001 package de.deepamehta.plugins.accesscontrol.model;
002
003 import de.deepamehta.core.util.JavaUtils;
004
005 import com.sun.jersey.core.util.Base64;
006
007
008
009 public class Credentials {
010
011 // ------------------------------------------------------------------------------------------------------- Constants
012
013 private static final String ENCRYPTED_PASSWORD_PREFIX = "-SHA256-";
014
015 // ---------------------------------------------------------------------------------------------- Instance Variables
016
017 public String username;
018 public String password; // encrypted
019
020 // ---------------------------------------------------------------------------------------------------- Constructors
021
022 /**
023 * @param password as plain text
024 */
025 public Credentials(String username, String password) {
026 this.username = username;
027 this.password = encryptPassword(password);
028 }
029
030 public Credentials(String authHeader) {
031 authHeader = authHeader.substring("Basic ".length());
032 String[] values = new String(Base64.base64Decode(authHeader)).split(":");
033 // Note: values.length is 0 if neither a username nor a password is entered
034 // values.length is 1 if no password is entered
035 this.username = values.length > 0 ? values[0] : "";
036 this.password = encryptPassword(values.length > 1 ? values[1] : "");
037 // Note: credentials obtained through Basic authorization are always plain text
038 }
039
040 // -------------------------------------------------------------------------------------------------- Public Methods
041
042 public String toString() {
043 return "username=\"" + username + "\", password=\""+ password + "\"";
044 }
045
046 // ------------------------------------------------------------------------------------------------- Private Methods
047
048 private String encryptPassword(String password) {
049 return ENCRYPTED_PASSWORD_PREFIX + JavaUtils.encodeSHA256(password);
050 }
051 }