B4EpdiYx

· 5 years ago · Mar 19, 2020, 06:41 PM
1package com.wbadz.web.alloga.dvdl.config;
2
3import java.nio.ByteBuffer;
4import java.util.Arrays;
5import java.util.Base64;
6
7import javax.crypto.SecretKey;
8import javax.crypto.SecretKeyFactory;
9import javax.crypto.spec.PBEKeySpec;
10
11import org.slf4j.Logger;
12import org.slf4j.LoggerFactory;
13import org.springframework.beans.factory.annotation.Autowired;
14import org.springframework.security.authentication.AuthenticationProvider;
15import org.springframework.security.authentication.BadCredentialsException;
16import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
17import org.springframework.security.core.Authentication;
18import org.springframework.stereotype.Component;
19
20import com.wbadz.web.alloga.dvdl.domain.auth.AllogaAuthenticationDetails;
21import com.wbadz.web.alloga.dvdl.domain.auth.AllogaUser;
22
23@Component
24public class AllogaAuthenticationProvider implements AuthenticationProvider {
25
26	private final Logger log = LoggerFactory.getLogger(this.getClass());
27
28	private static final String PASSWORD_HASH_ALGORITHM = "PBKDF2WithHmacSHA1";
29	private static final int PASSWORD_ROUNDS = 128000;
30	private static final int PASSWORD_KEY_SIZE = 160;
31
32	@Autowired
33	private AllogaUserDetailsService liferayUserDetailsService;
34
35	@Override
36	public Authentication authenticate(Authentication authentication) {
37		String name = authentication.getName();
38		String password = authentication.getCredentials().toString();
39		AllogaUser user = liferayUserDetailsService.loadUserByUsername(name);
40
41		if (checkPassword(password, user.getPassword())) {
42			UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user.getUsername(), password, user.getAuthorities());
43			AllogaAuthenticationDetails authenticationDetails = new AllogaAuthenticationDetails();
44			authenticationDetails.setAllogaRoleCustomersMap(user.getRoleCustomersMap());
45			token.setDetails(authenticationDetails);
46
47			return token;
48		}
49
50		throw new BadCredentialsException("Liferay system authentication failed");
51	}
52
53	@Override
54	public boolean supports(Class<?> authentication) {
55		return authentication.equals(UsernamePasswordAuthenticationToken.class);
56	}
57
58	private boolean checkPassword(String inputPassword, String dbPassword) {
59		try {
60			byte[] dbPasswordBytes = Base64.getDecoder().decode(dbPassword);
61
62			byte[] saltBytes = Arrays.copyOfRange(dbPasswordBytes, 8, 16);
63
64			PBEKeySpec spec = new PBEKeySpec(inputPassword.toCharArray(), saltBytes, PASSWORD_ROUNDS, PASSWORD_KEY_SIZE);
65
66			SecretKeyFactory skf = SecretKeyFactory.getInstance(PASSWORD_HASH_ALGORITHM);
67			SecretKey secretKey = skf.generateSecret(spec);
68
69			byte[] secretKeyBytes = secretKey.getEncoded();
70
71			ByteBuffer byteBuffer = ByteBuffer.allocate(2 * 4 + saltBytes.length + secretKeyBytes.length);
72
73			byteBuffer.putInt(PASSWORD_KEY_SIZE);
74			byteBuffer.putInt(PASSWORD_ROUNDS);
75			byteBuffer.put(saltBytes);
76			byteBuffer.put(secretKeyBytes);
77
78			byte[] encodedInputPasswordBytes = Base64.getEncoder().encode(byteBuffer.array());
79
80			return dbPassword.equals(new String(encodedInputPasswordBytes));
81		} catch (Exception e) {
82			log.error("Error checking password.", e);
83		}
84
85		return false;
86	}
87
88}