Package org.apache.catalina.realm
Class DigestCredentialHandlerBase
java.lang.Object
org.apache.catalina.realm.DigestCredentialHandlerBase
- All Implemented Interfaces:
- CredentialHandler
- Direct Known Subclasses:
- MessageDigestCredentialHandler,- SecretKeyCredentialHandler
Base implementation for the Tomcat provided 
CredentialHandlers.- 
Field SummaryFields
- 
Constructor SummaryConstructors
- 
Method SummaryModifier and TypeMethodDescriptionstatic booleanequals(byte[] b1, byte[] b2) Implements byte-array equality which always compares all bytes in the array, without stopping early if any bytes do not match.static booleanImplements String equality which always compares all characters in the string, without stopping early if any characters do not match.abstract Stringprotected abstract intprotected intintprotected abstract LoggetLog()booleanWhen checking input credentials against stored credentials will a warning message be logged if invalid stored credentials are discovered?intprotected booleanmatchesSaltIterationsEncoded(String inputCredentials, String storedCredentials) Checks whether the provided credential matches the stored credential when the stored credential is in the form salt$iteration-count$credentialGenerates the equivalent stored credentials for the given input credentials.protected abstract StringGenerates the equivalent stored credentials for the given input credentials, salt and iterations.protected StringGenerates the equivalent stored credentials for the given input credentials, salt, iterations and key length.abstract voidsetAlgorithm(String algorithm) Set the algorithm used to convert input credentials to stored credentials.voidsetIterations(int iterations) Set the number of iterations of the associated algorithm that will be used when creating a new stored credential for a given input credential.voidsetLogInvalidStoredCredentials(boolean logInvalidStoredCredentials) Set whether a warning message will be logged if invalid stored credentials are discovered while checking input credentials against stored credentials?voidsetSaltLength(int saltLength) Set the salt length that will be used when creating a new stored credential for a given input credential.Methods inherited from class java.lang.Objectclone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.apache.catalina.CredentialHandlermatches
- 
Field Details- 
sm
- 
DEFAULT_SALT_LENGTHpublic static final int DEFAULT_SALT_LENGTH- See Also:
 
 
- 
- 
Constructor Details- 
DigestCredentialHandlerBasepublic DigestCredentialHandlerBase()
 
- 
- 
Method Details- 
getIterationspublic int getIterations()- Returns:
- the number of iterations of the associated algorithm that will be used when creating a new stored credential for a given input credential.
 
- 
setIterationspublic void setIterations(int iterations) Set the number of iterations of the associated algorithm that will be used when creating a new stored credential for a given input credential.- Parameters:
- iterations- the iterations count
 
- 
getSaltLengthpublic int getSaltLength()- Returns:
- the salt length that will be used when creating a new stored credential for a given input credential.
 
- 
setSaltLengthpublic void setSaltLength(int saltLength) Set the salt length that will be used when creating a new stored credential for a given input credential.- Parameters:
- saltLength- the salt length
 
- 
getLogInvalidStoredCredentialspublic boolean getLogInvalidStoredCredentials()When checking input credentials against stored credentials will a warning message be logged if invalid stored credentials are discovered?- Returns:
- trueif logging will occur
 
- 
setLogInvalidStoredCredentialspublic void setLogInvalidStoredCredentials(boolean logInvalidStoredCredentials) Set whether a warning message will be logged if invalid stored credentials are discovered while checking input credentials against stored credentials?- Parameters:
- logInvalidStoredCredentials-- trueto log, the default value is- false
 
- 
mutateDescription copied from interface:CredentialHandlerGenerates the equivalent stored credentials for the given input credentials.- Specified by:
- mutatein interface- CredentialHandler
- Parameters:
- userCredential- User provided credentials
- Returns:
- The equivalent stored credentials for the given input credentials
 
- 
matchesSaltIterationsEncodedChecks whether the provided credential matches the stored credential when the stored credential is in the form salt$iteration-count$credential- Parameters:
- inputCredentials- The input credential
- storedCredentials- The stored credential
- Returns:
- trueif they match, otherwise- false
 
- 
getDefaultSaltLengthprotected int getDefaultSaltLength()- Returns:
- the default salt length used by the CredentialHandler.
 
- 
mutateGenerates the equivalent stored credentials for the given input credentials, salt and iterations. If the algorithm requires a key length, the default will be used.- Parameters:
- inputCredentials- User provided credentials
- salt- Salt, if any
- iterations- Number of iterations of the algorithm associated with this CredentialHandler applied to the inputCredentials to generate the equivalent stored credentials
- Returns:
- The equivalent stored credentials for the given input credentials or nullif the generation fails
 
- 
mutateGenerates the equivalent stored credentials for the given input credentials, salt, iterations and key length. The default implementation calls ignores the key length and callsmutate(String, byte[], int). Sub-classes that use the key length should override this method.- Parameters:
- inputCredentials- User provided credentials
- salt- Salt, if any
- iterations- Number of iterations of the algorithm associated with this CredentialHandler applied to the inputCredentials to generate the equivalent stored credentials
- keyLength- Length of the produced digest in bits for implementations where it's applicable
- Returns:
- The equivalent stored credentials for the given input credentials or nullif the generation fails
 
- 
setAlgorithmSet the algorithm used to convert input credentials to stored credentials.- Parameters:
- algorithm- the algorithm
- Throws:
- NoSuchAlgorithmException- if the specified algorithm is not supported
 
- 
getAlgorithm- Returns:
- the algorithm used to convert input credentials to stored credentials.
 
- 
getDefaultIterationsprotected abstract int getDefaultIterations()- Returns:
- the default number of iterations used by the CredentialHandler.
 
- 
getLog- Returns:
- the logger for the CredentialHandler instance.
 
- 
equalsImplements String equality which always compares all characters in the string, without stopping early if any characters do not match.Note: This implementation was adapted from MessageDigest.isEqual(byte[], byte[])which we assume is as optimizer-defeating as possible.- Parameters:
- s1- The first string to compare.
- s2- The second string to compare.
- ignoreCase-- trueif the strings should be compared without regard to case. Note that "true" here is only guaranteed to work with plain ASCII characters.
- Returns:
- trueif the strings are equal to each other,- falseotherwise.
 
- 
equalspublic static boolean equals(byte[] b1, byte[] b2) Implements byte-array equality which always compares all bytes in the array, without stopping early if any bytes do not match.Note: Implementation note: this method delegates to MessageDigest.isEqual(byte[], byte[])under the assumption that it provides a constant-time comparison of the bytes in the arrays. Java 7+ has such an implementation, but neither the Javadoc nor any specification requires it. Therefore, Tomcat should continue to use this method internally in case the JDK implementation changes so this method can be re-implemented properly.- Parameters:
- b1- The first array to compare.
- b2- The second array to compare.
- Returns:
- trueif the arrays are equal to each other,- falseotherwise.
 
 
-