Class MessageDigestCredentialHandler

java.lang.Object
org.apache.catalina.realm.DigestCredentialHandlerBase
org.apache.catalina.realm.MessageDigestCredentialHandler
All Implemented Interfaces:
CredentialHandler
public class MessageDigestCredentialHandler extends DigestCredentialHandlerBase
This credential handler supports the following forms of stored passwords:
  • encodedCredential - a hex encoded digest of the password digested using the configured digest
  • {MD5}encodedCredential - a Base64 encoded MD5 digest of the password
  • {SHA}encodedCredential - a Base64 encoded SHA1 digest of the password
  • {SSHA}encodedCredential - 20 byte Base64 encoded SHA1 digest followed by variable length salt. 
    {SSHA}<sha-1 digest:20><salt:n>
  • salt$iterationCount$encodedCredential - a hex encoded salt, iteration code and a hex encoded credential, each separated by $

If the stored password form does not include an iteration count then an iteration count of 1 is used.

If the stored password form does not include salt then no salt is used.

  • Field Details

    • DEFAULT_ITERATIONS

      public static final int DEFAULT_ITERATIONS
      The default number of iterations.
      See Also:

  • Constructor Details

    • MessageDigestCredentialHandler

      public MessageDigestCredentialHandler()
      Default constructor.

  • Method Details

    • getEncoding

      public String getEncoding()
      Get the encoding.
      Returns:
      the encoding

    • setEncoding

      public void setEncoding(String encodingName)
      Set the encoding.
      Parameters:
      encodingName - the encoding name

    • getAlgorithm

      public String getAlgorithm()
      Description copied from class: DigestCredentialHandlerBase
      Get the algorithm used to convert input credentials to stored credentials.
      Specified by:
      getAlgorithm in class DigestCredentialHandlerBase
      Returns:
      the algorithm used to convert input credentials to stored credentials.

    • setAlgorithm

      public void setAlgorithm(String algorithm) throws NoSuchAlgorithmException
      Description copied from class: DigestCredentialHandlerBase
      Set the algorithm used to convert input credentials to stored credentials.
      Specified by:
      setAlgorithm in class DigestCredentialHandlerBase
      Parameters:
      algorithm - the algorithm
      Throws:
      NoSuchAlgorithmException - if the specified algorithm is not supported

    • getDigestInRfc3112Order

      public boolean getDigestInRfc3112Order()
      Get whether the digest is in RFC 3112 order.
      Returns:
      whether the digest is in RFC 3112 order

    • setDigestInRfc3112Order

      public void setDigestInRfc3112Order(boolean digestInRfc3112Order)
      Set whether the digest is in RFC 3112 order.
      Parameters:
      digestInRfc3112Order - whether the digest is in RFC 3112 order

    • matches

      public boolean matches(String inputCredentials, String storedCredentials)
      Description copied from interface: CredentialHandler
      Checks to see if the input credentials match the stored credentials
      Parameters:
      inputCredentials - User provided credentials
      storedCredentials - Credentials stored in the Realm
      Returns:
      true if the inputCredentials match the storedCredentials, otherwise false

    • mutate

      protected String mutate(String inputCredentials, byte[] salt, int iterations)
      Description copied from class: DigestCredentialHandlerBase
      Generates the equivalent stored credentials for the given input credentials, salt and iterations. If the algorithm requires a key length, the default will be used.
      Specified by:
      mutate in class DigestCredentialHandlerBase
      Parameters:
      inputCredentials - User provided credentials
      salt - Salt, if any
      iterations - Number of iterations of the algorithm associated with this CredentialHandler applied to the inputCredentials to generate the equivalent stored credentials
      Returns:
      The equivalent stored credentials for the given input credentials or null if the generation fails

    • getDefaultIterations

      protected int getDefaultIterations()
      Description copied from class: DigestCredentialHandlerBase
      Get the default number of iterations used by the CredentialHandler.
      Specified by:
      getDefaultIterations in class DigestCredentialHandlerBase
      Returns:
      the default number of iterations used by the CredentialHandler.

    • getLog

      protected Log getLog()
      Description copied from class: DigestCredentialHandlerBase
      Get the logger for the CredentialHandler instance.
      Specified by:
      getLog in class DigestCredentialHandlerBase
      Returns:
      the logger for the CredentialHandler instance.