alvinalexander.com | career | drupal | java | mac | mysql | perl | scala | uml | unix  

Jetty example source code file (Credential.java)

This example Jetty source code file (Credential.java) is included in the DevDaily.com "Java Source Code Warehouse" project. The intent of this project is to help you "Learn Java by Example" TM.

Java - Jetty tags/keywords

can't, credential, credential, crypt, crypt, exception, md5, md5, messagedigest, object, password, security, string, string

The Jetty Credential.java source code

// ========================================================================
// Copyright 1998-2005 Mort Bay Consulting Pty. Ltd.
// ------------------------------------------------------------------------
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at 
// http://www.apache.org/licenses/LICENSE-2.0
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// ========================================================================

package org.mortbay.jetty.security;

import java.security.MessageDigest;

import org.mortbay.log.Log;
import org.mortbay.util.StringUtil;
import org.mortbay.util.TypeUtil;


/* ------------------------------------------------------------ */
/** Credentials.
 * The Credential class represents an abstract mechanism for checking
 * authentication credentials.  A credential instance either represents a
 * secret, or some data that could only be derived from knowing the secret.
 * <p>
 * Often a Credential is related to a Password via a one way algorithm, so
 * while a Password itself is a Credential, a UnixCrypt or MD5 digest of a
 * a password is only a credential that can be checked against the password.
 * <p>
 * This class includes an implementation for unix Crypt an MD5 digest. 
 * @see Password
 * @author Greg Wilkins (gregw)
 */
public abstract class Credential
{
    /* ------------------------------------------------------------ */
    /** Check a credential
     * @param credentials The credential to check against. This may either be
     * another Credential object, a Password object or a String which is
     * interpreted by this credential. 
     * @return True if the credentials indicated that the shared secret is
     * known to both this Credential and the passed credential.
     */
    public abstract boolean check(Object credentials);

    /* ------------------------------------------------------------ */
    /** Get a credential from a String.
     * If the credential String starts with a known Credential type (eg
     * "CRYPT:" or "MD5:" ) then a Credential of that type is returned. Else the
     * credential is assumed to be a Password.
     * @param credential String representation of the credential
     * @return A Credential or Password instance.
     */
    public static Credential getCredential(String credential)
    {
        if (credential.startsWith(Crypt.__TYPE))
            return new Crypt(credential);
        if (credential.startsWith(MD5.__TYPE))
            return new MD5(credential);
        
        return new Password(credential);
    }


    /* ------------------------------------------------------------ */
    /** Unix Crypt Credentials
     */
    public static class Crypt extends Credential
    {
        public static final String __TYPE="CRYPT:";
        
        private String _cooked;
        Crypt(String cooked)
        {
            _cooked=cooked.startsWith(Crypt.__TYPE)
                ?cooked.substring(__TYPE.length())
                :cooked;
        }
        
        public boolean check(Object credentials)
        {
            if (!(credentials instanceof String) &&
                !(credentials instanceof Password))
                Log.warn("Can't check "+credentials.getClass()+" against CRYPT");
            
            String passwd = credentials.toString();
            return _cooked.equals(UnixCrypt.crypt(passwd,_cooked));
        }

        public static String crypt(String user,String pw)
        {
            return "CRYPT:"+UnixCrypt.crypt(pw,user);
        }
    }
    
    /* ------------------------------------------------------------ */
    /** MD5 Credentials
     */
    public static class MD5 extends Credential
    {
        public static final String __TYPE="MD5:";
        public static final Object __md5Lock = new Object();
        private static MessageDigest __md;
        
        private byte[] _digest;
        
        /* ------------------------------------------------------------ */
        MD5(String digest)
        {
            digest=digest.startsWith(__TYPE)
                ?digest.substring(__TYPE.length())
                :digest;
            _digest=TypeUtil.parseBytes(digest,16);
        }
        
        /* ------------------------------------------------------------ */
        public byte[] getDigest()
        {
            return _digest;
        }
        
        /* ------------------------------------------------------------ */
        public boolean check(Object credentials)
        {
            try
            {
                byte[] digest=null;
                
                if (credentials instanceof Password ||
                    credentials instanceof String)
                {
                    synchronized(__md5Lock)
                    {
                        if (__md==null)
                            __md = MessageDigest.getInstance("MD5");
                        __md.reset();
                        __md.update(credentials.toString().getBytes(StringUtil.__ISO_8859_1));
                        digest=__md.digest();
                    }
                    if (digest==null || digest.length!=_digest.length)
                        return false;
                    for (int i=0;i<digest.length;i++)
                        if (digest[i]!=_digest[i])
                            return false;
                    return true;
                }
                else if (credentials instanceof MD5)
                {
                    MD5 md5 = (MD5)credentials;
                    if (_digest.length!=md5._digest.length)
                        return false;
                    for (int i=0;i<_digest.length;i++)
                        if (_digest[i]!=md5._digest[i])
                            return false;
                    return true;
                }
                else if(credentials instanceof Credential)
                {
                    // Allow credential to attempt check - i.e. this'll work
                    // for DigestAuthenticator$Digest credentials
                    return ((Credential)credentials).check(this);
                }
                else
                {
                    Log.warn("Can't check "+credentials.getClass()+" against MD5");
                    return false;
                }
            }
            catch (Exception e)
            {
                Log.warn(e);
                return false;
            }
        }

        /* ------------------------------------------------------------ */
        public static String digest(String password)
        {
            try
            {
                byte[] digest;
                synchronized(__md5Lock)
                {
                    if (__md==null)
                    {
                        try{__md = MessageDigest.getInstance("MD5");}
                        catch (Exception e ) {Log.warn(e);return null;}
                    }
                    
                    __md.reset();
                    __md.update(password.getBytes(StringUtil.__ISO_8859_1));
                    digest=__md.digest();
                }
                
                return __TYPE+TypeUtil.toString(digest,16);
            }
            catch (Exception e)
            {
                Log.warn(e);
                return null;
            }
        }
    }
}

Other Jetty examples (source code examples)

Here is a short list of links related to this Jetty Credential.java source code file:

... this post is sponsored by my books ...

#1 New Release!

FP Best Seller

 

new blog posts

 

Copyright 1998-2021 Alvin Alexander, alvinalexander.com
All Rights Reserved.

A percentage of advertising revenue from
pages under the /java/jwarehouse URI on this website is
paid back to open source projects.