Skip to content

Commit

Permalink
Fixes #9556 - Better prompt for input on Password (#9557)
Browse files Browse the repository at this point in the history
* Fixes #9556 - Better prompt for input on Password
* Allow blank username (results in no CRYPT output)
* Error on blank password during input
* Fixing PasswordTest.testCommandLineUsage
* Changes from review

Signed-off-by: Joakim Erdfelt <[email protected]>
  • Loading branch information
joakime authored Apr 5, 2023
1 parent 9ff24ea commit 3e42cbf
Show file tree
Hide file tree
Showing 2 changed files with 71 additions and 12 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,14 @@

package org.eclipse.jetty.util.security;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.util.Locale;

import org.eclipse.jetty.util.StringUtil;

/**
* Password utility class.
*
Expand Down Expand Up @@ -230,21 +234,76 @@ public static Password getPassword(String realm, String dft, String promptDft)
return new Password(passwd);
}

public static void main(String[] arg)
public static void main(String[] args) throws IOException
{
if (arg.length != 1 && arg.length != 2)
boolean promptArgs = false;
String argUser = null;
String argPassword = null;

for (String arg: args)
{
if (arg.equals("--prompt"))
{
promptArgs = true;
// ignore any other args
break;
}

if (argUser == null)
{
argUser = arg;
promptArgs = true;
}
else
{
if (!arg.equals("?"))
promptArgs = false;
argPassword = arg;
}
}

if (promptArgs)
{
System.out.print("Username");
if (StringUtil.isNotBlank(argUser))
System.out.printf("[%s]", argUser);
System.out.print(": ");

BufferedReader input = new BufferedReader(new InputStreamReader(System.in));
String inputUser = input.readLine();
if (StringUtil.isNotBlank(inputUser))
argUser = inputUser;

System.out.print("Password: ");
argPassword = input.readLine();
if (StringUtil.isBlank(argPassword))
{
System.err.println("ERROR: blank passwords not supported");
System.exit(1);
}
}
else if (StringUtil.isBlank(argUser))
{
System.err.println("Usage - java " + Password.class.getName() + " [<user>] <password>");
System.err.println("If the password is ?, the user will be prompted for the password");
System.err.printf("Usage - java %s [<username>] [<password>] --prompt%n", Password.class.getName());
System.err.printf("Argument options:%n");
System.err.printf(" %s%n", Password.class.getName());
System.err.printf(" No arguments, will show this help%n");
System.err.printf(" %s <username>%n", Password.class.getName());
System.err.printf(" username only, will prompt for arguments%n");
System.err.printf(" %s <username> ?%n", Password.class.getName());
System.err.printf(" username with question mark password, will prompt for arguments%n");
System.err.printf(" %s <username> <password>%n", Password.class.getName());
System.err.printf(" username with password, will produce obfuscation results%n");
System.err.printf(" %s --prompt%n", Password.class.getName());
System.err.printf(" will prompt for arguments%n");
System.exit(1);
}
String p = arg[arg.length == 1 ? 0 : 1];
Password pw = new Password(p);
System.err.println(pw.toString());

Password pw = new Password(argPassword);
System.err.println(obfuscate(pw.toString()));
System.err.println(Credential.MD5.digest(p));
if (arg.length == 2)
System.err.println(Credential.Crypt.crypt(arg[0], pw.toString()));
System.err.println(Credential.MD5.digest(argPassword));
if (StringUtil.isNotBlank(argUser))
System.err.println(Credential.Crypt.crypt(argUser, pw.toString()));
System.exit(0);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;

import org.eclipse.jetty.toolchain.test.MavenPaths;
import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
import org.junit.jupiter.api.Test;

Expand Down Expand Up @@ -62,7 +63,7 @@ public void testObfuscateUnicode()
public void testCommandLineUsage() throws IOException, InterruptedException
{
ProcessBuilder passwordBuilder = new ProcessBuilder()
.directory(MavenTestingUtils.getTargetDir())
.directory(MavenPaths.targetDir().toFile())
.command("java",
"-cp", MavenTestingUtils.getTargetPath("classes").toString(),
Password.class.getName(),
Expand All @@ -79,7 +80,6 @@ public void testCommandLineUsage() throws IOException, InterruptedException
assertThat("Non-error exit code: " + output, exitCode, is(0));
assertThat("Output", output, not(containsString("Exception")));
assertThat("Output", output, allOf(
containsString("password"),
containsString("OBF:"),
containsString("MD5:"),
containsString("CRYPT:")
Expand Down

0 comments on commit 3e42cbf

Please sign in to comment.