Package org.eclipse.hono.auth

Class MessageDigestPasswordEncoder

  • All Implemented Interfaces:
    org.springframework.security.crypto.password.PasswordEncoder
    public class MessageDigestPasswordEncoder
extends Object
implements org.springframework.security.crypto.password.PasswordEncoder
    A Hono specific PasswordEncoder that uses a MessageDigest to encode passwords.

    Passwords will be hashed using a random salt of 8 bytes.

    • Constructor Detail

      • MessageDigestPasswordEncoder

        public MessageDigestPasswordEncoder​(String hashFunction)
        Creates message digest password encoder with specified hash function.

        This constructor invokes MessageDigestPasswordEncoder(String, SecureRandom) with a newly created SecureRandom.

        Parameters:
        hashFunction - The hash function to use.
        Throws:
        IllegalArgumentException - if the JVM does not support the hash function.

      • MessageDigestPasswordEncoder

        public MessageDigestPasswordEncoder​(String hashFunction,
                                    SecureRandom rng)
        Creates message digest password encoder with specified hash function.
        Parameters:
        hashFunction - - hash function to be used
        rng - The random number generator to use for creating salt.
        Throws:
        IllegalArgumentException - if hash function is not valid
        NullPointerException - if any of the parameters are null

    • Method Detail

      • encode

        public String encode​(CharSequence rawPassword)
        Creates a hash for a clear text password.
        Specified by:
        encode in interface org.springframework.security.crypto.password.PasswordEncoder
        Parameters:
        rawPassword - The password to hash. A randomly generated salt will be used for hashing the password.
        Returns:
        The encoded password hash. The value will be of the form 
                  "{" Base64(salt) "}" passwordHash
        Where passwordHash is the Base64 encoding of the bytes resulting from applying the hash function to the byte array consisting of the salt bytes and the UTF-8 encoding of the clear text password.

      • matches

        public boolean matches​(CharSequence rawPassword,
                       String encodedPassword)
        Verifies that a clear text password matches a given encoded password hash.

        The password hash is expected to be of the form 

         "{" Base64(salt) "}" passwordHash
        Where passwordHash is the Base64 encoding of the bytes resulting from applying the hash function to the byte array consisting of the salt bytes and the UTF-8 encoding of the clear text password.
        Specified by:
        matches in interface org.springframework.security.crypto.password.PasswordEncoder
        Parameters:
        rawPassword - Password to verify in plain text
        encodedPassword - Encoded password on the record in {Base64(salt)}passwordHash format
        Returns:
        true if encoded password hash matches the one on record, false otherwise
        Throws:
        IllegalArgumentException - if the encodedPassword does not contain valid Base64 schema.