1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.eclipse.jetty.util.security;
20
21 import java.io.Serializable;
22 import java.nio.charset.StandardCharsets;
23 import java.security.MessageDigest;
24
25 import org.eclipse.jetty.util.TypeUtil;
26 import org.eclipse.jetty.util.log.Log;
27 import org.eclipse.jetty.util.log.Logger;
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44 public abstract class Credential implements Serializable
45 {
46 private static final Logger LOG = Log.getLogger(Credential.class);
47
48 private static final long serialVersionUID = -7760551052768181572L;
49
50
51
52
53
54
55
56
57
58
59
60 public abstract boolean check(Object credentials);
61
62
63
64
65
66
67
68
69
70
71 public static Credential getCredential(String credential)
72 {
73 if (credential.startsWith(Crypt.__TYPE)) return new Crypt(credential);
74 if (credential.startsWith(MD5.__TYPE)) return new MD5(credential);
75
76 return new Password(credential);
77 }
78
79
80
81
82
83 public static class Crypt extends Credential
84 {
85 private static final long serialVersionUID = -2027792997664744210L;
86
87 public static final String __TYPE = "CRYPT:";
88
89 private final String _cooked;
90
91 Crypt(String cooked)
92 {
93 _cooked = cooked.startsWith(Crypt.__TYPE) ? cooked.substring(__TYPE.length()) : cooked;
94 }
95
96 @Override
97 public boolean check(Object credentials)
98 {
99 if (credentials instanceof char[])
100 credentials=new String((char[])credentials);
101 if (!(credentials instanceof String) && !(credentials instanceof Password))
102 LOG.warn("Can't check " + credentials.getClass() + " against CRYPT");
103
104 String passwd = credentials.toString();
105 return _cooked.equals(UnixCrypt.crypt(passwd, _cooked));
106 }
107
108 public static String crypt(String user, String pw)
109 {
110 return "CRYPT:" + UnixCrypt.crypt(pw, user);
111 }
112 }
113
114
115
116
117
118 public static class MD5 extends Credential
119 {
120 private static final long serialVersionUID = 5533846540822684240L;
121
122 public static final String __TYPE = "MD5:";
123
124 public static final Object __md5Lock = new Object();
125
126 private static MessageDigest __md;
127
128 private final byte[] _digest;
129
130
131 MD5(String digest)
132 {
133 digest = digest.startsWith(__TYPE) ? digest.substring(__TYPE.length()) : digest;
134 _digest = TypeUtil.parseBytes(digest, 16);
135 }
136
137
138 public byte[] getDigest()
139 {
140 return _digest;
141 }
142
143
144 @Override
145 public boolean check(Object credentials)
146 {
147 try
148 {
149 byte[] digest = null;
150
151 if (credentials instanceof char[])
152 credentials=new String((char[])credentials);
153 if (credentials instanceof Password || credentials instanceof String)
154 {
155 synchronized (__md5Lock)
156 {
157 if (__md == null) __md = MessageDigest.getInstance("MD5");
158 __md.reset();
159 __md.update(credentials.toString().getBytes(StandardCharsets.ISO_8859_1));
160 digest = __md.digest();
161 }
162 if (digest == null || digest.length != _digest.length) return false;
163 boolean digestMismatch = false;
164 for (int i = 0; i < digest.length; i++)
165 digestMismatch |= (digest[i] != _digest[i]);
166 return !digestMismatch;
167 }
168 else if (credentials instanceof MD5)
169 {
170 MD5 md5 = (MD5) credentials;
171 if (_digest.length != md5._digest.length) return false;
172 boolean digestMismatch = false;
173 for (int i = 0; i < _digest.length; i++)
174 digestMismatch |= (_digest[i] != md5._digest[i]);
175 return !digestMismatch;
176 }
177 else if (credentials instanceof Credential)
178 {
179
180
181 return ((Credential) credentials).check(this);
182 }
183 else
184 {
185 LOG.warn("Can't check " + credentials.getClass() + " against MD5");
186 return false;
187 }
188 }
189 catch (Exception e)
190 {
191 LOG.warn(e);
192 return false;
193 }
194 }
195
196
197 public static String digest(String password)
198 {
199 try
200 {
201 byte[] digest;
202 synchronized (__md5Lock)
203 {
204 if (__md == null)
205 {
206 try
207 {
208 __md = MessageDigest.getInstance("MD5");
209 }
210 catch (Exception e)
211 {
212 LOG.warn(e);
213 return null;
214 }
215 }
216
217 __md.reset();
218 __md.update(password.getBytes(StandardCharsets.ISO_8859_1));
219 digest = __md.digest();
220 }
221
222 return __TYPE + TypeUtil.toString(digest, 16);
223 }
224 catch (Exception e)
225 {
226 LOG.warn(e);
227 return null;
228 }
229 }
230 }
231 }