Package org.glassfish.security.common
Class SSHA
- java.lang.Object
-
- org.glassfish.security.common.SSHA
-
public class SSHA extends Object
Util class for salted SHA processing.Salted SHA (aka SSHA) is computed as follows:
result = {SSHA}BASE64(SHA(password,salt),salt)Methods are also provided to return partial results, such as SHA( password , salt) without Base64 encoding.
-
-
Field Summary
Fields Modifier and Type Field Description static String
defaultAlgo
-
Constructor Summary
Constructors Constructor Description SSHA()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static byte[]
compute(byte[] salt, byte[] password, String algo)
Compute a salted SHA hash.static byte[]
decode(String encoded, byte[] hashResult, String algo)
Decodes an encoded SSHA string.static String
encode(byte[] salt, byte[] hash, String algo)
Perform encoding of salt and computed hash.static boolean
verify(byte[] salt, byte[] hash, byte[] password, String algo)
Verifies a password.static boolean
verify(String encoded, byte[] password)
Verifies a password.
-
-
-
Field Detail
-
defaultAlgo
public static final String defaultAlgo
- See Also:
- Constant Field Values
-
-
Method Detail
-
compute
public static byte[] compute(byte[] salt, byte[] password, String algo) throws IllegalArgumentException
Compute a salted SHA hash.- Parameters:
salt
- Salt bytes.password
- Password bytes.- Returns:
- Byte array of length 20 bytes containing hash result.
- Throws:
IllegalArgumentException
- Thrown if there is an error.
-
encode
public static String encode(byte[] salt, byte[] hash, String algo)
Perform encoding of salt and computed hash.- Parameters:
salt
- Salt bytes.hash
- Result of prior compute() operation.- Returns:
- String Encoded string, as described in class documentation.
-
verify
public static boolean verify(String encoded, byte[] password) throws IllegalArgumentException
Verifies a password.The given password is verified against the provided encoded SSHA result string.
- Parameters:
encoded
- Encoded SSHA value (e.g. output of computeAndEncode())password
- Password bytes of the password to verify.- Throws:
IllegalArgumentException
- Thrown if there is an error.
-
verify
public static boolean verify(byte[] salt, byte[] hash, byte[] password, String algo) throws IllegalArgumentException
Verifies a password.The given password is verified against the provided salt and hash buffers.
- Parameters:
salt
- Salt bytes used in the hash result.hash
- Hash result to compare against.password
- Password bytes of the password to verify.- Throws:
IllegalArgumentException
- Thrown if there is an error.
-
decode
public static byte[] decode(String encoded, byte[] hashResult, String algo) throws IllegalArgumentException
Decodes an encoded SSHA string.- Parameters:
encoded
- Encoded SSHA value (e.g. output of computeAndEncode())hashResult
- A byte array which must contain 20 elements. Upon succesful return from method, it will be filled by the hash value decoded from the given SSHA string. Existing values are not used and will be overwritten.- Throws:
IllegalArgumentException
- Thrown if there is an error.
-
-