Mercurial Hosting > luan
diff src/org/eclipse/jetty/util/security/Credential.java @ 802:3428c60d7cfc
replace jetty jars with source
| author | Franklin Schmidt <fschmidt@gmail.com> |
|---|---|
| date | Wed, 07 Sep 2016 21:15:48 -0600 |
| parents | |
| children | 8e9db0bbf4f9 |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/org/eclipse/jetty/util/security/Credential.java Wed Sep 07 21:15:48 2016 -0600 @@ -0,0 +1,229 @@ +// +// ======================================================================== +// Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd. +// ------------------------------------------------------------------------ +// All rights reserved. This program and the accompanying materials +// are made available under the terms of the Eclipse Public License v1.0 +// and Apache License v2.0 which accompanies this distribution. +// +// The Eclipse Public License is available at +// http://www.eclipse.org/legal/epl-v10.html +// +// The Apache License v2.0 is available at +// http://www.opensource.org/licenses/apache2.0.php +// +// You may elect to redistribute this code under either of these licenses. +// ======================================================================== +// + +package org.eclipse.jetty.util.security; + +import java.io.Serializable; +import java.security.MessageDigest; + +import org.eclipse.jetty.util.StringUtil; +import org.eclipse.jetty.util.TypeUtil; +import org.eclipse.jetty.util.log.Log; +import org.eclipse.jetty.util.log.Logger; + +/* ------------------------------------------------------------ */ +/** + * Credentials. The Credential class represents an abstract mechanism for + * checking authentication credentials. A credential instance either represents + * a secret, or some data that could only be derived from knowing the secret. + * <p> + * Often a Credential is related to a Password via a one way algorithm, so while + * a Password itself is a Credential, a UnixCrypt or MD5 digest of a a password + * is only a credential that can be checked against the password. + * <p> + * This class includes an implementation for unix Crypt an MD5 digest. + * + * @see Password + * + */ +public abstract class Credential implements Serializable +{ + private static final Logger LOG = Log.getLogger(Credential.class); + + private static final long serialVersionUID = -7760551052768181572L; + + /* ------------------------------------------------------------ */ + /** + * Check a credential + * + * @param credentials The credential to check against. This may either be + * another Credential object, a Password object or a String + * which is interpreted by this credential. + * @return True if the credentials indicated that the shared secret is known + * to both this Credential and the passed credential. + */ + public abstract boolean check(Object credentials); + + /* ------------------------------------------------------------ */ + /** + * Get a credential from a String. If the credential String starts with a + * known Credential type (eg "CRYPT:" or "MD5:" ) then a Credential of that + * type is returned. Else the credential is assumed to be a Password. + * + * @param credential String representation of the credential + * @return A Credential or Password instance. + */ + public static Credential getCredential(String credential) + { + if (credential.startsWith(Crypt.__TYPE)) return new Crypt(credential); + if (credential.startsWith(MD5.__TYPE)) return new MD5(credential); + + return new Password(credential); + } + + /* ------------------------------------------------------------ */ + /** + * Unix Crypt Credentials + */ + public static class Crypt extends Credential + { + private static final long serialVersionUID = -2027792997664744210L; + + public static final String __TYPE = "CRYPT:"; + + private final String _cooked; + + Crypt(String cooked) + { + _cooked = cooked.startsWith(Crypt.__TYPE) ? cooked.substring(__TYPE.length()) : cooked; + } + + @Override + public boolean check(Object credentials) + { + if (credentials instanceof char[]) + credentials=new String((char[])credentials); + if (!(credentials instanceof String) && !(credentials instanceof Password)) + LOG.warn("Can't check " + credentials.getClass() + " against CRYPT"); + + String passwd = credentials.toString(); + return _cooked.equals(UnixCrypt.crypt(passwd, _cooked)); + } + + public static String crypt(String user, String pw) + { + return "CRYPT:" + UnixCrypt.crypt(pw, user); + } + } + + /* ------------------------------------------------------------ */ + /** + * MD5 Credentials + */ + public static class MD5 extends Credential + { + private static final long serialVersionUID = 5533846540822684240L; + + public static final String __TYPE = "MD5:"; + + public static final Object __md5Lock = new Object(); + + private static MessageDigest __md; + + private final byte[] _digest; + + /* ------------------------------------------------------------ */ + MD5(String digest) + { + digest = digest.startsWith(__TYPE) ? digest.substring(__TYPE.length()) : digest; + _digest = TypeUtil.parseBytes(digest, 16); + } + + /* ------------------------------------------------------------ */ + public byte[] getDigest() + { + return _digest; + } + + /* ------------------------------------------------------------ */ + @Override + public boolean check(Object credentials) + { + try + { + byte[] digest = null; + + if (credentials instanceof char[]) + credentials=new String((char[])credentials); + if (credentials instanceof Password || credentials instanceof String) + { + synchronized (__md5Lock) + { + if (__md == null) __md = MessageDigest.getInstance("MD5"); + __md.reset(); + __md.update(credentials.toString().getBytes(StringUtil.__ISO_8859_1)); + digest = __md.digest(); + } + if (digest == null || digest.length != _digest.length) return false; + for (int i = 0; i < digest.length; i++) + if (digest[i] != _digest[i]) return false; + return true; + } + else if (credentials instanceof MD5) + { + MD5 md5 = (MD5) credentials; + if (_digest.length != md5._digest.length) return false; + for (int i = 0; i < _digest.length; i++) + if (_digest[i] != md5._digest[i]) return false; + return true; + } + else if (credentials instanceof Credential) + { + // Allow credential to attempt check - i.e. this'll work + // for DigestAuthModule$Digest credentials + return ((Credential) credentials).check(this); + } + else + { + LOG.warn("Can't check " + credentials.getClass() + " against MD5"); + return false; + } + } + catch (Exception e) + { + LOG.warn(e); + return false; + } + } + + /* ------------------------------------------------------------ */ + public static String digest(String password) + { + try + { + byte[] digest; + synchronized (__md5Lock) + { + if (__md == null) + { + try + { + __md = MessageDigest.getInstance("MD5"); + } + catch (Exception e) + { + LOG.warn(e); + return null; + } + } + + __md.reset(); + __md.update(password.getBytes(StringUtil.__ISO_8859_1)); + digest = __md.digest(); + } + + return __TYPE + TypeUtil.toString(digest, 16); + } + catch (Exception e) + { + LOG.warn(e); + return null; + } + } + } +}