Source code

001/*
002 * This library is part of OpenCms -
003 * the Open Source Content Management System
004 *
005 * Copyright (c) Alkacon Software GmbH & Co. KG (http://www.alkacon.com)
006 *
007 * This library is free software; you can redistribute it and/or
008 * modify it under the terms of the GNU Lesser General Public
009 * License as published by the Free Software Foundation; either
010 * version 2.1 of the License, or (at your option) any later version.
011 *
012 * This library is distributed in the hope that it will be useful,
013 * but WITHOUT ANY WARRANTY; without even the implied warranty of
014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015 * Lesser General Public License for more details.
016 *
017 * For further information about Alkacon Software GmbH & Co. KG, please see the
018 * company website: http://www.alkacon.com
019 *
020 * For further information about OpenCms, please see the
021 * project website: http://www.opencms.org
022 *
023 * You should have received a copy of the GNU Lesser General Public
024 * License along with this library; if not, write to the Free Software
025 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
026 */
027
028package org.opencms.security;
029
030import org.opencms.configuration.I_CmsConfigurationParameterHandler;
031
032/**
033 * Defines methods for OpenCms password validation.<p>
034 *
035 * @since 6.0.0
036 */
037public interface I_CmsPasswordHandler extends I_CmsConfigurationParameterHandler {
038
039    /**
040     * Flag for conversion of the password encoding.<p>
041     */
042    String CONVERT_DIGEST_ENCODING = "compatibility.convert.digestencoding";
043
044    /**
045     * String to identify the key value for md5 password hashes.<p>
046     */
047    String DIGEST_TYPE_MD5 = "md5";
048
049    /**
050     * String to identify the key value for unhashed passwords.<p>
051     */
052    String DIGEST_TYPE_PLAIN = "plain";
053
054    /**
055     * String to identify the key value for sha password hashes.<p>
056     */
057    String DIGEST_TYPE_SHA = "sha";
058
059    /**
060     * String to identify the key value for sha password hashes with 4 byte salt.<p>
061     */
062    String DIGEST_TYPE_SSHA = "ssha";
063
064    /**
065     * String to identify the key value for SCrypt password hashes.<p>
066     */
067    String DIGEST_TYPE_SCRYPT = "scrypt";
068
069    /**
070     * This method checks if the given plain text password is equal to the given
071     * digested password.<p>
072     *
073     * Use this to check salted passwords. If the password is salted, it needs to be checked with
074     * the salt (and possible other parameters) stored in the digested password.
075     * Just digesting the password again and comparing the result to a previous digest won't
076     * work because the salt will usually be different.<p>
077     *
078     * @param plainPassword the plain text password to check
079     * @param digestedPassword the digested password to compare with the plain password
080     * @param useFallback if <code>true</code>, then use a fall back hashing algorithm in case first validation fails
081     *
082     * @return <code>false</code> if the validation of the password failed
083     */
084    boolean checkPassword(String plainPassword, String digestedPassword, boolean useFallback);
085
086    /**
087     * Creates an OpenCms password digest according to the default setting for method/encodings.<p>
088     *
089     * @param password the password to encrypt
090     * @return the password digest
091     * @throws CmsPasswordEncryptionException if something goes wrong
092     */
093    String digest(String password) throws CmsPasswordEncryptionException;
094
095    /**
096     * Creates an OpenCms password digest.<p>
097     *
098     * @param password the password to encrypt
099     * @param digestType the algorithm used for encryption (i.e. MD5, SHA ...)
100     * @param inputEncoding the encoding used when converting the password to bytes (i.e. UTF-8)
101     * @return the password digest
102     * @throws CmsPasswordEncryptionException if something goes wrong
103     */
104    String digest(String password, String digestType, String inputEncoding) throws CmsPasswordEncryptionException;
105
106    /**
107     * Returns the default digest type.<p>
108     *
109     * @return the default digest type
110     */
111    String getDigestType();
112
113    /**
114     * Returns the default password encoding.<p>
115     *
116     * @return the default password encoding
117     */
118    String getInputEncoding();
119
120    /**
121     * Sets the default digest type.<p>
122     *
123     * @param digestType the digest type used
124     */
125    void setDigestType(String digestType);
126
127    /**
128     * Sets the default input encoding.<p>
129     *
130     * @param inputEncoding the encoding used for translation the password string to bytes
131     */
132    void setInputEncoding(String inputEncoding);
133
134    /**
135     * This method checks if a new password follows the rules for
136     * new passwords, which are defined by a Class configured in
137     * the opencms.properties file.<p>
138     *
139     * If this method throws no exception the password is valid.<p>
140     *
141     * @param password the password to check
142     *
143     * @throws CmsSecurityException if validation of the password failed
144     */
145    void validatePassword(String password) throws CmsSecurityException;
146}