diff --git a/domain-management/src/main/java/org/jboss/as/domain/management/security/PasswordStrengthChecker.java b/domain-management/src/main/java/org/jboss/as/domain/management/security/PasswordStrengthChecker.java new file mode 100644 index 0000000..c7ab71f --- /dev/null +++ b/domain-management/src/main/java/org/jboss/as/domain/management/security/PasswordStrengthChecker.java @@ -0,0 +1,265 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2011, Red Hat, Inc., and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.as.domain.management.security; + +/** + * Password strength utility. + * + * Performs password strength checks using following rules: + * - Number of characters + * - Presence of upper case letters + * - Presence of lower case letters + * - Presence of numbers + * - Presence of symbols + * - Repeat characters + * - Consecutive upper case letters + * - Consecutive lower case letters + * - Consecutive numbers + * + * Minimum requirements: + * - minimum 8 characters in length + * - contains 3/4 of the following items: + * - upper case letters; + * - lower case letters; + * - numbers + * - symbols + * + * + * @author kulikov + */ +public class PasswordStrengthChecker { + + public static final int RESPONSE_ACCEPT = 1; + public static final int RESPONSE_WARN = 2; + public static final int RESPONSE_REJECT = 3; + + /** + * Checks password length. + * + * @param password given password + * @return score for the given password length + */ + private int checkNumberOfCharacters(String password) { + return password.length() * 4; + } + + /** + * Checks presence of upper case letters. + * + * @param password given password + * @return score for the upper case letter usage + */ + private int checkUpperCaseLetters(String password) { + int count = 0; + for (int i = 0; i < password.length(); i++) { + if ((password.charAt(i) >= 'A') && (password.charAt(i) <= 'Z')) { + count++; + } + } + return (password.length() - count) * 2; + } + + /** + * Checks presence of lower case letters. + * + * @param password given password + * @return score for the lower case letter usage + */ + private int checkLowerCaseLetters(String password) { + int count = 0; + for (int i = 0; i < password.length(); i++) { + if ((password.charAt(i) >= 'a') && (password.charAt(i) <= 'z')) { + count++; + } + } + return (password.length() - count) * 2; + } + + /** + * Checks presence of numbers. + * + * @param password given password + * @return score for the numbers usage + */ + private int checkNumbers(String password) { + int count = 0; + for (int i = 0; i < password.length(); i++) { + if ((password.charAt(i) >= '0') && (password.charAt(i) <= '9')) { + count++; + } + } + return count * 4; + } + + /** + * Checks presence of symbols. + * + * @param password given password + * @return score for the symbols usage + */ + private int checkSymbols(String password) { + int count = 0; + for (int i = 0; i < password.length(); i++) { + if ((password.charAt(i) >= 33 && password.charAt(i) <= 47) + | (password.charAt(i) >= 58 && password.charAt(i) <= 64) + | (password.charAt(i) >= 90 && password.charAt(i) <= 96) + | (password.charAt(i) >= 123 && password.charAt(i) <= 126)) { + count++; + } + } + return count * 4; + } + + /** + * Checks for using letters only. + * + * @param password given password + * @return score for password in case of using letters only + */ + private int checkLettersOnly(String password) { + int count = 0; + for (int i = 0; i < password.length(); i++) { + if ((password.charAt(i) >= '0') && (password.charAt(i) <= '9')) { + count++; + } + } + return count == 0 ? -password.length() : 0; + } + + /** + * Checks for using numbers only. + * + * @param password given password + * @return score for password in case of using numbers only + */ + private int checkNumbersOnly(String password) { + int count = 0; + for (int i = 0; i < password.length(); i++) { + if ((password.charAt(i) >= '0') && (password.charAt(i) <= '9')) { + count++; + } + } + return count == password.length() ? -password.length() : 0; + } + + /** + * Checks for repeating characters + * + * @param password given password + * @return score for password in case of repeating characters + */ + private int checkRepeatCharacters(String password) { + String tmp = password.toLowerCase(); + int count = 0; + for (int i = 1; i < password.length(); i++) { + if ((tmp.charAt(i) == tmp.charAt(i - 1))) { + count++; + } + } + return count > 0 ? count : 0; + } + + /** + * Checks for using consecutive upper case characters + * + * @param password given password + * @return score for given password + */ + private int checkConsecutiveUpperCharacters(String password) { + int count = 0; + for (int i = 1; i < password.length(); i++) { + if (((password.charAt(i) >= 'A') && (password.charAt(i) <= 'Z')) + && (password.charAt(i - 1) >= 'A') && (password.charAt(i - 1) <= 'Z')) { + count++; + } + } + return count > 0 ? -count * 2 : 0; + } + + /** + * Checks for using consecutive lower case characters + * + * @param password given password + * @return score for given password + */ + private int checkConsecutiveLowerCharacters(String password) { + int count = 0; + for (int i = 1; i < password.length(); i++) { + if (((password.charAt(i) >= 'a') && (password.charAt(i) <= 'z')) + && (password.charAt(i - 1) >= 'a') && (password.charAt(i - 1) <= 'z')) { + count++; + } + } + return count > 0 ? -count * 2 : 0; + } + + /** + * Checks for using consecutive numbers + * + * @param password given password + * @return score for given password + */ + private int checkConsecutiveNumbers(String password) { + int count = 0; + for (int i = 1; i < password.length(); i++) { + if (((password.charAt(i) >= '0') && (password.charAt(i) <= '9')) + && ((password.charAt(i - 1) >= '0') && (password.charAt(i - 1) <= '9'))) { + count++; + } + } + return count > 0 ? -count * 2 : 0; + } + + /** + * Checks password strength. + * + * @param password given password + * @return constant indicating strength + */ + public int check(String password) { + int score = 0; + + //additions + score += this.checkNumberOfCharacters(password); + score += this.checkUpperCaseLetters(password); + score += this.checkLowerCaseLetters(password); + score += this.checkNumbers(password); + score += this.checkSymbols(password); + + //deductions + score += this.checkLettersOnly(password); + score += this.checkNumbersOnly(password); + score += this.checkRepeatCharacters(password); + score += this.checkConsecutiveUpperCharacters(password); + score += this.checkConsecutiveLowerCharacters(password); + score += this.checkConsecutiveNumbers(password); + + if (score < 32) { + return RESPONSE_REJECT; + } else if (score >= 32 && score < 66) { + return RESPONSE_WARN; + } else { + return RESPONSE_ACCEPT; + } + } + +}