFactor(password) / 100; + + // Log message + System.out.println(UserUtils.class.getSimpleName() + ".calculatePasswordScore: score=" + score + " - after length"); //password has 3 numbers - if (Pattern.matches("/(.*[0-9].*[0-9].*[0-9])/", password)) { //NOI18N + if (Pattern.matches("(.*[0-9].*[0-9].*[0-9].*)+", password)) { //NOI18N score += 5; } + // Log message + System.out.println(UserUtils.class.getSimpleName() + ".calculatePasswordScore: score=" + score + " - after 3 numbers"); + //password has 2 symbols - if (Pattern.matches("/(.*[!,@,#,$,%,^,&,*,?,_,~].*[!,@,#,$,%,^,&,*,?,_,~])/", password)) { //NOI18N + if (Pattern.matches("(.*[!,@,#,$,%,^,&,*,?,_,~,=,.,-,;,:].*[!,@,#,$,%,^,&,*,?,_,~,=,.,-,;,:].*)+", password)) { //NOI18N score += 5; } + // Log message + System.out.println(UserUtils.class.getSimpleName() + ".calculatePasswordScore: score=" + score + " - after 2 symbols"); + //password has Upper and Lower chars - if (Pattern.matches("/([a-z].*[A-Z])|([A-Z].*[a-z])/", password)) { //NOI18N + if (Pattern.matches("(.*[a-z].*[A-Z])|([A-Z].*[a-z].*)+", password)) { //NOI18N score += 10; } + // Log message + System.out.println(UserUtils.class.getSimpleName() + ".calculatePasswordScore: score=" + score + " - after upper/lower"); + //password has number and chars - if (Pattern.matches("/([a-zA-Z])/", password) && Pattern.matches("/([0-9])/", password)) { //NOI18N + if (Pattern.matches("(.*[a-zA-Z].*)+", password) && Pattern.matches("(.*[0-9].*)+", password)) { //NOI18N score += 15; } + // Log message + System.out.println(UserUtils.class.getSimpleName() + ".calculatePasswordScore: score=" + score + " - after number+chars"); + //password has number and symbol - if (Pattern.matches("/([!,@,#,$,%,^,&,*,?,_,~])/", password) && Pattern.matches("/([0-9])/", password)) { //NOI18N + if (Pattern.matches("(.*[!,@,#,$,%,^,&,*,?,_,~,=,.,-,;,:].*)+", password) && Pattern.matches("(.*[0-9].*)+", password)) { //NOI18N score += 15; } + // Log message + System.out.println(UserUtils.class.getSimpleName() + ".calculatePasswordScore: score=" + score + " - after number+symbol"); + //password has char and symbol - if (Pattern.matches("/([!,@,#,$,%,^,&,*,?,_,~])/", password) && Pattern.matches("/([a-zA-Z])/", password)) { //NOI18N + if (Pattern.matches("(.*[!,@,#,$,%,^,&,*,?,_,~,=,.,-,;,:].*)+", password) && Pattern.matches("(.*[a-zA-Z].*)+", password)) { //NOI18N score += 15; } - //password is just a nubers or chars - if (Pattern.matches("/^[a-zA-Z]+$/", password) || Pattern.matches("/^[0-9]+$/", password)) { //NOI18N + // Log message + System.out.println(UserUtils.class.getSimpleName() + ".calculatePasswordScore: score=" + score + " - after char+symbol"); + + //password is just numbers or chars + if (Pattern.matches("^[a-zA-Z]+$", password) || Pattern.matches("^[0-9]+$", password)) { //NOI18N score -= 10; } + // Log message + System.out.println(UserUtils.class.getSimpleName() + ".calculatePasswordScore: score=" + score + " - after number/char"); + // Larger than 100 is not allowed - score = Math.max(score, 100.0f); + score = Math.max(Math.min(score, 100.0f), 0.0f); + + // Log message + System.out.println(UserUtils.class.getSimpleName() + ".calculatePasswordScore: score=" + score + " - EXIT!"); // Return it return score; } + /** + * Creates a pseudo-random password with given length + *

+ * @param length Length of the password + *

+ * @return Pseudo-random password + */ + public static String createRandomPassword (final Integer length) { + // Parameter should be valid + if (null == length) { + // Throw NPE + throw new NullPointerException("length is null"); //NOI18N + } else if (length < PASSWORD_MINIMUM_LENGTH) { + // To weak passwords + throw new IllegalArgumentException(MessageFormat.format("Password length {0} is to short, minimum: {1}", length, PASSWORD_MINIMUM_LENGTH)); //NOI18N + } + + // Init variable + StringBuilder password = new StringBuilder(length); + + // Start creating it + for (int i = 0; i < length; i++) { + // Take random part + String alphabet = PASSWORD_ALPHABET_PARTS[RANDOM_NUMBER_GENERATOR.nextInt(PASSWORD_ALPHABET_PARTS.length)]; + + // Generate random number + int pos = RANDOM_NUMBER_GENERATOR.nextInt(alphabet.length()); + + // Get char at this position and add it to the final password + password.append(String.valueOf(alphabet.charAt(pos))); + } + + // Should have the wanted length + assert (password.length() == length) : MessageFormat.format("Password length {0} doesn't match requested: {1}", password.length(), length); //NOI18N + + // Return it + return password.toString(); + } + /** * Hashes given user password and adds a salt to it *

-- 2.39.5