Copyright | (c) 2009, 2010, 2012 - 2014 Peter Trško |
---|---|
License | BSD3 |
Maintainer | Peter Trško <peter.trsko@gmail.com> |
Stability | Provisional |
Portability | non-portable (NoImplicitPrelude, depends on non-portable internal module) |
Safe Haskell | None |
Language | Haskell98 |
ApacheMD5 is one of the hash algorithms used by Apache HTTP server for basic authentication. It is Apache specific, but e.g. nginx supports this algorithm since version 1.0.3 http://wiki.nginx.org/HttpAuthBasicModule#auth_basic_user_file.
This is a naive implementation that doesn't aim for high speed, but to be
reasonably fast it uses MD5()
function from OpenSSL library so during
compilation you'll nead to have it installed including header files.
Many Linux distributions have separate dev packages for this.
- apacheMD5 :: Password -> Salt -> ByteString
- type Password = ByteString
- data Salt
- mkSalt :: ByteString -> Maybe Salt
- unSalt :: Salt -> ByteString
Htpasswd
Apache comes with utility named htpasswd
that allows to create,
delete and update flat files normally named .htpasswd
that store pairs
of usernames and passwords. While both this utility and Apache support
more algorithms most of them rely on UNIX crypt()
function. ApacheMD5
is not one of them and therefore it is suitable for cross-platform
usage. See also htpasswd
documentation on
http://httpd.apache.org/docs/current/programs/htpasswd.html.
Example: Creating htpasswd-like entry
Output of apacheMD5
function is not identical to what htpasswd
does. To create htpasswd
-like entry one needs to do:
import Data.ByteString (ByteString) import qualified Data.ByteString.Char8 as C8 (concat, pack, singleton) import Data.Digest.ApacheMD5 (Salt, apacheMD5, unSalt) htpasswdEntry :: ByteString -> ByteString -> Salt -> ByteString htpasswdEntry username password salt = C8.concat [ username , C8.pack ":$apr1$" , unSalt salt , C8.singleton '$' , apacheMD5 password salt ]
API Documentation
:: Password | |
-> Salt | |
-> ByteString | Apache MD5 Hash |
Taking password and salt this function produces resulting ApacheMD5 hash which is already base 64 encoded.
type Password = ByteString Source
Type alias for more readable type signatures.
Apache MD5 hash salt. When constructing .htpasswd
file it is necessary
for the salt to be consisting of octets from alpha64
"set". This newtype
along with mkSalt
smart constructor are here to ensure such invariant.
mkSalt :: ByteString -> Maybe Salt Source
Smart constructor for Salt
. It tests that provided ByteString
is not
empty and that all its octets are members of alphabet used for base 64
encoding alpha64
and it uses
isAlpha64
predicate to do so.
unSalt :: Salt -> ByteString Source
Unpack Salt
in to ByteString
.