Package org.eclipse.hono.auth
Class SpringBasedHonoPasswordEncoder
- java.lang.Object
-
- org.eclipse.hono.auth.SpringBasedHonoPasswordEncoder
-
- All Implemented Interfaces:
HonoPasswordEncoder
public class SpringBasedHonoPasswordEncoder extends Object implements HonoPasswordEncoder
A Spring Security based password encoder.The encoder supports matching of password hashes that have been created using one of the following hash functions:
- sha-256
- sha-512
- bcrypt using the 2a salt format
The encoder uses BCrypt for encoding passwords with a reasonable number of iterations.
-
-
Field Summary
Fields Modifier and Type Field Description static int
DEFAULT_BCRYPT_STRENGTH
The default Bcrypt strength setting.
-
Constructor Summary
Constructors Constructor Description SpringBasedHonoPasswordEncoder()
Creates a new encoder.SpringBasedHonoPasswordEncoder(int bcryptStrength)
Creates a new encoder.SpringBasedHonoPasswordEncoder(SecureRandom rng, int bcryptStrength)
Creates a new encoder for a random number generator.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description io.vertx.core.json.JsonObject
encode(String rawPassword)
Computes a hash for a raw password.boolean
matches(String rawPassword, io.vertx.core.json.JsonObject credentialsOnRecord)
Matches a given password against credentials on record.
-
-
-
Field Detail
-
DEFAULT_BCRYPT_STRENGTH
public static final int DEFAULT_BCRYPT_STRENGTH
The default Bcrypt strength setting.- See Also:
- Constant Field Values
-
-
Constructor Detail
-
SpringBasedHonoPasswordEncoder
public SpringBasedHonoPasswordEncoder()
Creates a new encoder.This constructor will create a new
SecureRandom
as follows:- try to create a SecureRandom using algorithm NativePRNGNonBlocking
- if that fails, create a default SecureRandom, i.e. without specifying an algorithm
SpringBasedHonoPasswordEncoder(SecureRandom, int)
.- See Also:
- "https://tersesystems.com/blog/2015/12/17/the-right-way-to-use-securerandom/", "https://hackernoon.com/hack-how-to-use-securerandom-with-kubernetes-and-docker-a375945a7b21"
-
SpringBasedHonoPasswordEncoder
public SpringBasedHonoPasswordEncoder(int bcryptStrength)
Creates a new encoder.This constructor will create a new
SecureRandom
as follows:- try to create a SecureRandom using algorithm NativePRNGNonBlocking
- if that fails, create a default SecureRandom, i.e. without specifying an algorithm
SpringBasedHonoPasswordEncoder(SecureRandom, int)
.- Parameters:
bcryptStrength
- The strength to use for creating BCrypt hashes. Value must be >= 4 and <= 31. Note that a higher value will increase the time it takes to compute a hash. A value around 10 is considered a good compromise between security and computation time.- See Also:
- "https://tersesystems.com/blog/2015/12/17/the-right-way-to-use-securerandom/", "https://hackernoon.com/hack-how-to-use-securerandom-with-kubernetes-and-docker-a375945a7b21"
-
SpringBasedHonoPasswordEncoder
public SpringBasedHonoPasswordEncoder(SecureRandom rng, int bcryptStrength)
Creates a new encoder for a random number generator.- Parameters:
rng
- The random number generator to use.bcryptStrength
- The strength to use for creating BCrypt hashes. Value must be >= 4 and <= 31. Note that a higher value will increase the time it takes to compute a hash. A value around 10 is considered a good compromise between security and computation time.- Throws:
NullPointerException
- if the RNG isnull
.IllegalArgumentException
- if BCrypt strength is < 4 or > 31.
-
-
Method Detail
-
encode
public io.vertx.core.json.JsonObject encode(String rawPassword)
Description copied from interface:HonoPasswordEncoder
Computes a hash for a raw password.- Specified by:
encode
in interfaceHonoPasswordEncoder
- Parameters:
rawPassword
- The clear text password to encode.- Returns:
- A secret as defined by Hono's hashed-password credentials type. The secret contains the name of the hash function, (optional) salt and the password hash.
-
matches
public boolean matches(String rawPassword, io.vertx.core.json.JsonObject credentialsOnRecord)
Description copied from interface:HonoPasswordEncoder
Matches a given password against credentials on record.- Specified by:
matches
in interfaceHonoPasswordEncoder
- Parameters:
rawPassword
- The clear text password to match.credentialsOnRecord
- The hashed-password secret to match against.- Returns:
true
if the password matches.
-
-