001    package de.deepamehta.plugins.accesscontrol.model;
002    
003    import de.deepamehta.core.util.JavaUtils;
004    
005    import com.sun.jersey.core.util.Base64;
006    
007    
008    
009    public class Credentials {
010    
011        // ------------------------------------------------------------------------------------------------------- Constants
012    
013        private static final String ENCRYPTED_PASSWORD_PREFIX = "-SHA256-";
014    
015        // ---------------------------------------------------------------------------------------------- Instance Variables
016    
017        public String username;
018        public String password;     // encrypted
019    
020        // ---------------------------------------------------------------------------------------------------- Constructors
021    
022        /**
023         * @param   password    as plain text
024         */
025        public Credentials(String username, String password) {
026            this.username = username;
027            this.password = encryptPassword(password);
028        }
029    
030        public Credentials(String authHeader) {
031            authHeader = authHeader.substring("Basic ".length());
032            String[] values = new String(Base64.base64Decode(authHeader)).split(":");
033            // Note: values.length is 0 if neither a username nor a password is entered
034            //       values.length is 1 if no password is entered
035            this.username = values.length > 0 ? values[0] : "";
036            this.password = encryptPassword(values.length > 1 ? values[1] : "");
037            // Note: credentials obtained through Basic authorization are always plain text
038        }
039    
040        // -------------------------------------------------------------------------------------------------- Public Methods
041    
042        public String toString() {
043            return "username=\"" + username + "\", password=\""+ password + "\"";
044        }
045    
046        // ------------------------------------------------------------------------------------------------- Private Methods
047    
048        private String encryptPassword(String password) {
049            return ENCRYPTED_PASSWORD_PREFIX + JavaUtils.encodeSHA256(password);
050        }
051    }