| | |
| | | /* |
| | | Nutzerverwaltung - A Generic User Manager |
| | | Copyright (c) 2016 Ulrich Hilger |
| | | |
| | | This program is free software: you can redistribute it and/or modify |
| | | it under the terms of the GNU Affero General Public License as published by |
| | | the Free Software Foundation, either version 3 of the License, or |
| | | (at your option) any later version. |
| | | |
| | | This program is distributed in the hope that it will be useful, |
| | | but WITHOUT ANY WARRANTY; without even the implied warranty of |
| | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| | | GNU Affero General Public License for more details. |
| | | |
| | | You should have received a copy of the GNU Affero General Public License |
| | | along with this program. If not, see <http://www.gnu.org/licenses/>. |
| | | * Nutzerverwaltung - User and role management in your browser |
| | | * Copyright (C) 2011-2016 Ulrich Hilger, http://uhilger.de |
| | | * |
| | | * This program is free software: you can redistribute it and/or modify |
| | | * it under the terms of the GNU General Public License as published by |
| | | * the Free Software Foundation, either version 3 of the License, or |
| | | * (at your option) any later version. |
| | | * |
| | | * This program is distributed in the hope that it will be useful, |
| | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| | | * GNU General Public License for more details. |
| | | * |
| | | * You should have received a copy of the GNU General Public License |
| | | * along with this program. If not, see http://www.gnu.org/licenses/ |
| | | */ |
| | | |
| | | package de.uhilger.um; |
| | | |
| | | import org.apache.catalina.realm.RealmBase; |
| | | import java.security.NoSuchAlgorithmException; |
| | | import java.util.logging.Level; |
| | | import java.util.logging.Logger; |
| | | import org.apache.catalina.realm.MessageDigestCredentialHandler; |
| | | |
| | | /** |
| | | * Ein Digester für die Nutzerverwaltung, der die Klasse |
| | | * RealmBase von Tomcat zum Verschlüsseln nutzt |
| | | * Ein Digester für die Nutzerverwaltung, der die Klasse |
| | | * RealmBase von Tomcat zum Verschlüsseln nutzt |
| | | * |
| | | * @author Copyright (c) Ulrich Hilger, http://uhilger.de |
| | | * @author Published under the terms and conditions of the |
| | |
| | | |
| | | @Override |
| | | public String digest(String text, String algorithm, String encoding) { |
| | | return RealmBase.Digest(text, algorithm, encoding); |
| | | /* |
| | | Die Methode RealmBase.Digest ist mit dem Hinweis 'unused' ab |
| | | Tomcat 9 entfernt worden. Das, obwohl die Tomcat-eigene Dokumentation |
| | | diese Methode ausdruecklich nennt, vgl. "Digested Passwords" |
| | | auf http://tomcat.apache.org/tomcat-10.0-doc/realm-howto.html |
| | | |
| | | Als Ersatz wird der MessageDigestCredentialHandler verwendet |
| | | */ |
| | | //return RealmBase.Digest(text, algorithm, encoding); |
| | | //return text; |
| | | MessageDigestCredentialHandler mh = new MessageDigestCredentialHandler(); |
| | | try { |
| | | mh.setAlgorithm(algorithm); |
| | | } catch (NoSuchAlgorithmException ex) { |
| | | Logger.getLogger(TomcatDigester.class.getName()).log(Level.SEVERE, null, ex); |
| | | } |
| | | mh.setEncoding(encoding); |
| | | return mh.mutate(text); |
| | | } |
| | | |
| | | @Override |
| | | public boolean matches(String inputCredentials, String storedCredentials, String algorithm, String encoding) { |
| | | MessageDigestCredentialHandler mh = new MessageDigestCredentialHandler(); |
| | | try { |
| | | mh.setAlgorithm(algorithm); |
| | | } catch (NoSuchAlgorithmException ex) { |
| | | Logger.getLogger(TomcatDigester.class.getName()).log(Level.SEVERE, null, ex); |
| | | } |
| | | mh.setEncoding(encoding); |
| | | return mh.matches(inputCredentials, storedCredentials); |
| | | } |
| | | |
| | | } |