org.dspace.eperson
Class PasswordHash

java.lang.Object
  org.dspace.eperson.PasswordHash

public class PasswordHash
extends Object

For handling digested secrets (such as passwords). Use PasswordHash(String, byte[], byte[]) to package and manipulate secrets that have already been hashed, and PasswordHash(String) for plaintext secrets. Compare a plaintext candidate to a hashed secret with matches(String).

Author:

mwood

Constructor Summary

PasswordHash(String password)
Construct a hash structure from a cleartext password using the configured digest algorithm.

PasswordHash(String algorithm, byte[] salt, byte[] hash)
Construct a hash structure from existing data, just for passing around.

PasswordHash(String algorithm, String salt, String hash)
Convenience: like PasswordHash(String, byte[], byte[]) but with hexadecimal-encoded Strings.

Method Summary

String	getAlgorithm() Get the value of algorithm
static String	getDefaultAlgorithm() The digest algorithm used if none is configured.
byte[]	getHash() Get the hash.
String	getHashString() Get the hash, as a String.
byte[]	getSalt() Get the salt.
String	getSaltString() Get the salt, as a String.
boolean	matches(String secret) Is this the string whose hash I hold?

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PasswordHash

public PasswordHash(String algorithm,
                    byte[] salt,
                    byte[] hash)

Construct a hash structure from existing data, just for passing around.

Parameters:

algorithm - the digest algorithm used in producing hash. If empty, set to null. Other methods will treat this as unsalted MD5. If you want salted multi-round MD5, specify "MD5".

salt - the salt hashed with the secret, or null.

hash - the hashed secret.

PasswordHash

public PasswordHash(String algorithm,
                    String salt,
                    String hash)
             throws org.apache.commons.codec.DecoderException

Convenience: like PasswordHash(String, byte[], byte[]) but with hexadecimal-encoded Strings.

Parameters:

algorithm - the digest algorithm used in producing hash. If empty, set to null. Other methods will treat this as unsalted MD5. If you want salted multi-round MD5, specify "MD5".

salt - hexadecimal digits encoding the bytes of the salt, or null.

hash - hexadecimal digits encoding the bytes of the hash.

Throws:

org.apache.commons.codec.DecoderException - if salt or hash is not proper hexadecimal.

PasswordHash

public PasswordHash(String password)

Construct a hash structure from a cleartext password using the configured digest algorithm.

Parameters:

password - the secret to be hashed.

Method Detail

matches

public boolean matches(String secret)

Is this the string whose hash I hold?

Parameters:

secret - string to be hashed and compared to this hash.

Returns:

true if secret hashes to the value held by this instance.

getHash

public byte[] getHash()

Get the hash.

Returns:

the value of hash

getHashString

public String getHashString()

Get the hash, as a String.

Returns:

hash encoded as hexadecimal digits, or null if none.

getSalt

public byte[] getSalt()

Get the salt.

Returns:

the value of salt

getSaltString

public String getSaltString()

Get the salt, as a String.

Returns:

salt encoded as hexadecimal digits, or null if none.

getAlgorithm

public String getAlgorithm()

Get the value of algorithm

Returns:

the value of algorithm

getDefaultAlgorithm

public static String getDefaultAlgorithm()

The digest algorithm used if none is configured.

Returns:

name of the default digest.