Module one.jpro.platform.auth.core

Package one.jpro.platform.auth.core.crypto.bcrypt

Class BCryptPasswordEncoder

java.lang.Object

one.jpro.platform.auth.core.crypto.bcrypt.BCryptPasswordEncoder

All Implemented Interfaces:

PasswordEncoder

public class BCryptPasswordEncoder
extends Object
implements PasswordEncoder

Implementation of PasswordEncoder that uses the BCrypt strong hashing function. Clients can optionally supply a "version" ($2a, $2b, $2y) and a "strength" (a.k.a. log rounds in BCrypt) and a SecureRandom instance. The larger the strength parameter the more work will have to be done (exponentially) to hash the passwords. The default value is 10.

See Also:

• Spring Security BCryptPasswordEncoder implementation

Constructor Summary

Constructors

Constructor	Description
BCryptPasswordEncoder()	Default constructor which uses a default strength.
BCryptPasswordEncoder(int strength)	Constructor with strength.
BCryptPasswordEncoder(int strength, SecureRandom random)	Constructor with strength and a SecureRandom instance.
BCryptPasswordEncoder(BCrypt.Version version)	Constructor with a specific version of BCrypt.
BCryptPasswordEncoder(BCrypt.Version version, int strength)	Constructor with a specific version of BCrypt and strength.
BCryptPasswordEncoder(BCrypt.Version version, int strength, SecureRandom random)	Constructor with a specific version of BCrypt, strength, and a SecureRandom instance.
BCryptPasswordEncoder(BCrypt.Version version, SecureRandom random)	Constructor with a specific version of BCrypt and a SecureRandom instance.

Method Summary

Modifier and Type	Method	Description
String	encode(CharSequence rawPassword)	Encode the raw password.
boolean	matches(CharSequence rawPassword, String encodedPassword)	Verify the encoded password obtained from storage matches the submitted raw password after it too is encoded.
boolean	upgradeEncoding(String encodedPassword)	Returns true if the encoded password should be encoded again for better security, else false.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

BCryptPasswordEncoder

public BCryptPasswordEncoder()

Default constructor which uses a default strength.

BCryptPasswordEncoder

public BCryptPasswordEncoder(int strength)

Constructor with strength. It sets the log rounds for hashing.

Parameters:

strength - the log rounds to use, between 4 and 31

BCryptPasswordEncoder

public BCryptPasswordEncoder(BCrypt.Version version)

Constructor with a specific version of BCrypt.

Parameters:

version - the version of bcrypt, can be 2a, 2b, 2y

BCryptPasswordEncoder

public BCryptPasswordEncoder(BCrypt.Version version,
 SecureRandom random)

Constructor with a specific version of BCrypt and a SecureRandom instance.

Parameters:

version - the version of bcrypt, can be 2a, 2b, 2y

random - the secure random instance to use

BCryptPasswordEncoder

public BCryptPasswordEncoder(int strength,
 SecureRandom random)

Constructor with strength and a SecureRandom instance.

Parameters:

strength - the log rounds to use, between 4 and 31

random - the secure random instance to use

BCryptPasswordEncoder

public BCryptPasswordEncoder(BCrypt.Version version,
 int strength)

Constructor with a specific version of BCrypt and strength.

Parameters:

version - the version of bcrypt, can be 2a, 2b, 2y

strength - the log rounds to use, between 4 and 31

BCryptPasswordEncoder

public BCryptPasswordEncoder(BCrypt.Version version,
 int strength,
 SecureRandom random)

Constructor with a specific version of BCrypt, strength, and a SecureRandom instance.

Parameters:

version - the version of bcrypt, can be 2a, 2b, 2y

strength - the log rounds to use, between 4 and 31

random - the secure random instance to use

Method Details

encode

public String encode(CharSequence rawPassword)

Description copied from interface: PasswordEncoder

Encode the raw password. Generally, a good encoding algorithm applies an SHA-1 or greater hash combined with an 8-byte or greater randomly generated salt.

Specified by:

encode in interface PasswordEncoder

Parameters:

rawPassword - the raw password to encode

Returns:

encoded password string

matches

public boolean matches(CharSequence rawPassword,
 String encodedPassword)

Description copied from interface: PasswordEncoder

Verify the encoded password obtained from storage matches the submitted raw password after it too is encoded. Returns true if the passwords match, false if they do not. The stored password itself is never decoded.

Specified by:

matches in interface PasswordEncoder

Parameters:

rawPassword - the raw password to encode and match

encodedPassword - the encoded password from storage to compare with

Returns:

true if the raw password, after encoding, matches the encoded password from storage

upgradeEncoding

public boolean upgradeEncoding(String encodedPassword)

Description copied from interface: PasswordEncoder

Returns true if the encoded password should be encoded again for better security, else false. The default implementation always returns false.

Specified by:

upgradeEncoding in interface PasswordEncoder

Parameters:

encodedPassword - the encoded password to check

Returns:

true if the encoded password should be encoded again for better security, else false.