Package org.apache.catalina.realm

Class DigestCredentialHandlerBase

java.lang.Object

org.apache.catalina.realm.DigestCredentialHandlerBase

All Implemented Interfaces:

CredentialHandler

Direct Known Subclasses:

MessageDigestCredentialHandler, SecretKeyCredentialHandler

public abstract class DigestCredentialHandlerBase
extends java.lang.Object
implements CredentialHandler

Base implementation for the Tomcat provided CredentialHandlers.

Field Summary

Fields

Modifier and Type	Field	Description
static int	DEFAULT_SALT_LENGTH
protected static StringManager	sm

Constructor Summary

Constructors

Constructor	Description
DigestCredentialHandlerBase()

Method Summary

Modifier and Type	Method	Description
abstract java.lang.String	getAlgorithm()
protected abstract int	getDefaultIterations()
protected int	getDefaultSaltLength()
int	getIterations()
protected abstract Log	getLog()
boolean	getLogInvalidStoredCredentials()	When checking input credentials against stored credentials will a warning message be logged if invalid stored credentials are discovered?
int	getSaltLength()
protected boolean	matchesSaltIterationsEncoded(java.lang.String inputCredentials, java.lang.String storedCredentials)	Checks whether the provided credential matches the stored credential when the stored credential is in the form salt$iteration-count$credential
java.lang.String	mutate(java.lang.String userCredential)	Generates the equivalent stored credentials for the given input credentials.
protected abstract java.lang.String	mutate(java.lang.String inputCredentials, byte[] salt, int iterations)	Generates the equivalent stored credentials for the given input credentials, salt and iterations.
protected java.lang.String	mutate(java.lang.String inputCredentials, byte[] salt, int iterations, int keyLength)	Generates the equivalent stored credentials for the given input credentials, salt, iterations and key length.
abstract void	setAlgorithm(java.lang.String algorithm)	Set the algorithm used to convert input credentials to stored credentials.
void	setIterations(int iterations)	Set the number of iterations of the associated algorithm that will be used when creating a new stored credential for a given input credential.
void	setLogInvalidStoredCredentials(boolean logInvalidStoredCredentials)	Set whether a warning message will be logged if invalid stored credentials are discovered while checking input credentials against stored credentials?
void	setSaltLength(int saltLength)	Set the salt length that will be used when creating a new stored credential for a given input credential.

Methods inherited from interface org.apache.catalina.CredentialHandler

matches

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

sm

protected static final StringManager sm

DEFAULT_SALT_LENGTH

public static final int DEFAULT_SALT_LENGTH

See Also:

Constant Field Values

Constructor Detail

DigestCredentialHandlerBase

public DigestCredentialHandlerBase()

Method Detail

getIterations

public int getIterations()

Returns:

the number of iterations of the associated algorithm that will be used when creating a new stored credential for a given input credential.

setIterations

public void setIterations(int iterations)

Set the number of iterations of the associated algorithm that will be used when creating a new stored credential for a given input credential.

Parameters:

iterations - the iterations count

getSaltLength

public int getSaltLength()

Returns:

the salt length that will be used when creating a new stored credential for a given input credential.

setSaltLength

public void setSaltLength(int saltLength)

Set the salt length that will be used when creating a new stored credential for a given input credential.

Parameters:

saltLength - the salt length

getLogInvalidStoredCredentials

public boolean getLogInvalidStoredCredentials()

When checking input credentials against stored credentials will a warning message be logged if invalid stored credentials are discovered?

Returns:

true if logging will occur

setLogInvalidStoredCredentials

public void setLogInvalidStoredCredentials(boolean logInvalidStoredCredentials)

Set whether a warning message will be logged if invalid stored credentials are discovered while checking input credentials against stored credentials?

Parameters:

logInvalidStoredCredentials - true to log, the default value is false

mutate

public java.lang.String mutate(java.lang.String userCredential)

Description copied from interface: CredentialHandler

Generates the equivalent stored credentials for the given input credentials.

Specified by:

mutate in interface CredentialHandler

Parameters:

userCredential - User provided credentials

Returns:

The equivalent stored credentials for the given input credentials

matchesSaltIterationsEncoded

protected boolean matchesSaltIterationsEncoded(java.lang.String inputCredentials,
                                               java.lang.String storedCredentials)

Checks whether the provided credential matches the stored credential when the stored credential is in the form salt$iteration-count$credential

Parameters:

inputCredentials - The input credential

storedCredentials - The stored credential

Returns:

true if they match, otherwise false

getDefaultSaltLength

protected int getDefaultSaltLength()

Returns:

the default salt length used by the CredentialHandler.

mutate

protected abstract java.lang.String mutate(java.lang.String inputCredentials,
                                           byte[] salt,
                                           int iterations)

Generates the equivalent stored credentials for the given input credentials, salt and iterations. If the algorithm requires a key length, the default will be used.

Parameters:

inputCredentials - User provided credentials

salt - Salt, if any

iterations - Number of iterations of the algorithm associated with this CredentialHandler applied to the inputCredentials to generate the equivalent stored credentials

Returns:

The equivalent stored credentials for the given input credentials or null if the generation fails

mutate

protected java.lang.String mutate(java.lang.String inputCredentials,
                                  byte[] salt,
                                  int iterations,
                                  int keyLength)

Generates the equivalent stored credentials for the given input credentials, salt, iterations and key length. The default implementation calls ignores the key length and calls mutate(String, byte[], int). Sub-classes that use the key length should override this method.

Parameters:

inputCredentials - User provided credentials

salt - Salt, if any

iterations - Number of iterations of the algorithm associated with this CredentialHandler applied to the inputCredentials to generate the equivalent stored credentials

keyLength - Length of the produced digest in bits for implementations where it's applicable

Returns:

The equivalent stored credentials for the given input credentials or null if the generation fails

setAlgorithm

public abstract void setAlgorithm(java.lang.String algorithm)
                           throws java.security.NoSuchAlgorithmException

Set the algorithm used to convert input credentials to stored credentials.

Parameters:

algorithm - the algorithm

Throws:

java.security.NoSuchAlgorithmException - if the specified algorithm is not supported

getAlgorithm

public abstract java.lang.String getAlgorithm()

Returns:

the algorithm used to convert input credentials to stored credentials.

getDefaultIterations

protected abstract int getDefaultIterations()

Returns:

the default number of iterations used by the CredentialHandler.

getLog

protected abstract Log getLog()

Returns:

the logger for the CredentialHandler instance.