001 package de.deepamehta.plugins.accesscontrol.model; 002 003 import de.deepamehta.core.util.JavaUtils; 004 005 import com.sun.jersey.core.util.Base64; 006 007 008 009 public class Credentials { 010 011 // ------------------------------------------------------------------------------------------------------- Constants 012 013 private static final String ENCRYPTED_PASSWORD_PREFIX = "-SHA256-"; 014 015 // ---------------------------------------------------------------------------------------------- Instance Variables 016 017 public String username; 018 public String password; // encrypted 019 020 // ---------------------------------------------------------------------------------------------------- Constructors 021 022 /** 023 * @param password as plain text 024 */ 025 public Credentials(String username, String password) { 026 this.username = username; 027 this.password = encryptPassword(password); 028 } 029 030 public Credentials(String authHeader) { 031 authHeader = authHeader.substring("Basic ".length()); 032 String[] values = new String(Base64.base64Decode(authHeader)).split(":"); 033 // Note: values.length is 0 if neither a username nor a password is entered 034 // values.length is 1 if no password is entered 035 this.username = values.length > 0 ? values[0] : ""; 036 this.password = encryptPassword(values.length > 1 ? values[1] : ""); 037 // Note: credentials obtained through Basic authorization are always plain text 038 } 039 040 // -------------------------------------------------------------------------------------------------- Public Methods 041 042 public String toString() { 043 return "username=\"" + username + "\", password=\""+ password + "\""; 044 } 045 046 // ------------------------------------------------------------------------------------------------- Private Methods 047 048 private String encryptPassword(String password) { 049 return ENCRYPTED_PASSWORD_PREFIX + JavaUtils.encodeSHA256(password); 050 } 051 }