Package org.apache.catalina.realm

Class MessageDigestCredentialHandler

java.lang.Object

org.apache.catalina.realm.DigestCredentialHandlerBase

org.apache.catalina.realm.MessageDigestCredentialHandler

All Implemented Interfaces:

CredentialHandler

public class MessageDigestCredentialHandler
extends DigestCredentialHandlerBase

This credential handler supports the following forms of stored passwords:

• encodedCredential - a hex encoded digest of the password digested using the configured digest
• {MD5}encodedCredential - a Base64 encoded MD5 digest of the password
• {SHA}encodedCredential - a Base64 encoded SHA1 digest of the password
• {SSHA}encodedCredential - 20 character salt followed by the salted SHA1 digest Base64 encoded
• salt$iterationCount$encodedCredential - a hex encoded salt, iteration code and a hex encoded credential, each separated by $

If the stored password form does not include an iteration count then an iteration count of 1 is used.

If the stored password form does not include salt then no salt is used.

Field Summary

Fields

Modifier and Type	Field	Description
static int	DEFAULT_ITERATIONS

Fields inherited from class org.apache.catalina.realm.DigestCredentialHandlerBase

DEFAULT_SALT_LENGTH, sm

Constructor Summary

Constructors

Constructor	Description
MessageDigestCredentialHandler()

Method Summary

Modifier and Type	Method	Description
java.lang.String	getAlgorithm()
protected int	getDefaultIterations()
java.lang.String	getEncoding()
protected Log	getLog()
boolean	matches(java.lang.String inputCredentials, java.lang.String storedCredentials)	Checks to see if the input credentials match the stored credentials
protected java.lang.String	mutate(java.lang.String inputCredentials, byte[] salt, int iterations)	Generates the equivalent stored credentials for the given input credentials, salt and iterations.
void	setAlgorithm(java.lang.String algorithm)	Set the algorithm used to convert input credentials to stored credentials.
void	setEncoding(java.lang.String encodingName)

Methods inherited from class org.apache.catalina.realm.DigestCredentialHandlerBase

getDefaultSaltLength, getIterations, getLogInvalidStoredCredentials, getSaltLength, matchesSaltIterationsEncoded, mutate, mutate, setIterations, setLogInvalidStoredCredentials, setSaltLength

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_ITERATIONS

public static final int DEFAULT_ITERATIONS

See Also:

Constant Field Values

Constructor Detail

MessageDigestCredentialHandler

public MessageDigestCredentialHandler()

Method Detail

getEncoding

public java.lang.String getEncoding()

setEncoding

public void setEncoding(java.lang.String encodingName)

getAlgorithm

public java.lang.String getAlgorithm()

Specified by:

getAlgorithm in class DigestCredentialHandlerBase

Returns:

the algorithm used to convert input credentials to stored credentials.

setAlgorithm

public void setAlgorithm(java.lang.String algorithm)
                  throws java.security.NoSuchAlgorithmException

Description copied from class: DigestCredentialHandlerBase

Set the algorithm used to convert input credentials to stored credentials.

Specified by:

setAlgorithm in class DigestCredentialHandlerBase

Parameters:

algorithm - the algorithm

Throws:

java.security.NoSuchAlgorithmException - if the specified algorithm is not supported

matches

public boolean matches(java.lang.String inputCredentials,
                       java.lang.String storedCredentials)

Description copied from interface: CredentialHandler

Checks to see if the input credentials match the stored credentials

Parameters:

inputCredentials - User provided credentials

storedCredentials - Credentials stored in the Realm

Returns:

true if the inputCredentials match the storedCredentials, otherwise false

mutate

protected java.lang.String mutate(java.lang.String inputCredentials,
                                  byte[] salt,
                                  int iterations)

Description copied from class: DigestCredentialHandlerBase

Generates the equivalent stored credentials for the given input credentials, salt and iterations. If the algorithm requires a key length, the default will be used.

Specified by:

mutate in class DigestCredentialHandlerBase

Parameters:

inputCredentials - User provided credentials

salt - Salt, if any

iterations - Number of iterations of the algorithm associated with this CredentialHandler applied to the inputCredentials to generate the equivalent stored credentials

Returns:

The equivalent stored credentials for the given input credentials or null if the generation fails

getDefaultIterations

protected int getDefaultIterations()

Specified by:

getDefaultIterations in class DigestCredentialHandlerBase

Returns:

the default number of iterations used by the CredentialHandler.

getLog

protected Log getLog()

Specified by:

getLog in class DigestCredentialHandlerBase

Returns:

the logger for the CredentialHandler instance.