1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.eclipse.jetty.util.security;
20
21 import java.io.IOException;
22 import java.nio.charset.StandardCharsets;
23 import java.util.Arrays;
24
25 import org.eclipse.jetty.util.log.Log;
26 import org.eclipse.jetty.util.log.Logger;
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56 public class Password extends Credential
57 {
58 private static final Logger LOG = Log.getLogger(Password.class);
59
60 private static final long serialVersionUID = 5062906681431569445L;
61
62 public static final String __OBFUSCATE = "OBF:";
63
64 private String _pw;
65
66
67
68
69
70
71
72 public Password(String password)
73 {
74 _pw = password;
75
76
77 while (_pw != null && _pw.startsWith(__OBFUSCATE))
78 _pw = deobfuscate(_pw);
79 }
80
81
82 @Override
83 public String toString()
84 {
85 return _pw;
86 }
87
88
89 public String toStarString()
90 {
91 return "*****************************************************".substring(0, _pw.length());
92 }
93
94
95 @Override
96 public boolean check(Object credentials)
97 {
98 if (this == credentials) return true;
99
100 if (credentials instanceof Password) return credentials.equals(_pw);
101
102 if (credentials instanceof String) return credentials.equals(_pw);
103
104 if (credentials instanceof char[]) return Arrays.equals(_pw.toCharArray(), (char[]) credentials);
105
106 if (credentials instanceof Credential) return ((Credential) credentials).check(_pw);
107
108 return false;
109 }
110
111
112 @Override
113 public boolean equals(Object o)
114 {
115 if (this == o)
116 return true;
117
118 if (null == o)
119 return false;
120
121 if (o instanceof Password)
122 {
123 Password p = (Password) o;
124
125 return p._pw == _pw || (null != _pw && _pw.equals(p._pw));
126 }
127
128 if (o instanceof String)
129 return o.equals(_pw);
130
131 return false;
132 }
133
134
135 @Override
136 public int hashCode()
137 {
138 return null == _pw ? super.hashCode() : _pw.hashCode();
139 }
140
141
142 public static String obfuscate(String s)
143 {
144 StringBuilder buf = new StringBuilder();
145 byte[] b = s.getBytes(StandardCharsets.UTF_8);
146
147 buf.append(__OBFUSCATE);
148 for (int i = 0; i < b.length; i++)
149 {
150 byte b1 = b[i];
151 byte b2 = b[b.length - (i + 1)];
152 if (b1<0 || b2<0)
153 {
154 int i0 = (0xff&b1)*256 + (0xff&b2);
155 String x = Integer.toString(i0, 36).toLowerCase();
156 buf.append("U0000",0,5-x.length());
157 buf.append(x);
158 }
159 else
160 {
161 int i1 = 127 + b1 + b2;
162 int i2 = 127 + b1 - b2;
163 int i0 = i1 * 256 + i2;
164 String x = Integer.toString(i0, 36).toLowerCase();
165
166 int j0 = Integer.parseInt(x, 36);
167 int j1 = (i0 / 256);
168 int j2 = (i0 % 256);
169 byte bx = (byte) ((j1 + j2 - 254) / 2);
170
171 buf.append("000",0,4-x.length());
172 buf.append(x);
173 }
174
175 }
176 return buf.toString();
177
178 }
179
180
181 public static String deobfuscate(String s)
182 {
183 if (s.startsWith(__OBFUSCATE)) s = s.substring(4);
184
185 byte[] b = new byte[s.length() / 2];
186 int l = 0;
187 for (int i = 0; i < s.length(); i += 4)
188 {
189 if (s.charAt(i)=='U')
190 {
191 i++;
192 String x = s.substring(i, i + 4);
193 int i0 = Integer.parseInt(x, 36);
194 byte bx = (byte)(i0>>8);
195 b[l++] = bx;
196 }
197 else
198 {
199 String x = s.substring(i, i + 4);
200 int i0 = Integer.parseInt(x, 36);
201 int i1 = (i0 / 256);
202 int i2 = (i0 % 256);
203 byte bx = (byte) ((i1 + i2 - 254) / 2);
204 b[l++] = bx;
205 }
206 }
207
208 return new String(b, 0, l,StandardCharsets.UTF_8);
209 }
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226 public static Password getPassword(String realm, String dft, String promptDft)
227 {
228 String passwd = System.getProperty(realm, dft);
229 if (passwd == null || passwd.length() == 0)
230 {
231 try
232 {
233 System.out.print(realm + ((promptDft != null && promptDft.length() > 0) ? " [dft]" : "") + " : ");
234 System.out.flush();
235 byte[] buf = new byte[512];
236 int len = System.in.read(buf);
237 if (len > 0) passwd = new String(buf, 0, len).trim();
238 }
239 catch (IOException e)
240 {
241 LOG.warn(Log.EXCEPTION, e);
242 }
243 if (passwd == null || passwd.length() == 0) passwd = promptDft;
244 }
245 return new Password(passwd);
246 }
247
248 public static void main(String[] arg)
249 {
250 if (arg.length != 1 && arg.length != 2)
251 {
252 System.err.println("Usage - java " + Password.class.getName() + " [<user>] <password>");
253 System.err.println("If the password is ?, the user will be prompted for the password");
254 System.exit(1);
255 }
256 String p = arg[arg.length == 1 ? 0 : 1];
257 Password pw = new Password(p);
258 System.err.println(pw.toString());
259 System.err.println(obfuscate(pw.toString()));
260 System.err.println(Credential.MD5.digest(p));
261 if (arg.length == 2) System.err.println(Credential.Crypt.crypt(arg[0], pw.toString()));
262 }
263 }