com.caucho.server.security
Class PasswordDigest

java.lang.Object
  com.caucho.server.security.PasswordDigest

Direct Known Subclasses:

PasswordDigest

public class PasswordDigest
extends java.lang.Object

Calculates a digest for the user and password.

If the realm is missing, the digest will calculate:

 MD5(user + ':' + password)
 

If the realm is specified, the digest will calculate:

 MD5(user + ':' + realm + ':' + password)
 

The second version matches the way HTTP digest authentication is handled, so it is the preferred method for storing passwords.

The returned result is the base64 encoding of the digest.

Constructor Summary

PasswordDigest()

Method Summary

protected static void	addDigestUTF8(java.security.MessageDigest digest, java.lang.String string) Adds the string to the digest using a UTF8 encoding.
void	addText(java.lang.String value) Sets the algorithm for bean-style init.
protected static java.lang.String	digestToBase64(byte[] digest, int len)
protected static java.lang.String	digestToHex(byte[] digest, int len)
protected static java.lang.String	digestToOldBase64(byte[] digest, int len)
protected java.lang.String	digestToString(byte[] digest, int len) Convert the digest byte array to a string.
java.lang.String	getAlgorithm() Returns the message digest algorithm.
java.lang.String	getFormat() Returns the message digest format (base64 or hex).
java.lang.String	getPasswordDigest(HttpServletRequest request, HttpServletResponse response, ServletContext app, java.lang.String user, java.lang.String password) Returns the digest of the user/password
java.lang.String	getPasswordDigest(HttpServletRequest request, HttpServletResponse response, ServletContext app, java.lang.String user, java.lang.String password, java.lang.String realm) Returns the digest of the user/password
java.lang.String	getPasswordDigest(java.lang.String password) Returns the digest of the password
java.lang.String	getPasswordDigest(java.lang.String user, java.lang.String password) Returns the digest of the user/password
java.lang.String	getPasswordDigest(java.lang.String user, java.lang.String password, java.lang.String realm) Returns the digest of the user/password
java.lang.String	getRealm() Returns the message digest default realm.
void	init() Initialize the digest.
void	setAlgorithm(java.lang.String algorithm) Returns the message digest algorithm.
void	setFormat(java.lang.String format) Set the message digest format (base64 or hex).
void	setOldEncoding(boolean isOldEncoding) Sets true for the old, buggy encoding.
void	setRealm(java.lang.String realm) Set the message digest default realm
protected byte[]	stringToDigest(java.lang.String s) Convert the string to a digest byte array.
java.lang.String	toString()
protected void	updateDigest(java.security.MessageDigest digest, java.lang.String user, java.lang.String password, java.lang.String realm) Updates the digest based on the user:realm:password

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

PasswordDigest

public PasswordDigest()

Method Detail

setAlgorithm

public void setAlgorithm(java.lang.String algorithm)

Returns the message digest algorithm.

getAlgorithm

public java.lang.String getAlgorithm()

Returns the message digest algorithm.

setFormat

public void setFormat(java.lang.String format)

Set the message digest format (base64 or hex).

getFormat

public java.lang.String getFormat()

Returns the message digest format (base64 or hex).

setRealm

public void setRealm(java.lang.String realm)

Set the message digest default realm

getRealm

public java.lang.String getRealm()

Returns the message digest default realm.

setOldEncoding

public void setOldEncoding(boolean isOldEncoding)

Sets true for the old, buggy encoding.

addText

public void addText(java.lang.String value)
             throws ConfigException

Sets the algorithm for bean-style init.

Throws:

ConfigException

init

public void init()
          throws ServletException

Initialize the digest.

Throws:

ServletException

getPasswordDigest

public java.lang.String getPasswordDigest(java.lang.String password)
                                   throws ServletException

Returns the digest of the password

Throws:

ServletException

getPasswordDigest

public java.lang.String getPasswordDigest(java.lang.String user,
                                          java.lang.String password)
                                   throws ServletException

Returns the digest of the user/password

Throws:

ServletException

getPasswordDigest

public java.lang.String getPasswordDigest(java.lang.String user,
                                          java.lang.String password,
                                          java.lang.String realm)
                                   throws ServletException

Returns the digest of the user/password

Throws:

ServletException

getPasswordDigest

public java.lang.String getPasswordDigest(HttpServletRequest request,
                                          HttpServletResponse response,
                                          ServletContext app,
                                          java.lang.String user,
                                          java.lang.String password)
                                   throws ServletException

Returns the digest of the user/password

The default implementation returns the digest of user:password or user:realm:password if a default realm has been configured.

Parameters:

request - the http request

response - the http response

app - the servlet context

user - the user name

password - the cleartext password

Throws:

ServletException

getPasswordDigest

public java.lang.String getPasswordDigest(HttpServletRequest request,
                                          HttpServletResponse response,
                                          ServletContext app,
                                          java.lang.String user,
                                          java.lang.String password,
                                          java.lang.String realm)
                                   throws ServletException

Returns the digest of the user/password

The default implementation returns the digest of user:realm:password. If the realm is null, it will use user:password.

Parameters:

request - the http request

response - the http response

app - the servlet context

user - the user name

password - the cleartext password

realm - the security realm

Throws:

ServletException

updateDigest

protected void updateDigest(java.security.MessageDigest digest,
                            java.lang.String user,
                            java.lang.String password,
                            java.lang.String realm)

Updates the digest based on the user:realm:password

addDigestUTF8

protected static void addDigestUTF8(java.security.MessageDigest digest,
                                    java.lang.String string)

Adds the string to the digest using a UTF8 encoding.

stringToDigest

protected byte[] stringToDigest(java.lang.String s)

Convert the string to a digest byte array.

digestToString

protected java.lang.String digestToString(byte[] digest,
                                          int len)

Convert the digest byte array to a string.

digestToBase64

protected static java.lang.String digestToBase64(byte[] digest,
                                                 int len)

digestToOldBase64

protected static java.lang.String digestToOldBase64(byte[] digest,
                                                    int len)

digestToHex

protected static java.lang.String digestToHex(byte[] digest,
                                              int len)

toString

public java.lang.String toString()

Overrides:

toString in class java.lang.Object