src/java/org/eclipse/jetty/util/security/Credential.java - platform/external/jetty - Git at Google

 //
 //  ========================================================================
 //  Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
 //  ------------------------------------------------------------------------
 //  All rights reserved. This program and the accompanying materials
 //  are made available under the terms of the Eclipse Public License v1.0
 //  and Apache License v2.0 which accompanies this distribution.
 //
 //      The Eclipse Public License is available at
 //      http://www.eclipse.org/legal/epl-v10.html
 //
 //      The Apache License v2.0 is available at
 //      http://www.opensource.org/licenses/apache2.0.php
 //
 //  You may elect to redistribute this code under either of these licenses.
 //  ========================================================================
 //

 package org.eclipse.jetty.util.security;

 import java.io.Serializable;
 import java.security.MessageDigest;

 import org.eclipse.jetty.util.StringUtil;
 import org.eclipse.jetty.util.TypeUtil;
 import org.eclipse.jetty.util.log.Log;
 import org.eclipse.jetty.util.log.Logger;

 /* ------------------------------------------------------------ */
 /**
  * Credentials. The Credential class represents an abstract mechanism for
  * checking authentication credentials. A credential instance either represents
  * a secret, or some data that could only be derived from knowing the secret.
  * <p>
  * Often a Credential is related to a Password via a one way algorithm, so while
  * a Password itself is a Credential, a UnixCrypt or MD5 digest of a a password
  * is only a credential that can be checked against the password.
  * <p>
  * This class includes an implementation for unix Crypt an MD5 digest.
  *
  * @see Password
  *
  */
 public abstract class Credential implements Serializable
 {
     private static final Logger LOG = Log.getLogger(Credential.class);

     private static final long serialVersionUID = -7760551052768181572L;

     /* ------------------------------------------------------------ */
     /**
      * Check a credential
      *
      * @param credentials The credential to check against. This may either be
      *                another Credential object, a Password object or a String
      *                which is interpreted by this credential.
      * @return True if the credentials indicated that the shared secret is known
      *         to both this Credential and the passed credential.
      */
     public abstract boolean check(Object credentials);

     /* ------------------------------------------------------------ */
     /**
      * Get a credential from a String. If the credential String starts with a
      * known Credential type (eg "CRYPT:" or "MD5:" ) then a Credential of that
      * type is returned. Else the credential is assumed to be a Password.
      *
      * @param credential String representation of the credential
      * @return A Credential or Password instance.
      */
     public static Credential getCredential(String credential)
     {
         if (credential.startsWith(Crypt.__TYPE)) return new Crypt(credential);
         if (credential.startsWith(MD5.__TYPE)) return new MD5(credential);

         return new Password(credential);
     }

     /* ------------------------------------------------------------ */
     /**
      * Unix Crypt Credentials
      */
     public static class Crypt extends Credential
     {
         private static final long serialVersionUID = -2027792997664744210L;

         public static final String __TYPE = "CRYPT:";

         private final String _cooked;

         Crypt(String cooked)
         {
             _cooked = cooked.startsWith(Crypt.__TYPE) ? cooked.substring(__TYPE.length()) : cooked;
         }

         @Override
         public boolean check(Object credentials)
         {
             if (credentials instanceof char[])
                 credentials=new String((char[])credentials);
             if (!(credentials instanceof String) && !(credentials instanceof Password))
                 LOG.warn("Can't check " + credentials.getClass() + " against CRYPT");

             String passwd = credentials.toString();
             return _cooked.equals(UnixCrypt.crypt(passwd, _cooked));
         }

         public static String crypt(String user, String pw)
         {
             return "CRYPT:" + UnixCrypt.crypt(pw, user);
         }
     }

     /* ------------------------------------------------------------ */
     /**
      * MD5 Credentials
      */
     public static class MD5 extends Credential
     {
         private static final long serialVersionUID = 5533846540822684240L;

         public static final String __TYPE = "MD5:";

         public static final Object __md5Lock = new Object();

         private static MessageDigest __md;

         private final byte[] _digest;

         /* ------------------------------------------------------------ */
         MD5(String digest)
         {
             digest = digest.startsWith(__TYPE) ? digest.substring(__TYPE.length()) : digest;
             _digest = TypeUtil.parseBytes(digest, 16);
         }

         /* ------------------------------------------------------------ */
         public byte[] getDigest()
         {
             return _digest;
         }

         /* ------------------------------------------------------------ */
         @Override
         public boolean check(Object credentials)
         {
             try
             {
                 byte[] digest = null;

                 if (credentials instanceof char[])
                     credentials=new String((char[])credentials);
                 if (credentials instanceof Password || credentials instanceof String)
                 {
                     synchronized (__md5Lock)
                     {
                         if (__md == null) __md = MessageDigest.getInstance("MD5");
                         __md.reset();
                         __md.update(credentials.toString().getBytes(StringUtil.__ISO_8859_1));
                         digest = __md.digest();
                     }
                     if (digest == null || digest.length != _digest.length) return false;
                     for (int i = 0; i < digest.length; i++)
                         if (digest[i] != _digest[i]) return false;
                     return true;
                 }
                 else if (credentials instanceof MD5)
                 {
                     MD5 md5 = (MD5) credentials;
                     if (_digest.length != md5._digest.length) return false;
                     for (int i = 0; i < _digest.length; i++)
                         if (_digest[i] != md5._digest[i]) return false;
                     return true;
                 }
                 else if (credentials instanceof Credential)
                 {
                     // Allow credential to attempt check - i.e. this'll work
                     // for DigestAuthModule$Digest credentials
                     return ((Credential) credentials).check(this);
                 }
                 else
                 {
                     LOG.warn("Can't check " + credentials.getClass() + " against MD5");
                     return false;
                 }
             }
             catch (Exception e)
             {
                 LOG.warn(e);
                 return false;
             }
         }

         /* ------------------------------------------------------------ */
         public static String digest(String password)
         {
             try
             {
                 byte[] digest;
                 synchronized (__md5Lock)
                 {
                     if (__md == null)
                     {
                         try
                         {
                             __md = MessageDigest.getInstance("MD5");
                         }
                         catch (Exception e)
                         {
                             LOG.warn(e);
                             return null;
                         }
                     }

                     __md.reset();
                     __md.update(password.getBytes(StringUtil.__ISO_8859_1));
                     digest = __md.digest();
                 }

                 return __TYPE + TypeUtil.toString(digest, 16);
             }
             catch (Exception e)
             {
                 LOG.warn(e);
                 return null;
             }
         }
     }
 }
	//
	// ========================================================================
	// Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
	// ------------------------------------------------------------------------
	// All rights reserved. This program and the accompanying materials
	// are made available under the terms of the Eclipse Public License v1.0
	// and Apache License v2.0 which accompanies this distribution.
	//
	// The Eclipse Public License is available at
	// http://www.eclipse.org/legal/epl-v10.html
	//
	// The Apache License v2.0 is available at
	// http://www.opensource.org/licenses/apache2.0.php
	//
	// You may elect to redistribute this code under either of these licenses.
	// ========================================================================
	//

	package org.eclipse.jetty.util.security;

	import java.io.Serializable;
	import java.security.MessageDigest;

	import org.eclipse.jetty.util.StringUtil;
	import org.eclipse.jetty.util.TypeUtil;
	import org.eclipse.jetty.util.log.Log;
	import org.eclipse.jetty.util.log.Logger;

	/* ------------------------------------------------------------ */
	/**
	* Credentials. The Credential class represents an abstract mechanism for
	* checking authentication credentials. A credential instance either represents
	* a secret, or some data that could only be derived from knowing the secret.
	* <p>
	* Often a Credential is related to a Password via a one way algorithm, so while
	* a Password itself is a Credential, a UnixCrypt or MD5 digest of a a password
	* is only a credential that can be checked against the password.
	* <p>
	* This class includes an implementation for unix Crypt an MD5 digest.
	*
	* @see Password
	*
	*/
	public abstract class Credential implements Serializable
	{
	private static final Logger LOG = Log.getLogger(Credential.class);

	private static final long serialVersionUID = -7760551052768181572L;

	/* ------------------------------------------------------------ */
	/**
	* Check a credential
	*
	* @param credentials The credential to check against. This may either be
	* another Credential object, a Password object or a String
	* which is interpreted by this credential.
	* @return True if the credentials indicated that the shared secret is known
	* to both this Credential and the passed credential.
	*/
	public abstract boolean check(Object credentials);

	/* ------------------------------------------------------------ */
	/**
	* Get a credential from a String. If the credential String starts with a
	* known Credential type (eg "CRYPT:" or "MD5:" ) then a Credential of that
	* type is returned. Else the credential is assumed to be a Password.
	*
	* @param credential String representation of the credential
	* @return A Credential or Password instance.
	*/
	public static Credential getCredential(String credential)
	{
	if (credential.startsWith(Crypt.__TYPE)) return new Crypt(credential);
	if (credential.startsWith(MD5.__TYPE)) return new MD5(credential);

	return new Password(credential);
	}

	/* ------------------------------------------------------------ */
	/**
	* Unix Crypt Credentials
	*/
	public static class Crypt extends Credential
	{
	private static final long serialVersionUID = -2027792997664744210L;

	public static final String __TYPE = "CRYPT:";

	private final String _cooked;

	Crypt(String cooked)
	{
	_cooked = cooked.startsWith(Crypt.__TYPE) ? cooked.substring(__TYPE.length()) : cooked;
	}

	@Override
	public boolean check(Object credentials)
	{
	if (credentials instanceof char[])
	credentials=new String((char[])credentials);
	if (!(credentials instanceof String) && !(credentials instanceof Password))
	LOG.warn("Can't check " + credentials.getClass() + " against CRYPT");

	String passwd = credentials.toString();
	return _cooked.equals(UnixCrypt.crypt(passwd, _cooked));
	}

	public static String crypt(String user, String pw)
	{
	return "CRYPT:" + UnixCrypt.crypt(pw, user);
	}
	}

	/* ------------------------------------------------------------ */
	/**
	* MD5 Credentials
	*/
	public static class MD5 extends Credential
	{
	private static final long serialVersionUID = 5533846540822684240L;

	public static final String __TYPE = "MD5:";

	public static final Object __md5Lock = new Object();

	private static MessageDigest __md;

	private final byte[] _digest;

	/* ------------------------------------------------------------ */
	MD5(String digest)
	{
	digest = digest.startsWith(__TYPE) ? digest.substring(__TYPE.length()) : digest;
	_digest = TypeUtil.parseBytes(digest, 16);
	}

	/* ------------------------------------------------------------ */
	public byte[] getDigest()
	{
	return _digest;
	}

	/* ------------------------------------------------------------ */
	@Override
	public boolean check(Object credentials)
	{
	try
	{
	byte[] digest = null;

	if (credentials instanceof char[])
	credentials=new String((char[])credentials);
	if (credentials instanceof Password \|\| credentials instanceof String)
	{
	synchronized (__md5Lock)
	{
	if (__md == null) __md = MessageDigest.getInstance("MD5");
	__md.reset();
	__md.update(credentials.toString().getBytes(StringUtil.__ISO_8859_1));
	digest = __md.digest();
	}
	if (digest == null \|\| digest.length != _digest.length) return false;
	for (int i = 0; i < digest.length; i++)
	if (digest[i] != _digest[i]) return false;
	return true;
	}
	else if (credentials instanceof MD5)
	{
	MD5 md5 = (MD5) credentials;
	if (_digest.length != md5._digest.length) return false;
	for (int i = 0; i < _digest.length; i++)
	if (_digest[i] != md5._digest[i]) return false;
	return true;
	}
	else if (credentials instanceof Credential)
	{
	// Allow credential to attempt check - i.e. this'll work
	// for DigestAuthModule$Digest credentials
	return ((Credential) credentials).check(this);
	}
	else
	{
	LOG.warn("Can't check " + credentials.getClass() + " against MD5");
	return false;
	}
	}
	catch (Exception e)
	{
	LOG.warn(e);
	return false;
	}
	}

	/* ------------------------------------------------------------ */
	public static String digest(String password)
	{
	try
	{
	byte[] digest;
	synchronized (__md5Lock)
	{
	if (__md == null)
	{
	try
	{
	__md = MessageDigest.getInstance("MD5");
	}
	catch (Exception e)
	{
	LOG.warn(e);
	return null;
	}
	}

	__md.reset();
	__md.update(password.getBytes(StringUtil.__ISO_8859_1));
	digest = __md.digest();
	}

	return __TYPE + TypeUtil.toString(digest, 16);
	}
	catch (Exception e)
	{
	LOG.warn(e);
	return null;
	}
	}
	}
	}