Package org.apache.catalina.realm
Class MessageDigestCredentialHandler
- java.lang.Object
-
- org.apache.catalina.realm.DigestCredentialHandlerBase
-
- org.apache.catalina.realm.MessageDigestCredentialHandler
-
- All Implemented Interfaces:
CredentialHandler
public class MessageDigestCredentialHandler extends DigestCredentialHandlerBase
This credential handler supports the following forms of stored passwords:- encodedCredential - a hex encoded digest of the password digested using the configured digest
- {MD5}encodedCredential - a Base64 encoded MD5 digest of the password
- {SHA}encodedCredential - a Base64 encoded SHA1 digest of the password
- {SSHA}encodedCredential - 20 byte Base64 encoded SHA1 digest followed by variable length salt.
{SSHA}<sha-1 digest:20><salt:n> - salt$iterationCount$encodedCredential - a hex encoded salt, iteration code and a hex encoded credential, each separated by $
If the stored password form does not include an iteration count then an iteration count of 1 is used.
If the stored password form does not include salt then no salt is used.
-
-
Field Summary
Fields Modifier and Type Field Description static intDEFAULT_ITERATIONSThe default number of iterations.-
Fields inherited from class org.apache.catalina.realm.DigestCredentialHandlerBase
DEFAULT_SALT_LENGTH, sm
-
-
Constructor Summary
Constructors Constructor Description MessageDigestCredentialHandler()Default constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description java.lang.StringgetAlgorithm()Get the algorithm used to convert input credentials to stored credentials.protected intgetDefaultIterations()Get the default number of iterations used by theCredentialHandler.booleangetDigestInRfc3112Order()Get whether the digest is in RFC 3112 order.java.lang.StringgetEncoding()Get the encoding.protected LoggetLog()Get the logger for the CredentialHandler instance.booleanmatches(java.lang.String inputCredentials, java.lang.String storedCredentials)Checks to see if the input credentials match the stored credentialsprotected java.lang.Stringmutate(java.lang.String inputCredentials, byte[] salt, int iterations)Generates the equivalent stored credentials for the given input credentials, salt and iterations.voidsetAlgorithm(java.lang.String algorithm)Set the algorithm used to convert input credentials to stored credentials.voidsetDigestInRfc3112Order(boolean digestInRfc3112Order)Set whether the digest is in RFC 3112 order.voidsetEncoding(java.lang.String encodingName)Set the encoding.-
Methods inherited from class org.apache.catalina.realm.DigestCredentialHandlerBase
equals, equals, getDefaultSaltLength, getIterations, getLogInvalidStoredCredentials, getSaltLength, matchesSaltIterationsEncoded, mutate, mutate, setIterations, setLogInvalidStoredCredentials, setSaltLength
-
-
-
-
Field Detail
-
DEFAULT_ITERATIONS
public static final int DEFAULT_ITERATIONS
The default number of iterations.- See Also:
- Constant Field Values
-
-
Method Detail
-
getEncoding
public java.lang.String getEncoding()
Get the encoding.- Returns:
- the encoding
-
setEncoding
public void setEncoding(java.lang.String encodingName)
Set the encoding.- Parameters:
encodingName- the encoding name
-
getAlgorithm
public java.lang.String getAlgorithm()
Description copied from class:DigestCredentialHandlerBaseGet the algorithm used to convert input credentials to stored credentials.- Specified by:
getAlgorithmin classDigestCredentialHandlerBase- Returns:
- the algorithm used to convert input credentials to stored credentials.
-
setAlgorithm
public void setAlgorithm(java.lang.String algorithm) throws java.security.NoSuchAlgorithmExceptionDescription copied from class:DigestCredentialHandlerBaseSet the algorithm used to convert input credentials to stored credentials.- Specified by:
setAlgorithmin classDigestCredentialHandlerBase- Parameters:
algorithm- the algorithm- Throws:
java.security.NoSuchAlgorithmException- if the specified algorithm is not supported
-
getDigestInRfc3112Order
public boolean getDigestInRfc3112Order()
Get whether the digest is in RFC 3112 order.- Returns:
- whether the digest is in RFC 3112 order
-
setDigestInRfc3112Order
public void setDigestInRfc3112Order(boolean digestInRfc3112Order)
Set whether the digest is in RFC 3112 order.- Parameters:
digestInRfc3112Order- whether the digest is in RFC 3112 order
-
matches
public boolean matches(java.lang.String inputCredentials, java.lang.String storedCredentials)Description copied from interface:CredentialHandlerChecks to see if the input credentials match the stored credentials- Parameters:
inputCredentials- User provided credentialsstoredCredentials- Credentials stored in theRealm- Returns:
trueif the inputCredentials match the storedCredentials, otherwisefalse
-
mutate
protected java.lang.String mutate(java.lang.String inputCredentials, byte[] salt, int iterations)Description copied from class:DigestCredentialHandlerBaseGenerates the equivalent stored credentials for the given input credentials, salt and iterations. If the algorithm requires a key length, the default will be used.- Specified by:
mutatein classDigestCredentialHandlerBase- Parameters:
inputCredentials- User provided credentialssalt- Salt, if anyiterations- Number of iterations of the algorithm associated with this CredentialHandler applied to the inputCredentials to generate the equivalent stored credentials- Returns:
- The equivalent stored credentials for the given input credentials or
nullif the generation fails
-
getDefaultIterations
protected int getDefaultIterations()
Description copied from class:DigestCredentialHandlerBaseGet the default number of iterations used by theCredentialHandler.- Specified by:
getDefaultIterationsin classDigestCredentialHandlerBase- Returns:
- the default number of iterations used by the
CredentialHandler.
-
getLog
protected Log getLog()
Description copied from class:DigestCredentialHandlerBaseGet the logger for the CredentialHandler instance.- Specified by:
getLogin classDigestCredentialHandlerBase- Returns:
- the logger for the CredentialHandler instance.
-
-