Java Code Examples for org.apache.tomcat.util.security.MD5Encoder#encode()

The following examples show how to use org.apache.tomcat.util.security.MD5Encoder#encode() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: RealmBase.java    From Tomcat8-Source-Read with MIT License 6 votes vote down vote up
/**
 * Return the digest associated with given principal's user name.
 * @param username the user name
 * @param realmName the realm name
 * @return the digest for the specified user
 */
protected String getDigest(String username, String realmName) {
    if (hasMessageDigest()) {
        // Use pre-generated digest
        return getPassword(username);
    }

    String digestValue = username + ":" + realmName + ":"
        + getPassword(username);

    byte[] valueBytes = null;
    try {
        valueBytes = digestValue.getBytes(getDigestCharset());
    } catch (UnsupportedEncodingException uee) {
        log.error("Illegal digestEncoding: " + getDigestEncoding(), uee);
        throw new IllegalArgumentException(uee.getMessage());
    }

    return MD5Encoder.encode(ConcurrentMessageDigest.digestMD5(valueBytes));
}
 
Example 2
Source File: TestJNDIRealm.java    From Tomcat7.0.67 with Apache License 2.0 6 votes vote down vote up
@Test
public void testAuthenticateWithUserPasswordAndDigest() throws Exception {
    // GIVEN
    JNDIRealm realm = buildRealm(ha1(), "MD5");
    realm.setUserPassword(USER_PASSWORD_ATTR);

    // WHEN
    String expectedResponse =
            MD5Encoder.encode(md5Helper.digest((ha1() + ":" + NONCE + ":" + HA2).getBytes()));
    Principal principal =
            realm.authenticate(USER, expectedResponse, NONCE, null, null, null, REALM, HA2);

    // THEN
    Assert.assertTrue(principal instanceof GenericPrincipal);
    Assert.assertEquals(ha1(), ((GenericPrincipal)principal).getPassword());
}
 
Example 3
Source File: TestJNDIRealm.java    From tomcatsrc with Apache License 2.0 6 votes vote down vote up
@Test
public void testAuthenticateWithUserPasswordAndDigest() throws Exception {
    // GIVEN
    JNDIRealm realm = buildRealm(ha1(), "MD5");
    realm.setUserPassword(USER_PASSWORD_ATTR);

    // WHEN
    String expectedResponse =
            MD5Encoder.encode(md5Helper.digest((ha1() + ":" + NONCE + ":" + HA2).getBytes()));
    Principal principal =
            realm.authenticate(USER, expectedResponse, NONCE, null, null, null, REALM, HA2);

    // THEN
    Assert.assertTrue(principal instanceof GenericPrincipal);
    Assert.assertEquals(ha1(), ((GenericPrincipal)principal).getPassword());
}
 
Example 4
Source File: TestJNDIRealm.java    From Tomcat8-Source-Read with MIT License 6 votes vote down vote up
@Test
public void testAuthenticateWithUserPasswordAndCredentialHandler() throws Exception {
    // GIVEN
    JNDIRealm realm = buildRealm(ha1());
    realm.setCredentialHandler(buildCredentialHandler());
    realm.setUserPassword(USER_PASSWORD_ATTR);

    // WHEN
    String expectedResponse =
            MD5Encoder.encode(md5Helper.digest((ha1() + ":" + NONCE + ":" + HA2).getBytes()));
    Principal principal =
            realm.authenticate(USER, expectedResponse, NONCE, null, null, null, REALM, HA2);

    // THEN
    Assert.assertTrue(principal instanceof GenericPrincipal);
    Assert.assertEquals(ha1(), ((GenericPrincipal)principal).getPassword());
}
 
Example 5
Source File: TestJNDIRealm.java    From Tomcat8-Source-Read with MIT License 6 votes vote down vote up
@Test
public void testAuthenticateWithUserPassword() throws Exception {
    // GIVEN
    JNDIRealm realm = buildRealm(PASSWORD);
    realm.setUserPassword(USER_PASSWORD_ATTR);

    // WHEN
    String expectedResponse =
            MD5Encoder.encode(md5Helper.digest((ha1() + ":" + NONCE + ":" + HA2).getBytes()));
    Principal principal =
            realm.authenticate(USER, expectedResponse, NONCE, null, null, null, REALM, HA2);

    // THEN
    Assert.assertTrue(principal instanceof GenericPrincipal);
    Assert.assertEquals(PASSWORD, ((GenericPrincipal)principal).getPassword());
}
 
Example 6
Source File: TestJNDIRealm.java    From Tomcat7.0.67 with Apache License 2.0 5 votes vote down vote up
@Test
public void testAuthenticateWithoutUserPassword() throws Exception {
    // GIVEN
    JNDIRealm realm = buildRealm(PASSWORD, null);

    // WHEN
    String expectedResponse =
            MD5Encoder.encode(md5Helper.digest((ha1() + ":" + NONCE + ":" + HA2).getBytes()));
    Principal principal =
            realm.authenticate(USER, expectedResponse, NONCE, null, null, null, REALM, HA2);

    // THEN
    Assert.assertNull(principal);
}
 
Example 7
Source File: DigestAuthenticator.java    From tomcatsrc with Apache License 2.0 5 votes vote down vote up
/**
 * Generate a unique token. The token is generated according to the
 * following pattern. NOnceToken = Base64 ( MD5 ( client-IP ":"
 * time-stamp ":" private-key ) ).
 *
 * @param request HTTP Servlet request
 */
protected String generateNonce(Request request) {

    long currentTime = System.currentTimeMillis();

    synchronized (lastTimestampLock) {
        if (currentTime > lastTimestamp) {
            lastTimestamp = currentTime;
        } else {
            currentTime = ++lastTimestamp;
        }
    }

    String ipTimeKey =
        request.getRemoteAddr() + ":" + currentTime + ":" + getKey();

    byte[] buffer = ConcurrentMessageDigest.digestMD5(
            ipTimeKey.getBytes(B2CConverter.ISO_8859_1));
    String nonce = currentTime + ":" + MD5Encoder.encode(buffer);

    NonceInfo info = new NonceInfo(currentTime, getNonceCountWindowSize());
    synchronized (nonces) {
        nonces.put(nonce, info);
    }

    return nonce;
}
 
Example 8
Source File: TesterDigestAuthenticatorPerformance.java    From Tomcat7.0.67 with Apache License 2.0 5 votes vote down vote up
private String buildDigestResponse(String nonce) {

            String ncString = String.format("%1$08x",
                    Integer.valueOf(nonceCount.incrementAndGet()));
            String cnonce = "cnonce";

            String response = MD5A1 + ":" + nonce + ":" + ncString + ":" +
                    cnonce + ":" + QOP + ":" + MD5A2;

            String md5response = MD5Encoder.encode(
                    ConcurrentMessageDigest.digest("MD5", response.getBytes()));

            StringBuilder auth = new StringBuilder();
            auth.append("Digest username=\"");
            auth.append(USER);
            auth.append("\", realm=\"");
            auth.append(REALM);
            auth.append("\", nonce=\"");
            auth.append(nonce);
            auth.append("\", uri=\"");
            auth.append(CONTEXT_PATH + URI);
            auth.append("\", opaque=\"");
            auth.append(authenticator.getOpaque());
            auth.append("\", response=\"");
            auth.append(md5response);
            auth.append("\"");
            auth.append(", qop=");
            auth.append(QOP);
            auth.append(", nc=");
            auth.append(ncString);
            auth.append(", cnonce=\"");
            auth.append(cnonce);
            auth.append("\"");

            return auth.toString();
        }
 
Example 9
Source File: TestJNDIRealm.java    From tomcatsrc with Apache License 2.0 5 votes vote down vote up
@Test
public void testAuthenticateWithoutUserPassword() throws Exception {
    // GIVEN
    JNDIRealm realm = buildRealm(PASSWORD, null);

    // WHEN
    String expectedResponse =
            MD5Encoder.encode(md5Helper.digest((ha1() + ":" + NONCE + ":" + HA2).getBytes()));
    Principal principal =
            realm.authenticate(USER, expectedResponse, NONCE, null, null, null, REALM, HA2);

    // THEN
    Assert.assertNull(principal);
}
 
Example 10
Source File: DigestAuthenticator.java    From Tomcat7.0.67 with Apache License 2.0 5 votes vote down vote up
public Principal authenticate(Realm realm) {
    // Second MD5 digest used to calculate the digest :
    // MD5(Method + ":" + uri)
    String a2 = method + ":" + uri;

    byte[] buffer = ConcurrentMessageDigest.digestMD5(
            a2.getBytes(B2CConverter.ISO_8859_1));
    String md5a2 = MD5Encoder.encode(buffer);

    return realm.authenticate(userName, response, nonce, nc, cnonce,
            qop, realmName, md5a2);
}
 
Example 11
Source File: TestJNDIRealm.java    From Tomcat8-Source-Read with MIT License 5 votes vote down vote up
@Test
public void testAuthenticateWithoutUserPassword() throws Exception {
    // GIVEN
    JNDIRealm realm = buildRealm(PASSWORD);

    // WHEN
    String expectedResponse =
            MD5Encoder.encode(md5Helper.digest((ha1() + ":" + NONCE + ":" + HA2).getBytes()));
    Principal principal =
            realm.authenticate(USER, expectedResponse, NONCE, null, null, null, REALM, HA2);

    // THEN
    Assert.assertNull(principal);
}
 
Example 12
Source File: DigestAuthenticator.java    From tomcatsrc with Apache License 2.0 5 votes vote down vote up
public Principal authenticate(Realm realm) {
    // Second MD5 digest used to calculate the digest :
    // MD5(Method + ":" + uri)
    String a2 = method + ":" + uri;

    byte[] buffer = ConcurrentMessageDigest.digestMD5(
            a2.getBytes(B2CConverter.ISO_8859_1));
    String md5a2 = MD5Encoder.encode(buffer);

    return realm.authenticate(userName, response, nonce, nc, cnonce,
            qop, realmName, md5a2);
}
 
Example 13
Source File: DigestAuthenticator.java    From Tomcat8-Source-Read with MIT License 5 votes vote down vote up
private String encodeMD5(String value) throws NoSuchAlgorithmException {
    byte[] bytesOfMessage = value.getBytes(StandardCharsets.ISO_8859_1);
    MessageDigest md = MessageDigest.getInstance("MD5");
    byte[] thedigest = md.digest(bytesOfMessage);

    return MD5Encoder.encode(thedigest);
}
 
Example 14
Source File: DigestAuthenticator.java    From Tomcat8-Source-Read with MIT License 5 votes vote down vote up
public Principal authenticate(Realm realm) {
    // Second MD5 digest used to calculate the digest :
    // MD5(Method + ":" + uri)
    String a2 = method + ":" + uri;

    byte[] buffer = ConcurrentMessageDigest.digestMD5(
            a2.getBytes(StandardCharsets.ISO_8859_1));
    String md5a2 = MD5Encoder.encode(buffer);

    return realm.authenticate(userName, response, nonce, nc, cnonce,
            qop, realmName, md5a2);
}
 
Example 15
Source File: TestDigestAuthenticator.java    From Tomcat8-Source-Read with MIT License 4 votes vote down vote up
private static String digest(String input) {
    return MD5Encoder.encode(
            ConcurrentMessageDigest.digestMD5(input.getBytes()));
}
 
Example 16
Source File: TestJNDIRealm.java    From tomcatsrc with Apache License 2.0 4 votes vote down vote up
private String ha1() {
    String a1 = USER + ":" + REALM + ":" + PASSWORD;
    return MD5Encoder.encode(md5Helper.digest(a1.getBytes()));
}
 
Example 17
Source File: RealmBase.java    From Tomcat7.0.67 with Apache License 2.0 4 votes vote down vote up
/**
 * Return the Principal associated with the specified username, which
 * matches the digest calculated using the given parameters using the
 * method described in RFC 2069; otherwise return <code>null</code>.
 *
 * @param username Username of the Principal to look up
 * @param clientDigest Digest which has been submitted by the client
 * @param nonce Unique (or supposedly unique) token which has been used
 * for this request
 * @param realm Realm name
 * @param md5a2 Second MD5 digest used to calculate the digest :
 * MD5(Method + ":" + uri)
 */
@Override
public Principal authenticate(String username, String clientDigest,
                              String nonce, String nc, String cnonce,
                              String qop, String realm,
                              String md5a2) {

    // In digest auth, digests are always lower case
    String md5a1 = getDigest(username, realm);
    if (md5a1 == null)
        return null;
    md5a1 = md5a1.toLowerCase(Locale.ENGLISH);
    String serverDigestValue;
    if (qop == null) {
        serverDigestValue = md5a1 + ":" + nonce + ":" + md5a2;
    } else {
        serverDigestValue = md5a1 + ":" + nonce + ":" + nc + ":" +
                cnonce + ":" + qop + ":" + md5a2;
    }

    byte[] valueBytes = null;
    try {
        valueBytes = serverDigestValue.getBytes(getDigestCharset());
    } catch (UnsupportedEncodingException uee) {
        log.error("Illegal digestEncoding: " + getDigestEncoding(), uee);
        throw new IllegalArgumentException(uee.getMessage());
    }

    String serverDigest = null;
    // Bugzilla 32137
    synchronized(md5Helper) {
        serverDigest = MD5Encoder.encode(md5Helper.digest(valueBytes));
    }

    if (log.isDebugEnabled()) {
        log.debug("Digest : " + clientDigest + " Username:" + username 
                + " ClientSigest:" + clientDigest + " nonce:" + nonce 
                + " nc:" + nc + " cnonce:" + cnonce + " qop:" + qop 
                + " realm:" + realm + "md5a2:" + md5a2 
                + " Server digest:" + serverDigest);
    }
    
    if (serverDigest.equals(clientDigest)) {
        return getPrincipal(username);
    }

    return null;
}
 
Example 18
Source File: TestSSOnonLoginAndDigestAuthenticator.java    From Tomcat7.0.67 with Apache License 2.0 4 votes vote down vote up
private static String digest(String input) {
    return MD5Encoder.encode(
            ConcurrentMessageDigest.digestMD5(input.getBytes()));
}
 
Example 19
Source File: RealmBase.java    From Tomcat8-Source-Read with MIT License 4 votes vote down vote up
/**
 * Try to authenticate with the specified username, which
 * matches the digest calculated using the given parameters using the
 * method described in RFC 2617 (which is a superset of RFC 2069).
 *
 * @param username Username of the Principal to look up
 * @param clientDigest Digest which has been submitted by the client
 * @param nonce Unique (or supposedly unique) token which has been used
 * for this request
 * @param nc the nonce counter
 * @param cnonce the client chosen nonce
 * @param qop the "quality of protection" (<code>nc</code> and <code>cnonce</code>
 *        will only be used, if <code>qop</code> is not <code>null</code>).
 * @param realm Realm name
 * @param md5a2 Second MD5 digest used to calculate the digest :
 * MD5(Method + ":" + uri)
 * @return the associated principal, or <code>null</code> if there is none.
 */
@Override
public Principal authenticate(String username, String clientDigest,
                              String nonce, String nc, String cnonce,
                              String qop, String realm,
                              String md5a2) {

    // In digest auth, digests are always lower case
    String md5a1 = getDigest(username, realm);
    if (md5a1 == null)
        return null;
    md5a1 = md5a1.toLowerCase(Locale.ENGLISH);
    String serverDigestValue;
    if (qop == null) {
        serverDigestValue = md5a1 + ":" + nonce + ":" + md5a2;
    } else {
        serverDigestValue = md5a1 + ":" + nonce + ":" + nc + ":" +
                cnonce + ":" + qop + ":" + md5a2;
    }

    byte[] valueBytes = null;
    try {
        valueBytes = serverDigestValue.getBytes(getDigestCharset());
    } catch (UnsupportedEncodingException uee) {
        log.error("Illegal digestEncoding: " + getDigestEncoding(), uee);
        throw new IllegalArgumentException(uee.getMessage());
    }

    String serverDigest = MD5Encoder.encode(ConcurrentMessageDigest.digestMD5(valueBytes));

    if (log.isDebugEnabled()) {
        log.debug("Digest : " + clientDigest + " Username:" + username
                + " ClientDigest:" + clientDigest + " nonce:" + nonce
                + " nc:" + nc + " cnonce:" + cnonce + " qop:" + qop
                + " realm:" + realm + "md5a2:" + md5a2
                + " Server digest:" + serverDigest);
    }

    if (serverDigest.equals(clientDigest)) {
        return getPrincipal(username);
    }

    return null;
}
 
Example 20
Source File: TestDigestAuthenticator.java    From tomcatsrc with Apache License 2.0 4 votes vote down vote up
private static String digest(String input) {
    return MD5Encoder.encode(
            ConcurrentMessageDigest.digestMD5(input.getBytes()));
}