Author: markt
Date: Mon Mar 16 12:04:32 2015
New Revision: 1666973
URL: http://svn.apache.org/r1666973
Log:
Use short form of digest output when compatible with input settings (makes it
simpler to use with DIGEDT auth).
Update notes on digest auth to add that no salt and one iteration must be used.
Modified:
tomcat/tc8.0.x/trunk/ (props changed)
tomcat/tc8.0.x/trunk/java/org/apache/catalina/realm/DigestCredentialHandlerBase.java
tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc8.0.x/trunk/webapps/docs/realm-howto.xml
Propchange: tomcat/tc8.0.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Mar 16 12:04:32 2015
@@ -1 +1 @@
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886,1644890,1644892
,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655438,1655441,1655454,1655558,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657592,1657607,1657609,1657682,1657
907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663324,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1666387,1666494,1666496,1666552,1666569,1666579,1666637,1
666649,1666757,1666966
+/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886,1644890,1644892
,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655438,1655441,1655454,1655558,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657592,1657607,1657609,1657682,1657
907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663324,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1666387,1666494,1666496,1666552,1666569,1666579,1666637,1
666649,1666757,1666966,1666972
Modified:
tomcat/tc8.0.x/trunk/java/org/apache/catalina/realm/DigestCredentialHandlerBase.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/catalina/realm/DigestCredentialHandlerBase.java?rev=1666973&r1=1666972&r2=1666973&view=diff
==============================================================================
---
tomcat/tc8.0.x/trunk/java/org/apache/catalina/realm/DigestCredentialHandlerBase.java
(original)
+++
tomcat/tc8.0.x/trunk/java/org/apache/catalina/realm/DigestCredentialHandlerBase.java
Mon Mar 16 12:04:32 2015
@@ -120,15 +120,20 @@ public abstract class DigestCredentialHa
String serverCredential = mutate(userCredential, salt, iterations);
- StringBuilder result =
- new StringBuilder((saltLength << 1) + 10 +
serverCredential.length() + 2);
- result.append(HexUtils.toHexString(salt));
- result.append('$');
- result.append(iterations);
- result.append('$');
- result.append(serverCredential);
+ if (saltLength == 0 && iterations == 1) {
+ // Output the simple/old format for backwards compatibility
+ return serverCredential;
+ } else {
+ StringBuilder result =
+ new StringBuilder((saltLength << 1) + 10 +
serverCredential.length() + 2);
+ result.append(HexUtils.toHexString(salt));
+ result.append('$');
+ result.append(iterations);
+ result.append('$');
+ result.append(serverCredential);
- return result.toString();
+ return result.toString();
+ }
}
Modified: tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml?rev=1666973&r1=1666972&r2=1666973&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Mon Mar 16 12:04:32 2015
@@ -119,6 +119,11 @@
when <code>org.apache.tomcat.InstanceManager</code> is not initialized.
(violetagg)
</fix>
+ <add>
+ Use the simplified digest output for digest.bat|sh when generating
+ digests with no salt and a single iteration to make it easier to use
+ with DIGEST authentication. (markt)
+ </add>
</changelog>
</subsection>
<subsection name="Coyote">
@@ -252,6 +257,11 @@
stock ticker example (the only way a client can disconnect), the
example
continues to work for existing and new clients. (markt)
</fix>
+ <fix>
+ Make it clear that when using digested passwords with DIGEST
+ authentication that no slat and only a single iteration must be used
+ when generating the digest. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Extras">
Modified: tomcat/tc8.0.x/trunk/webapps/docs/realm-howto.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/webapps/docs/realm-howto.xml?rev=1666973&r1=1666972&r2=1666973&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/webapps/docs/realm-howto.xml (original)
+++ tomcat/tc8.0.x/trunk/webapps/docs/realm-howto.xml Mon Mar 16 12:04:32 2015
@@ -199,10 +199,11 @@ techniques are supported:</p>
</ul>
<p>If using digested passwords with DIGEST authentication, the cleartext used
- to generate the digest is different and the digest must use the MD5
- algorithm. In the examples above <code>{cleartext-password}</code> must be
- replaced with <code>{username}:{realm}:{cleartext-password}</code>. For
- example, in a development environment this might take the form
+ to generate the digest is different and the digest must use one iteration of
+ the MD5 algorithm with no salt. In the examples above
+ <code>{cleartext-password}</code> must be replaced with
+ <code>{username}:{realm}:{cleartext-password}</code>. For example, in a
+ development environment this might take the form
<code>testUser:Authentication required:testPassword</code>. The value for
<code>{realm}</code> is taken from the <code><realm-name></code>
element of the web application's <code><login-config></code>. If
@@ -216,6 +217,10 @@ are supported using</p>
digester. The digester returns <code>{input}:{digest}</code>. If the input
appears corrupted in the return, the digest will be invalid.</p>
+<p>The output format of the digest is
<code>{salt}${iterations}${digest}</code>.
+If the salt length is zero and the iteration count is one, the output is
+simplified to <code>{digest}</code>.</p>
+
<p>The full syntax of <code>CATALINA_HOME/bin/digest.[bat|sh]</code> is:</p>
<source>CATALINA_HOME/bin/digest.[bat|sh] [-a <algorithm>] [-e
<encoding>]
[-i <iterations>] [-s <salt-length>] [-k
<key-length>]
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
