001/*
002 * This library is part of OpenCms -
003 * the Open Source Content Management System
004 *
005 * Copyright (c) Alkacon Software GmbH & Co. KG (http://www.alkacon.com)
006 *
007 * This library is free software; you can redistribute it and/or
008 * modify it under the terms of the GNU Lesser General Public
009 * License as published by the Free Software Foundation; either
010 * version 2.1 of the License, or (at your option) any later version.
011 *
012 * This library is distributed in the hope that it will be useful,
013 * but WITHOUT ANY WARRANTY; without even the implied warranty of
014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015 * Lesser General Public License for more details.
016 *
017 * For further information about Alkacon Software GmbH & Co. KG, please see the
018 * company website: http://www.alkacon.com
019 *
020 * For further information about OpenCms, please see the
021 * project website: http://www.opencms.org
022 *
023 * You should have received a copy of the GNU Lesser General Public
024 * License along with this library; if not, write to the Free Software
025 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
026 */
027
028package org.opencms.security;
029
030import org.opencms.i18n.CmsMessageContainer;
031import org.opencms.main.CmsLog;
032
033import java.util.Locale;
034
035import org.apache.commons.logging.Log;
036
037/**
038 * Validates the user passwords in with advanced password requirements.<p>
039 */
040public class CmsAdvancedPasswordHandler extends CmsDefaultPasswordHandler {
041
042    /** The log object for this class. */
043    private static final Log LOG = CmsLog.getLog(CmsAdvancedPasswordHandler.class);
044
045    /**
046     * @see org.opencms.security.I_CmsPasswordSecurityEvaluator#evaluatePasswordSecurity(java.lang.String)
047     */
048    @Override
049    public SecurityLevel evaluatePasswordSecurity(String password) {
050
051        try {
052            validatePassword(password);
053        } catch (CmsSecurityException sE) {
054            return SecurityLevel.invalid;
055        }
056
057        // check password for weaknesses
058
059        // first: length less than 10 chars
060        if (password.length() < 10) {
061            return SecurityLevel.weak;
062        }
063        // second: only capital letters
064        if (password.equals(password.toUpperCase())) {
065            return SecurityLevel.weak;
066        }
067
068        return SecurityLevel.strong;
069    }
070
071    /**
072     * @see org.opencms.security.I_CmsPasswordSecurityEvaluator#getPasswordSecurityHint(java.util.Locale)
073     */
074    @Override
075    public String getPasswordSecurityHint(Locale locale) {
076
077        // return the hint
078        return Messages.get().container(Messages.GUI_PWD_HINT_0).key(locale);
079    }
080
081    /**
082     * @see org.opencms.security.I_CmsPasswordHandler#validatePassword(java.lang.String)
083     */
084    @Override
085    public void validatePassword(String password) throws CmsSecurityException {
086
087        // is null?
088        if (password == null) {
089            CmsMessageContainer message = Messages.get().container(Messages.ERR_PWD_NULL_0);
090            if (LOG.isDebugEnabled()) {
091                LOG.debug(message.key());
092            }
093            throw new CmsSecurityException(message);
094        }
095
096        // first the size of the password: 8-16
097        if ((password.length() < 8) || (password.length() > 64)) {
098            CmsMessageContainer message = Messages.get().container(Messages.ERR_PWD_INVALID_SIZE_0);
099            if (LOG.isDebugEnabled()) {
100                LOG.debug(message.key());
101            }
102            throw new CmsSecurityException(message);
103        }
104
105        // at least one capital letter must be present
106        if (password.equals(password.toLowerCase())) {
107            CmsMessageContainer message = Messages.get().container(Messages.ERR_PWD_NO_CAPITAL_LETTER_0);
108            if (LOG.isDebugEnabled()) {
109                LOG.debug(message.key());
110            }
111            throw new CmsSecurityException(message);
112        }
113
114        // for the rest we need the char array
115        char[] pw = password.toCharArray();
116        int letters = 0;
117        int specialCharacter = 0;
118        for (int i = 0; i < pw.length; i++) {
119            if (Character.isLetter(pw[i])) {
120                letters++;
121            } else {
122                specialCharacter++;
123            }
124        }
125        // are there at least two letters and two noLetters
126        if ((letters < 2) || (specialCharacter < 2)) {
127            CmsMessageContainer message = null;
128            if (letters < 2) {
129                message = Messages.get().container(Messages.ERR_PWD_NO_LETTERS_0);
130            } else {
131                message = Messages.get().container(Messages.ERR_PWD_NO_SPECIAL_CHARS_0);
132            }
133            if (LOG.isDebugEnabled()) {
134                LOG.debug(message.key());
135            }
136            throw new CmsSecurityException(message);
137        }
138
139        // no descending or ascending row of more than two characters
140        // and no more than two of a kind in a row
141        char last = pw[0];
142        int ascending = 0;
143        int descending = 0;
144        int equals = 0;
145        for (int i = 1; i < pw.length; i++) {
146            char current = pw[i];
147            if ((last + 1) == current) {
148                ascending++;
149            } else {
150                ascending = 0;
151            }
152            if ((last - 1) == current) {
153                descending++;
154            } else {
155                descending = 0;
156            }
157            if (last == current) {
158                equals++;
159            } else {
160                equals = 0;
161            }
162            if ((descending > 1) || (ascending > 1) || (equals > 1)) {
163                Object[] msgArgs = new Object[] {
164                    Character.valueOf(last),
165                    Character.valueOf(current),
166                    Integer.valueOf(descending),
167                    Integer.valueOf(ascending),
168                    Integer.valueOf(equals)};
169                CmsMessageContainer message = Messages.get().container(Messages.ERR_PWD_CHARS_IN_A_ROW_5, msgArgs);
170                if (LOG.isDebugEnabled()) {
171                    LOG.debug(message.key());
172                }
173                throw new CmsSecurityException(message);
174            }
175            last = current;
176        }
177    }
178
179}