Class MessageDigestCredentialHandler

  • All Implemented Interfaces:
    CredentialHandler

    public class MessageDigestCredentialHandler
    extends DigestCredentialHandlerBase
    This credential handler supports the following forms of stored passwords:
    • encodedCredential - a hex encoded digest of the password digested using the configured digest
    • {MD5}encodedCredential - a Base64 encoded MD5 digest of the password
    • {SHA}encodedCredential - a Base64 encoded SHA1 digest of the password
    • {SSHA}encodedCredential - 20 byte Base64 encoded SHA1 digest followed by variable length salt.
       {SSHA}<sha-1 digest:20><salt:n>
       
    • salt$iterationCount$encodedCredential - a hex encoded salt, iteration code and a hex encoded credential, each separated by $

    If the stored password form does not include an iteration count then an iteration count of 1 is used.

    If the stored password form does not include salt then no salt is used.

    • Constructor Detail

      • MessageDigestCredentialHandler

        public MessageDigestCredentialHandler()
    • Method Detail

      • getEncoding

        public String getEncoding()
      • setEncoding

        public void setEncoding​(String encodingName)
      • matches

        public boolean matches​(String inputCredentials,
                               String storedCredentials)
        Description copied from interface: CredentialHandler
        Checks to see if the input credentials match the stored credentials
        Parameters:
        inputCredentials - User provided credentials
        storedCredentials - Credentials stored in the Realm
        Returns:
        true if the inputCredentials match the storedCredentials, otherwise false
      • mutate

        protected String mutate​(String inputCredentials,
                                byte[] salt,
                                int iterations)
        Description copied from class: DigestCredentialHandlerBase
        Generates the equivalent stored credentials for the given input credentials, salt and iterations. If the algorithm requires a key length, the default will be used.
        Specified by:
        mutate in class DigestCredentialHandlerBase
        Parameters:
        inputCredentials - User provided credentials
        salt - Salt, if any
        iterations - Number of iterations of the algorithm associated with this CredentialHandler applied to the inputCredentials to generate the equivalent stored credentials
        Returns:
        The equivalent stored credentials for the given input credentials or null if the generation fails