New file |
| | |
| | | /* |
| | | http-auth - Authentication Classes for jdk.httpserver |
| | | Copyright (C) 2021 Ulrich Hilger |
| | | |
| | | This program is free software: you can redistribute it and/or modify |
| | | it under the terms of the GNU Affero General Public License as |
| | | published by the Free Software Foundation, either version 3 of the |
| | | License, or (at your option) any later version. |
| | | |
| | | This program is distributed in the hope that it will be useful, |
| | | but WITHOUT ANY WARRANTY; without even the implied warranty of |
| | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| | | GNU Affero General Public License for more details. |
| | | |
| | | You should have received a copy of the GNU Affero General Public License |
| | | along with this program. If not, see <https://www.gnu.org/licenses/>. |
| | | */ |
| | | package de.uhilger.httpserver.auth.realm; |
| | | |
| | | import java.security.NoSuchAlgorithmException; |
| | | import java.security.SecureRandom; |
| | | import java.security.spec.InvalidKeySpecException; |
| | | import java.security.spec.KeySpec; |
| | | import java.util.Map; |
| | | import java.util.logging.Level; |
| | | import java.util.logging.Logger; |
| | | import javax.crypto.SecretKeyFactory; |
| | | import javax.crypto.spec.PBEKeySpec; |
| | | |
| | | /** |
| | | * Ein Nutzerverzeichnis, das die Nutzerinformationen im Speicher haelt. |
| | | * |
| | | * @author ulrich |
| | | * @version 1, 02.06.2021 |
| | | */ |
| | | public class MemoryRealm implements Realm { |
| | | |
| | | private String name; |
| | | private Map users; |
| | | private Map userRoles; |
| | | |
| | | public void setName(String name) { |
| | | this.name = name; |
| | | } |
| | | |
| | | public void addUser(String userId, String password) { |
| | | try { |
| | | User user = new User(); |
| | | user.setName(userId); |
| | | user.setPassword(password); |
| | | byte[] hashBytes = encode(password); |
| | | String hash = new String(hashBytes); |
| | | user.setHash(hash); |
| | | users.put(user.getName(), user); |
| | | } catch (NoSuchAlgorithmException | InvalidKeySpecException ex) { |
| | | Logger.getLogger(MemoryRealm.class.getName()).log(Level.SEVERE, null, ex); |
| | | } |
| | | } |
| | | |
| | | private byte[] encode(String password) throws NoSuchAlgorithmException, InvalidKeySpecException { |
| | | SecureRandom random = new SecureRandom(); |
| | | byte[] salt = new byte[16]; |
| | | random.nextBytes(salt); |
| | | KeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 65536, 128); |
| | | SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); |
| | | byte[] hash = factory.generateSecret(spec).getEncoded(); |
| | | return hash; |
| | | } |
| | | |
| | | @Override |
| | | public boolean isValid(String nutzerId, String kennwort) { |
| | | throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. |
| | | } |
| | | |
| | | @Override |
| | | public boolean hasRole(String nutzerId, String rollenId) { |
| | | throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. |
| | | } |
| | | |
| | | @Override |
| | | public String getName() { |
| | | return name; |
| | | } |
| | | |
| | | } |