KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > openharmonise > rm > security > authentication > PasswordMigrationUtil


1 /*
2  * The contents of this file are subject to the
3  * Mozilla Public License Version 1.1 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at http://www.mozilla.org/MPL/
6  *
7  * Software distributed under the License is distributed on an "AS IS"
8  * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied.
9  * See the License for the specific language governing rights and
10  * limitations under the License.
11  *
12  * The Initial Developer of the Original Code is Simulacra Media Ltd.
13  * Portions created by Simulacra Media Ltd are Copyright (C) Simulacra Media Ltd, 2005.
14  *
15  * All Rights Reserved.
16  *
17  * Contributor(s):
18  *
19  * Created: 06-Jan-2005 by jejking
20  * Version: $Revision: 1.1 $
21  * Last Updated: $Date: 2005/01/07 16:54:36 $
22  */
23 package org.openharmonise.rm.security.authentication;
24
25 import java.sql.*;
26
27
28 /**
29  * Utility to move users from an environment using plain text password
30  * storage to one using hashed passwords.
31  *
32  * @author jejking
33  * @version $Revision: 1.1 $
34  */
35 public class PasswordMigrationUtil {
36     
37     private String JavaDoc hashAlgorithm;
38     private String JavaDoc dbUrl;
39     private String JavaDoc dbUsr;
40     private String JavaDoc dbPassword;
41     
42     public PasswordMigrationUtil(String JavaDoc hashAlgorithm, String JavaDoc dbDriver, String JavaDoc dbUsr,
43                 String JavaDoc dbPassword, String JavaDoc dbUrl) {
44         
45         if (hashAlgorithm.equals("MD5") || hashAlgorithm.equals("SHA-1")) {
46             this.hashAlgorithm = hashAlgorithm;
47         }
48         else {
49             System.err.println("Non supported hash algorithm" + hashAlgorithm);
50             System.exit(1);
51         }
52         
53         this.dbUrl = dbUrl;
54         this.dbUsr = dbUsr;
55         this.dbPassword = dbPassword;
56         
57         try {
58             Class.forName(dbDriver);
59         }
60         catch (Exception JavaDoc e) {
61             e.printStackTrace();
62             System.exit(2);
63         }
64     }
65     
66     public void execute() {
67         // for all other users
68 // create salt
69 // combine salt with existing password to create the hash required
70
71         try {
72             Connection con = DriverManager.getConnection(dbUrl, dbUsr, dbPassword);
73             Statement getUsers = con.createStatement();
74             ResultSet usersRS = getUsers.executeQuery("select id, password from users");
75             while (usersRS.next()) {
76                 int id = usersRS.getInt("id");
77                 System.out.println("Processing user with id " + id);
78                 
79                 String JavaDoc curPasswd = usersRS.getString("password");
80                 // create a salt
81 String JavaDoc salt = getSalt(hashAlgorithm);
82                 // create the hashed password
83 String JavaDoc hashedPasswd = getPasswordHelper(hashAlgorithm).getNewPassword(curPasswd, salt);
84                 
85                 // update the users table with the salt and the hashed password
86 Statement updateUser = con.createStatement();
87                 updateUser.executeUpdate("update users set salt = '" + salt + "', password = '" + hashedPasswd + "' where id = " + id);
88                 updateUser.close();
89                 // update the users_hist table with the salt for all previous versions of the user
90 Statement updatePreviousSalts = con.createStatement();
91                 updatePreviousSalts.executeUpdate("update users_hist set salt = '" + salt + "' where id = " + id);
92                 
93                 updatePreviousSalts.close();
94                 
95             }
96             usersRS.close();
97             getUsers.close();
98             con.close();
99         }
100         catch (SQLException e) {
101             // TODO Auto-generated catch block
102 e.printStackTrace();
103         }
104         
105         // and do the same for their previous versions
106 try {
107             Connection con = DriverManager.getConnection(dbUrl, dbUsr, dbPassword);
108             Statement getPreviousUserVersions = con.createStatement();
109             // salt will already have been updated from the previous SQL
110 ResultSet previousUserVersionsRS = getPreviousUserVersions.executeQuery("select object_key, salt, password from users_hist");
111             while (previousUserVersionsRS.next()) {
112                 int object_key = previousUserVersionsRS.getInt("object_key");
113                 String JavaDoc salt = previousUserVersionsRS.getString("salt");
114                 if (salt == null) {
115                     continue; // not an active user
116 }
117                 String JavaDoc previousPasswd = previousUserVersionsRS.getString("password");
118                 // create the hashed password
119 String JavaDoc hashedPasswd = getPasswordHelper(hashAlgorithm).getNewPassword(previousPasswd, salt);
120                 // update it
121 Statement updatePreviousVersion = con.createStatement();
122                 updatePreviousVersion.executeUpdate("update users_hist set password = '" + hashedPasswd + "' where object_key = " + object_key);
123                 updatePreviousVersion.close();
124             }
125             previousUserVersionsRS.close();
126             
127             Statement setPwdEncryption = con.createStatement();
128             setPwdEncryption.executeUpdate("update oh_prop set prop_value = '" + hashAlgorithm + "' where prop_name = 'PWD_ENCRYPTION'");
129             setPwdEncryption.close();
130             
131             con.close();
132         }
133         catch (SQLException sqlE) {
134             sqlE.printStackTrace();
135         }
136         
137     
138         
139         try {
140             Connection con = DriverManager.getConnection(dbUrl, dbUsr, dbPassword);
141             //we now need to deal with any users who have been completely archived as
142 // their salt is null
143
144             Statement getDefunctUsers = con.createStatement();
145             ResultSet defunctUsersRS = getDefunctUsers.executeQuery("select distinct id from users_hist where salt is null");
146             while (defunctUsersRS.next()) {
147                 // give them a salt
148 int id = defunctUsersRS.getInt("id");
149                 String JavaDoc salt = getSalt(hashAlgorithm);
150                 System.err.println("updating id " + id + " with salt " + salt);
151                 Statement updateSaltForDefunctUsers = con.createStatement();
152                 updateSaltForDefunctUsers.executeUpdate("update users_hist set salt = '" + salt + "' where id = " + id);
153                 // no need to crypt defunct users' old passwords, really
154 updateSaltForDefunctUsers.close();
155             }
156             defunctUsersRS.close();
157             getDefunctUsers.close();
158             con.close();
159         }
160         catch (SQLException e) {
161             e.printStackTrace();
162         }
163
164     }
165     
166     private String JavaDoc getSalt(String JavaDoc algorithm) {
167         if (algorithm.equals("MD5")) {
168             return PasswordCryptUtil.getNewSalt(32);
169         }
170         else {
171             return PasswordCryptUtil.getNewSalt(40);
172         }
173     }
174     
175     private PasswordHelper getPasswordHelper(String JavaDoc algorithm) {
176         return new CryptPasswordHelper(algorithm);
177     }
178     
179     public static void main(String JavaDoc[] args) {
180         PasswordMigrationUtil app = new PasswordMigrationUtil(args[0], args[1], args[2], args[3], args[4]);
181         app.execute();
182     }
183 }
184
Popular Tags