Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  //
  //  ========================================================================
  //  Copyright (c) 1995-2012 Mort Bay Consulting Pty. Ltd.
  //  ------------------------------------------------------------------------
  //  All rights reserved. This program and the accompanying materials
  //  are made available under the terms of the Eclipse Public License v1.0
  //  and Apache License v2.0 which accompanies this distribution.
  //
  //      The Eclipse Public License is available at
 //      http://www.eclipse.org/legal/epl-v10.html
 //
 //      The Apache License v2.0 is available at
 //      http://www.opensource.org/licenses/apache2.0.php
 //
 //  You may elect to redistribute this code under either of these licenses.
 //  ========================================================================
 //
 
 package org.eclipse.jetty.util.security;
 
 
 
 /* ------------------------------------------------------------ */
Password utility class. This utility class gets a password or pass phrase either by:
  + Password is set as a system property.
  + The password is prompted for and read from standard input
  + A program is run to get the password.
 
Passwords that begin with OBF: are de obfuscated. Passwords can be obfuscated by run org.eclipse.util.Password as a main class. Obfuscated password are required if a system needs to recover the full password (eg. so that it may be passed to another system). They are not secure, but prevent casual observation.

Passwords that begin with CRYPT: are oneway encrypted with UnixCrypt. The real password cannot be retrieved, but comparisons can be made to other passwords. A Crypt can be generated by running org.eclipse.util.UnixCrypt as a main class, passing password and then the username. Checksum passwords are a secure(ish) way to store passwords that only need to be checked rather than recovered. Note that it is not strong security - specially if simple passwords are used.

 
 public class Password extends Credential
 {
     private static final Logger LOG = Log.getLogger(Password.class);
 
     private static final long serialVersionUID = 5062906681431569445L;
 
     public static final String __OBFUSCATE = "OBF:";
 
     private String _pw;
 
     /* ------------------------------------------------------------ */
    
Constructor.

Parameters:
password The String password.
 
     public Password(String password)
     {
          = password;
 
         // expand password
         while ( != null && .startsWith())
              = deobfuscate();
     }
 
     /* ------------------------------------------------------------ */
     @Override
     public String toString()
     {
         return ;
     }
 
     /* ------------------------------------------------------------ */
     public String toStarString()
     {
         return "*****************************************************".substring(0, .length());
     }
 
     /* ------------------------------------------------------------ */
     @Override
     public boolean check(Object credentials)
     {
         if (this == credentialsreturn true;
 
         if (credentials instanceof Passwordreturn credentials.equals();
        if (credentials instanceof Stringreturn credentials.equals();
        if (credentials instanceof char[]) return Arrays.equals(.toCharArray(), (char[]) credentials);
        if (credentials instanceof Credentialreturn ((Credentialcredentials).check();
        return false;
    }
    /* ------------------------------------------------------------ */
    @Override
    public boolean equals(Object o)
    {
        if (this == o
            return true;
        if (null == o
            return false;
        if (o instanceof Password)
        {
            Password p = (Passwordo;
            //noinspection StringEquality
            return p._pw ==  || (null !=  && .equals(p._pw));
        }
        if (o instanceof String
            return o.equals();
        return false;
    }
    /* ------------------------------------------------------------ */
    @Override
    public int hashCode()
    {
        return null ==  ? super.hashCode() : .hashCode();
    }
    /* ------------------------------------------------------------ */
    public static String obfuscate(String s)
    {
        StringBuilder buf = new StringBuilder();
        byte[] b = s.getBytes();
        buf.append();
        for (int i = 0; i < b.lengthi++)
        {
            byte b1 = b[i];
            byte b2 = b[s.length() - (i + 1)];
            int i1 = 127 + b1 + b2;
            int i2 = 127 + b1 - b2;
            int i0 = i1 * 256 + i2;
            String x = Integer.toString(i0, 36);
            switch (x.length())
            {
                case 1:
                    buf.append('0');
                    buf.append('0');
                    buf.append('0');
                    buf.append(x);
                    break;
                case 2:
                    buf.append('0');
                    buf.append('0');
                    buf.append(x);
                    break;
                case 3:
                    buf.append('0');
                    buf.append(x);
                    break;
                default:
                    buf.append(x);
                    break;
            }
        }
        return buf.toString();
    }
    /* ------------------------------------------------------------ */
    public static String deobfuscate(String s)
    {
        if (s.startsWith()) s = s.substring(4);
        byte[] b = new byte[s.length() / 2];
        int l = 0;
        for (int i = 0; i < s.length(); i += 4)
        {
            String x = s.substring(ii + 4);
            int i0 = Integer.parseInt(x, 36);
            int i1 = (i0 / 256);
            int i2 = (i0 % 256);
            b[l++] = (byte) ((i1 + i2 - 254) / 2);
        }
        return new String(b, 0, l);
    }
    /* ------------------------------------------------------------ */
    
Get a password. A password is obtained by trying
  • Calling System.getProperty(realm,dft)
  • Prompting for a password
  • Using promptDft if nothing was entered.

Parameters:
realm The realm name for the password, used as a SystemProperty name.
dft The default password.
promptDft The default to use if prompting for the password.
Returns:
Password
    public static Password getPassword(String realmString dftString promptDft)
    {
        String passwd = System.getProperty(realmdft);
        if (passwd == null || passwd.length() == 0)
        {
            try
            {
                ..print(realm + ((promptDft != null && promptDft.length() > 0) ? " [dft]" : "") + " : ");
                ..flush();
                byte[] buf = new byte[512];
                int len = ..read(buf);
                if (len > 0) passwd = new String(buf, 0, len).trim();
            }
            catch (IOException e)
            {
                .warn(.e);
            }
            if (passwd == null || passwd.length() == 0) passwd = promptDft;
        }
        return new Password(passwd);
    }
    /* ------------------------------------------------------------ */
    

Parameters:
arg
    public static void main(String[] arg)
    {
        if (arg.length != 1 && arg.length != 2)
        {
            ..println("Usage - java org.eclipse.jetty.security.Password [<user>] <password>");
            ..println("If the password is ?, the user will be prompted for the password");
            System.exit(1);
        }
        String p = arg[arg.length == 1 ? 0 : 1];
        Password pw = new Password(p);
        ..println(pw.toString());
        ..println(obfuscate(pw.toString()));
        ..println(Credential.MD5.digest(p));
        if (arg.length == 2) ..println(Credential.Crypt.crypt(arg[0], pw.toString()));
    }
New to GrepCode? Check out our FAQ X