1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package fr.paris.lutece.plugins.mylutece.util;
35
36 import fr.paris.lutece.plugins.mylutece.service.IUserParameterService;
37 import fr.paris.lutece.portal.service.datastore.DatastoreService;
38 import fr.paris.lutece.portal.service.i18n.I18nService;
39 import fr.paris.lutece.portal.service.message.AdminMessage;
40 import fr.paris.lutece.portal.service.message.AdminMessageService;
41 import fr.paris.lutece.portal.service.plugin.Plugin;
42 import fr.paris.lutece.portal.service.util.AppPathService;
43 import fr.paris.lutece.portal.service.util.AppPropertiesService;
44 import fr.paris.lutece.portal.service.util.CryptoService;
45 import fr.paris.lutece.util.ReferenceItem;
46 import fr.paris.lutece.util.date.DateUtil;
47 import fr.paris.lutece.util.password.PasswordUtil;
48 import fr.paris.lutece.util.url.UrlItem;
49
50 import org.apache.commons.lang3.StringUtils;
51
52 import java.sql.Timestamp;
53
54 import java.util.Calendar;
55 import java.util.Date;
56 import java.util.GregorianCalendar;
57 import java.util.List;
58 import java.util.Locale;
59 import java.util.Map;
60
61 import javax.servlet.http.HttpServletRequest;
62
63
64
65
66
67 public class SecurityUtils
68 {
69
70 private static final String MARK_FORCE_CHANGE_PASSWORD_REINIT = "force_change_password_reinit";
71 private static final String MARK_PASSWORD_MINIMUM_LENGTH = "password_minimum_length";
72 private static final String MARK_PASSWORD_FORMAT_UPPER_LOWER_CASE = "password_format_upper_lower_case";
73 private static final String MARK_PASSWORD_FORMAT_NUMERO = "password_format_numero";
74 private static final String MARK_PASSWORD_FORMAT_SPECIAL_CHARACTERS = "password_format_special_characters";
75 private static final String MARK_PASSWORD_DURATION = "password_duration";
76 private static final String MARK_PASSWORD_HISTORY_SIZE = "password_history_size";
77 private static final String MARK_MAXIMUM_NUMBER_PASSWORD_CHANGE = "maximum_number_password_change";
78 private static final String MARK_TSW_SIZE_PASSWORD_CHANGE = "tsw_size_password_change";
79 private static final String MARK_USE_ADVANCED_SECURITY_PARAMETERS = "use_advanced_security_parameters";
80 private static final String MARK_ENABLE_PASSWORD_ENCRYPTION = "enable_password_encryption";
81 private static final String MARK_ENCRYPTION_ALGORITHM = "encryption_algorithm";
82 private static final String MARK_ACCOUNT_LIFE_TIME = "account_life_time";
83 private static final String MARK_TIME_BEFORE_ALERT_ACCOUNT = "time_before_alert_account";
84 private static final String MARK_NB_ALERT_ACCOUNT = "nb_alert_account";
85 private static final String MARK_TIME_BETWEEN_ALERTS_ACCOUNT = "time_between_alerts_account";
86 private static final String MARK_ACCESS_FAILURES_MAX = "access_failures_max";
87 private static final String MARK_ACCESS_FAILURES_INTERVAL = "access_failures_interval";
88 private static final String MARK_BANNED_DOMAIN_NAMES = "banned_domain_names";
89 private static final String MARK_ACCESS_FAILURES_CAPTCHA = "access_failures_captcha";
90 private static final String MARK_ENABLE_UNBLOCK_IP = "enable_unblock_ip";
91 private static final String MARK_ENABLE_TOKEN_LOGIN = "enable_token_login";
92 private static final String MARK_NOTIFY_USER_PASSWORD_EXPIRED = "notify_user_password_expired";
93
94
95 private static final String PARAMETER_DATE_LOGIN = "date_login";
96 private static final String PARAMETER_IP = "ip";
97 private static final String PARAMETER_INTERVAL = "interval";
98 private static final String PARAMETER_KEY = "key";
99
100
101 private static final String MESSAGE_MINIMUM_PASSWORD_LENGTH = "mylutece.message.password.minimumPasswordLength";
102 private static final String MESSAGE_PASSWORD_FORMAT = "mylutece.message.password.format";
103 private static final String MESSAGE_PASSWORD_FORMAT_UPPER_LOWER_CASE = "mylutece.message.password.formatUpperLowerCase";
104 private static final String MESSAGE_PASSWORD_FORMAT_NUMERO = "mylutece.message.password.formatNumero";
105 private static final String MESSAGE_PASSWORD_FORMAT_SPECIAL_CHARACTERS = "mylutece.message.password.formatSpecialCharacters";
106
107
108 private static final String ERROR_PASSWORD_MINIMUM_LENGTH = "password_minimum_length";
109 private static final String ERROR_PASSWORD_WRONG_FORMAT = "password_format";
110 private static final String ERROR_PASSWORD_ALREADY_USED = "password_already_used";
111 private static final String ERROR_MAX_PASSWORD_CHANGE = "max_password_change";
112
113
114 private static final String PROPERTY_DEFAULT_PASSWORD_MINIMAL_LENGTH = "security.defaultValues.passwordMinimalLength";
115 private static final String PROPERTY_DEFAULT_MAXIMUM_NUMBER_PASSWORD_CHANGE = "security.defaultValues.maximumPasswordChange";
116 private static final String PROPERTY_DEFAULT_TSW_SIZE_PASSWORD_CHANGE = "security.defaultValues.maximumPasswordChangeTSWSize";
117 private static final String PROPERTY_DEFAULT_HISTORY_SIZE = "security.defaultValues.passwordHistorySize";
118 private static final String PROPERTY_DEFAULT_PASSWORD_DURATION = "security.defaultValues.passwordDuration";
119 private static final String PROPERTY_DEFAULT_ENCRYPTION_ALGORITHM = "security.defaultValues.algorithm";
120 private static final String JSP_URL_RESET_CONNECTION_LOG = "jsp/site/plugins/mylutece/DoResetConnectionLog.jsp";
121 private static final String CONSTANT_DEFAULT_ENCRYPTION_ALGORITHM = "SHA-256";
122 private static final String SEMICOLON = ";";
123 private static final String CONSTANT_UNDERSCORE = "_";
124
125
126
127
128
129
130
131
132
133
134
135
136 public static Map<String, Object> checkSecurityParameters( IUserParameterService parameterService, Map<String, Object> model, Plugin plugin )
137 {
138 boolean bUseAdvancedParameters = getBooleanSecurityParameter( parameterService, plugin, MARK_USE_ADVANCED_SECURITY_PARAMETERS );
139 model.put( MARK_ENABLE_PASSWORD_ENCRYPTION, getBooleanSecurityParameter( parameterService, plugin, MARK_ENABLE_PASSWORD_ENCRYPTION ) );
140 model.put( MARK_ENCRYPTION_ALGORITHM, parameterService.getEncryptionAlgorithm( plugin ) );
141 model.put( MARK_FORCE_CHANGE_PASSWORD_REINIT, isChangePasswordForceAfterReinitActivated( parameterService, plugin ) );
142 model.put( MARK_PASSWORD_MINIMUM_LENGTH, getMinimumPasswordLength( parameterService, plugin ) );
143 model.put( MARK_USE_ADVANCED_SECURITY_PARAMETERS, bUseAdvancedParameters );
144
145 if ( bUseAdvancedParameters )
146 {
147 model.put( MARK_PASSWORD_FORMAT_UPPER_LOWER_CASE, isPasswordFormatUpperLowerCaseUsed( parameterService, plugin ) );
148 model.put( MARK_PASSWORD_FORMAT_NUMERO, isPasswordFormatNumeroUsed( parameterService, plugin ) );
149 model.put( MARK_PASSWORD_FORMAT_SPECIAL_CHARACTERS, isPasswordFormatSpecialCharactersUsed( parameterService, plugin ) );
150 model.put( MARK_PASSWORD_DURATION, getPasswordDuration( parameterService, plugin ) );
151 model.put( MARK_PASSWORD_HISTORY_SIZE, getPasswordHistorySize( parameterService, plugin ) );
152 model.put( MARK_MAXIMUM_NUMBER_PASSWORD_CHANGE, getMaximumNumberPasswordChange( parameterService, plugin ) );
153 model.put( MARK_TSW_SIZE_PASSWORD_CHANGE, getTSWSizePasswordChange( parameterService, plugin ) );
154 model.put( MARK_NOTIFY_USER_PASSWORD_EXPIRED, getBooleanSecurityParameter( parameterService, plugin, MARK_NOTIFY_USER_PASSWORD_EXPIRED ) );
155 }
156
157 model.put( MARK_ACCOUNT_LIFE_TIME, getIntegerSecurityParameter( parameterService, plugin, MARK_ACCOUNT_LIFE_TIME ) );
158
159 model.put( MARK_TIME_BEFORE_ALERT_ACCOUNT, getIntegerSecurityParameter( parameterService, plugin, MARK_TIME_BEFORE_ALERT_ACCOUNT ) );
160
161 model.put( MARK_NB_ALERT_ACCOUNT, getIntegerSecurityParameter( parameterService, plugin, MARK_NB_ALERT_ACCOUNT ) );
162
163 model.put( MARK_TIME_BETWEEN_ALERTS_ACCOUNT, getIntegerSecurityParameter( parameterService, plugin, MARK_TIME_BETWEEN_ALERTS_ACCOUNT ) );
164
165 model.put( MARK_ACCESS_FAILURES_MAX, getIntegerSecurityParameter( parameterService, plugin, MARK_ACCESS_FAILURES_MAX ) );
166 model.put( MARK_ACCESS_FAILURES_INTERVAL, getIntegerSecurityParameter( parameterService, plugin, MARK_ACCESS_FAILURES_INTERVAL ) );
167 model.put( MARK_ACCESS_FAILURES_CAPTCHA, getIntegerSecurityParameter( parameterService, plugin, MARK_ACCESS_FAILURES_CAPTCHA ) );
168 model.put( MARK_ENABLE_UNBLOCK_IP, getBooleanSecurityParameter( parameterService, plugin, MARK_ENABLE_UNBLOCK_IP ) );
169 model.put( MARK_ENABLE_TOKEN_LOGIN, getBooleanSecurityParameter( parameterService, plugin, MARK_ENABLE_TOKEN_LOGIN ) );
170
171 return model;
172 }
173
174
175
176
177
178
179
180
181
182
183
184 public static void updateSecurityParameters( IUserParameterService parameterService, HttpServletRequest request, Plugin plugin )
185 {
186 updateParameterValue( parameterService, plugin, MARK_FORCE_CHANGE_PASSWORD_REINIT, request.getParameter( MARK_FORCE_CHANGE_PASSWORD_REINIT ) );
187 updateParameterValue( parameterService, plugin, MARK_PASSWORD_MINIMUM_LENGTH, request.getParameter( MARK_PASSWORD_MINIMUM_LENGTH ) );
188
189 if ( getBooleanSecurityParameter( parameterService, plugin, MARK_USE_ADVANCED_SECURITY_PARAMETERS ) )
190 {
191 updateParameterValue( parameterService, plugin, MARK_PASSWORD_FORMAT_UPPER_LOWER_CASE,
192 request.getParameter( MARK_PASSWORD_FORMAT_UPPER_LOWER_CASE ) );
193 updateParameterValue( parameterService, plugin, MARK_PASSWORD_FORMAT_NUMERO, request.getParameter( MARK_PASSWORD_FORMAT_NUMERO ) );
194 updateParameterValue( parameterService, plugin, MARK_PASSWORD_FORMAT_SPECIAL_CHARACTERS,
195 request.getParameter( MARK_PASSWORD_FORMAT_SPECIAL_CHARACTERS ) );
196 updateParameterValue( parameterService, plugin, MARK_PASSWORD_DURATION, request.getParameter( MARK_PASSWORD_DURATION ) );
197 updateParameterValue( parameterService, plugin, MARK_PASSWORD_HISTORY_SIZE, request.getParameter( MARK_PASSWORD_HISTORY_SIZE ) );
198 updateParameterValue( parameterService, plugin, MARK_MAXIMUM_NUMBER_PASSWORD_CHANGE, request.getParameter( MARK_MAXIMUM_NUMBER_PASSWORD_CHANGE ) );
199 updateParameterValue( parameterService, plugin, MARK_TSW_SIZE_PASSWORD_CHANGE, request.getParameter( MARK_TSW_SIZE_PASSWORD_CHANGE ) );
200 updateParameterValue( parameterService, plugin, MARK_NOTIFY_USER_PASSWORD_EXPIRED, request.getParameter( MARK_NOTIFY_USER_PASSWORD_EXPIRED ) );
201 }
202
203
204 updateParameterValue( parameterService, plugin, MARK_ACCOUNT_LIFE_TIME, request.getParameter( MARK_ACCOUNT_LIFE_TIME ) );
205
206
207 updateParameterValue( parameterService, plugin, MARK_TIME_BEFORE_ALERT_ACCOUNT, request.getParameter( MARK_TIME_BEFORE_ALERT_ACCOUNT ) );
208
209
210 updateParameterValue( parameterService, plugin, MARK_NB_ALERT_ACCOUNT, request.getParameter( MARK_NB_ALERT_ACCOUNT ) );
211
212
213 updateParameterValue( parameterService, plugin, MARK_TIME_BETWEEN_ALERTS_ACCOUNT, request.getParameter( MARK_TIME_BETWEEN_ALERTS_ACCOUNT ) );
214
215 updateParameterValue( parameterService, plugin, MARK_ACCESS_FAILURES_MAX, request.getParameter( MARK_ACCESS_FAILURES_MAX ) );
216
217 updateParameterValue( parameterService, plugin, MARK_ACCESS_FAILURES_INTERVAL, request.getParameter( MARK_ACCESS_FAILURES_INTERVAL ) );
218 updateParameterValue( parameterService, plugin, MARK_ACCESS_FAILURES_CAPTCHA, request.getParameter( MARK_ACCESS_FAILURES_CAPTCHA ) );
219 updateParameterValue( parameterService, plugin, MARK_ENABLE_UNBLOCK_IP, request.getParameter( MARK_ENABLE_UNBLOCK_IP ) );
220 updateParameterValue( parameterService, plugin, MARK_ENABLE_TOKEN_LOGIN, request.getParameter( MARK_ENABLE_TOKEN_LOGIN ) );
221
222 }
223
224
225
226
227
228
229
230
231
232
233 private static int getMinimumPasswordLength( IUserParameterService parameterService, Plugin plugin )
234 {
235 return getIntegerSecurityParameter( parameterService, plugin, MARK_PASSWORD_MINIMUM_LENGTH );
236 }
237
238
239
240
241
242
243
244
245
246
247 private static boolean isChangePasswordForceAfterReinitActivated( IUserParameterService parameterService, Plugin plugin )
248 {
249 Boolean bIsChecked = Boolean.valueOf( parameterService.findByKey( MARK_FORCE_CHANGE_PASSWORD_REINIT, plugin ).isChecked( ) );
250
251 return bIsChecked.booleanValue( );
252 }
253
254
255
256
257
258
259
260
261
262
263
264
265 protected static boolean checkUserPasswordMinimumLength( String strPassword, IUserParameterService parameterService, Plugin plugin )
266 {
267 int nMinimumLength = getIntegerSecurityParameter( parameterService, plugin, MARK_PASSWORD_MINIMUM_LENGTH );
268
269 return !( ( nMinimumLength > 0 ) && ( strPassword.length( ) < nMinimumLength ) );
270 }
271
272
273
274
275
276
277
278
279
280
281
282
283 protected static String getMessagePasswordMinimumLength( HttpServletRequest request, IUserParameterService parameterService, Plugin plugin )
284 {
285 Object [ ] param = {
286 parameterService.findByKey( MARK_PASSWORD_MINIMUM_LENGTH, plugin ).getName( )
287 };
288
289 return AdminMessageService.getMessageUrl( request, MESSAGE_MINIMUM_PASSWORD_LENGTH, param, AdminMessage.TYPE_STOP );
290 }
291
292
293
294
295
296
297
298
299
300
301 protected static boolean isPasswordFormatUpperLowerCaseUsed( IUserParameterService parameterService, Plugin plugin )
302 {
303 return getBooleanSecurityParameter( parameterService, plugin, MARK_PASSWORD_FORMAT_UPPER_LOWER_CASE );
304 }
305
306
307
308
309
310
311
312
313
314
315 protected static boolean isPasswordFormatNumeroUsed( IUserParameterService parameterService, Plugin plugin )
316 {
317 return getBooleanSecurityParameter( parameterService, plugin, MARK_PASSWORD_FORMAT_NUMERO );
318 }
319
320
321
322
323
324
325
326
327
328
329 protected static boolean isPasswordFormatSpecialCharactersUsed( IUserParameterService parameterService, Plugin plugin )
330 {
331 return getBooleanSecurityParameter( parameterService, plugin, MARK_PASSWORD_FORMAT_SPECIAL_CHARACTERS );
332 }
333
334
335
336
337
338
339
340
341
342
343 public static int getPasswordDuration( IUserParameterService parameterService, Plugin plugin )
344 {
345 return getIntegerSecurityParameter( parameterService, plugin, MARK_PASSWORD_DURATION );
346 }
347
348
349
350
351
352
353
354
355
356
357 public static int getPasswordHistorySize( IUserParameterService parameterService, Plugin plugin )
358 {
359 return getIntegerSecurityParameter( parameterService, plugin, MARK_PASSWORD_HISTORY_SIZE );
360 }
361
362
363
364
365
366
367
368
369
370
371 public static int getTSWSizePasswordChange( IUserParameterService parameterService, Plugin plugin )
372 {
373 return getIntegerSecurityParameter( parameterService, plugin, MARK_TSW_SIZE_PASSWORD_CHANGE );
374 }
375
376
377
378
379
380
381
382
383
384
385 public static boolean isAdvancedSecurityParametersUsed( IUserParameterService parameterService, Plugin plugin )
386 {
387 return getBooleanSecurityParameter( parameterService, plugin, MARK_USE_ADVANCED_SECURITY_PARAMETERS );
388 }
389
390
391
392
393
394
395
396
397
398
399 public static int getMaximumNumberPasswordChange( IUserParameterService parameterService, Plugin plugin )
400 {
401 return getIntegerSecurityParameter( parameterService, plugin, MARK_MAXIMUM_NUMBER_PASSWORD_CHANGE );
402 }
403
404
405
406
407
408
409
410
411
412
413
414
415 public static int getIntegerSecurityParameter( IUserParameterService parameterService, Plugin plugin, String strParameterkey )
416 {
417 ReferenceItem refItem = parameterService.findByKey( strParameterkey, plugin );
418
419 if ( ( refItem == null ) || StringUtils.isEmpty( refItem.getName( ) ) )
420 {
421 return 0;
422 }
423
424 try
425 {
426 int nValue = Integer.parseInt( refItem.getName( ) );
427
428 return nValue;
429 }
430 catch( NumberFormatException e )
431 {
432 return 0;
433 }
434 }
435
436
437
438
439
440
441
442
443
444
445
446
447 public static boolean getBooleanSecurityParameter( IUserParameterService parameterService, Plugin plugin, String strParameterkey )
448 {
449 ReferenceItem refItem = parameterService.findByKey( strParameterkey, plugin );
450
451 return ( refItem == null ) ? false : refItem.isChecked( );
452 }
453
454
455
456
457
458
459
460
461
462
463
464
465 public static String getSecurityParameter( IUserParameterService parameterService, Plugin plugin, String strParameterkey )
466 {
467 ReferenceItem refItem = parameterService.findByKey( strParameterkey, plugin );
468
469 return ( refItem == null ) ? null : refItem.getName( );
470 }
471
472
473
474
475
476
477
478
479
480
481
482
483 public static String getLargeSecurityParameter( IUserParameterService parameterService, Plugin plugin, String strParameterkey )
484 {
485 return DatastoreService.getDataValue( plugin.getName( ) + CONSTANT_UNDERSCORE + strParameterkey, StringUtils.EMPTY );
486 }
487
488
489
490
491
492
493
494
495
496
497
498
499 protected static String getMessageBackPasswordFormat( HttpServletRequest request, IUserParameterService parameterService, Plugin plugin )
500 {
501 Object [ ] param = {
502 getMessagePasswordFormat( parameterService, request.getLocale( ), plugin )
503 };
504
505 return AdminMessageService.getMessageUrl( request, MESSAGE_PASSWORD_FORMAT, param, AdminMessage.TYPE_STOP );
506 }
507
508
509
510
511
512
513
514
515
516
517
518
519 public static String getMessageFrontPasswordFormat( Locale locale, IUserParameterService parameterService, Plugin plugin )
520 {
521 Object [ ] param = {
522 getMessagePasswordFormat( parameterService, locale, plugin )
523 };
524
525 return I18nService.getLocalizedString( MESSAGE_PASSWORD_FORMAT, param, locale );
526 }
527
528
529
530
531
532
533
534
535
536
537
538
539 private static String getMessagePasswordFormat( IUserParameterService parameterService, Locale locale, Plugin plugin )
540 {
541 StringBuffer strParam = new StringBuffer( );
542 boolean bUserPasswordFormatUpperLowerCase = isPasswordFormatUpperLowerCaseUsed( parameterService, plugin );
543 boolean bUserPasswordFormatNumero = isPasswordFormatNumeroUsed( parameterService, plugin );
544 boolean bUserPasswordFormatSpecialCaracters = isPasswordFormatSpecialCharactersUsed( parameterService, plugin );
545
546
547 if ( bUserPasswordFormatUpperLowerCase )
548 {
549 strParam.append( I18nService.getLocalizedString( MESSAGE_PASSWORD_FORMAT_UPPER_LOWER_CASE, locale ) );
550 }
551
552
553 if ( bUserPasswordFormatNumero )
554 {
555 if ( bUserPasswordFormatUpperLowerCase )
556 {
557 strParam.append( ", " );
558 }
559
560 strParam.append( I18nService.getLocalizedString( MESSAGE_PASSWORD_FORMAT_NUMERO, locale ) );
561 }
562
563
564 if ( bUserPasswordFormatSpecialCaracters )
565 {
566 if ( bUserPasswordFormatUpperLowerCase || bUserPasswordFormatNumero )
567 {
568 strParam.append( ", " );
569 }
570
571 strParam.append( I18nService.getLocalizedString( MESSAGE_PASSWORD_FORMAT_SPECIAL_CHARACTERS, locale ) );
572 }
573
574 return strParam.toString( );
575 }
576
577
578
579
580
581
582
583
584
585
586
587
588
589 public static void updateParameterValue( IUserParameterService parameterService, Plugin plugin, String strKey, String strValue )
590 {
591 ReferenceItem userParam = new ReferenceItem( );
592 userParam.setCode( strKey );
593 strValue = ( strValue == null ) ? StringUtils.EMPTY : strValue;
594 userParam.setName( strValue );
595 parameterService.update( userParam, plugin );
596 }
597
598
599
600
601
602
603
604
605
606
607
608
609
610 public static void updateLargeParameterValue( IUserParameterService parameterService, Plugin plugin, String strKey, String strValue )
611 {
612 DatastoreService.setDataValue( plugin.getName( ) + CONSTANT_UNDERSCORE + strKey, strValue );
613 }
614
615
616
617
618
619
620
621
622
623 public static void useAdvancedSecurityParameters( IUserParameterService parameterService, Plugin plugin )
624 {
625 updateParameterValue( parameterService, plugin, MARK_USE_ADVANCED_SECURITY_PARAMETERS, Boolean.TRUE.toString( ) );
626 updateParameterValue( parameterService, plugin, MARK_FORCE_CHANGE_PASSWORD_REINIT, Boolean.TRUE.toString( ) );
627 updateParameterValue( parameterService, plugin, MARK_MAXIMUM_NUMBER_PASSWORD_CHANGE,
628 AppPropertiesService.getProperty( PROPERTY_DEFAULT_MAXIMUM_NUMBER_PASSWORD_CHANGE ) );
629 updateParameterValue( parameterService, plugin, MARK_PASSWORD_DURATION, AppPropertiesService.getProperty( PROPERTY_DEFAULT_PASSWORD_DURATION ) );
630 updateParameterValue( parameterService, plugin, MARK_PASSWORD_FORMAT_UPPER_LOWER_CASE, Boolean.TRUE.toString( ) );
631 updateParameterValue( parameterService, plugin, MARK_PASSWORD_FORMAT_NUMERO, Boolean.TRUE.toString( ) );
632 updateParameterValue( parameterService, plugin, MARK_PASSWORD_FORMAT_SPECIAL_CHARACTERS, Boolean.TRUE.toString( ) );
633 updateParameterValue( parameterService, plugin, MARK_PASSWORD_HISTORY_SIZE, AppPropertiesService.getProperty( PROPERTY_DEFAULT_HISTORY_SIZE ) );
634 updateParameterValue( parameterService, plugin, MARK_TSW_SIZE_PASSWORD_CHANGE,
635 AppPropertiesService.getProperty( PROPERTY_DEFAULT_TSW_SIZE_PASSWORD_CHANGE ) );
636
637 int nMinPwdLength = getIntegerSecurityParameter( parameterService, plugin, MARK_PASSWORD_MINIMUM_LENGTH );
638
639 if ( nMinPwdLength <= 0 )
640 {
641 updateParameterValue( parameterService, plugin, MARK_PASSWORD_MINIMUM_LENGTH,
642 AppPropertiesService.getProperty( PROPERTY_DEFAULT_PASSWORD_MINIMAL_LENGTH ) );
643 }
644
645 updateParameterValue( parameterService, plugin, MARK_ENABLE_PASSWORD_ENCRYPTION, Boolean.TRUE.toString( ) );
646 updateParameterValue( parameterService, plugin, MARK_ENCRYPTION_ALGORITHM,
647 AppPropertiesService.getProperty( PROPERTY_DEFAULT_ENCRYPTION_ALGORITHM, CONSTANT_DEFAULT_ENCRYPTION_ALGORITHM ) );
648 updateParameterValue( parameterService, plugin, MARK_NOTIFY_USER_PASSWORD_EXPIRED, Boolean.TRUE.toString( ) );
649 }
650
651
652
653
654
655
656
657
658
659 public static void removeAdvancedSecurityParameters( IUserParameterService parameterService, Plugin plugin )
660 {
661 updateParameterValue( parameterService, plugin, MARK_USE_ADVANCED_SECURITY_PARAMETERS, StringUtils.EMPTY );
662 updateParameterValue( parameterService, plugin, MARK_MAXIMUM_NUMBER_PASSWORD_CHANGE, StringUtils.EMPTY );
663 updateParameterValue( parameterService, plugin, MARK_PASSWORD_DURATION, StringUtils.EMPTY );
664 updateParameterValue( parameterService, plugin, MARK_PASSWORD_FORMAT_UPPER_LOWER_CASE, StringUtils.EMPTY );
665 updateParameterValue( parameterService, plugin, MARK_PASSWORD_FORMAT_NUMERO, StringUtils.EMPTY );
666 updateParameterValue( parameterService, plugin, MARK_PASSWORD_FORMAT_SPECIAL_CHARACTERS, StringUtils.EMPTY );
667 updateParameterValue( parameterService, plugin, MARK_PASSWORD_HISTORY_SIZE, StringUtils.EMPTY );
668 updateParameterValue( parameterService, plugin, MARK_TSW_SIZE_PASSWORD_CHANGE, StringUtils.EMPTY );
669 updateParameterValue( parameterService, plugin, MARK_NOTIFY_USER_PASSWORD_EXPIRED, StringUtils.EMPTY );
670 }
671
672
673
674
675
676
677
678
679
680
681 public static Timestamp getPasswordMaxValidDate( IUserParameterService parameterService, Plugin plugin )
682 {
683 int nbDayPasswordValid = getIntegerSecurityParameter( parameterService, plugin, MARK_PASSWORD_DURATION );
684
685 if ( nbDayPasswordValid <= 0 )
686 {
687 return null;
688 }
689
690 return PasswordUtil.getPasswordMaxValidDate( nbDayPasswordValid );
691 }
692
693
694
695
696
697
698
699
700
701
702 public static Timestamp getAccountMaxValidDate( IUserParameterService parameterService, Plugin plugin )
703 {
704 int nbDaysPasswordValid = getIntegerSecurityParameter( parameterService, plugin, MARK_ACCOUNT_LIFE_TIME );
705
706 if ( nbDaysPasswordValid <= 0 )
707 {
708 return null;
709 }
710
711 Calendar calendare = new GregorianCalendar( Locale.getDefault( ) );
712 calendare.add( Calendar.DAY_OF_MONTH, nbDaysPasswordValid );
713
714 return new Timestamp( calendare.getTimeInMillis( ) );
715 }
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731 public static String checkPasswordForFrontOffice( IUserParameterService parameterService, Plugin plugin, String strPassword, int nUserId )
732 {
733
734 if ( !( SecurityUtils.checkUserPasswordMinimumLength( strPassword, parameterService, plugin ) ) )
735 {
736 return ERROR_PASSWORD_MINIMUM_LENGTH;
737 }
738
739
740 if ( !( SecurityUtils.checkPasswordFormat( strPassword, parameterService, plugin ) ) )
741 {
742 return ERROR_PASSWORD_WRONG_FORMAT;
743 }
744
745
746 if ( nUserId > 0 )
747 {
748 int nPasswordHistorySize = getIntegerSecurityParameter( parameterService, plugin, MARK_PASSWORD_HISTORY_SIZE );
749
750 if ( nPasswordHistorySize > 0 )
751 {
752 String strEncryptedPassword = buildPassword( parameterService, plugin, strPassword );
753 List<String> passwordHistory = parameterService.selectUserPasswordHistory( nUserId, plugin );
754
755 if ( nPasswordHistorySize < passwordHistory.size( ) )
756 {
757 passwordHistory = passwordHistory.subList( 0, nPasswordHistorySize );
758 }
759
760 if ( passwordHistory.contains( strEncryptedPassword ) )
761 {
762 return ERROR_PASSWORD_ALREADY_USED;
763 }
764 }
765
766 int nTSWSizePasswordChange = getIntegerSecurityParameter( parameterService, plugin, MARK_TSW_SIZE_PASSWORD_CHANGE );
767 int nMaximumNumberPasswordChange = getIntegerSecurityParameter( parameterService, plugin, MARK_MAXIMUM_NUMBER_PASSWORD_CHANGE );
768
769 if ( nMaximumNumberPasswordChange > 0 )
770 {
771 Timestamp minDate = null;
772
773 if ( nTSWSizePasswordChange > 0 )
774 {
775 minDate = new Timestamp( new java.util.Date( ).getTime( ) - DateUtil.convertDaysInMiliseconds( nTSWSizePasswordChange ) );
776 }
777 else
778 {
779 minDate = new Timestamp( 0 );
780 }
781
782 if ( parameterService.countUserPasswordHistoryFromDate( minDate, nUserId, plugin ) >= nMaximumNumberPasswordChange )
783 {
784 return ERROR_MAX_PASSWORD_CHANGE;
785 }
786 }
787 }
788
789 return null;
790 }
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805 public static String checkPasswordForBackOffice( IUserParameterService parameterService, Plugin plugin, String strPassword, HttpServletRequest request )
806 {
807 if ( !SecurityUtils.checkUserPasswordMinimumLength( strPassword, parameterService, plugin ) )
808 {
809 return SecurityUtils.getMessagePasswordMinimumLength( request, parameterService, plugin );
810 }
811
812 if ( !SecurityUtils.checkPasswordFormat( strPassword, parameterService, plugin ) )
813 {
814 return SecurityUtils.getMessageBackPasswordFormat( request, parameterService, plugin );
815 }
816
817 return null;
818 }
819
820
821
822
823
824
825
826
827
828
829
830
831
832 public static String buildPassword( IUserParameterService parameterService, Plugin plugin, String strUserPassword )
833 {
834
835 String strPassword = strUserPassword;
836
837 if ( parameterService.isPasswordEncrypted( plugin ) )
838 {
839 String strAlgorithm = parameterService.getEncryptionAlgorithm( plugin );
840 strPassword = CryptoService.encrypt( strUserPassword, strAlgorithm );
841 }
842
843 return strPassword;
844 }
845
846
847
848
849
850
851
852
853 public static String makePassword( IUserParameterService parameterService, Plugin plugin )
854 {
855 int nMinimumLength = getIntegerSecurityParameter( parameterService, plugin, MARK_PASSWORD_MINIMUM_LENGTH );
856
857 return PasswordUtil.makePassword( nMinimumLength, isPasswordFormatUpperLowerCaseUsed( parameterService, plugin ),
858 isPasswordFormatNumeroUsed( parameterService, plugin ), isPasswordFormatSpecialCharactersUsed( parameterService, plugin ) );
859 }
860
861
862
863
864
865
866
867
868
869
870 public static String [ ] getBannedDomainNames( IUserParameterService parameterService, Plugin plugin )
871 {
872 String strDomainNames = SecurityUtils.getLargeSecurityParameter( parameterService, plugin, MARK_BANNED_DOMAIN_NAMES );
873
874 if ( StringUtils.isNotBlank( strDomainNames ) )
875 {
876 return strDomainNames.split( SEMICOLON );
877 }
878
879 return null;
880 }
881
882
883
884
885
886
887
888
889
890
891 public static String buildResetConnectionLogUrl( int nInterval, HttpServletRequest request )
892 {
893 UrlItem url = new UrlItem( AppPathService.getBaseUrl( request ) + JSP_URL_RESET_CONNECTION_LOG );
894 String strIp = request.getRemoteAddr( );
895 String strDate = Long.toString( new Date( ).getTime( ) );
896 String strInterval = Integer.toString( nInterval );
897 url.addParameter( PARAMETER_IP, strIp );
898 url.addParameter( PARAMETER_DATE_LOGIN, strDate );
899 url.addParameter( PARAMETER_INTERVAL, strInterval );
900
901 String strCryptoKey = CryptoService.getCryptoKey( );
902 url.addParameter( PARAMETER_KEY, CryptoService.encrypt( strIp + strDate + strInterval + strCryptoKey,
903 AppPropertiesService.getProperty( PROPERTY_DEFAULT_ENCRYPTION_ALGORITHM, CONSTANT_DEFAULT_ENCRYPTION_ALGORITHM ) ) );
904
905 return url.getUrl( );
906 }
907
908
909
910
911
912
913
914
915
916
917
918
919
920 protected static boolean checkPasswordFormat( String strPassword, IUserParameterService parameterService, Plugin plugin )
921 {
922 boolean bPasswordFormat = isPasswordFormatNumeroUsed( parameterService, plugin ) || isPasswordFormatSpecialCharactersUsed( parameterService, plugin )
923 || isPasswordFormatUpperLowerCaseUsed( parameterService, plugin );
924
925 return bPasswordFormat ? PasswordUtil.checkPasswordFormat( strPassword, isPasswordFormatUpperLowerCaseUsed( parameterService, plugin ),
926 isPasswordFormatNumeroUsed( parameterService, plugin ), isPasswordFormatSpecialCharactersUsed( parameterService, plugin ) ) : true;
927 }
928 }