Author: markt Date: Thu Sep 25 19:32:29 2014 New Revision: 1627599 URL: http://svn.apache.org/r1627599 Log: Refactor common code to base class
Added: tomcat/trunk/java/org/apache/catalina/realm/CredentialHandlerBase.java (with props) Modified: tomcat/trunk/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java tomcat/trunk/java/org/apache/catalina/realm/PBECredentialHandler.java Added: tomcat/trunk/java/org/apache/catalina/realm/CredentialHandlerBase.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/CredentialHandlerBase.java?rev=1627599&view=auto ============================================================================== --- tomcat/trunk/java/org/apache/catalina/realm/CredentialHandlerBase.java (added) +++ tomcat/trunk/java/org/apache/catalina/realm/CredentialHandlerBase.java Thu Sep 25 19:32:29 2014 @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.catalina.realm; + +import org.apache.catalina.CredentialHandler; +import org.apache.tomcat.util.buf.HexUtils; +import org.apache.tomcat.util.res.StringManager; + +public abstract class CredentialHandlerBase implements CredentialHandler { + + protected static final StringManager sm = StringManager.getManager(Constants.Package); + + protected boolean matchesSaltIterationsEncoded(String inputCredentials, String storedCredentials) { + + int sep1 = storedCredentials.indexOf('$'); + int sep2 = storedCredentials.indexOf('$', sep1); + + String hexSalt = storedCredentials.substring(0, sep1); + + int iterations = Integer.parseInt(storedCredentials.substring(sep1 + 1, sep2)); + + String storedHexEncoded = storedCredentials.substring(sep2 + 1); + byte[] salt = HexUtils.fromHexString(hexSalt); + + String inputHexEncoded = mutate(inputCredentials, salt, iterations); + + return storedHexEncoded.equalsIgnoreCase(inputHexEncoded); + } +} Propchange: tomcat/trunk/java/org/apache/catalina/realm/CredentialHandlerBase.java ------------------------------------------------------------------------------ svn:eol-style = native Modified: tomcat/trunk/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java?rev=1627599&r1=1627598&r2=1627599&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java (original) +++ tomcat/trunk/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java Thu Sep 25 19:32:29 2014 @@ -23,13 +23,11 @@ import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.Arrays; -import org.apache.catalina.CredentialHandler; import org.apache.juli.logging.Log; import org.apache.juli.logging.LogFactory; import org.apache.tomcat.util.buf.B2CConverter; import org.apache.tomcat.util.buf.HexUtils; import org.apache.tomcat.util.codec.binary.Base64; -import org.apache.tomcat.util.res.StringManager; import org.apache.tomcat.util.security.ConcurrentMessageDigest; /** @@ -54,12 +52,10 @@ import org.apache.tomcat.util.security.C * <p> * If the stored password form does not include salt then no salt is used. */ -public class MessageDigestCredentialHandler implements CredentialHandler { +public class MessageDigestCredentialHandler extends CredentialHandlerBase { private static final Log log = LogFactory.getLog(MessageDigestCredentialHandler.class); - protected static final StringManager sm = StringManager.getManager(Constants.Package); - private Charset encoding = StandardCharsets.UTF_8; private String digest = null; @@ -149,16 +145,8 @@ public class MessageDigestCredentialHand return Arrays.equals(userDigestBytes, serverDigestBytes); } else if (storedCredentials.indexOf('$') > -1) { - int sep1 = storedCredentials.indexOf('$'); - int sep2 = storedCredentials.indexOf('$', sep1); - String hexSalt = storedCredentials.substring(0, sep1); - int iterations = Integer.parseInt(storedCredentials.substring(sep1 + 1, sep2)); - String hexEncoded = storedCredentials.substring(sep2 + 1); - byte[] salt = HexUtils.fromHexString(hexSalt); - - String userDigest = mutate(inputCredentials, salt, iterations); + return matchesSaltIterationsEncoded(inputCredentials, storedCredentials); - return hexEncoded.equalsIgnoreCase(userDigest); } else { // Hex hashes should be compared case-insensitively String userDigest = mutate(inputCredentials, null, 1); Modified: tomcat/trunk/java/org/apache/catalina/realm/PBECredentialHandler.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/PBECredentialHandler.java?rev=1627599&r1=1627598&r2=1627599&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/realm/PBECredentialHandler.java (original) +++ tomcat/trunk/java/org/apache/catalina/realm/PBECredentialHandler.java Thu Sep 25 19:32:29 2014 @@ -23,18 +23,14 @@ import java.security.spec.KeySpec; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.PBEKeySpec; -import org.apache.catalina.CredentialHandler; import org.apache.juli.logging.Log; import org.apache.juli.logging.LogFactory; import org.apache.tomcat.util.buf.HexUtils; -import org.apache.tomcat.util.res.StringManager; -public class PBECredentialHandler implements CredentialHandler { +public class PBECredentialHandler extends CredentialHandlerBase { private static final Log log = LogFactory.getLog(PBECredentialHandler.class); - protected static final StringManager sm = StringManager.getManager(Constants.Package); - public static final String DEFAULT_ALGORITHM = "PBKDF2WithHmacSHA1"; public static final int DEFAULT_KEYLENGTH = 160; @@ -70,16 +66,7 @@ public class PBECredentialHandler implem @Override public boolean matches(String inputCredentials, String storedCredentials) { - int sep1 = storedCredentials.indexOf('$'); - int sep2 = storedCredentials.indexOf('$', sep1); - String hexSalt = storedCredentials.substring(0, sep1); - int iterations = Integer.parseInt(storedCredentials.substring(sep1 + 1, sep2)); - String hexEncoded = storedCredentials.substring(sep2 + 1); - byte[] salt = HexUtils.fromHexString(hexSalt); - - String userDigest = mutate(inputCredentials, salt, iterations); - - return hexEncoded.equalsIgnoreCase(userDigest); + return matchesSaltIterationsEncoded(inputCredentials, storedCredentials); } --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org