Package org.apache.catalina.realm

Class MessageDigestCredentialHandler

  • All Implemented Interfaces:
    CredentialHandler
    public class MessageDigestCredentialHandler
extends DigestCredentialHandlerBase
    This credential handler supports the following forms of stored passwords:
    • encodedCredential - a hex encoded digest of the password digested using the configured digest
    • {MD5}encodedCredential - a Base64 encoded MD5 digest of the password
    • {SHA}encodedCredential - a Base64 encoded SHA1 digest of the password
    • {SSHA}encodedCredential - 20 byte Base64 encoded SHA1 digest followed by variable length salt. 
      {SSHA}<sha-1 digest:20><salt:n>
    • salt$iterationCount$encodedCredential - a hex encoded salt, iteration code and a hex encoded credential, each separated by $

    If the stored password form does not include an iteration count then an iteration count of 1 is used.

    If the stored password form does not include salt then no salt is used.

    • Constructor Detail

      • MessageDigestCredentialHandler

        public MessageDigestCredentialHandler()

    • Method Detail

      • getEncoding

        public java.lang.String getEncoding()

      • setEncoding

        public void setEncoding​(java.lang.String encodingName)

      • getAlgorithm

        public java.lang.String getAlgorithm()
        Specified by:
        getAlgorithm in class DigestCredentialHandlerBase
        Returns:
        the algorithm used to convert input credentials to stored credentials.

      • setAlgorithm

        public void setAlgorithm​(java.lang.String algorithm)
                  throws java.security.NoSuchAlgorithmException
        Description copied from class: DigestCredentialHandlerBase
        Set the algorithm used to convert input credentials to stored credentials.
        Specified by:
        setAlgorithm in class DigestCredentialHandlerBase
        Parameters:
        algorithm - the algorithm
        Throws:
        java.security.NoSuchAlgorithmException - if the specified algorithm is not supported

      • matches

        public boolean matches​(java.lang.String inputCredentials,
                       java.lang.String storedCredentials)
        Description copied from interface: CredentialHandler
        Checks to see if the input credentials match the stored credentials
        Parameters:
        inputCredentials - User provided credentials
        storedCredentials - Credentials stored in the Realm
        Returns:
        true if the inputCredentials match the storedCredentials, otherwise false

      • mutate

        protected java.lang.String mutate​(java.lang.String inputCredentials,
                                  byte[] salt,
                                  int iterations)
        Description copied from class: DigestCredentialHandlerBase
        Generates the equivalent stored credentials for the given input credentials, salt and iterations. If the algorithm requires a key length, the default will be used.
        Specified by:
        mutate in class DigestCredentialHandlerBase
        Parameters:
        inputCredentials - User provided credentials
        salt - Salt, if any
        iterations - Number of iterations of the algorithm associated with this CredentialHandler applied to the inputCredentials to generate the equivalent stored credentials
        Returns:
        The equivalent stored credentials for the given input credentials or null if the generation fails