summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java26
-rw-r--r--java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PlainPasswordFilePrincipalDatabase.java20
-rw-r--r--java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PrincipalDatabase.java2
-rw-r--r--java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PropertiesPrincipalDatabase.java12
4 files changed, 15 insertions, 45 deletions
diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java
index cd0a371b48..8ade3cdd98 100644
--- a/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java
+++ b/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java
@@ -153,27 +153,19 @@ public class Base64MD5PasswordFilePrincipalDatabase implements PrincipalDatabase
*
* @throws AccountNotFoundException if the principal cannot be found
*/
- public boolean verifyPassword(String principal, String password) throws AccountNotFoundException
+ public boolean verifyPassword(String principal, char[] password) throws AccountNotFoundException
{
- try
- {
- char[] pwd = lookupPassword(principal);
- byte[] passwordBytes = password.getBytes(DEFAULT_ENCODING);
+ char[] pwd = lookupPassword(principal);
- int index = 0;
- boolean verified = true;
+ int index = 0;
+ boolean verified = true;
- while (verified & index < passwordBytes.length)
- {
- verified = (pwd[index] == (char) passwordBytes[index]);
- index++;
- }
- return verified;
- }
- catch (UnsupportedEncodingException e)
+ while (verified & index < password.length)
{
- return false;
+ verified = (pwd[index] == password[index]);
+ index++;
}
+ return verified;
}
public boolean updatePassword(Principal principal, char[] password) throws AccountNotFoundException
@@ -590,7 +582,7 @@ public class Base64MD5PasswordFilePrincipalDatabase implements PrincipalDatabase
int index = 0;
for (char c : _password)
{
- byteArray[index++] = (byte)c;
+ byteArray[index++] = (byte) c;
}
_encodedPassword = (new Base64()).encode(byteArray);
}
diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PlainPasswordFilePrincipalDatabase.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PlainPasswordFilePrincipalDatabase.java
index 90d08c963e..5170f6216c 100644
--- a/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PlainPasswordFilePrincipalDatabase.java
+++ b/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PlainPasswordFilePrincipalDatabase.java
@@ -121,13 +121,13 @@ public class PlainPasswordFilePrincipalDatabase implements PrincipalDatabase
}
}
- public boolean verifyPassword(String principal, String password) throws AccountNotFoundException
+ public boolean verifyPassword(String principal, char[] password) throws AccountNotFoundException
{
try
{
char[] pwd = lookupPassword(principal);
- return compareCharArray(pwd, convertPassword(password));
+ return compareCharArray(pwd, password);
}
catch (IOException e)
{
@@ -135,22 +135,6 @@ public class PlainPasswordFilePrincipalDatabase implements PrincipalDatabase
}
}
- private char[] convertPassword(String password) throws UnsupportedEncodingException
- {
- byte[] passwdBytes = password.getBytes("utf-8");
-
- char[] passwd = new char[passwdBytes.length];
-
- int index = 0;
-
- for (byte b : passwdBytes)
- {
- passwd[index++] = (char) b;
- }
-
- return passwd;
- }
-
public boolean updatePassword(Principal principal, char[] password) throws AccountNotFoundException
{
return false; // updates denied
diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PrincipalDatabase.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PrincipalDatabase.java
index 494d8e0bf4..a82f9ed40b 100644
--- a/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PrincipalDatabase.java
+++ b/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PrincipalDatabase.java
@@ -55,7 +55,7 @@ public interface PrincipalDatabase
* @return true if password is correct
* @throws AccountNotFoundException if the principal cannot be found
*/
- boolean verifyPassword(String principal, String password)
+ boolean verifyPassword(String principal, char[] password)
throws AccountNotFoundException;
/**
diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PropertiesPrincipalDatabase.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PropertiesPrincipalDatabase.java
index 74c330f606..49cd71e978 100644
--- a/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PropertiesPrincipalDatabase.java
+++ b/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PropertiesPrincipalDatabase.java
@@ -79,18 +79,12 @@ public class PropertiesPrincipalDatabase implements PrincipalDatabase
}
}
- public boolean verifyPassword(String principal, String password) throws AccountNotFoundException
+ public boolean verifyPassword(String principal, char[] password) throws AccountNotFoundException
{
+ //fixme this is not correct as toCharArray is not safe based on the type of string.
char[] pwd = _users.getProperty(principal).toCharArray();
- try
- {
- return compareCharArray(pwd, convertPassword(password));
- }
- catch (UnsupportedEncodingException e)
- {
- return false;
- }
+ return compareCharArray(pwd, password);
}
public boolean updatePassword(Principal principal, char[] password) throws AccountNotFoundException
View Lorry Controller Status