106 lines
3.2 KiB
Java
106 lines
3.2 KiB
Java
/*
|
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
|
* contributor license agreements. See the NOTICE file distributed with
|
|
* this work for additional information regarding copyright ownership.
|
|
* The ASF licenses this file to You under the Apache License, Version 2.0
|
|
* (the "License"); you may not use this file except in compliance with
|
|
* the License. You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
package org.apache.catalina.realm;
|
|
|
|
import java.security.NoSuchAlgorithmException;
|
|
import java.security.spec.InvalidKeySpecException;
|
|
import java.security.spec.KeySpec;
|
|
|
|
import javax.crypto.SecretKeyFactory;
|
|
import javax.crypto.spec.PBEKeySpec;
|
|
|
|
import org.apache.juli.logging.Log;
|
|
import org.apache.juli.logging.LogFactory;
|
|
import org.apache.tomcat.util.buf.HexUtils;
|
|
|
|
public class SecretKeyCredentialHandler extends DigestCredentialHandlerBase {
|
|
|
|
private static final Log log = LogFactory.getLog(SecretKeyCredentialHandler.class);
|
|
|
|
public static final String DEFAULT_ALGORITHM = "PBKDF2WithHmacSHA1";
|
|
public static final int DEFAULT_KEY_LENGTH = 160;
|
|
public static final int DEFAULT_ITERATIONS = 20000;
|
|
|
|
|
|
private SecretKeyFactory secretKeyFactory;
|
|
private int keyLength = DEFAULT_KEY_LENGTH;
|
|
|
|
|
|
public SecretKeyCredentialHandler() throws NoSuchAlgorithmException {
|
|
setAlgorithm(DEFAULT_ALGORITHM);
|
|
}
|
|
|
|
|
|
@Override
|
|
public String getAlgorithm() {
|
|
return secretKeyFactory.getAlgorithm();
|
|
}
|
|
|
|
|
|
@Override
|
|
public void setAlgorithm(String algorithm) throws NoSuchAlgorithmException {
|
|
SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(algorithm);
|
|
this.secretKeyFactory = secretKeyFactory;
|
|
}
|
|
|
|
|
|
public int getKeyLength() {
|
|
return keyLength;
|
|
}
|
|
|
|
|
|
public void setKeyLength(int keyLength) {
|
|
this.keyLength = keyLength;
|
|
}
|
|
|
|
|
|
@Override
|
|
public boolean matches(String inputCredentials, String storedCredentials) {
|
|
return matchesSaltIterationsEncoded(inputCredentials, storedCredentials);
|
|
}
|
|
|
|
|
|
@Override
|
|
protected String mutate(String inputCredentials, byte[] salt, int iterations) {
|
|
return mutate(inputCredentials, salt, iterations, getKeyLength());
|
|
}
|
|
|
|
|
|
@Override
|
|
protected String mutate(String inputCredentials, byte[] salt, int iterations, int keyLength) {
|
|
try {
|
|
KeySpec spec = new PBEKeySpec(inputCredentials.toCharArray(), salt, iterations, keyLength);
|
|
return HexUtils.toHexString(secretKeyFactory.generateSecret(spec).getEncoded());
|
|
} catch (InvalidKeySpecException | IllegalArgumentException e) {
|
|
log.warn(sm.getString("pbeCredentialHandler.invalidKeySpec"), e);
|
|
return null;
|
|
}
|
|
}
|
|
|
|
|
|
@Override
|
|
protected int getDefaultIterations() {
|
|
return DEFAULT_ITERATIONS;
|
|
}
|
|
|
|
|
|
@Override
|
|
protected Log getLog() {
|
|
return log;
|
|
}
|
|
}
|