Class MessageDigestCredentialHandler

  • All Implemented Interfaces:

    public class MessageDigestCredentialHandler
    extends DigestCredentialHandlerBase
    This credential handler supports the following forms of stored passwords:
    • encodedCredential - a hex encoded digest of the password digested using the configured digest
    • {MD5}encodedCredential - a Base64 encoded MD5 digest of the password
    • {SHA}encodedCredential - a Base64 encoded SHA1 digest of the password
    • {SSHA}encodedCredential - 20 byte Base64 encoded SHA1 digest followed by variable length salt.
      {SSHA}<sha-1 digest:20><salt:n>
    • salt$iterationCount$encodedCredential - a hex encoded salt, iteration code and a hex encoded credential, each separated by $

    If the stored password form does not include an iteration count then an iteration count of 1 is used.

    If the stored password form does not include salt then no salt is used.

    • Constructor Detail

      • MessageDigestCredentialHandler

        public MessageDigestCredentialHandler()
    • Method Detail

      • getEncoding

        public String getEncoding()
      • setEncoding

        public void setEncoding​(String encodingName)
      • matches

        public boolean matches​(String inputCredentials,
                               String storedCredentials)
        Description copied from interface: CredentialHandler
        Checks to see if the input credentials match the stored credentials
        inputCredentials - User provided credentials
        storedCredentials - Credentials stored in the Realm
        true if the inputCredentials match the storedCredentials, otherwise false
      • mutate

        protected String mutate​(String inputCredentials,
                                byte[] salt,
                                int iterations)
        Description copied from class: DigestCredentialHandlerBase
        Generates the equivalent stored credentials for the given input credentials, salt and iterations. If the algorithm requires a key length, the default will be used.
        Specified by:
        mutate in class DigestCredentialHandlerBase
        inputCredentials - User provided credentials
        salt - Salt, if any
        iterations - Number of iterations of the algorithm associated with this CredentialHandler applied to the inputCredentials to generate the equivalent stored credentials
        The equivalent stored credentials for the given input credentials or null if the generation fails