Package org.eclipse.jetty.util.security
Class Credential
- java.lang.Object
-
- org.eclipse.jetty.util.security.Credential
-
- All Implemented Interfaces:
java.io.Serializable
- Direct Known Subclasses:
Credential.Crypt
,Credential.MD5
,Password
public abstract class Credential extends java.lang.Object implements java.io.Serializable
Credentials. The Credential class represents an abstract mechanism for checking authentication credentials. A credential instance either represents a secret, or some data that could only be derived from knowing the secret.Often a Credential is related to a Password via a one way algorithm, so while a Password itself is a Credential, a UnixCrypt or MD5 digest of a a password is only a credential that can be checked against the password.
This class includes an implementation for unix Crypt an MD5 digest.
- See Also:
Password
, Serialized Form
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
Credential.Crypt
Unix Crypt Credentialsstatic class
Credential.MD5
MD5 Credentials
-
Constructor Summary
Constructors Constructor Description Credential()
-
Method Summary
All Methods Static Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description protected static boolean
byteEquals(byte[] known, byte[] unknown)
Utility method that replaces Arrays.equals() to avoid timing attacks.abstract boolean
check(java.lang.Object credentials)
Check a credentialstatic Credential
getCredential(java.lang.String credential)
Get a credential from a String.protected static boolean
stringEquals(java.lang.String known, java.lang.String unknown)
Utility method that replaces String.equals() to avoid timing attacks.
-
-
-
Method Detail
-
check
public abstract boolean check(java.lang.Object credentials)
Check a credential- Parameters:
credentials
- The credential to check against. This may either be another Credential object, a Password object or a String which is interpreted by this credential.- Returns:
- True if the credentials indicated that the shared secret is known to both this Credential and the passed credential.
-
getCredential
public static Credential getCredential(java.lang.String credential)
Get a credential from a String. If the credential String starts with a known Credential type (eg "CRYPT:" or "MD5:" ) then a Credential of that type is returned. Otherwise, it tries to find a credential provider whose prefix matches with the start of the credential String. Else the credential is assumed to be a Password.- Parameters:
credential
- String representation of the credential- Returns:
- A Credential or Password instance.
-
stringEquals
protected static boolean stringEquals(java.lang.String known, java.lang.String unknown)
Utility method that replaces String.equals() to avoid timing attacks. The length of the loop executed will always be the length of the unknown credential
- Parameters:
known
- the first string to compare (should be known string)unknown
- the second string to compare (should be the unknown string)- Returns:
- whether the two strings are equal
-
byteEquals
protected static boolean byteEquals(byte[] known, byte[] unknown)
Utility method that replaces Arrays.equals() to avoid timing attacks. The length of the loop executed will always be the length of the unknown credential
- Parameters:
known
- the first byte array to compare (should be known value)unknown
- the second byte array to compare (should be unknown value)- Returns:
- whether the two byte arrays are equal
-
-