JAVA 密码弱口令检测机制
最近做项目需求,遇到客户要求对密码弱口令,进行检查和判断,具体要求如下:
1,口令长度应大于等于8个字符,
2,口令应由大写、小写、数字、特殊字符三者及以上组成
3,不得使用一串相同的数字或字母组成
4,不能键盘连续序列集合
5.,,,,,,
废话不多说,直接上代码:
首先配置文件,便于以后修改:#保护系统级别 系统级别分为二级系统和三级系统
#当systemGrade不为2或者3时,系统默认使用系统级别2的规则
#当systemGrade设置为2或者3时,其他选项若未配置,则按照默认值处理,具体默认值信息见每一项说明
systemGrade=2
#检测密码口令长度
#当checkPasswordLength为disable时,下面两项设置无效
#其他检测功能设置为disable时,对应设置项设置数据无效
#当系统级别为2或3时,checkPasswordLength默认为enable
#当系统级别为2或3时,limitPassMinLength默认为8,limitPassMaxLength默认为20
#是否检测密码口令长度,如为enable则检测,如为disable则不检测,如为空,
checkPasswordLength=enable
#允许密码口令最小长度
limitPassMinLength=8
#允许密码口令最大长度,如为空,则不设置上限
limitPassMaxLength=20
#是否包含数字、小写字母、大写字母、特殊符号
#当设置checkContainUpperLowerCase为enable时,区分大小写
#当系统级别为2时:checkContainDigit默认为enable,checkContainUpperLowerCase默认为disable
#当系统级别为2时,checkContainLowerCase默认为disable,checkContainUpperCase默认为disable
#当系统级别为2时,checkContainSpecialChar默认为disable
#当系统级别为3时:checkContainDigit默认为enable,checkContainUpperLowerCase默认为disable
#当系统级别为3时,checkContainLowerCase默认为disable,checkContainUpperCase默认为disable
#当系统级别为3时,checkContainSpecialChar默认为enable
#是否检测包含数字
checkContainDigit=enable
#是否检测包含大小写字母,区分密码口令大小写
checkContainUpperLowerCase = enable
#是否检测包含小写字母
checkContainLowerCase = enable
#是否检测包含大写字母
checkContainUpperCase = enable
#是否检测包含特殊符号
checkContainSpecialChar=enable
#支持自定义特殊符号集合
specialCharSet="!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~"
#检测键盘按键连续 比如qwer、1qaz、0okm等
#允许横向最大连续num为7,最小为3
#允许斜向最大连续num为4,最小为3
#当系统级别为2时:checkHorizontalKeySequential默认为enable,horizontalKeyLimitNum默认为4
#当系统级别为2时,checkSlopeKeySequential默认为enable,slopeKeyLimitNum默认为4
#当系统级别为3时:checkHorizontalKeySequential默认为enable,horizontalKeyLimitNum默认为3
#当系统级别为3时,checkSlopeKeySequential默认为enable,slopeKeyLimitNum默认为3
#是否检测键盘横向连续
checkHorizontalKeySequential=enable
#允许键盘横向连续最小数值,如为空,则设置为默认值
horizontalKeyLimitNum=3
#是否检测键盘斜向连续
checkSlopeKeySequential=enable
#允许键盘斜向连续最小数值,如为空,则设置为默认值
slopeKeyLimitNum=3
#检测逻辑位置连续 比如1234、abcd等
#当系统级别为2时,checkLogicSequential默认为enable,logicLimitNum默认为4
#当系统级别为3时,checkLogicSequential默认为enable,logicLimitNum默认为3
#是否检测逻辑位置连续
checkLogicSequential=enable
#允许逻辑位置连续最小数值,如为空,则设置为默认值
logicLimitNum=3
#检测相邻字符相同 比如aaaa、2222、@@@@等
#当系统级别为2时,checkSequentialCharSame默认为enable,sequentialCharNum默认为4
#当系统级别为3时,checkSequentialCharSame默认为enable,sequentialCharNum默认为3
#是否检测相邻字符相同
checkSequentialCharSame=enable
#允许相邻位置相同最小连续数,如为空,则设置为默认值
sequentialCharNum=3其次增加一个配置类:
package com.soft.base.web.tools;
import java.io.BufferedInputStream;
import java.io.FileInputStream;
import java.io.InputStream;
import java.util.Iterator;
import java.util.Properties;
/**
* @description : 密码安全策略,杜绝弱口令
* @author : SXY
* @date : 2020-04-16上午17:16:50
* @version : 1.0
*
*/
public class PwdSecurityConfig {
/**
* 密码口令检测对应系统等级
*/
public static String SYSTEM_GRADE = ReadResource.getString("password","systemGrade");
/**
* 是否检测密码口令长度标识
*/
public static String CHECK_PASSWORD_LENGTH = ReadResource.getString("password","checkPasswordLength");
/**
* 密码最小长度,默认为8
*/
public static String MIN_LENGTH = ReadResource.getString("password","limitPassMinLength");
/**
* 密码最大长度,默认为20
*/
public static String MAX_LENGTH = ReadResource.getString("password","limitPassMaxLength");
/**
* 是否包含数字
*/
public static String CHECK_CONTAIN_DIGIT = ReadResource.getString("password","checkContainDigit");
/**
* 是否区分大小写
*/
public static String CHECK_DISTINGGUISH_CASE = ReadResource.getString("password","checkContainUpperLowerCase");
/**
* 是否包含小写字母
*/
public static String CHECK_LOWER_CASE = ReadResource.getString("password","checkContainLowerCase");
/**
* 是否包含大写字母
*/
public static String CHECK_UPPER_CASE = ReadResource.getString("password","checkContainUpperCase");
/**
* 是否包含特殊符号
*/
public static String CHECK_CONTAIN_SPECIAL_CHAR = ReadResource.getString("password","checkContainSpecialChar");
/**
* 默认的特殊符号集合
*/
public static String DEFAULT_SPECIAL_CHAR="!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~";
/**
* 配置中的特殊符号集合
*/
public static String SPECIAL_CHAR = ReadResource.getString("password","specialCharSet");
/**
* 是否检测键盘按键横向连续
*/
public static String CHECK_HORIZONTAL_KEY_SEQUENTIAL = ReadResource.getString("password","checkHorizontalKeySequential");
/**
* 键盘物理位置横向不允许最小的连续个数
*/
public static String LIMIT_HORIZONTAL_NUM_KEY = ReadResource.getString("password","horizontalKeyLimitNum");
/**
* 是否检测键盘按键斜向连续
*/
public static String CHECK_SLOPE_KEY_SEQUENTIAL = ReadResource.getString("password","checkSlopeKeySequential");
/**
* 键盘物理位置斜向不允许最小的连续个数
*/
public static String LIMIT_SLOPE_NUM_KEY = ReadResource.getString("password","slopeKeyLimitNum");
/**
* 是否检测逻辑位置连续
*/
public static String CHECK_LOGIC_SEQUENTIAL = ReadResource.getString("password","checkLogicSequential");
/**
* 密码口令中字符在逻辑位置上不允许最小的连续个数
*/
public static String LIMIT_LOGIC_NUM_CHAR = ReadResource.getString("password","logicLimitNum");
/**
* 是否检测连续字符相同
*/
public static String CHECK_SEQUENTIAL_CHAR_SAME = ReadResource.getString("password","checkSequentialCharSame");
/**
* 密码口令中相同字符不允许最小的连续个数
*/
public static String LIMIT_NUM_SAME_CHAR = ReadResource.getString("password","sequentialCharNum");
/**
* 键盘横向方向规则
*/
public static String[] KEYBOARD_HORIZONTAL_ARR = {
"01234567890",
"qwertyuiop",
"asdfghjkl",
"zxcvbnm",
};
/**
* 键盘斜线方向规则
*/
public static String[] KEYBOARD_SLOPE_ARR = {
"1qaz",
"2wsx",
"3edc",
"4rfv",
"5tgb",
"6yhn",
"7ujm",
"8ik,",
"9ol.",
"0p;/",
"=[;.",
"-pl,",
"0okm",
"9ijn",
"8uhb",
"7ygv",
"6tfc",
"5rdx",
"4esz"
};
static {
try{
if("2".equals(SYSTEM_GRADE) || "3".equals(SYSTEM_GRADE) ) {
if("".equals(CHECK_PASSWORD_LENGTH)){
CHECK_PASSWORD_LENGTH = "enable";
MIN_LENGTH = "8";
MAX_LENGTH = "20";
}
if("".equals(CHECK_CONTAIN_DIGIT)) {
CHECK_CONTAIN_DIGIT = "enable";
}
if("".equals(CHECK_DISTINGGUISH_CASE)) {
CHECK_DISTINGGUISH_CASE = "disable";
}
if("".equals(CHECK_LOWER_CASE)) {
CHECK_LOWER_CASE = "enable";
}
if("".equals(CHECK_UPPER_CASE)) {
CHECK_UPPER_CASE = "enable";
}
if("".equals(CHECK_CONTAIN_SPECIAL_CHAR)) {
if("2".equals(SYSTEM_GRADE)) {
CHECK_CONTAIN_SPECIAL_CHAR = "disable";
}else{
CHECK_CONTAIN_SPECIAL_CHAR = "enable";
if("".equals(SPECIAL_CHAR)) {
SPECIAL_CHAR = DEFAULT_SPECIAL_CHAR;
}
}
}
if("".equals(CHECK_HORIZONTAL_KEY_SEQUENTIAL)) {
CHECK_HORIZONTAL_KEY_SEQUENTIAL = "enable";
if("2".equals(SYSTEM_GRADE)) {
LIMIT_HORIZONTAL_NUM_KEY = "4";
}else{
LIMIT_HORIZONTAL_NUM_KEY = "3";
}
}
if("".equals(CHECK_SLOPE_KEY_SEQUENTIAL)) {
CHECK_SLOPE_KEY_SEQUENTIAL = "enable";
if("2".equals(SYSTEM_GRADE)) {
LIMIT_SLOPE_NUM_KEY = "4";
}else{
LIMIT_SLOPE_NUM_KEY = "3";
}
}
if("".equals(CHECK_LOGIC_SEQUENTIAL)) {
CHECK_LOGIC_SEQUENTIAL = "enable";
if("2".equals(SYSTEM_GRADE)) {
LIMIT_LOGIC_NUM_CHAR = "4";
}else{
LIMIT_LOGIC_NUM_CHAR = "3";
}
}
if("".equals(CHECK_SEQUENTIAL_CHAR_SAME)) {
CHECK_SEQUENTIAL_CHAR_SAME = "enable";
if("2".equals(SYSTEM_GRADE)) {
LIMIT_NUM_SAME_CHAR = "4";
}else{
LIMIT_NUM_SAME_CHAR = "3";
}
}
}else{
SYSTEM_GRADE = "3";
CHECK_PASSWORD_LENGTH = "enable";
MIN_LENGTH = "8";
MAX_LENGTH = "20";
CHECK_CONTAIN_DIGIT = "enable";
CHECK_LOWER_CASE = "enable";
CHECK_UPPER_CASE = "enable";
CHECK_CONTAIN_SPECIAL_CHAR = "enable";
CHECK_HORIZONTAL_KEY_SEQUENTIAL = "enable";
LIMIT_HORIZONTAL_NUM_KEY = "3";
CHECK_SLOPE_KEY_SEQUENTIAL = "enable";
LIMIT_SLOPE_NUM_KEY = "3";
CHECK_LOGIC_SEQUENTIAL = "enable";
LIMIT_LOGIC_NUM_CHAR = "3";
CHECK_SEQUENTIAL_CHAR_SAME = "enable";
LIMIT_NUM_SAME_CHAR = "3";
}
}catch(Exception e){
System.out.println(e);
}
}
}然后增加一个工具类:
package com.soft.base.web.tools;
/**
* @description : 密码安全策略,杜绝弱口令
* @author : SXY
* @date : 2020-04-16上午17:16:50
* @version : 1.0
*
*/
public class CheckPwdUtils {
/**
* @brief 检测密码中字符长度
* @param[in] password 密码字符串
* @return 符合长度要求 返回true
*/
public static boolean checkPasswordLength(String password) {
boolean flag =false;
if("".equals(PwdSecurityConfig.MAX_LENGTH)) {
if (password.length() >= Integer.parseInt(PwdSecurityConfig.MIN_LENGTH)) {
flag = true;
}
}else{
if (password.length() >= Integer.parseInt(PwdSecurityConfig.MIN_LENGTH) &&
password.length() <= Integer.parseInt(PwdSecurityConfig.MAX_LENGTH)) {
flag = true;
}
}
return flag;
}
/**
* @brief 检测密码中是否包含数字
* @param[in] password 密码字符串
* @return 包含数字 返回true
*/
public static boolean checkContainDigit(String password) {
char[] chPass = password.toCharArray();
boolean flag = false;
int num_count = 0;
for (int i = 0; i < chPass.length; i++) {
if (Character.isDigit(chPass[i])) {
num_count++;
}
}
if (num_count >= 1){
flag = true;
}
return flag;
}
/**
* @brief 检测密码中是否包含字母(不区分大小写)
* @param[in] password 密码字符串
* @return 包含字母 返回true
*/
public static boolean checkContainCase(String password) {
char[] chPass = password.toCharArray();
boolean flag = false;
int char_count = 0;
for (int i = 0; i < chPass.length; i++) {
if (Character.isLetter(chPass[i])) {
char_count++;
}
}
if (char_count >= 1) {
flag = true;
}
return flag;
}
/**
* @brief 检测密码中是否包含小写字母
* @param[in] password 密码字符串
* @return 包含小写字母 返回true
*/
public static boolean checkContainLowerCase(String password) {
char[] chPass = password.toCharArray();
boolean flag = false;
int char_count = 0;
for (int i = 0; i < chPass.length; i++) {
if (Character.isLowerCase(chPass[i])) {
char_count++;
}
}
if (char_count >= 1) {
flag = true;
}
return flag;
}
/**
* @brief 检测密码中是否包含大写字母
* @param[in] password 密码字符串
* @return 包含大写字母 返回true
*/
public static boolean checkContainUpperCase(String password) {
char[] chPass = password.toCharArray();
boolean flag = false;
int char_count = 0;
for (int i = 0; i < chPass.length; i++) {
if (Character.isUpperCase(chPass[i])) {
char_count++;
}
}
if (char_count >= 1) {
flag = true;
}
return flag;
}
/**
* @brief 检测密码中是否包含特殊符号
* @param[in] password 密码字符串
* @return 包含特殊符号 返回true
*/
public static boolean checkContainSpecialChar(String password) {
char[] chPass = password.toCharArray();
boolean flag = false;
int special_count = 0;
for (int i = 0; i < chPass.length; i++) {
if (PwdSecurityConfig.SPECIAL_CHAR.indexOf(chPass[i]) != -1) {
special_count++;
}
}
if (special_count >= 1){
flag = true;
}
return flag;
}
/**
* @brief 键盘规则匹配器 横向连续检测
* @param[in] password 密码字符串
* @return 含有横向连续字符串 返回true
*/
public static boolean checkLateralKeyboardSite(String password) {
String t_password = new String(password);
//将所有输入字符转为小写
t_password = t_password.toLowerCase();
int n = t_password.length();
/**
* 键盘横向规则检测
*/
boolean flag = false;
int arrLen = PwdSecurityConfig.KEYBOARD_HORIZONTAL_ARR.length;
int limit_num = Integer.parseInt(PwdSecurityConfig.LIMIT_HORIZONTAL_NUM_KEY) ;
for(int i=0; i+limit_num<=n; i++) {
String str = t_password.substring(i, i+limit_num);
String distinguishStr = password.substring(i, i+limit_num);
for(int j=0; j<arrLen; j++) {
String PwdSecurityConfigStr = PwdSecurityConfig.KEYBOARD_HORIZONTAL_ARR[j];
String revOrderStr = new StringBuffer(PwdSecurityConfig.KEYBOARD_HORIZONTAL_ARR[j]).reverse().toString();
//检测包含字母(区分大小写)
if ("enable".equals(PwdSecurityConfig.CHECK_DISTINGGUISH_CASE)) {
//考虑 大写键盘匹配的情况
String UpperStr = PwdSecurityConfig.KEYBOARD_HORIZONTAL_ARR[j].toUpperCase();
if((PwdSecurityConfigStr.indexOf(distinguishStr) != -1) || (UpperStr.indexOf(distinguishStr) != -1)) {
flag = true;
return flag;
}
//考虑逆序输入情况下 连续输入
String revUpperStr = new StringBuffer(UpperStr).reverse().toString();
if((revOrderStr.indexOf(distinguishStr) != -1) || (revUpperStr.indexOf(distinguishStr) != -1)) {
flag = true;
return flag;
}
}else {
if(PwdSecurityConfigStr.indexOf(str) != -1) {
flag = true;
return flag;
}
//考虑逆序输入情况下 连续输入
if(revOrderStr.indexOf(str) != -1) {
flag = true;
return flag;
}
}
}
}
return flag;
}
/**
* @brief 键盘规则匹配器 斜向规则检测
* @param[in] password 密码字符串
* @return 含有斜向连续字符串 返回true
*/
public static boolean checkKeyboardSlantSite(String password) {
String t_password = new String(password);
t_password = t_password.toLowerCase();
int n = t_password.length();
/**
* 键盘斜线方向规则检测
*/
boolean flag = false;
int arrLen = PwdSecurityConfig.KEYBOARD_SLOPE_ARR.length;
int limit_num = Integer.parseInt(PwdSecurityConfig.LIMIT_SLOPE_NUM_KEY);
for(int i=0; i+limit_num<=n; i++) {
String str = t_password.substring(i, i+limit_num);
String distinguishStr = password.substring(i, i+limit_num);
for(int j=0; j<arrLen; j++) {
String PwdSecurityConfigStr = PwdSecurityConfig.KEYBOARD_SLOPE_ARR[j];
String revOrderStr = new StringBuffer(PwdSecurityConfig.KEYBOARD_SLOPE_ARR[j]).reverse().toString();
//检测包含字母(区分大小写)
if ("enable".equals(PwdSecurityConfig.CHECK_DISTINGGUISH_CASE)) {
//考虑 大写键盘匹配的情况
String UpperStr = PwdSecurityConfig.KEYBOARD_SLOPE_ARR[j].toUpperCase();
if((PwdSecurityConfigStr.indexOf(distinguishStr) != -1) || (UpperStr.indexOf(distinguishStr) != -1)) {
flag = true;
return flag;
}
//考虑逆序输入情况下 连续输入
String revUpperStr = new StringBuffer(UpperStr).reverse().toString();
if((revOrderStr.indexOf(distinguishStr) != -1) || (revUpperStr.indexOf(distinguishStr) != -1)) {
flag = true;
return flag;
}
}else {
if(PwdSecurityConfigStr.indexOf(str) != -1) {
flag = true;
return flag;
}
//考虑逆序输入情况下 连续输入
if(revOrderStr.indexOf(str) != -1) {
flag = true;
return flag;
}
}
}
}
return flag;
}
/**
* @brief 评估a-z,z-a这样的连续字符
* @param[in] password 密码字符串
* @return 含有a-z,z-a连续字符串 返回true
*/
public static boolean checkSequentialChars(String password) {
String t_password = new String(password);
boolean flag = false;
int limit_num = Integer.parseInt(PwdSecurityConfig.LIMIT_LOGIC_NUM_CHAR);
int normal_count = 0;
int reversed_count = 0;
//检测包含字母(区分大小写)
if ("enable".equals(PwdSecurityConfig.CHECK_DISTINGGUISH_CASE)) {
}else{
t_password = t_password.toLowerCase();
}
int n = t_password.length();
char[] pwdCharArr = t_password.toCharArray();
for (int i=0; i+limit_num<=n; i++) {
normal_count = 0;
reversed_count = 0;
for (int j=0; j<limit_num-1; j++) {
if (pwdCharArr[i+j+1]-pwdCharArr[i+j]==1) {
normal_count++;
if(normal_count == limit_num -1){
return true;
}
}
if (pwdCharArr[i+j]-pwdCharArr[i+j+1]==1) {
reversed_count++;
if(reversed_count == limit_num -1){
return true;
}
}
}
}
return flag;
}
/**
* @brief 评估aaaa,1111这样的相同连续字符
* @param[in] password 密码字符串
* @return 含有aaaa,1111等连续字符串 返回true
*/
public static boolean checkSequentialSameChars(String password) {
String t_password = new String(password);
int n = t_password.length();
char[] pwdCharArr = t_password.toCharArray();
boolean flag = false;
int limit_num = Integer.parseInt(PwdSecurityConfig.LIMIT_NUM_SAME_CHAR);
int count = 0;
for (int i=0; i+limit_num<=n; i++) {
count=0;
for (int j=0; j<limit_num-1; j++) {
if(pwdCharArr[i+j] == pwdCharArr[i+j+1]) {
count++;
if (count == limit_num -1){
return true;
}
}
}
}
return flag;
}
/**
* @brief 评估密码中包含的字符类型是否符合要求
* @param[in] password 密码字符串
* @return 符合要求 返回true
*/
public static boolean EvalPWD(String password) {
if (password == null || "".equals(password)) {
return false;
}
boolean flag = false;
/**
* 检测长度
*/
String checkPasswordLength = PwdSecurityConfig.CHECK_PASSWORD_LENGTH;
if ("enable".equals(PwdSecurityConfig.CHECK_PASSWORD_LENGTH)){
flag = checkPasswordLength(password);
if (!flag) {
return false;
}
}
/**
* 大小写,数字,特殊符号,满足其中三种即可
*/
int i = 0;
/**
* 检测包含数字
*/
if ("enable".equals(PwdSecurityConfig.CHECK_CONTAIN_DIGIT)){
flag = checkContainDigit(password);
if (flag) {
i++;
}
}
/**
* 检测包含字母(区分大小写)
*/
if ("enable".equals(PwdSecurityConfig.CHECK_DISTINGGUISH_CASE)){
//检测包含小写字母
if ("enable".equals(PwdSecurityConfig.CHECK_LOWER_CASE)){
flag = checkContainLowerCase(password);
if (flag) {
i++;
}
}
//检测包含大写字母
if ("enable".equals(PwdSecurityConfig.CHECK_UPPER_CASE)){
flag = checkContainUpperCase(password);
if (flag) {
i++;
}
}
}else {
flag = checkContainCase(password);
if (!flag) {
return false;
}
}
/**
* 检测包含特殊符号
*/
if ("enable".equals(PwdSecurityConfig.CHECK_CONTAIN_SPECIAL_CHAR)){
flag = checkContainSpecialChar(password);
if (flag) {
i++;
}
}
if(i<3){
return false;
}
/**
* 检测键盘横向连续
*/
if ("enable".equals(PwdSecurityConfig.CHECK_HORIZONTAL_KEY_SEQUENTIAL)){
flag = checkLateralKeyboardSite(password);
if (flag) {
return false;
}
}
/**
* 检测键盘斜向连续
*/
if ("enable".equals(PwdSecurityConfig.CHECK_SLOPE_KEY_SEQUENTIAL)){
flag = checkKeyboardSlantSite(password);
if (flag) {
return false;
}
}
/**
* 检测逻辑位置连续
*/
if ("enable".equals(PwdSecurityConfig.CHECK_LOGIC_SEQUENTIAL)){
flag = checkSequentialChars(password);
if (flag) {
return false;
}
}
/**
* 检测相邻字符是否相同
*/
if ("enable".equals(PwdSecurityConfig.CHECK_SEQUENTIAL_CHAR_SAME)){
flag = checkSequentialSameChars(password);
if (flag) {
return false;
}
}
return true;
}
}最后 进行测试一下吧:
boolean b1 = CheckPwdUtils.EvalPWD(SYS_USER_PASS);
if(!b1){
System.out.println("对不起,该密码安全等级比较低,请修改");
}觉得文章有用的话,加个关注点个赞吧。
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
