Package org.owasp.passfault.web

Source Code of org.owasp.passfault.web.PassfaultServlet

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
package org.owasp.passfault.web;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
import java.util.Arrays;
import java.util.Collection;

import javax.servlet.ServletConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.owasp.passfault.CompositeFinder;
import org.owasp.passfault.PatternFinder;
import org.owasp.passfault.PasswordAnalysis;
import org.owasp.passfault.SecureString;
import org.owasp.passfault.finders.ExecutorFinder;
import org.owasp.passfault.io.JsonWriter;

/**
* Servlet implementation class PassfaultServlet
*/
public class PassfaultServlet extends HttpServlet {
  private static final long serialVersionUID = 1L;
  protected Collection<PatternFinder> finders;
  private volatile CompositeFinder compositeFinder = null; //lazy initialized
  private JsonWriter jsonWriter = new JsonWriter();

  public void init(ServletConfig config) throws ServletException {
    finders = buildFinders(config.getServletContext());
  }

  protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    if (request.getContentLength()<=0){
      printUsage(response);
    }
    //SecureString password = getPassword(request.getReader(), request.getContentLength());
    //the above works in tomcat but not jetty or google app engine
    //the below works in jetty and google app engine but not tomcat
    SecureString password = getPassword(request.getInputStream(), request.getContentLength());
    CompositeFinder finder = getCompositeFinder();
    try{
      PasswordAnalysis analysis = new PasswordAnalysis(password);
      try {
        finder.analyze(analysis);
        finder.waitForAnalysis(analysis);
      } catch (Exception e) {
        throw new ServletException(e);
      }
      writeJSON(analysis, response.getWriter());
    } finally{
      password.clear();
      response.getWriter().flush();
    }
  }

  private void printUsage(HttpServletResponse response) {
    //todo
  }

  /**
   * @throws ServletException if a non-printable character is found
   */
  protected SecureString getPassword(BufferedReader reader, int length) throws IOException, ServletException {
    char[] chars = new char[length];
    int i;
    for(i=0; i<length; i++){
      char ch = (char) reader.read();
      if (Character.isISOControl(ch)){
        throw new ServletException("A non-printable character found in the supplied password.");
      } else {
        chars[i]=ch;
      }
    }
    if(i==0){
      throw new ServletException("No password found");
   
    SecureString password = new SecureString(chars, 0, i);
    Arrays.fill(chars, '0');
    return password;
  }
 
  /**
   * @throws ServletException if a non-printable character is found
   */
  protected SecureString getPassword(InputStream reader, int length) throws IOException, ServletException {
    char[] chars = new char[length];
    int i=0;
    while(reader.available()>0){
      char ch = (char)reader.read();
      if (Character.isISOControl(ch)){
        throw new ServletException("A non-printable character found in the supplied password.");
      } else {
        chars[i++]=ch;
      }
    }
    if(i==0){
      throw new ServletException("No password found");
   
    SecureString password = new SecureString(chars, 0, i);
    Arrays.fill(chars, '0');
    return password;
  }
 
  protected Collection<PatternFinder> buildFinders(ServletContext servletContext) throws ServletException {
    try {
      BuildFinders builder = new BuildFinders();
      return builder.build(servletContext);
    }
    catch (IOException e) {
      throw new ServletException("An error occurred building the pattern finders", e);
    }
  }
 
  private void writeJSON(PasswordAnalysis analysis, PrintWriter writer) throws IOException {
    jsonWriter.write(writer, analysis.calculateHighestProbablePatterns());
  }
 
  /**
   * Override this to change the finder, (such as to run in google app engine)
   * @return a composite finder that can run finders
   * @throws ServletException
   */
  protected CompositeFinder getCompositeFinder() throws ServletException {
    //subclasses may need to create this with each request - like for google app engine. 
    //so we lazy initialize this
    //http://www.cs.umd.edu/~pugh/java/memoryModel/DoubleCheckedLocking.html
    if (this.compositeFinder == null) {
      synchronized(this) {
        if (this.compositeFinder == null){
          this.compositeFinder = new ExecutorFinder(finders);
        }
      }
    }
   
    return this.compositeFinder;
  }
}
TOP

Related Classes of org.owasp.passfault.web.PassfaultServlet

  • org.owasp.passfault.CompositeFinder
  • org.owasp.passfault.finders.ExecutorFinder
  • org.owasp.passfault.PasswordAnalysis
  • org.owasp.passfault.SecureString
  • javax.servlet.ServletException
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.