List of usage examples for org.apache.commons.codec.digest Md5Crypt apr1Crypt
public static String apr1Crypt(String keyBytes, String salt)
From source file:net.maritimecloud.mms.server.security.impl.ApacheConfSecurityHandler.java
/** * Check if the credentials are valid according to the Apache htpasswd-style credentials file * * @param token the credentials to check * @param htpasswdFile the htpasswd file * @return if the credentials are valid/* ww w . j a v a 2 s .co m*/ */ protected boolean authenticate(UsernamePasswordToken token, File htpasswdFile) throws IOException { Objects.requireNonNull(token); Objects.requireNonNull(htpasswdFile); // Read in the htpasswd file checkReadHtpasswdFile(htpasswdFile); String storedPwd = userPasswords.get(token.getUsername()); if (storedPwd != null) { final String passwd = new String(token.getPassword()); // test Apache MD5 variant encrypted password if (storedPwd.startsWith("$apr1$")) { return storedPwd.equals(Md5Crypt.apr1Crypt(passwd, storedPwd)); } // test unsalted SHA password else if (storedPwd.startsWith("{SHA}")) { String passwd64 = org.apache.commons.codec.binary.Base64 .encodeBase64String(DigestUtils.sha1(passwd)); return storedPwd.substring("{SHA}".length()).equals(passwd64); } // test libc crypt() encoded password else if (storedPwd.equals(Crypt.crypt(passwd, storedPwd))) { return true; } // test clear text else if (storedPwd.equals(passwd)) { return true; } } // Not authenticated return false; }
From source file:com.gitblit.auth.HtpasswdAuthProvider.java
/** * Authenticate a user based on a username and password. * * If the account is determined to be a local account, authentication * will be done against the locally stored password. * Otherwise, the configured htpasswd file is read. All current output options * of htpasswd are supported: clear text, crypt(), Apache MD5 and unsalted SHA-1. * * @param username/*from w w w.j a v a2s .co m*/ * @param password * @return a user object or null */ @Override public UserModel authenticate(String username, char[] password) { read(); String storedPwd = htUsers.get(username); if (storedPwd != null) { boolean authenticated = false; final String passwd = new String(password); // test Apache MD5 variant encrypted password if (storedPwd.startsWith("$apr1$")) { if (storedPwd.equals(Md5Crypt.apr1Crypt(passwd, storedPwd))) { logger.debug("Apache MD5 encoded password matched for user '" + username + "'"); authenticated = true; } } // test unsalted SHA password else if (storedPwd.startsWith("{SHA}")) { String passwd64 = Base64.encodeBase64String(DigestUtils.sha1(passwd)); if (storedPwd.substring("{SHA}".length()).equals(passwd64)) { logger.debug("Unsalted SHA-1 encoded password matched for user '" + username + "'"); authenticated = true; } } // test libc crypt() encoded password else if (supportCryptPwd() && storedPwd.equals(Crypt.crypt(passwd, storedPwd))) { logger.debug("Libc crypt encoded password matched for user '" + username + "'"); authenticated = true; } // test clear text else if (supportPlaintextPwd() && storedPwd.equals(passwd)) { logger.debug("Clear text password matched for user '" + username + "'"); authenticated = true; } if (authenticated) { logger.debug("Htpasswd authenticated: " + username); UserModel curr = userManager.getUserModel(username); UserModel user; if (curr == null) { // create user object for new authenticated user user = new UserModel(username); } else { user = curr; } // create a user cookie setCookie(user, password); // Set user attributes, hide password from backing user service. user.password = Constants.EXTERNAL_ACCOUNT; user.accountType = getAccountType(); // Push the looked up values to backing file updateUser(user); return user; } } return null; }
From source file:com.gitblit.HtpasswdUserService.java
/** * Authenticate a user based on a username and password. * * If the account is determined to be a local account, authentication * will be done against the locally stored password. * Otherwise, the configured htpasswd file is read. All current output options * of htpasswd are supported: clear text, crypt(), Apache MD5 and unsalted SHA-1. * * @param username//from ww w.ja v a2 s . co m * @param password * @return a user object or null */ @Override public UserModel authenticate(String username, char[] password) { if (isLocalAccount(username)) { // local account, bypass htpasswd authentication return super.authenticate(username, password); } read(); String storedPwd = htUsers.get(username); if (storedPwd != null) { boolean authenticated = false; final String passwd = new String(password); // test Apache MD5 variant encrypted password if (storedPwd.startsWith("$apr1$")) { if (storedPwd.equals(Md5Crypt.apr1Crypt(passwd, storedPwd))) { logger.debug("Apache MD5 encoded password matched for user '" + username + "'"); authenticated = true; } } // test unsalted SHA password else if (storedPwd.startsWith("{SHA}")) { String passwd64 = Base64.encodeBase64String(DigestUtils.sha1(passwd)); if (storedPwd.substring("{SHA}".length()).equals(passwd64)) { logger.debug("Unsalted SHA-1 encoded password matched for user '" + username + "'"); authenticated = true; } } // test libc crypt() encoded password else if (supportCryptPwd() && storedPwd.equals(Crypt.crypt(passwd, storedPwd))) { logger.debug("Libc crypt encoded password matched for user '" + username + "'"); authenticated = true; } // test clear text else if (supportPlaintextPwd() && storedPwd.equals(passwd)) { logger.debug("Clear text password matched for user '" + username + "'"); authenticated = true; } if (authenticated) { logger.debug("Htpasswd authenticated: " + username); UserModel user = getUserModel(username); if (user == null) { // create user object for new authenticated user user = new UserModel(username); } // create a user cookie if (StringUtils.isEmpty(user.cookie) && !ArrayUtils.isEmpty(password)) { user.cookie = StringUtils.getSHA1(user.username + passwd); } // Set user attributes, hide password from backing user service. user.password = Constants.EXTERNAL_ACCOUNT; user.accountType = getAccountType(); // Push the looked up values to backing file super.updateUserModel(user); return user; } } return null; }
From source file:fathom.realm.htpasswd.HtpasswdRealm.java
/** * htpasswd supports a few other password encryption schemes than the StandardCredentialsRealm. * * @param requestCredentials//from w w w.j a v a 2 s. com * @param storedCredentials * @return true if the request password validates against the stored password */ @Override protected boolean validatePassword(StandardCredentials requestCredentials, StandardCredentials storedCredentials) { final String storedPassword = storedCredentials.getPassword(); final String username = requestCredentials.getUsername(); final String password = requestCredentials.getPassword(); boolean authenticated = false; // test Apache MD5 variant encrypted password if (storedPassword.startsWith("$apr1$")) { if (storedPassword.equals(Md5Crypt.apr1Crypt(password, storedPassword))) { log.trace("Apache MD5 encoded password matched for user '{}'", username); authenticated = true; } } // test Unsalted SHA password else if (storedPassword.startsWith("{SHA}")) { String password64 = Base64.encodeBase64String(DigestUtils.sha1(password)); if (storedPassword.substring("{SHA}".length()).equals(password64)) { log.trace("Unsalted SHA-1 encoded password matched for user '{}'", username); authenticated = true; } } // test Libc Crypt password else if (!isAllowClearTextPasswords() && storedPassword.equals(Crypt.crypt(password, storedPassword))) { log.trace("Libc crypt encoded password matched for user '{}'", username); authenticated = true; } // test Clear Text password else if (isAllowClearTextPasswords() && storedPassword.equals(password)) { log.trace("Clear text password matched for user '{}'", username); authenticated = true; } return authenticated; }
From source file:org.apache.pulsar.broker.authentication.AuthenticationProviderBasic.java
@Override public String authenticate(AuthenticationDataSource authData) throws AuthenticationException { AuthParams authParams = new AuthParams(authData); String userId = authParams.getUserId(); String password = authParams.getPassword(); String msg = "Unknown user or invalid password"; if (users.get(userId) == null) { throw new AuthenticationException(msg); }/*w ww.jav a2 s . co m*/ String encryptedPassword = users.get(userId); // For md5 algorithm if ((users.get(userId).startsWith("$apr1"))) { List<String> splitEncryptedPassword = Arrays.asList(encryptedPassword.split("\\$")); if (splitEncryptedPassword.size() != 4 || !encryptedPassword .equals(Md5Crypt.apr1Crypt(password.getBytes(), splitEncryptedPassword.get(2)))) { throw new AuthenticationException(msg); } // For crypt algorithm } else if (!encryptedPassword.equals(Crypt.crypt(password.getBytes(), encryptedPassword.substring(0, 2)))) { throw new AuthenticationException(msg); } return userId; }
From source file:org.hawkular.openshift.auth.BasicAuthentication.java
private boolean verifyMD5Password(String storedPassword, String passedPassword) { // We send in the password presented by the user and use the stored password as the salt // If they match, then the password matches the original non-encrypted stored password String encryptedPassword = Md5Crypt.apr1Crypt(passedPassword, storedPassword); if (encryptedPassword.equals(storedPassword)) { return true; } else {/*from ww w . j av a 2s .c o m*/ return false; } }
From source file:org.hawkular.openshift.auth.BasicAuthenticator.java
private boolean verifyMD5Password(String storedPassword, String passedPassword) { // We send in the password presented by the user and use the stored password as the salt // If they match, then the password matches the original non-encrypted stored password return Md5Crypt.apr1Crypt(passedPassword, storedPassword).equals(storedPassword); }
From source file:org.jenkinsci.plugins.htpasswd.HtPasswdFile.java
private static boolean validateMd5Password(String hashed, String plain) { String result = Md5Crypt.apr1Crypt(plain, hashed); return hashed.equals(result); }