Package org.eclipse.jetty.util.security

Class Credential

java.lang.Object

org.eclipse.jetty.util.security.Credential

All Implemented Interfaces:

Serializable

Direct Known Subclasses:

Credential.Crypt, Credential.MD5, Password

public abstract class Credential
extends Object
implements Serializable

Credentials. The Credential class represents an abstract mechanism for checking authentication credentials. A credential instance either represents a secret, or some data that could only be derived from knowing the secret.

Often a Credential is related to a Password via a one way algorithm, so while a Password itself is a Credential, a UnixCrypt or MD5 digest of a a password is only a credential that can be checked against the password.

This class includes an implementation for unix Crypt an MD5 digest.

See Also:

• Password
• Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	Credential.Crypt	Unix Crypt Credentials
static class	Credential.MD5	MD5 Credentials

Constructor Summary

Constructors

Constructor	Description
Credential()

Method Summary

Modifier and Type	Method	Description
protected static boolean	byteEquals(byte[] known, byte[] unknown)	Utility method that replaces Arrays.equals() to avoid timing attacks.
abstract boolean	check(Object credentials)	Check a credential
static Credential	getCredential(String credential)	Get a credential from a String.
protected static boolean	stringEquals(String known, String unknown)	Utility method that replaces String.equals() to avoid timing attacks.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

Credential

public Credential()

Method Details

check

public abstract boolean check(Object credentials)

Check a credential

Parameters:

credentials - The credential to check against. This may either be another Credential object, a Password object or a String which is interpreted by this credential.

Returns:

True if the credentials indicated that the shared secret is known to both this Credential and the passed credential.

getCredential

public static Credential getCredential(String credential)

Get a credential from a String. If the credential String starts with a known Credential type (eg "CRYPT:" or "MD5:" ) then a Credential of that type is returned. Otherwise, it tries to find a credential provider whose prefix matches with the start of the credential String. Else the credential is assumed to be a Password.

Parameters:

credential - String representation of the credential

Returns:

A Credential or Password instance.

stringEquals

protected static boolean stringEquals(String known,
 String unknown)

Utility method that replaces String.equals() to avoid timing attacks. The length of the loop executed will always be the length of the unknown credential

Parameters:

known - the first string to compare (should be known string)

unknown - the second string to compare (should be the unknown string)

Returns:

whether the two strings are equal

byteEquals

protected static boolean byteEquals(byte[] known,
 byte[] unknown)

Utility method that replaces Arrays.equals() to avoid timing attacks. The length of the loop executed will always be the length of the unknown credential

Parameters:

known - the first byte array to compare (should be known value)

unknown - the second byte array to compare (should be unknown value)

Returns:

whether the two byte arrays are equal