001/* 002 * This library is part of OpenCms - 003 * the Open Source Content Management System 004 * 005 * Copyright (c) Alkacon Software GmbH & Co. KG (http://www.alkacon.com) 006 * 007 * This library is free software; you can redistribute it and/or 008 * modify it under the terms of the GNU Lesser General Public 009 * License as published by the Free Software Foundation; either 010 * version 2.1 of the License, or (at your option) any later version. 011 * 012 * This library is distributed in the hope that it will be useful, 013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 015 * Lesser General Public License for more details. 016 * 017 * For further information about Alkacon Software GmbH & Co. KG, please see the 018 * company website: http://www.alkacon.com 019 * 020 * For further information about OpenCms, please see the 021 * project website: http://www.opencms.org 022 * 023 * You should have received a copy of the GNU Lesser General Public 024 * License along with this library; if not, write to the Free Software 025 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 026 */ 027 028package org.opencms.security; 029 030import org.opencms.i18n.CmsMessageContainer; 031import org.opencms.main.CmsLog; 032 033import java.util.Locale; 034 035import org.apache.commons.logging.Log; 036 037/** 038 * Validates the user passwords in with advanced password requirements.<p> 039 */ 040public class CmsAdvancedPasswordHandler extends CmsDefaultPasswordHandler { 041 042 /** The log object for this class. */ 043 private static final Log LOG = CmsLog.getLog(CmsAdvancedPasswordHandler.class); 044 045 /** 046 * @see org.opencms.security.I_CmsPasswordSecurityEvaluator#evaluatePasswordSecurity(java.lang.String) 047 */ 048 @Override 049 public SecurityLevel evaluatePasswordSecurity(String password) { 050 051 try { 052 validatePassword(password); 053 } catch (CmsSecurityException sE) { 054 return SecurityLevel.invalid; 055 } 056 057 // check password for weaknesses 058 059 // first: length less than 10 chars 060 if (password.length() < 10) { 061 return SecurityLevel.weak; 062 } 063 // second: only capital letters 064 if (password.equals(password.toUpperCase())) { 065 return SecurityLevel.weak; 066 } 067 068 return SecurityLevel.strong; 069 } 070 071 /** 072 * @see org.opencms.security.I_CmsPasswordSecurityEvaluator#getPasswordSecurityHint(java.util.Locale) 073 */ 074 @Override 075 public String getPasswordSecurityHint(Locale locale) { 076 077 // return the hint 078 return Messages.get().container(Messages.GUI_PWD_HINT_0).key(locale); 079 } 080 081 /** 082 * @see org.opencms.security.I_CmsPasswordHandler#validatePassword(java.lang.String) 083 */ 084 @Override 085 public void validatePassword(String password) throws CmsSecurityException { 086 087 // is null? 088 if (password == null) { 089 CmsMessageContainer message = Messages.get().container(Messages.ERR_PWD_NULL_0); 090 if (LOG.isDebugEnabled()) { 091 LOG.debug(message.key()); 092 } 093 throw new CmsSecurityException(message); 094 } 095 096 // first the size of the password: 8-16 097 if ((password.length() < 8) || (password.length() > 64)) { 098 CmsMessageContainer message = Messages.get().container(Messages.ERR_PWD_INVALID_SIZE_0); 099 if (LOG.isDebugEnabled()) { 100 LOG.debug(message.key()); 101 } 102 throw new CmsSecurityException(message); 103 } 104 105 // at least one capital letter must be present 106 if (password.equals(password.toLowerCase())) { 107 CmsMessageContainer message = Messages.get().container(Messages.ERR_PWD_NO_CAPITAL_LETTER_0); 108 if (LOG.isDebugEnabled()) { 109 LOG.debug(message.key()); 110 } 111 throw new CmsSecurityException(message); 112 } 113 114 // for the rest we need the char array 115 char[] pw = password.toCharArray(); 116 int letters = 0; 117 int specialCharacter = 0; 118 for (int i = 0; i < pw.length; i++) { 119 if (Character.isLetter(pw[i])) { 120 letters++; 121 } else { 122 specialCharacter++; 123 } 124 } 125 // are there at least two letters and two noLetters 126 if ((letters < 2) || (specialCharacter < 2)) { 127 CmsMessageContainer message = null; 128 if (letters < 2) { 129 message = Messages.get().container(Messages.ERR_PWD_NO_LETTERS_0); 130 } else { 131 message = Messages.get().container(Messages.ERR_PWD_NO_SPECIAL_CHARS_0); 132 } 133 if (LOG.isDebugEnabled()) { 134 LOG.debug(message.key()); 135 } 136 throw new CmsSecurityException(message); 137 } 138 139 // no descending or ascending row of more than two characters 140 // and no more than two of a kind in a row 141 char last = pw[0]; 142 int ascending = 0; 143 int descending = 0; 144 int equals = 0; 145 for (int i = 1; i < pw.length; i++) { 146 char current = pw[i]; 147 if ((last + 1) == current) { 148 ascending++; 149 } else { 150 ascending = 0; 151 } 152 if ((last - 1) == current) { 153 descending++; 154 } else { 155 descending = 0; 156 } 157 if (last == current) { 158 equals++; 159 } else { 160 equals = 0; 161 } 162 if ((descending > 1) || (ascending > 1) || (equals > 1)) { 163 Object[] msgArgs = new Object[] { 164 Character.valueOf(last), 165 Character.valueOf(current), 166 Integer.valueOf(descending), 167 Integer.valueOf(ascending), 168 Integer.valueOf(equals)}; 169 CmsMessageContainer message = Messages.get().container(Messages.ERR_PWD_CHARS_IN_A_ROW_5, msgArgs); 170 if (LOG.isDebugEnabled()) { 171 LOG.debug(message.key()); 172 } 173 throw new CmsSecurityException(message); 174 } 175 last = current; 176 } 177 } 178 179}