Class MessageDigestCredentialHandler

All Implemented Interfaces:

public class MessageDigestCredentialHandler extends DigestCredentialHandlerBase
This credential handler supports the following forms of stored passwords:
  • encodedCredential - a hex encoded digest of the password digested using the configured digest
  • {MD5}encodedCredential - a Base64 encoded MD5 digest of the password
  • {SHA}encodedCredential - a Base64 encoded SHA1 digest of the password
  • {SSHA}encodedCredential - 20 byte Base64 encoded SHA1 digest followed by variable length salt.
     {SSHA}<sha-1 digest:20><salt:n>
  • salt$iterationCount$encodedCredential - a hex encoded salt, iteration code and a hex encoded credential, each separated by $

If the stored password form does not include an iteration count then an iteration count of 1 is used.

If the stored password form does not include salt then no salt is used.

  • Field Details

  • Constructor Details

    • MessageDigestCredentialHandler

      public MessageDigestCredentialHandler()
  • Method Details

    • getEncoding

      public String getEncoding()
    • setEncoding

      public void setEncoding(String encodingName)
    • getAlgorithm

      public String getAlgorithm()
      Specified by:
      getAlgorithm in class DigestCredentialHandlerBase
      the algorithm used to convert input credentials to stored credentials.
    • setAlgorithm

      public void setAlgorithm(String algorithm) throws NoSuchAlgorithmException
      Description copied from class: DigestCredentialHandlerBase
      Set the algorithm used to convert input credentials to stored credentials.
      Specified by:
      setAlgorithm in class DigestCredentialHandlerBase
      algorithm - the algorithm
      NoSuchAlgorithmException - if the specified algorithm is not supported
    • matches

      public boolean matches(String inputCredentials, String storedCredentials)
      Description copied from interface: CredentialHandler
      Checks to see if the input credentials match the stored credentials
      inputCredentials - User provided credentials
      storedCredentials - Credentials stored in the Realm
      true if the inputCredentials match the storedCredentials, otherwise false
    • mutate

      protected String mutate(String inputCredentials, byte[] salt, int iterations)
      Description copied from class: DigestCredentialHandlerBase
      Generates the equivalent stored credentials for the given input credentials, salt and iterations. If the algorithm requires a key length, the default will be used.
      Specified by:
      mutate in class DigestCredentialHandlerBase
      inputCredentials - User provided credentials
      salt - Salt, if any
      iterations - Number of iterations of the algorithm associated with this CredentialHandler applied to the inputCredentials to generate the equivalent stored credentials
      The equivalent stored credentials for the given input credentials or null if the generation fails
    • getDefaultIterations

      protected int getDefaultIterations()
      Specified by:
      getDefaultIterations in class DigestCredentialHandlerBase
      the default number of iterations used by the CredentialHandler.
    • getLog

      protected Log getLog()
      Specified by:
      getLog in class DigestCredentialHandlerBase
      the logger for the CredentialHandler instance.