src/org/cacert/gigi/util/PasswordStrengthChecker.java

   1 package org.cacert.gigi.util;
   2
   3 import java.util.regex.Pattern;
   4
   5 import org.cacert.gigi.GigiApiException;
   6 import org.cacert.gigi.User;
   7
   8 public class PasswordStrengthChecker {
   9         static Pattern digits = Pattern.compile("\\d");
  10         static Pattern lower = Pattern.compile("[a-z]");
  11         static Pattern upper = Pattern.compile("[A-Z]");
  12         static Pattern whitespace = Pattern.compile("\\s");
  13         static Pattern special = Pattern.compile("(?!\\s)\\W");
  14
  15         private PasswordStrengthChecker() {
  16         }
  17
  18         private static int checkpwlight(String pw) {
  19                 int points = 0;
  20                 if (pw.length() > 15) {
  21                         points++;
  22                 }
  23                 if (pw.length() > 20) {
  24                         points++;
  25                 }
  26                 if (pw.length() > 25) {
  27                         points++;
  28                 }
  29                 if (pw.length() > 30) {
  30                         points++;
  31                 }
  32                 if (digits.matcher(pw).find()) {
  33                         points++;
  34                 }
  35                 if (lower.matcher(pw).find()) {
  36                         points++;
  37                 }
  38                 if (upper.matcher(pw).find()) {
  39                         points++;
  40                 }
  41                 if (special.matcher(pw).find()) {
  42                         points++;
  43                 }
  44                 if (whitespace.matcher(pw).find()) {
  45                         points++;
  46                 }
  47                 return points;
  48         }
  49
  50         public static int checkpw(String pw, User u) {
  51                 if (pw == null) {
  52                         return 0;
  53                 }
  54                 int light = checkpwlight(pw);
  55                 if (contained(pw, u.getEmail())) {
  56                         light -= 2;
  57                 }
  58                 if (contained(pw, u.getFname())) {
  59                         light -= 2;
  60                 }
  61                 if (contained(pw, u.getLname())) {
  62                         light -= 2;
  63                 }
  64                 if (contained(pw, u.getMname())) {
  65                         light -= 2;
  66                 }
  67                 if (contained(pw, u.getSuffix())) {
  68                         light -= 2;
  69                 }
  70                 // TODO dictionary check
  71                 return light;
  72         }
  73
  74         public static void assertStrongPassword(String pw, User u) throws GigiApiException {
  75                 if (checkpw(pw, u) < 3) {
  76                         throw new GigiApiException("The Pass Phrase you submitted failed to contain enough"
  77                                 + " differing characters and/or contained words from" + " your name and/or email address.");
  78                 }
  79         }
  80
  81         private static boolean contained(String pw, String check) {
  82                 if (check == null || check.equals("")) {
  83                         return false;
  84                 }
  85                 if (pw.contains(check)) {
  86                         return true;
  87                 }
  88                 if (check.contains(pw)) {
  89                         return true;
  90                 }
  91                 return false;
  92         }
  93 }