Class: Apr1Md5

Inherits:
Object show all
Defined in:
puppet/modules/wmflib/lib/puppet/parser/functions/htpasswd.rb

Overview

This class is a conversion to puppet of htauth's methods See github.com/copiousfreetime/htauth/blob/master/LICENSE for copying rights Original code Copyright © 2008 Jeremy Hinegardner Modifications Copyright © 2017 Giuseppe Lavagetto, Wikimedia Foundation, Inc.

Constant Summary collapse

DIGEST_LENGTH = 
16
SALT_CHARS =

from github.com/copiousfreetime/htauth/blob/master/lib/htauth/algorithm.rb this is not the Base64 encoding, this is the to64() method from apr

(%w( . / ) + ("0".."9").to_a + ('A'..'Z').to_a + ('a'..'z').to_a).freeze

Instance Method Summary collapse

Constructor Details

#initialize(salt) ⇒ Apr1Md5

Returns a new instance of Apr1Md5.



17
18
19
 
# File 'puppet/modules/wmflib/lib/puppet/parser/functions/htpasswd.rb', line 17

def initialize(salt)
  @salt = salt
end

Instance Method Details

#encode(password) ⇒ Object

this algorithm pulled straight from apr_md5_encode() and converted to ruby syntax



38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
 
# File 'puppet/modules/wmflib/lib/puppet/parser/functions/htpasswd.rb', line 38

def encode(password)
  primary = ::Digest::MD5.new
  primary << password
  primary << prefix
  primary << @salt

  md5_t = ::Digest::MD5.digest("#{password}#{@salt}#{password}")

  l = password.length
  while l > 0
    slice_size = (l > DIGEST_LENGTH) ? DIGEST_LENGTH : l
    primary << md5_t[0, slice_size]
    l -= DIGEST_LENGTH
  end

  # weirdness
  l = password.length
  while l != 0
    case (l & 1)
    when 1
      primary << 0.chr
    when 0
      primary << password[0, 1]
    end
    l >>= 1
  end

  pd = primary.digest

  encoded_password = "#{prefix}#{@salt}$"

  # apr_md5_encode has this comment about a 60Mhz Pentium above this loop.
  1000.times do |x|
    ctx = ::Digest::MD5.new
    ctx << (((x & 1) == 1) ? password : pd[0, DIGEST_LENGTH])
    (ctx << @salt) unless (x % 3).zero?
    (ctx << password) unless (x % 7).zero?
    ctx << (((x & 1).zero?) ? password : pd[0, DIGEST_LENGTH])
    pd = ctx.digest
  end

  pd = pd.bytes.to_a

  l = (pd[0] << 16) | (pd[6] << 8) | pd[12]
  encoded_password << to_64(l, 4)

  l = (pd[1] << 16) | (pd[7] << 8) | pd[13]
  encoded_password << to_64(l, 4)

  l = (pd[2] << 16) | (pd[8] << 8) | pd[14]
  encoded_password << to_64(l, 4)

  l = (pd[3] << 16) | (pd[9] << 8) | pd[15]
  encoded_password << to_64(l, 4)

  l = (pd[4] << 16) | (pd[10] << 8) | pd[ 5]
  encoded_password << to_64(l, 4)
  encoded_password << to_64(pd[11], 2)

  encoded_password
end

#prefixObject 



21
22
23
 
# File 'puppet/modules/wmflib/lib/puppet/parser/functions/htpasswd.rb', line 21

def prefix
  "$apr1$"
end

#to_64(number, rounds) ⇒ Object 



28
29
30
31
32
33
34
35
 
# File 'puppet/modules/wmflib/lib/puppet/parser/functions/htpasswd.rb', line 28

def to_64(number, rounds)
  r = StringIO.new
  rounds.times do
    r.print(SALT_CHARS[number % 64])
    number >>= 6
  end
  r.string
end