You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
105 lines
3.8 KiB
105 lines
3.8 KiB
//
|
|
// YaCyLegacyCredentials
|
|
// Copyright 2011 by Florian Richter
|
|
// First released 16.04.2011 at http://yacy.net
|
|
//
|
|
// $LastChangedDate$
|
|
// $LastChangedRevision$
|
|
// $LastChangedBy$
|
|
//
|
|
// This library is free software; you can redistribute it and/or
|
|
// modify it under the terms of the GNU Lesser General Public
|
|
// License as published by the Free Software Foundation; either
|
|
// version 2.1 of the License, or (at your option) any later version.
|
|
//
|
|
// This library is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
// Lesser General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU Lesser General Public License
|
|
// along with this program in the file lgpl21.txt
|
|
// If not, see <http://www.gnu.org/licenses/>.
|
|
//
|
|
|
|
package net.yacy.http;
|
|
|
|
import net.yacy.cora.order.Base64Order;
|
|
import net.yacy.cora.order.Digest;
|
|
import net.yacy.server.serverAccessTracker;
|
|
|
|
import org.eclipse.jetty.util.security.Credential;
|
|
|
|
|
|
|
|
/**
|
|
* implementation of YaCy's old admin password as jetty Credential
|
|
*/
|
|
public class YaCyLegacyCredential extends Credential {
|
|
|
|
private static final long serialVersionUID = -3527894085562480001L;
|
|
private String hash;
|
|
private String foruser; // remember the user as YaCy credential is username:pwd (not just pwd)
|
|
private boolean isBase64enc; // remember hash encoding false = encodeMD5Hex(usr:pwd) ; true = encodeMD5Hex(Base64Order.standardCoder.encodeString(usr:pw))
|
|
|
|
/**
|
|
* internal hash function
|
|
*
|
|
* @param clear password
|
|
* @return hash string
|
|
*/
|
|
private static String calcHash(String pw) {
|
|
return Digest.encodeMD5Hex(Base64Order.standardCoder.encodeString(pw));
|
|
}
|
|
|
|
@Override
|
|
public boolean check(Object credentials) {
|
|
if (credentials instanceof String) {
|
|
final String pw = (String) credentials;
|
|
if (isBase64enc) {
|
|
if (serverAccessTracker.timeSinceAccessFromLocalhost() < 100) {
|
|
// we allow localhost accesses also to submit the hash as password
|
|
// this is very important since that method is used by the scripts in bin/ which are based on bin/apicall.sh
|
|
// the cleartext password is not stored anywhere, but we must find a way to allow scripts to steer a peer.
|
|
// this is the exception that makes that possible.
|
|
// TODO: it should be better to check the actual access IP here, but that is not handed over to Credential classes :(
|
|
if (pw.equals(this.hash)) return true;
|
|
}
|
|
return calcHash(foruser + ":" + pw).equals(this.hash); // for admin user
|
|
}
|
|
// normal users
|
|
return Digest.encodeMD5Hex(foruser + ":" + pw).equals(this.hash);
|
|
}
|
|
throw new UnsupportedOperationException();
|
|
}
|
|
|
|
/**
|
|
* create Credential object from config file hash
|
|
* @param configHash hash as in config file hash(adminuser:pwd)
|
|
* @return
|
|
*/
|
|
public static Credential getCredentialsFromConfig(String username, String configHash) {
|
|
YaCyLegacyCredential c = new YaCyLegacyCredential();
|
|
c.foruser = username;
|
|
c.isBase64enc = true;
|
|
c.hash = configHash;
|
|
return c;
|
|
}
|
|
|
|
/**
|
|
* create Credential object from password
|
|
* @param username
|
|
* @param configHash encodeMD5Hex("user:pwd") as stored in UserDB
|
|
* @return
|
|
*/
|
|
public static Credential getCredentials(String username, String configHash) {
|
|
YaCyLegacyCredential c = new YaCyLegacyCredential();
|
|
c.foruser = username;
|
|
c.isBase64enc = false;
|
|
c.hash = configHash;
|
|
//c.hash = calcHash(user + ":" + password);
|
|
return c;
|
|
}
|
|
|
|
}
|