1
2
3
4
5
6
7
8
9
10
11
12
13
14 package org.eclipse.jetty.http.security;
15
16 import java.io.IOException;
17 import java.util.Arrays;
18
19 import org.eclipse.jetty.util.log.Log;
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49 public class Password extends Credential
50 {
51 public static final String __OBFUSCATE = "OBF:";
52
53 private String _pw;
54
55
56
57
58
59
60
61 public Password(String password)
62 {
63 _pw = password;
64
65
66 while (_pw != null && _pw.startsWith(__OBFUSCATE))
67 _pw = deobfuscate(_pw);
68 }
69
70
71 @Override
72 public String toString()
73 {
74 return _pw;
75 }
76
77
78 public String toStarString()
79 {
80 return "*****************************************************".substring(0, _pw.length());
81 }
82
83
84 @Override
85 public boolean check(Object credentials)
86 {
87 if (this == credentials) return true;
88
89 if (credentials instanceof Password) return credentials.equals(_pw);
90
91 if (credentials instanceof String) return credentials.equals(_pw);
92
93 if (credentials instanceof char[]) return Arrays.equals(_pw.toCharArray(), (char[]) credentials);
94
95 if (credentials instanceof Credential) return ((Credential) credentials).check(_pw);
96
97 return false;
98 }
99
100
101 @Override
102 public boolean equals(Object o)
103 {
104 if (this == o)
105 return true;
106
107 if (null == o)
108 return false;
109
110 if (o instanceof Password)
111 {
112 Password p = (Password) o;
113
114 return p._pw == _pw || (null != _pw && _pw.equals(p._pw));
115 }
116
117 if (o instanceof String)
118 return o.equals(_pw);
119
120 return false;
121 }
122
123
124 @Override
125 public int hashCode()
126 {
127 return null == _pw ? super.hashCode() : _pw.hashCode();
128 }
129
130
131 public static String obfuscate(String s)
132 {
133 StringBuilder buf = new StringBuilder();
134 byte[] b = s.getBytes();
135
136 buf.append(__OBFUSCATE);
137 for (int i = 0; i < b.length; i++)
138 {
139 byte b1 = b[i];
140 byte b2 = b[s.length() - (i + 1)];
141 int i1 = 127 + b1 + b2;
142 int i2 = 127 + b1 - b2;
143 int i0 = i1 * 256 + i2;
144 String x = Integer.toString(i0, 36);
145
146 switch (x.length())
147 {
148 case 1:
149 buf.append('0');
150 case 2:
151 buf.append('0');
152 case 3:
153 buf.append('0');
154 default:
155 buf.append(x);
156 }
157 }
158 return buf.toString();
159
160 }
161
162
163 public static String deobfuscate(String s)
164 {
165 if (s.startsWith(__OBFUSCATE)) s = s.substring(4);
166
167 byte[] b = new byte[s.length() / 2];
168 int l = 0;
169 for (int i = 0; i < s.length(); i += 4)
170 {
171 String x = s.substring(i, i + 4);
172 int i0 = Integer.parseInt(x, 36);
173 int i1 = (i0 / 256);
174 int i2 = (i0 % 256);
175 b[l++] = (byte) ((i1 + i2 - 254) / 2);
176 }
177
178 return new String(b, 0, l);
179 }
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196 public static Password getPassword(String realm, String dft, String promptDft)
197 {
198 String passwd = System.getProperty(realm, dft);
199 if (passwd == null || passwd.length() == 0)
200 {
201 try
202 {
203 System.out.print(realm + ((promptDft != null && promptDft.length() > 0) ? " [dft]" : "") + " : ");
204 System.out.flush();
205 byte[] buf = new byte[512];
206 int len = System.in.read(buf);
207 if (len > 0) passwd = new String(buf, 0, len).trim();
208 }
209 catch (IOException e)
210 {
211 Log.warn(Log.EXCEPTION, e);
212 }
213 if (passwd == null || passwd.length() == 0) passwd = promptDft;
214 }
215 return new Password(passwd);
216 }
217
218
219
220
221
222 public static void main(String[] arg)
223 {
224 if (arg.length != 1 && arg.length != 2)
225 {
226 System.err.println("Usage - java org.eclipse.jetty.security.Password [<user>] <password>");
227 System.err.println("If the password is ?, the user will be prompted for the password");
228 System.exit(1);
229 }
230 String p = arg[arg.length == 1 ? 0 : 1];
231 Password pw = new Password(p);
232 System.err.println(pw.toString());
233 System.err.println(obfuscate(pw.toString()));
234 System.err.println(Credential.MD5.digest(p));
235 if (arg.length == 2) System.err.println(Credential.Crypt.crypt(arg[0], pw.toString()));
236 }
237 }