Author: markt Date: Thu Sep 25 19:32:24 2014 New Revision: 1627598 URL: http://svn.apache.org/r1627598 Log: Add first pass at PBE handler
Added: tomcat/trunk/java/org/apache/catalina/realm/PBECredentialHandler.java (with props) Modified: tomcat/trunk/java/org/apache/catalina/realm/LocalStrings.properties tomcat/trunk/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java tomcat/trunk/res/checkstyle/org-import-control.xml Modified: tomcat/trunk/java/org/apache/catalina/realm/LocalStrings.properties URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/LocalStrings.properties?rev=1627598&r1=1627597&r2=1627598&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/realm/LocalStrings.properties (original) +++ tomcat/trunk/java/org/apache/catalina/realm/LocalStrings.properties Thu Sep 25 19:32:24 2014 @@ -83,4 +83,4 @@ combinedRealm.addRealm=Add "{0}" realm, combinedRealm.realmStartFail=Failed to start "{0}" realm lockOutRealm.authLockedUser=An attempt was made to authenticate the locked user "{0}" lockOutRealm.removeWarning=User "{0}" was removed from the failed users cache after {1} seconds to keep the cache size within the limit set -messageDigestCredentialHandler.unknownEncoding=The encoding [{0}] is not supported so the current setting of [{1}] will still be used +mdCredentialHandler.unknownEncoding=The encoding [{0}] is not supported so the current setting of [{1}] will still be used Modified: tomcat/trunk/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java?rev=1627598&r1=1627597&r2=1627598&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java (original) +++ tomcat/trunk/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java Thu Sep 25 19:32:24 2014 @@ -57,8 +57,8 @@ import org.apache.tomcat.util.security.C public class MessageDigestCredentialHandler implements CredentialHandler { private static final Log log = LogFactory.getLog(MessageDigestCredentialHandler.class); - protected static final StringManager sm = StringManager.getManager(Constants.Package); + protected static final StringManager sm = StringManager.getManager(Constants.Package); private Charset encoding = StandardCharsets.UTF_8; private String digest = null; @@ -76,7 +76,7 @@ public class MessageDigestCredentialHand try { this.encoding = B2CConverter.getCharset(encodingName); } catch (UnsupportedEncodingException e) { - log.warn(sm.getString("mdCredentialHandler.unknownEncoding=.unknownEncoding", + log.warn(sm.getString("mdCredentialHandler.unknownEncoding", encodingName, encoding.name())); } } Added: tomcat/trunk/java/org/apache/catalina/realm/PBECredentialHandler.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/PBECredentialHandler.java?rev=1627598&view=auto ============================================================================== --- tomcat/trunk/java/org/apache/catalina/realm/PBECredentialHandler.java (added) +++ tomcat/trunk/java/org/apache/catalina/realm/PBECredentialHandler.java Thu Sep 25 19:32:24 2014 @@ -0,0 +1,97 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.catalina.realm; + +import java.security.NoSuchAlgorithmException; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.KeySpec; + +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.PBEKeySpec; + +import org.apache.catalina.CredentialHandler; +import org.apache.juli.logging.Log; +import org.apache.juli.logging.LogFactory; +import org.apache.tomcat.util.buf.HexUtils; +import org.apache.tomcat.util.res.StringManager; + +public class PBECredentialHandler implements CredentialHandler { + + private static final Log log = LogFactory.getLog(PBECredentialHandler.class); + + protected static final StringManager sm = StringManager.getManager(Constants.Package); + + public static final String DEFAULT_ALGORITHM = "PBKDF2WithHmacSHA1"; + public static final int DEFAULT_KEYLENGTH = 160; + + private SecretKeyFactory secretKeyFactory; + private int keyLength = 160; + + + public PBECredentialHandler() throws NoSuchAlgorithmException { + setAlgorithm(DEFAULT_ALGORITHM); + } + + + public String getAlgorithm() { + return secretKeyFactory.getAlgorithm(); + } + + + public void setAlgorithm(String algorithm) throws NoSuchAlgorithmException { + SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(algorithm); + this.secretKeyFactory = secretKeyFactory; + } + + + public int getKeyLength() { + return keyLength; + } + + + public void setKeyLength(int keyLength) { + this.keyLength = keyLength; + } + + + @Override + public boolean matches(String inputCredentials, String storedCredentials) { + int sep1 = storedCredentials.indexOf('$'); + int sep2 = storedCredentials.indexOf('$', sep1); + String hexSalt = storedCredentials.substring(0, sep1); + int iterations = Integer.parseInt(storedCredentials.substring(sep1 + 1, sep2)); + String hexEncoded = storedCredentials.substring(sep2 + 1); + byte[] salt = HexUtils.fromHexString(hexSalt); + + String userDigest = mutate(inputCredentials, salt, iterations); + + return hexEncoded.equalsIgnoreCase(userDigest); + } + + + @Override + public String mutate(String inputCredentials, byte[] salt, int iterations) { + KeySpec spec = new PBEKeySpec(inputCredentials.toCharArray(), salt, iterations, getKeyLength()); + + try { + return HexUtils.toHexString(secretKeyFactory.generateSecret(spec).getEncoded()); + } catch (InvalidKeySpecException e) { + // TODO Log a warning + return null; + } + } +} Propchange: tomcat/trunk/java/org/apache/catalina/realm/PBECredentialHandler.java ------------------------------------------------------------------------------ svn:eol-style = native Modified: tomcat/trunk/res/checkstyle/org-import-control.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/res/checkstyle/org-import-control.xml?rev=1627598&r1=1627597&r2=1627598&view=diff ============================================================================== --- tomcat/trunk/res/checkstyle/org-import-control.xml (original) +++ tomcat/trunk/res/checkstyle/org-import-control.xml Thu Sep 25 19:32:24 2014 @@ -23,6 +23,7 @@ <!-- Anything in J2SE is OK but need to list javax by package as not all javax packages are in J2SE --> <allow pkg="java"/> + <allow pkg="javax.crypto"/> <allow class="javax.imageio.ImageIO"/> <allow pkg="javax.management"/> <allow pkg="javax.naming"/> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org