Class Credential

java.lang.Object
org.eclipse.jetty.util.security.Credential
All Implemented Interfaces:
Serializable
Direct Known Subclasses:
Credential.Crypt, Credential.MD, Credential.MD5, Password
public abstract class Credential extends Object implements Serializable

An abstraction for checking authentication credentials.

A credential instance either represents a secret, or some data that could only be derived from knowing the secret, such as a checksum.

This class includes implementations for:

  • the Unix Crypt algorithm
  • the MD5 message digest algorithm
  • any generic message digest algorithm supported by the current JVM
See Also:

  • Nested Class Summary

    Nested Classes
    Modifier and Type
    Class
    Description
    static class 
    Credential.Crypt
    Unix Crypt Credential.
    static class 
    Credential.MD
    Generic message digest credential.
    static class 
    Credential.MD5
    MD5 Credential.

  • Constructor Summary

    Constructors
    Constructor
    Description
    Credential()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected static boolean
    byteEquals(byte[] known, byte[] unknown)
    Utility method that replaces Arrays.equals() to avoid timing attacks.
    abstract boolean
    check(Object credentials)
    Checks the given credential against this credential instance.
    static Credential
    getCredential(String credential)
    Converts the given String into a Credential.
    protected static boolean
    stringEquals(String known, String unknown)
    Utility method that replaces String.equals() to avoid timing attacks.

    Methods inherited from class Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • Credential

      public Credential()

  • Method Details

    • check

      public abstract boolean check(Object credentials)

      Checks the given credential against this credential instance.

      Parameters:
      credentials - the credential to check against this instance. This may either be another Credential object; or a Password object; or a String, char[] or byte[] that are interpreted by this credential.
      Returns:
      whether the given credentials match this credential instance

    • getCredential

      public static Credential getCredential(String credential)

      Converts the given String into a Credential.

      If the String starts with a known Credential type (such as CRYPT: or MD5:) then a Credential of that type is returned. Otherwise, it tries to find a credential provider whose prefix matches the start of the String. Otherwise, the credential is assumed to be a Password.

      Parameters:
      credential - String representation of the credential
      Returns:
      A Credential or Password instance.

    • stringEquals

      protected static boolean stringEquals(String known, String unknown)

      Utility method that replaces String.equals() to avoid timing attacks. The length of the loop executed will always be the length of the unknown credential

      Parameters:
      known - the first string to compare (should be known string)
      unknown - the second string to compare (should be the unknown string)
      Returns:
      whether the two strings are equal

    • byteEquals

      protected static boolean byteEquals(byte[] known, byte[] unknown)

      Utility method that replaces Arrays.equals() to avoid timing attacks. The length of the loop executed will always be the length of the unknown credential

      Parameters:
      known - the first byte array to compare (should be known value)
      unknown - the second byte array to compare (should be unknown value)
      Returns:
      whether the two byte arrays are equal