You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2014/09/25 21:32:29 UTC
svn commit: r1627599 - in /tomcat/trunk/java/org/apache/catalina/realm:
CredentialHandlerBase.java MessageDigestCredentialHandler.java
PBECredentialHandler.java
Author: markt
Date: Thu Sep 25 19:32:29 2014
New Revision: 1627599
URL: http://svn.apache.org/r1627599
Log:
Refactor common code to base class
Added:
tomcat/trunk/java/org/apache/catalina/realm/CredentialHandlerBase.java (with props)
Modified:
tomcat/trunk/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java
tomcat/trunk/java/org/apache/catalina/realm/PBECredentialHandler.java
Added: tomcat/trunk/java/org/apache/catalina/realm/CredentialHandlerBase.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/CredentialHandlerBase.java?rev=1627599&view=auto
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/CredentialHandlerBase.java (added)
+++ tomcat/trunk/java/org/apache/catalina/realm/CredentialHandlerBase.java Thu Sep 25 19:32:29 2014
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.realm;
+
+import org.apache.catalina.CredentialHandler;
+import org.apache.tomcat.util.buf.HexUtils;
+import org.apache.tomcat.util.res.StringManager;
+
+public abstract class CredentialHandlerBase implements CredentialHandler {
+
+ protected static final StringManager sm = StringManager.getManager(Constants.Package);
+
+ protected boolean matchesSaltIterationsEncoded(String inputCredentials, String storedCredentials) {
+
+ int sep1 = storedCredentials.indexOf('$');
+ int sep2 = storedCredentials.indexOf('$', sep1);
+
+ String hexSalt = storedCredentials.substring(0, sep1);
+
+ int iterations = Integer.parseInt(storedCredentials.substring(sep1 + 1, sep2));
+
+ String storedHexEncoded = storedCredentials.substring(sep2 + 1);
+ byte[] salt = HexUtils.fromHexString(hexSalt);
+
+ String inputHexEncoded = mutate(inputCredentials, salt, iterations);
+
+ return storedHexEncoded.equalsIgnoreCase(inputHexEncoded);
+ }
+}
Propchange: tomcat/trunk/java/org/apache/catalina/realm/CredentialHandlerBase.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: tomcat/trunk/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java?rev=1627599&r1=1627598&r2=1627599&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java Thu Sep 25 19:32:29 2014
@@ -23,13 +23,11 @@ import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
-import org.apache.catalina.CredentialHandler;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.buf.B2CConverter;
import org.apache.tomcat.util.buf.HexUtils;
import org.apache.tomcat.util.codec.binary.Base64;
-import org.apache.tomcat.util.res.StringManager;
import org.apache.tomcat.util.security.ConcurrentMessageDigest;
/**
@@ -54,12 +52,10 @@ import org.apache.tomcat.util.security.C
* <p>
* If the stored password form does not include salt then no salt is used.
*/
-public class MessageDigestCredentialHandler implements CredentialHandler {
+public class MessageDigestCredentialHandler extends CredentialHandlerBase {
private static final Log log = LogFactory.getLog(MessageDigestCredentialHandler.class);
- protected static final StringManager sm = StringManager.getManager(Constants.Package);
-
private Charset encoding = StandardCharsets.UTF_8;
private String digest = null;
@@ -149,16 +145,8 @@ public class MessageDigestCredentialHand
return Arrays.equals(userDigestBytes, serverDigestBytes);
} else if (storedCredentials.indexOf('$') > -1) {
- int sep1 = storedCredentials.indexOf('$');
- int sep2 = storedCredentials.indexOf('$', sep1);
- String hexSalt = storedCredentials.substring(0, sep1);
- int iterations = Integer.parseInt(storedCredentials.substring(sep1 + 1, sep2));
- String hexEncoded = storedCredentials.substring(sep2 + 1);
- byte[] salt = HexUtils.fromHexString(hexSalt);
-
- String userDigest = mutate(inputCredentials, salt, iterations);
+ return matchesSaltIterationsEncoded(inputCredentials, storedCredentials);
- return hexEncoded.equalsIgnoreCase(userDigest);
} else {
// Hex hashes should be compared case-insensitively
String userDigest = mutate(inputCredentials, null, 1);
Modified: tomcat/trunk/java/org/apache/catalina/realm/PBECredentialHandler.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/PBECredentialHandler.java?rev=1627599&r1=1627598&r2=1627599&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/PBECredentialHandler.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/PBECredentialHandler.java Thu Sep 25 19:32:29 2014
@@ -23,18 +23,14 @@ import java.security.spec.KeySpec;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
-import org.apache.catalina.CredentialHandler;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.buf.HexUtils;
-import org.apache.tomcat.util.res.StringManager;
-public class PBECredentialHandler implements CredentialHandler {
+public class PBECredentialHandler extends CredentialHandlerBase {
private static final Log log = LogFactory.getLog(PBECredentialHandler.class);
- protected static final StringManager sm = StringManager.getManager(Constants.Package);
-
public static final String DEFAULT_ALGORITHM = "PBKDF2WithHmacSHA1";
public static final int DEFAULT_KEYLENGTH = 160;
@@ -70,16 +66,7 @@ public class PBECredentialHandler implem
@Override
public boolean matches(String inputCredentials, String storedCredentials) {
- int sep1 = storedCredentials.indexOf('$');
- int sep2 = storedCredentials.indexOf('$', sep1);
- String hexSalt = storedCredentials.substring(0, sep1);
- int iterations = Integer.parseInt(storedCredentials.substring(sep1 + 1, sep2));
- String hexEncoded = storedCredentials.substring(sep2 + 1);
- byte[] salt = HexUtils.fromHexString(hexSalt);
-
- String userDigest = mutate(inputCredentials, salt, iterations);
-
- return hexEncoded.equalsIgnoreCase(userDigest);
+ return matchesSaltIterationsEncoded(inputCredentials, storedCredentials);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org