Fixes #9556 - Better prompt for input on Password (#9557)

* Fixes #9556 - Better prompt for input on Password * Allow blank username (results in no CRYPT output) * Error on blank password during input * Fixing PasswordTest.testCommandLineUsage * Changes from review Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2023-04-05 16:02:01 -05:00 · 2023-04-05 16:02:01 -05:00 · 3e42cbfd7b
parent 9ff24ea443
commit 3e42cbfd7b
2 changed files with 71 additions and 12 deletions
--- a/jetty-util/src/main/java/org/eclipse/jetty/util/security/Password.java
+++ b/jetty-util/src/main/java/org/eclipse/jetty/util/security/Password.java
@ -13,10 +13,14 @@

 package org.eclipse.jetty.util.security;

+import java.io.BufferedReader;
 import java.io.IOException;
+import java.io.InputStreamReader;
 import java.nio.charset.StandardCharsets;
 import java.util.Locale;

+import org.eclipse.jetty.util.StringUtil;
+
 /**
 * Password utility class.
 *
@ -230,21 +234,76 @@ public class Password extends Credential
        return new Password(passwd);
    }

-    public static void main(String[] arg)
+    public static void main(String[] args) throws IOException
    {
-        if (arg.length != 1 && arg.length != 2)
+        boolean promptArgs = false;
+        String argUser = null;
+        String argPassword = null;
+
+        for (String arg: args)
        {
-            System.err.println("Usage - java " + Password.class.getName() + " [<user>] <password>");
-            System.err.println("If the password is ?, the user will be prompted for the password");
+            if (arg.equals("--prompt"))
+            {
+                promptArgs = true;
+                // ignore any other args
+                break;
+            }
+
+            if (argUser == null)
+            {
+                argUser = arg;
+                promptArgs = true;
+            }
+            else
+            {
+                if (!arg.equals("?"))
+                    promptArgs = false;
+                argPassword = arg;
+            }
+        }
+
+        if (promptArgs)
+        {
+            System.out.print("Username");
+            if (StringUtil.isNotBlank(argUser))
+                System.out.printf("[%s]", argUser);
+            System.out.print(": ");
+
+            BufferedReader input = new BufferedReader(new InputStreamReader(System.in));
+            String inputUser = input.readLine();
+            if (StringUtil.isNotBlank(inputUser))
+                argUser = inputUser;
+
+            System.out.print("Password: ");
+            argPassword = input.readLine();
+            if (StringUtil.isBlank(argPassword))
+            {
+                System.err.println("ERROR: blank passwords not supported");
+                System.exit(1);
+            }
+        }
+        else if (StringUtil.isBlank(argUser))
+        {
+            System.err.printf("Usage - java %s [<username>] [<password>] --prompt%n", Password.class.getName());
+            System.err.printf("Argument options:%n");
+            System.err.printf("  %s%n", Password.class.getName());
+            System.err.printf("     No arguments, will show this help%n");
+            System.err.printf("  %s <username>%n", Password.class.getName());
+            System.err.printf("     username only, will prompt for arguments%n");
+            System.err.printf("  %s <username> ?%n", Password.class.getName());
+            System.err.printf("     username with question mark password, will prompt for arguments%n");
+            System.err.printf("  %s <username> <password>%n", Password.class.getName());
+            System.err.printf("     username with password, will produce obfuscation results%n");
+            System.err.printf("  %s --prompt%n", Password.class.getName());
+            System.err.printf("     will prompt for arguments%n");
            System.exit(1);
        }
-        String p = arg[arg.length == 1 ? 0 : 1];
-        Password pw = new Password(p);
-        System.err.println(pw.toString());
+
+        Password pw = new Password(argPassword);
        System.err.println(obfuscate(pw.toString()));
-        System.err.println(Credential.MD5.digest(p));
-        if (arg.length == 2)
-            System.err.println(Credential.Crypt.crypt(arg[0], pw.toString()));
+        System.err.println(Credential.MD5.digest(argPassword));
+        if (StringUtil.isNotBlank(argUser))
+            System.err.println(Credential.Crypt.crypt(argUser, pw.toString()));
        System.exit(0);
    }
 }
--- a/jetty-util/src/test/java/org/eclipse/jetty/util/security/PasswordTest.java
+++ b/jetty-util/src/test/java/org/eclipse/jetty/util/security/PasswordTest.java
@ -19,6 +19,7 @@ import java.io.InputStreamReader;
 import java.util.concurrent.TimeUnit;
 import java.util.stream.Collectors;

+import org.eclipse.jetty.toolchain.test.MavenPaths;
 import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
 import org.junit.jupiter.api.Test;

@ -62,7 +63,7 @@ public class PasswordTest
    public void testCommandLineUsage() throws IOException, InterruptedException
    {
        ProcessBuilder passwordBuilder = new ProcessBuilder()
-            .directory(MavenTestingUtils.getTargetDir())
+            .directory(MavenPaths.targetDir().toFile())
            .command("java",
                "-cp", MavenTestingUtils.getTargetPath("classes").toString(),
                Password.class.getName(),
@ -79,7 +80,6 @@ public class PasswordTest
                assertThat("Non-error exit code: " + output, exitCode, is(0));
                assertThat("Output", output, not(containsString("Exception")));
                assertThat("Output", output, allOf(
-                    containsString("password"),
                    containsString("OBF:"),
                    containsString("MD5:"),
                    containsString("CRYPT:")