+++ /dev/null
-/*
- * Copyright (C) 2016 - 2022 Free Software Foundation
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-package org.mxchange.juserlogincore.login;
-
-import java.io.Serializable;
-import java.security.SecureRandom;
-import java.text.MessageFormat;
-import java.util.Random;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-import org.apache.commons.codec.digest.Crypt;
-import org.apache.commons.codec.digest.DigestUtils;
-import org.mxchange.jcontacts.model.contact.Contact;
-import org.mxchange.jusercore.model.user.User;
-import org.mxchange.jusercore.model.utils.UserUtils;
-import org.mxchange.juserlogincore.container.login.LoginContainer;
-
-/**
- * An utilities class for user logins
- * <p>
- * @author Roland Häder<roland@mxchange.org>
- */
-public class UserLoginUtils implements Serializable {
-
- /**
- * Password alphabet
- */
- private static final String PASSWORD_ALPHABET;
-
- /**
- * Password alphabet parts
- */
- private static final String[] PASSWORD_ALPHABET_PARTS = {
- // lower-case
- "abcdefghijklmnopqrstuvwxyz", //NOI18N
-
- // upper-case
- "ABCDEFGHIJKLMNOPQRSTUVWXYZ", //NOI18N
-
- // numbers
- "0123456789", //NOI18N
-
- // characters
- "~^!$%&/()=?{[]}@+*#-_,.;:<|>" //NOI18N
- };
-
- /**
- * Hard-coded minimum password length
- */
- private static final Integer PASSWORD_MINIMUM_LENGTH = 5;
-
- /**
- * Random number generator
- */
- private static final Random RANDOM_NUMBER_GENERATOR;
-
- /**
- * Serial number
- */
- private static final long serialVersionUID = 18_356_847_120_972L;
-
- /**
- * Static initializer
- */
- static {
- // Init RNG
- RANDOM_NUMBER_GENERATOR = new SecureRandom();
-
- // Init alphabet
- PASSWORD_ALPHABET = UserLoginUtils.PASSWORD_ALPHABET_PARTS[0] +
- UserLoginUtils.PASSWORD_ALPHABET_PARTS[1] +
- UserLoginUtils.PASSWORD_ALPHABET_PARTS[2] +
- UserLoginUtils.PASSWORD_ALPHABET_PARTS[3];
- }
-
- /**
- * Calculates entropy value for given password, higher means better. This
- * method is based on
- * http://stackoverflow.com/questions/14591701/how-to-check-password-strength-in-vaadin
- * <p>
- * @param password Clear text password
- * <p>
- * @return Entropy factor
- */
- public static double calculateEntropyFactor (final String password) {
- // Should not be null
- if (null == password) {
- // Throw NPE
- throw new NullPointerException("password is null"); //NOI18N
- }
-
- // Calculate it
- double entropyFactor = password.length() * Math.log10(PASSWORD_ALPHABET.length()) / Math.log10(2);
-
- // Return it
- return entropyFactor;
- }
-
- /**
- * Determines given password's strength: 0 = worst, 100 = best. This method
- * is based on
- * http://stackoverflow.com/questions/1614811/how-do-i-measure-the-strength-of-a-password
- * <p>
- * @param password Clear-text password
- * <p>
- * @return Strength of password
- */
- public static double calculatePasswordScore (final String password) {
- // Should not be null
- if (null == password) {
- // Throw NPE
- throw new NullPointerException("password is null"); //NOI18N
- } else if (password.isEmpty()) {
- // Is empty
- return 0.0f;
- }
-
- // Init score
- double score = 0.0f;
-
- // Password length
- score += password.length() * calculateEntropyFactor(password) / 100;
-
- // Password has 3 numbers
- if (ifRegExFoundInString("(.*[0-9].*[0-9].*[0-9].*)+", password)) { //NOI18N
- score += 5;
- }
-
- // Password has 2 symbols
- if (ifRegExFoundInString("(.*[!,@,#,$,%,^,&,*,/,?,_,~,=,.,-,;,:].*[!,@,#,$,%,^,&,*,/,?,_,~,=,.,-,;,:].*)+", password)) { //NOI18N
- score += 5;
- }
-
- // Password has Upper and Lower chars
- if (ifRegExFoundInString("(.*[a-z].*[A-Z])|([A-Z].*[a-z].*)+", password)) { //NOI18N
- score += 10;
- }
-
- // Password has number and chars
- if (ifRegExFoundInString("(.*[a-zA-Z].*)+", password) && ifRegExFoundInString("(.*[0-9].*)+", password)) { //NOI18N
- score += 15;
- }
-
- // Password has number and symbol
- if (ifRegExFoundInString("(.*[!,@,#,$,%,^,&,*,/,?,_,~,=,.,-,;,:].*)+", password) && ifRegExFoundInString("(.*[0-9].*)+", password)) { //NOI18N
- score += 15;
- }
-
- // Password has char and symbol
- if (ifRegExFoundInString("(.*[!,@,#,$,%,^,&,*,/,?,_,~,=,.,-,;,:].*)+", password) && ifRegExFoundInString("(.*[a-zA-Z].*)+", password)) { //NOI18N
- score += 15;
- }
-
- // Password is just numbers or chars
- if (ifRegExFoundInString("^[a-zA-Z]+$", password) || ifRegExFoundInString("^[0-9]+$", password)) { //NOI18N
- score -= 10;
- }
-
- // Larger than 100 is not allowed
- score = Math.max(Math.min(score, 100.0f), 0.0f);
-
- // Return it
- return score;
- }
-
- /**
- * Creates a pseudo-random password with given length
- * <p>
- * @param length Length of the password
- * <p>
- * @return Pseudo-random password
- */
- public static String createRandomPassword (final Integer length) {
- // Parameter should be valid
- if (null == length) {
- // Throw NPE
- throw new NullPointerException("length is null"); //NOI18N
- } else if (length < PASSWORD_MINIMUM_LENGTH) {
- // To weak passwords
- throw new IllegalArgumentException(MessageFormat.format("Password length {0} is to short, minimum: {1}", length, PASSWORD_MINIMUM_LENGTH)); //NOI18N
- }
-
- // Init variable
- final StringBuilder password = new StringBuilder(length);
-
- // Start creating it
- for (int i = 0; i < length; i++) {
- // Take random part
- final String alphabet = PASSWORD_ALPHABET_PARTS[RANDOM_NUMBER_GENERATOR.nextInt(PASSWORD_ALPHABET_PARTS.length)];
-
- // Generate random number
- final int pos = RANDOM_NUMBER_GENERATOR.nextInt(alphabet.length());
-
- // Get char at this position and add it to the final password
- password.append(String.valueOf(alphabet.charAt(pos)));
- }
-
- // Should have the wanted length
- assert (password.length() == length) : MessageFormat.format("Password length {0} doesn't match requested: {1}", password.length(), length); //NOI18N
-
- // Return it
- return password.toString();
- }
-
- /**
- * Hashes given user password and adds a salt to it
- * <p>
- * @param userPassword User password to be hashed
- * <p>
- * @return Hashed user password
- */
- public static String encryptPassword (final String userPassword) {
- // Is it null or empty?
- if (null == userPassword) {
- // Throw NPE
- throw new NullPointerException("userPassword is null"); //NOI18N
- } else if (userPassword.isEmpty()) {
- // Empty passwords are hardcoded not allowed due to security risks
- throw new IllegalArgumentException("userPassword is empty"); //NOI18N
- }
-
- // Generate large number
- final String number = Long.toString(RANDOM_NUMBER_GENERATOR.nextLong() * 10_000_000_000L);
-
- // Generate salt
- final String salt = Crypt.crypt(number);
-
- // First encrypt password
- final String encryptedPassword = Crypt.crypt(userPassword, salt);
-
- // Return it
- return encryptedPassword;
- }
-
- /**
- * Generate a key suitable for confirmation. This is basicly a large and
- * strong hash with a lop entropy.
- * <p>
- * @param user User instance to use as additional entropy source
- * <p>
- * @return Generated key
- */
- public static String generatedConfirmationKey (final User user) {
- /**
- * Generates random string by creating a random, encrypted password
- * which gives nice entropy to start with.
- */
- final StringBuilder key = new StringBuilder(encryptPassword(UserUtils.generateRandomUserName()));
-
- // Is user set?
- if (user instanceof User) {
- // Add it's name, too
- key.append(":").append(user); //NOI18N
-
- // Is user name set?
- if (user.getUserName() instanceof String) {
- // Add it
- key.append(":").append(user.getUserName()); //NOI18N
- }
-
- // Is password set?
- if (user.getUserEncryptedPassword() instanceof String) {
- // Add it, too
- key.append(":").append(user.getUserEncryptedPassword()); //NOI18N
- }
-
- // Get contact instance
- final Contact contact = user.getUserContact();
-
- // Is contact set?
- if (contact instanceof Contact) {
- // Add it, too
- key.append(":").append(contact); //NOI18N
-
- // Is email address set?
- if (contact.getContactEmailAddress() instanceof String) {
- // Add it, too
- key.append(":").append(contact.getContactEmailAddress()); //NOI18N
- }
- }
- }
-
- // Hash key
- final String hash = DigestUtils.sha256Hex(key.toString());
-
- // Return it
- return hash;
- }
-
- /**
- * Checks if password from container matches the updatedUser's password
- * <p>
- * @param container Container holding user instance and clear-text
- * password
- * @param updatedUser Updated user instance from database
- * <p>
- * @return Whether the password matches
- */
- public static boolean ifPasswordMatches (final LoginContainer container, final User updatedUser) {
- // Validate parameters
- if (null == container) {
- // Throw NPE
- throw new NullPointerException("container is null"); //NOI18N
- } else if (null == updatedUser) {
- // And again NPE ...
- throw new NullPointerException("updatedUser is null"); //NOI18N
- } else if (container.getUser() == null) {
- // NPE for user in container
- throw new NullPointerException("container.user is null"); //NOI18N
- } else if (container.getUserPassword() == null) {
- // NPE for user password in container
- throw new NullPointerException("container.userPassword is null"); //NOI18N
- } else if (container.getUserPassword().isEmpty()) {
- // Empty password in container
- throw new IllegalArgumentException("container.userPassword is empty"); //NOI18N
- }
-
- // Call below method
- return ifPasswordMatches(container.getUserPassword(), updatedUser);
- }
-
- /**
- * Checks if direct password the updatedUser's password
- * <p>
- * @param clearTextPassword Clear-text (direct) password
- * @param updatedUser Updated user instance from database
- * <p>
- * @return Whether the password matches
- */
- public static boolean ifPasswordMatches (final String clearTextPassword, final User updatedUser) {
- // Validate parameters
- if (null == clearTextPassword) {
- // Throw NPE
- throw new NullPointerException("clearTextPassword is null"); //NOI18N
- } else if (clearTextPassword.isEmpty()) {
- // NPE for user in container
- throw new NullPointerException("clearTextPassword is empty."); //NOI18N
- } else if (null == updatedUser) {
- // And again NPE ...
- throw new NullPointerException("updatedUser is null"); //NOI18N
- }
-
- // First encrypt password
- final String encryptedPassword = Crypt.crypt(clearTextPassword, updatedUser.getUserEncryptedPassword());
-
- // Is it matching?
- return encryptedPassword.equals(updatedUser.getUserEncryptedPassword());
- }
-
- /**
- * Checks if password from container matches with from user instance.
- * <p>
- * @param container Container holding user instance and clear-text password
- * <p>
- * @return Whether it maches
- */
- public static boolean ifPasswordMatches (final LoginContainer container) {
- // Validate parameters
- if (null == container) {
- // Throw NPE
- throw new NullPointerException("container is null"); //NOI18N
- } else if (container.getUser() == null) {
- // NPE for user in container
- throw new NullPointerException("container.user is null"); //NOI18N
- } else if (container.getUserPassword() == null) {
- // NPE for user password in container
- throw new NullPointerException("container.userPassword is null"); //NOI18N
- } else if (container.getUserPassword().isEmpty()) {
- // Empty password in container
- throw new IllegalArgumentException("container.userPassword is empty"); //NOI18N
- }
-
- // Call other method
- return ifPasswordMatches(container.getUserPassword(), container.getUser());
- }
-
- /**
- * Checks if the regular expression is found in given string
- * <p>
- * @param pattern Regular expression
- * @param str String
- * <p>
- * @return Whether it is found
- */
- private static boolean ifRegExFoundInString (final String pattern, final String str) {
- // Mus be valid parameters
- if (null == pattern) {
- // Throw NPE
- throw new NullPointerException("pattern is null"); //NOI18N
- } else if (pattern.isEmpty()) {
- // Is empty
- throw new IllegalArgumentException("pattern is empty"); //NOI18N
- } else if (null == str) {
- // Throw NPE
- throw new NullPointerException("str is null"); //NOI18N
- }
-
- // Compile pattern
- Pattern r = Pattern.compile(pattern);
-
- // Get matcher
- Matcher m = r.matcher(str);
-
- // Check if it is found
- return m.find();
- }
-
- /**
- * No instance from this class
- */
- private UserLoginUtils () {
- }
-
-}
--- /dev/null
+/*
+ * Copyright (C) 2016 - 2022 Free Software Foundation
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.mxchange.juserlogincore.utils;
+
+import java.io.Serializable;
+import java.security.SecureRandom;
+import java.text.MessageFormat;
+import java.util.Random;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+import org.apache.commons.codec.digest.Crypt;
+import org.apache.commons.codec.digest.DigestUtils;
+import org.mxchange.jcontacts.model.contact.Contact;
+import org.mxchange.jusercore.model.user.User;
+import org.mxchange.jusercore.model.utils.UserUtils;
+import org.mxchange.juserlogincore.container.login.LoginContainer;
+
+/**
+ * An utilities class for user logins
+ * <p>
+ * @author Roland Häder<roland@mxchange.org>
+ */
+public class UserLoginUtils implements Serializable {
+
+ /**
+ * Password alphabet
+ */
+ private static final String PASSWORD_ALPHABET;
+
+ /**
+ * Password alphabet parts
+ */
+ private static final String[] PASSWORD_ALPHABET_PARTS = {
+ // lower-case
+ "abcdefghijklmnopqrstuvwxyz", //NOI18N
+
+ // upper-case
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ", //NOI18N
+
+ // numbers
+ "0123456789", //NOI18N
+
+ // characters
+ "~^!$%&/()=?{[]}@+*#-_,.;:<|>" //NOI18N
+ };
+
+ /**
+ * Hard-coded minimum password length
+ */
+ private static final Integer PASSWORD_MINIMUM_LENGTH = 5;
+
+ /**
+ * Random number generator
+ */
+ private static final Random RANDOM_NUMBER_GENERATOR;
+
+ /**
+ * Serial number
+ */
+ private static final long serialVersionUID = 18_356_847_120_972L;
+
+ /**
+ * Static initializer
+ */
+ static {
+ // Init RNG
+ RANDOM_NUMBER_GENERATOR = new SecureRandom();
+
+ // Init alphabet
+ PASSWORD_ALPHABET = UserLoginUtils.PASSWORD_ALPHABET_PARTS[0] +
+ UserLoginUtils.PASSWORD_ALPHABET_PARTS[1] +
+ UserLoginUtils.PASSWORD_ALPHABET_PARTS[2] +
+ UserLoginUtils.PASSWORD_ALPHABET_PARTS[3];
+ }
+
+ /**
+ * Calculates entropy value for given password, higher means better. This
+ * method is based on
+ * http://stackoverflow.com/questions/14591701/how-to-check-password-strength-in-vaadin
+ * <p>
+ * @param password Clear text password
+ * <p>
+ * @return Entropy factor
+ */
+ public static double calculateEntropyFactor (final String password) {
+ // Should not be null
+ if (null == password) {
+ // Throw NPE
+ throw new NullPointerException("password is null"); //NOI18N
+ } else if (password.isEmpty()) {
+ // Is empty
+ return 0.0f;
+ }
+
+ // Calculate it
+ double entropyFactor = password.length() * Math.log10(PASSWORD_ALPHABET.length()) / Math.log10(2);
+
+ // Return it
+ return entropyFactor;
+ }
+
+ /**
+ * Determines given password's strength: 0 = worst, 100 = best. This method
+ * is based on
+ * http://stackoverflow.com/questions/1614811/how-do-i-measure-the-strength-of-a-password
+ * <p>
+ * @param password Clear-text password
+ * <p>
+ * @return Strength of password
+ */
+ public static double calculatePasswordScore (final String password) {
+ // Should not be null
+ if (null == password) {
+ // Throw NPE
+ throw new NullPointerException("password is null"); //NOI18N
+ } else if (password.isEmpty()) {
+ // Is empty
+ return 0.0f;
+ }
+
+ // Init score
+ double score = 0.0f;
+
+ // Password length
+ score += password.length() * calculateEntropyFactor(password) / 100;
+
+ // Password has 3 numbers
+ if (ifRegExFoundInString("(.*[0-9].*[0-9].*[0-9].*)+", password)) { //NOI18N
+ score += 5;
+ }
+
+ // Password has 2 symbols
+ if (ifRegExFoundInString("(.*[!,@,#,$,%,^,&,*,/,?,_,~,=,.,-,;,:].*[!,@,#,$,%,^,&,*,/,?,_,~,=,.,-,;,:].*)+", password)) { //NOI18N
+ score += 5;
+ }
+
+ // Password has Upper and Lower chars
+ if (ifRegExFoundInString("(.*[a-z].*[A-Z])|([A-Z].*[a-z].*)+", password)) { //NOI18N
+ score += 10;
+ }
+
+ // Password has number and chars
+ if (ifRegExFoundInString("(.*[a-zA-Z].*)+", password) && ifRegExFoundInString("(.*[0-9].*)+", password)) { //NOI18N
+ score += 15;
+ }
+
+ // Password has number and symbol
+ if (ifRegExFoundInString("(.*[!,@,#,$,%,^,&,*,/,?,_,~,=,.,-,;,:].*)+", password) && ifRegExFoundInString("(.*[0-9].*)+", password)) { //NOI18N
+ score += 15;
+ }
+
+ // Password has char and symbol
+ if (ifRegExFoundInString("(.*[!,@,#,$,%,^,&,*,/,?,_,~,=,.,-,;,:].*)+", password) && ifRegExFoundInString("(.*[a-zA-Z].*)+", password)) { //NOI18N
+ score += 15;
+ }
+
+ // Password is just numbers or chars
+ if (ifRegExFoundInString("^[a-zA-Z]+$", password) || ifRegExFoundInString("^[0-9]+$", password)) { //NOI18N
+ score -= 10;
+ }
+
+ // Larger than 100 is not allowed
+ score = Math.max(Math.min(score, 100.0f), 0.0f);
+
+ // Return it
+ return score;
+ }
+
+ /**
+ * Creates a pseudo-random password with given length
+ * <p>
+ * @param length Length of the password
+ * <p>
+ * @return Pseudo-random password
+ */
+ public static String createRandomPassword (final Integer length) {
+ // Parameter should be valid
+ if (null == length) {
+ // Throw NPE
+ throw new NullPointerException("length is null"); //NOI18N
+ } else if (length < PASSWORD_MINIMUM_LENGTH) {
+ // To weak passwords
+ throw new IllegalArgumentException(MessageFormat.format("Password length {0} is to short, minimum: {1}", length, PASSWORD_MINIMUM_LENGTH)); //NOI18N
+ }
+
+ // Init variable
+ final StringBuilder password = new StringBuilder(length);
+
+ // Start creating it
+ for (int i = 0; i < length; i++) {
+ // Take random part
+ final String alphabet = PASSWORD_ALPHABET_PARTS[RANDOM_NUMBER_GENERATOR.nextInt(PASSWORD_ALPHABET_PARTS.length)];
+
+ // Generate random number
+ final int pos = RANDOM_NUMBER_GENERATOR.nextInt(alphabet.length());
+
+ // Get char at this position and add it to the final password
+ password.append(String.valueOf(alphabet.charAt(pos)));
+ }
+
+ // Should have the wanted length
+ assert (password.length() == length) : MessageFormat.format("Password length {0} doesn't match requested: {1}", password.length(), length); //NOI18N
+
+ // Return it
+ return password.toString();
+ }
+
+ /**
+ * Hashes given user password and adds a salt to it
+ * <p>
+ * @param userPassword User password to be hashed
+ * <p>
+ * @return Hashed user password
+ */
+ public static String encryptPassword (final String userPassword) {
+ // Is it null or empty?
+ if (null == userPassword) {
+ // Throw NPE
+ throw new NullPointerException("userPassword is null"); //NOI18N
+ } else if (userPassword.isEmpty()) {
+ // Empty passwords are hardcoded not allowed due to security risks
+ throw new IllegalArgumentException("userPassword is empty"); //NOI18N
+ }
+
+ // Generate large number
+ final String number = Long.toString(RANDOM_NUMBER_GENERATOR.nextLong() * 10_000_000_000L);
+
+ // Generate salt
+ final String salt = Crypt.crypt(number);
+
+ // First encrypt password
+ final String encryptedPassword = Crypt.crypt(userPassword, salt);
+
+ // Return it
+ return encryptedPassword;
+ }
+
+ /**
+ * Generate a key suitable for confirmation. This is basicly a large and
+ * strong hash with a lop entropy.
+ * <p>
+ * @param user User instance to use as additional entropy source
+ * <p>
+ * @return Generated key
+ */
+ public static String generatedConfirmationKey (final User user) {
+ /**
+ * Generates random string by creating a random, encrypted password
+ * which gives nice entropy to start with.
+ */
+ final StringBuilder key = new StringBuilder(encryptPassword(UserUtils.generateRandomUserName()));
+
+ // Is user set?
+ if (user instanceof User) {
+ // Add it's name, too
+ key.append(":").append(user); //NOI18N
+
+ // Is user name set?
+ if (user.getUserName() instanceof String) {
+ // Add it
+ key.append(":").append(user.getUserName()); //NOI18N
+ }
+
+ // Is password set?
+ if (user.getUserEncryptedPassword() instanceof String) {
+ // Add it, too
+ key.append(":").append(user.getUserEncryptedPassword()); //NOI18N
+ }
+
+ // Get contact instance
+ final Contact contact = user.getUserContact();
+
+ // Is contact set?
+ if (contact instanceof Contact) {
+ // Add it, too
+ key.append(":").append(contact); //NOI18N
+
+ // Is email address set?
+ if (contact.getContactEmailAddress() instanceof String) {
+ // Add it, too
+ key.append(":").append(contact.getContactEmailAddress()); //NOI18N
+ }
+ }
+ }
+
+ // Hash key
+ final String hash = DigestUtils.sha256Hex(key.toString());
+
+ // Return it
+ return hash;
+ }
+
+ /**
+ * Checks if password from container matches the updatedUser's password
+ * <p>
+ * @param container Container holding user instance and clear-text
+ * password
+ * @param updatedUser Updated user instance from database
+ * <p>
+ * @return Whether the password matches
+ */
+ public static boolean ifPasswordMatches (final LoginContainer container, final User updatedUser) {
+ // Validate parameters
+ if (null == container) {
+ // Throw NPE
+ throw new NullPointerException("container is null"); //NOI18N
+ } else if (null == updatedUser) {
+ // And again NPE ...
+ throw new NullPointerException("updatedUser is null"); //NOI18N
+ } else if (container.getUser() == null) {
+ // NPE for user in container
+ throw new NullPointerException("container.user is null"); //NOI18N
+ } else if (container.getUserPassword() == null) {
+ // NPE for user password in container
+ throw new NullPointerException("container.userPassword is null"); //NOI18N
+ } else if (container.getUserPassword().isEmpty()) {
+ // Empty password in container
+ throw new IllegalArgumentException("container.userPassword is empty"); //NOI18N
+ }
+
+ // Call below method
+ return ifPasswordMatches(container.getUserPassword(), updatedUser);
+ }
+
+ /**
+ * Checks if direct password the updatedUser's password
+ * <p>
+ * @param clearTextPassword Clear-text (direct) password
+ * @param updatedUser Updated user instance from database
+ * <p>
+ * @return Whether the password matches
+ */
+ public static boolean ifPasswordMatches (final String clearTextPassword, final User updatedUser) {
+ // Validate parameters
+ if (null == clearTextPassword) {
+ // Throw NPE
+ throw new NullPointerException("clearTextPassword is null"); //NOI18N
+ } else if (clearTextPassword.isEmpty()) {
+ // NPE for user in container
+ throw new NullPointerException("clearTextPassword is empty."); //NOI18N
+ } else if (null == updatedUser) {
+ // And again NPE ...
+ throw new NullPointerException("updatedUser is null"); //NOI18N
+ }
+
+ // First encrypt password
+ final String encryptedPassword = Crypt.crypt(clearTextPassword, updatedUser.getUserEncryptedPassword());
+
+ // Is it matching?
+ return encryptedPassword.equals(updatedUser.getUserEncryptedPassword());
+ }
+
+ /**
+ * Checks if password from container matches with from user instance.
+ * <p>
+ * @param container Container holding user instance and clear-text password
+ * <p>
+ * @return Whether it maches
+ */
+ public static boolean ifPasswordMatches (final LoginContainer container) {
+ // Validate parameters
+ if (null == container) {
+ // Throw NPE
+ throw new NullPointerException("container is null"); //NOI18N
+ } else if (container.getUser() == null) {
+ // NPE for user in container
+ throw new NullPointerException("container.user is null"); //NOI18N
+ } else if (container.getUserPassword() == null) {
+ // NPE for user password in container
+ throw new NullPointerException("container.userPassword is null"); //NOI18N
+ } else if (container.getUserPassword().isEmpty()) {
+ // Empty password in container
+ throw new IllegalArgumentException("container.userPassword is empty"); //NOI18N
+ }
+
+ // Call other method
+ return ifPasswordMatches(container.getUserPassword(), container.getUser());
+ }
+
+ /**
+ * Checks if the regular expression is found in given string
+ * <p>
+ * @param pattern Regular expression
+ * @param str String
+ * <p>
+ * @return Whether it is found
+ */
+ private static boolean ifRegExFoundInString (final String pattern, final String str) {
+ // Mus be valid parameters
+ if (null == pattern) {
+ // Throw NPE
+ throw new NullPointerException("pattern is null"); //NOI18N
+ } else if (pattern.isEmpty()) {
+ // Is empty
+ throw new IllegalArgumentException("pattern is empty"); //NOI18N
+ } else if (null == str) {
+ // Throw NPE
+ throw new NullPointerException("str is null"); //NOI18N
+ }
+
+ // Compile pattern
+ Pattern r = Pattern.compile(pattern);
+
+ // Get matcher
+ Matcher m = r.matcher(str);
+
+ // Check if it is found
+ return m.find();
+ }
+
+ /**
+ * No instance from this class
+ */
+ private UserLoginUtils () {
+ }
+
+}
projects / juser-login-core.git / commitdiff