+ Gigi.passwordChecker = getPasswordChecker(conf);
+ }
+ }
+
+ private PasswordChecker getPasswordChecker(Properties conf) {
+ final String knownPasswordHashesPath;
+ final boolean knownPasswordHashesRequired;
+ String knownPasswordHashesConfig = conf.getProperty("knownPasswordHashes");
+ if (knownPasswordHashesConfig != null) {
+ knownPasswordHashesPath = knownPasswordHashesConfig;
+ knownPasswordHashesRequired = true;
+ } else {
+ knownPasswordHashesPath = "/usr/share/pwned-passwords/pwned-passwords.bin";
+ knownPasswordHashesRequired = false;
+ }
+
+ final MessageDigest sha1;
+ try {
+ sha1 = MessageDigest.getInstance("SHA-1");
+ } catch (NoSuchAlgorithmException e) {
+ throw new RuntimeException(e);
+ }
+
+ try {
+ final FileChannel knownPasswordHashesFile = FileChannel.open(
+ FileSystems.getDefault().getPath(knownPasswordHashesPath));
+ return new DelegatingPasswordChecker(new PasswordChecker[] {
+ new PasswordStrengthChecker(),
+ new PasswordHashChecker(knownPasswordHashesFile, sha1)
+ });
+ } catch (IOException e) {
+ if (knownPasswordHashesRequired) {
+ throw new RuntimeException("Error while opening password hash database, refusing startup", e);
+ } else {
+ System.err.println("Warning: A problem was encountered while opening the password hash database, passwords will be checked only by strength.");
+ if ( !(e instanceof NoSuchFileException)) {
+ e.printStackTrace();
+ }
+ return new PasswordStrengthChecker();
+ }