Author: markt
Date: Thu Sep 25 19:32:24 2014
New Revision: 1627598
URL: http://svn.apache.org/r1627598
Log:
Add first pass at PBE handler
Added:
tomcat/trunk/java/org/apache/catalina/realm/PBECredentialHandler.java
(with props)
Modified:
tomcat/trunk/java/org/apache/catalina/realm/LocalStrings.properties
tomcat/trunk/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java
tomcat/trunk/res/checkstyle/org-import-control.xml
Modified: tomcat/trunk/java/org/apache/catalina/realm/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/LocalStrings.properties?rev=1627598&r1=1627597&r2=1627598&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/LocalStrings.properties
(original)
+++ tomcat/trunk/java/org/apache/catalina/realm/LocalStrings.properties Thu Sep
25 19:32:24 2014
@@ -83,4 +83,4 @@ combinedRealm.addRealm=Add "{0}" realm,
combinedRealm.realmStartFail=Failed to start "{0}" realm
lockOutRealm.authLockedUser=An attempt was made to authenticate the locked
user "{0}"
lockOutRealm.removeWarning=User "{0}" was removed from the failed users cache
after {1} seconds to keep the cache size within the limit set
-messageDigestCredentialHandler.unknownEncoding=The encoding [{0}] is not
supported so the current setting of [{1}] will still be used
+mdCredentialHandler.unknownEncoding=The encoding [{0}] is not supported so the
current setting of [{1}] will still be used
Modified:
tomcat/trunk/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java?rev=1627598&r1=1627597&r2=1627598&view=diff
==============================================================================
---
tomcat/trunk/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java
Thu Sep 25 19:32:24 2014
@@ -57,8 +57,8 @@ import org.apache.tomcat.util.security.C
public class MessageDigestCredentialHandler implements CredentialHandler {
private static final Log log =
LogFactory.getLog(MessageDigestCredentialHandler.class);
- protected static final StringManager sm =
StringManager.getManager(Constants.Package);
+ protected static final StringManager sm =
StringManager.getManager(Constants.Package);
private Charset encoding = StandardCharsets.UTF_8;
private String digest = null;
@@ -76,7 +76,7 @@ public class MessageDigestCredentialHand
try {
this.encoding = B2CConverter.getCharset(encodingName);
} catch (UnsupportedEncodingException e) {
-
log.warn(sm.getString("mdCredentialHandler.unknownEncoding=.unknownEncoding",
+ log.warn(sm.getString("mdCredentialHandler.unknownEncoding",
encodingName, encoding.name()));
}
}
Added: tomcat/trunk/java/org/apache/catalina/realm/PBECredentialHandler.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/PBECredentialHandler.java?rev=1627598&view=auto
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/PBECredentialHandler.java
(added)
+++ tomcat/trunk/java/org/apache/catalina/realm/PBECredentialHandler.java Thu
Sep 25 19:32:24 2014
@@ -0,0 +1,97 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.realm;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
+
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+
+import org.apache.catalina.CredentialHandler;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.buf.HexUtils;
+import org.apache.tomcat.util.res.StringManager;
+
+public class PBECredentialHandler implements CredentialHandler {
+
+ private static final Log log =
LogFactory.getLog(PBECredentialHandler.class);
+
+ protected static final StringManager sm =
StringManager.getManager(Constants.Package);
+
+ public static final String DEFAULT_ALGORITHM = "PBKDF2WithHmacSHA1";
+ public static final int DEFAULT_KEYLENGTH = 160;
+
+ private SecretKeyFactory secretKeyFactory;
+ private int keyLength = 160;
+
+
+ public PBECredentialHandler() throws NoSuchAlgorithmException {
+ setAlgorithm(DEFAULT_ALGORITHM);
+ }
+
+
+ public String getAlgorithm() {
+ return secretKeyFactory.getAlgorithm();
+ }
+
+
+ public void setAlgorithm(String algorithm) throws NoSuchAlgorithmException
{
+ SecretKeyFactory secretKeyFactory =
SecretKeyFactory.getInstance(algorithm);
+ this.secretKeyFactory = secretKeyFactory;
+ }
+
+
+ public int getKeyLength() {
+ return keyLength;
+ }
+
+
+ public void setKeyLength(int keyLength) {
+ this.keyLength = keyLength;
+ }
+
+
+ @Override
+ public boolean matches(String inputCredentials, String storedCredentials) {
+ int sep1 = storedCredentials.indexOf('$');
+ int sep2 = storedCredentials.indexOf('$', sep1);
+ String hexSalt = storedCredentials.substring(0, sep1);
+ int iterations = Integer.parseInt(storedCredentials.substring(sep1 +
1, sep2));
+ String hexEncoded = storedCredentials.substring(sep2 + 1);
+ byte[] salt = HexUtils.fromHexString(hexSalt);
+
+ String userDigest = mutate(inputCredentials, salt, iterations);
+
+ return hexEncoded.equalsIgnoreCase(userDigest);
+ }
+
+
+ @Override
+ public String mutate(String inputCredentials, byte[] salt, int iterations)
{
+ KeySpec spec = new PBEKeySpec(inputCredentials.toCharArray(), salt,
iterations, getKeyLength());
+
+ try {
+ return
HexUtils.toHexString(secretKeyFactory.generateSecret(spec).getEncoded());
+ } catch (InvalidKeySpecException e) {
+ // TODO Log a warning
+ return null;
+ }
+ }
+}
Propchange:
tomcat/trunk/java/org/apache/catalina/realm/PBECredentialHandler.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: tomcat/trunk/res/checkstyle/org-import-control.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/res/checkstyle/org-import-control.xml?rev=1627598&r1=1627597&r2=1627598&view=diff
==============================================================================
--- tomcat/trunk/res/checkstyle/org-import-control.xml (original)
+++ tomcat/trunk/res/checkstyle/org-import-control.xml Thu Sep 25 19:32:24 2014
@@ -23,6 +23,7 @@
<!-- Anything in J2SE is OK but need to list javax by package as not
all javax packages are in J2SE -->
<allow pkg="java"/>
+ <allow pkg="javax.crypto"/>
<allow class="javax.imageio.ImageIO"/>
<allow pkg="javax.management"/>
<allow pkg="javax.naming"/>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
