public class PasswordUtil extends Object
Modifier and Type | Field and Description |
---|---|
static int |
MD5_LENGTH
The MD5 hash length
|
static int |
PKCS5S2_LENGTH
The PKCS5S2 hash length
|
static int |
SHA1_LENGTH
The SHA1 hash length
|
static int |
SHA256_LENGTH
The SHA256 hash length
|
static int |
SHA384_LENGTH
The SHA384 hash length
|
static int |
SHA512_LENGTH
The SHA512 hash length
|
Constructor and Description |
---|
PasswordUtil() |
Modifier and Type | Method and Description |
---|---|
static boolean |
compareCredentials(byte[] receivedCredentials,
byte[] storedCredentials)
Compare the credentials.
|
static byte[] |
createStoragePassword(byte[] credentials,
LdapSecurityConstants algorithm)
create a hashed password in a format that can be stored in the server.
|
static byte[] |
createStoragePassword(String credentials,
LdapSecurityConstants algorithm) |
static byte[] |
encryptPassword(byte[] credentials,
LdapSecurityConstants algorithm,
byte[] salt)
encrypts the given credentials based on the algorithm name and optional salt
|
static LdapSecurityConstants |
findAlgorithm(byte[] credentials)
Get the algorithm from the stored password.
|
static boolean |
isPwdExpired(String pwdChangedZtime,
int pwdMaxAgeSec)
checks if the given password's change time is older than the max age
|
static byte[] |
splitCredentials(byte[] credentials,
EncryptionMethod encryptionMethod)
Decompose the stored password in an algorithm, an eventual salt
and the password itself.
|
public static final int SHA1_LENGTH
public static final int SHA256_LENGTH
public static final int SHA384_LENGTH
public static final int SHA512_LENGTH
public static final int MD5_LENGTH
public static final int PKCS5S2_LENGTH
public PasswordUtil()
public static LdapSecurityConstants findAlgorithm(byte[] credentials)
credentials
- the credentials of the userpublic static byte[] createStoragePassword(String credentials, LdapSecurityConstants algorithm)
public static byte[] createStoragePassword(byte[] credentials, LdapSecurityConstants algorithm)
credentials
- the plain text passwordalgorithm
- the hashing algorithm to be appliedpublic static boolean compareCredentials(byte[] receivedCredentials, byte[] storedCredentials)
If we get an encrypted password, it is prefixed by the used algorithm, between brackets : {SSHA}password ...
If the password is using SSHA, SMD5 or crypt, some 'salt' is added to the password :For (S)SHA, SHA-256 and (S)MD5, we have to transform the password from Base64 encoded text to a byte[] before comparing the password with the stored one.
For PKCS5S2 the salt is stored in the beginning of the password
For crypt, we only have to remove the salt.
At the end, we use the digest() method for (S)SHA and (S)MD5, the crypt() method for the CRYPT algorithm and a straight comparison for PLAIN TEXT passwords.
The stored password is always using the unsalted form, and is stored as a bytes array.
receivedCredentials
- the credentials provided by userstoredCredentials
- the credentials stored in the serverpublic static byte[] encryptPassword(byte[] credentials, LdapSecurityConstants algorithm, byte[] salt)
credentials
- the credentials to be encryptedalgorithm
- the algorithm to be used for encrypting the credentialssalt
- value to be used as salt (optional)public static byte[] splitCredentials(byte[] credentials, EncryptionMethod encryptionMethod)
encryptionMethod
- The structure to feedcredentials
- the credentials to splitpublic static boolean isPwdExpired(String pwdChangedZtime, int pwdMaxAgeSec)
pwdChangedZtime
- time when the password was last changedpwdMaxAgeSec
- the max age value in secondsCopyright © 2003–2015 The Apache Software Foundation. All rights reserved.