directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r529807 - /directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
Date Tue, 17 Apr 2007 23:47:06 GMT
Author: elecharny
Date: Tue Apr 17 16:47:05 2007
New Revision: 529807

URL: http://svn.apache.org/viewvc?view=rev&rev=529807
Log:
Modified the code to update the cache. SSHA still not working :(...

Modified:
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java?view=diff&rev=529807&r1=529806&r2=529807
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
Tue Apr 17 16:47:05 2007
@@ -143,6 +143,44 @@
     {
         private byte[] salt;
         private byte[] password;
+        private String algorithm;
+    }
+    
+    private byte[] getStoredPassword( LdapDN principalDN ) throws NamingException
+    {
+        LdapPrincipal principal = null;
+        String principalNorm = principalDN.getNormName();
+        
+        synchronized( credentialCache )
+        {
+            principal = (LdapPrincipal)credentialCache.get( principalNorm );
+        }
+        
+        byte[] storedPassword = null;
+        
+        if ( principal == null )
+        {
+            // Not found in the cache
+            // Get the user password from the backend
+            storedPassword = lookupUserPassword( principalDN );
+            
+            
+            // Deal with the special case where the user didn't enter a password
+            // We will compare the empty array with the credentials. Sometime,
+            // a user does not set a password. This is bad, but there is nothing
+            // we can do against that, except education ...
+            if ( storedPassword == null )
+            {
+                storedPassword = ArrayUtils.EMPTY_BYTE_ARRAY;
+            }
+        }
+        else
+        {
+            // Found ! 
+            storedPassword = principal.getUserPassword();
+        }
+        
+        return storedPassword;
     }
     
     /**
@@ -210,40 +248,15 @@
         boolean credentialsMatch = false;
         LdapPrincipal principal = null;
         
-        // Check to see if the password is stored in the cache for this principal
-        synchronized( credentialCache )
-        {
-            principal = (LdapPrincipal)credentialCache.get( principalNorm );
-        }
-        
-        byte[] storedPassword = null;
-        
-        if ( principal == null )
-        {
-            // Not found in the cache
-            // Get the user password from the backend
-            storedPassword = lookupUserPassword( principalDn );
-            
-            
-            // Deal with the special case where the user didn't enter a password
-            // We will compare the empty array with the credentials. Sometime,
-            // a user does not set a password. This is bad, but there is nothing
-            // we can do against that, except education ...
-            if ( storedPassword == null )
-            {
-                storedPassword = ArrayUtils.EMPTY_BYTE_ARRAY;
-            }
-        }
-        else
-        {
-            // Found ! 
-            storedPassword = principal.getUserPassword();
-        }
+        // Get the stored password, either from cache or from backend
+        byte[] storedPassword = getStoredPassword( principalDn );
         
         // Short circuit for PLAIN TEXT passwords : we compare the byte array directly
         // Are the passwords equal ?
         credentialsMatch = Arrays.equals( credentials, storedPassword );
         
+        
+        
         if ( !credentialsMatch )
         {
             // Let's see if the stored password was encrypted
@@ -254,11 +267,13 @@
                 SaltedPassword saltedPassword = new SaltedPassword();
                 saltedPassword.password = storedPassword;
                 saltedPassword.salt = null;
+                saltedPassword.algorithm = algorithm;
                 
                 // Let's get the encrypted part of the stored password
-                byte[] encryptedStored = splitCredentials( saltedPassword, algorithm );
+                byte[] encryptedStored = splitCredentials( saltedPassword );
                 
-                byte[] userPassword = encryptPassword( credentials, algorithm, saltedPassword.salt
);
+                saltedPassword.password = credentials;
+                byte[] userPassword = encryptPassword( credentials, saltedPassword );
                 
                 credentialsMatch = Arrays.equals( userPassword, encryptedStored );
             }
@@ -271,7 +286,7 @@
             if ( principal == null )
             {
                 // Last, if we have found the credential, we have to store it in the cache
-                principal = new LdapPrincipal( principalDn, AuthenticationLevel.SIMPLE, storedPassword
);
+                principal = new LdapPrincipal( principalDn, AuthenticationLevel.SIMPLE, storedPassword
 );
     
                 // Now, update the local cache.
                 synchronized( credentialCache )
@@ -300,9 +315,10 @@
         System.arraycopy( all, offset + left.length, right, 0, right.length );
     }
 
-    private byte[] splitCredentials( SaltedPassword saltedPassword , String algorithm )
+    private byte[] splitCredentials( SaltedPassword saltedPassword )
     {
         byte[] credentials = saltedPassword.password;
+        String algorithm = saltedPassword.algorithm;
         
         int pos = algorithm.length() + 2;
         
@@ -429,18 +445,19 @@
         {
             digest.update( password );
             digest.update( salt );
-            byte[] hashedPasswordBytes = digest.digest();
-            return hashedPasswordBytes;
+            return digest.digest();
         }
         else
         {
-            byte[] hashedPasswordBytes = digest.digest( password );
-            return hashedPasswordBytes;
+            return digest.digest( password );
         }
     }
 
-    private byte[] encryptPassword( byte[] credentials, String algorithm, byte[] salt )
+    private byte[] encryptPassword( byte[] credentials, SaltedPassword saltedPassword )
     {
+        String algorithm = saltedPassword.algorithm;
+        byte[] salt = saltedPassword.salt;
+        
         if ( LdapSecurityConstants.HASH_METHOD_SHA.equals( algorithm ) || 
              LdapSecurityConstants.HASH_METHOD_SSHA.equals( algorithm ) )
         {   



Mime
View raw message