Class Credential

java.lang.Object
org.eclipse.jetty.util.security.Credential
All Implemented Interfaces:
Serializable
Direct Known Subclasses:
Credential.Crypt, Credential.MD5, Password

public abstract class Credential extends Object implements Serializable
Credentials. The Credential class represents an abstract mechanism for checking authentication credentials. A credential instance either represents a secret, or some data that could only be derived from knowing the secret.

Often a Credential is related to a Password via a one way algorithm, so while a Password itself is a Credential, a UnixCrypt or MD5 digest of a a password is only a credential that can be checked against the password.

This class includes an implementation for unix Crypt an MD5 digest.

See Also:
  • Constructor Details

    • Credential

      public Credential()
  • Method Details

    • check

      public abstract boolean check(Object credentials)
      Check a credential
      Parameters:
      credentials - The credential to check against. This may either be another Credential object, a Password object or a String which is interpreted by this credential.
      Returns:
      True if the credentials indicated that the shared secret is known to both this Credential and the passed credential.
    • getCredential

      public static Credential getCredential(String credential)
      Get a credential from a String. If the credential String starts with a known Credential type (eg "CRYPT:" or "MD5:" ) then a Credential of that type is returned. Otherwise, it tries to find a credential provider whose prefix matches with the start of the credential String. Else the credential is assumed to be a Password.
      Parameters:
      credential - String representation of the credential
      Returns:
      A Credential or Password instance.
    • stringEquals

      protected static boolean stringEquals(String known, String unknown)

      Utility method that replaces String.equals() to avoid timing attacks. The length of the loop executed will always be the length of the unknown credential

      Parameters:
      known - the first string to compare (should be known string)
      unknown - the second string to compare (should be the unknown string)
      Returns:
      whether the two strings are equal
    • byteEquals

      protected static boolean byteEquals(byte[] known, byte[] unknown)

      Utility method that replaces Arrays.equals() to avoid timing attacks. The length of the loop executed will always be the length of the unknown credential

      Parameters:
      known - the first byte array to compare (should be known value)
      unknown - the second byte array to compare (should be unknown value)
      Returns:
      whether the two byte arrays are equal