RealmBase.java

markt Tue, 09 Sep 2014 02:37:29 -0700

Author: markt
Date: Tue Sep  9 09:36:48 2014
New Revision: 1623728

URL: http://svn.apache.org/r1623728
Log:
Replace use of MessageDigest with ConcurrentMessageDigest


Modified:
    tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java

Modified: tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java?rev=1623728&r1=1623727&r2=1623728&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java Tue Sep  9 
09:36:48 2014
@@ -104,7 +104,10 @@ public abstract class RealmBase extends 
 
     /**
      * The MessageDigest object for digesting user credentials (passwords).
+     *
+     * @deprecated Unused. Will be removed in Tomcat 9.0.x onwards.
      */
+    @Deprecated
     protected volatile MessageDigest md = null;
 
 
@@ -509,12 +512,8 @@ public abstract class RealmBase extends 
                 // Server is storing digested passwords with a prefix 
indicating
                 // the digest type
                 String serverDigest = serverCredentials.substring(5);
-                String userDigest;
-                synchronized (this) {
-                    md.reset();
-                    
md.update(userCredentials.getBytes(StandardCharsets.ISO_8859_1));
-                    userDigest = Base64.encodeBase64String(md.digest());
-                }
+                String userDigest = 
Base64.encodeBase64String(ConcurrentMessageDigest.digest(
+                        getDigest(), 
userCredentials.getBytes(StandardCharsets.ISO_8859_1)));
                 return userDigest.equals(serverDigest);
 
             } else if (serverCredentials.startsWith("{SSHA}")) {
@@ -531,19 +530,16 @@ public abstract class RealmBase extends 
                 byte[] serverDigestBytes = new byte[saltPos];
                 System.arraycopy(serverDigestPlusSaltBytes, 0,
                         serverDigestBytes, 0, saltPos);
+                final int saltLength = serverDigestPlusSaltBytes.length - 
saltPos;
+                byte[] serverSaltBytes = new byte[saltLength];
+                System.arraycopy(serverDigestPlusSaltBytes, saltPos,
+                        serverSaltBytes, 0, saltLength);
 
                 // Generate the digested form of the user provided password
                 // using the salt
-                byte[] userDigestBytes;
-                synchronized (this) {
-                    md.reset();
-                    // User provided password
-                    
md.update(userCredentials.getBytes(StandardCharsets.ISO_8859_1));
-                    // Add the salt
-                    md.update(serverDigestPlusSaltBytes, saltPos,
-                            serverDigestPlusSaltBytes.length - saltPos);
-                    userDigestBytes = md.digest();
-                }
+                byte[] userDigestBytes = 
ConcurrentMessageDigest.digest(getDigest(),
+                        userCredentials.getBytes(StandardCharsets.ISO_8859_1),
+                        serverSaltBytes);
 
                 return Arrays.equals(userDigestBytes, serverDigestBytes);
 
@@ -1120,13 +1116,16 @@ public abstract class RealmBase extends 
     protected void startInternal() throws LifecycleException {
 
         // Create a MessageDigest instance for credentials, if desired
-        if (digest != null) {
+
+        if (getDigest() != null) {
             try {
-                md = MessageDigest.getInstance(digest);
+                md = MessageDigest.getInstance(getDigest());
+                ConcurrentMessageDigest.init(getDigest());
             } catch (NoSuchAlgorithmException e) {
                 throw new LifecycleException
-                    (sm.getString("realmBase.algorithm", digest), e);
+                    (sm.getString("realmBase.algorithm", getDigest()), e);
             }
+
         }
 
         setState(LifecycleState.STARTING);
@@ -1183,8 +1182,6 @@ public abstract class RealmBase extends 
         // Digest the user credentials and return as hexadecimal
         synchronized (this) {
             try {
-                md.reset();
-
                 byte[] bytes = null;
                 try {
                     bytes = credentials.getBytes(getDigestCharset());
@@ -1192,9 +1189,8 @@ public abstract class RealmBase extends 
                     log.error("Illegal digestEncoding: " + 
getDigestEncoding(), uee);
                     throw new IllegalArgumentException(uee.getMessage());
                 }
-                md.update(bytes);
 
-                return (HexUtils.toHexString(md.digest()));
+                return 
(HexUtils.toHexString(ConcurrentMessageDigest.digest(getDigest(), bytes)));
             } catch (Exception e) {
                 log.error(sm.getString("realmBase.digest"), e);
                 return (credentials);
@@ -1204,7 +1200,7 @@ public abstract class RealmBase extends 
     }
 
     protected boolean hasMessageDigest() {
-        return !(md == null);
+        return !(getDigest() == null && getDigest().length() > 0);
     }
 
     /**



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

svn commit: r1623728 - /tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java

Reply via email to