Class RFC2307SSHAPasswordEncryptor

  • All Implemented Interfaces:
    PasswordEncryptor

    public final class RFC2307SSHAPasswordEncryptor
    extends Object
    implements PasswordEncryptor

    Utility class for easily performing password digesting and checking according to {SSHA}, a password encryption scheme defined in RFC2307 and commonly found in LDAP systems.

    This class internally holds a StandardStringDigester configured this way:

    • Algorithm: SHA-1.
    • Salt size: 8 bytes (configurable with setSaltSizeBytes(int)).
    • Iterations: 1 (no hash iteration).
    • Prefix: {SSHA}.
    • Invert position of salt in message before digesting: true.
    • Invert position of plain salt in encryption results: true.
    • Use lenient salt size check: true.
    • .

    This class is thread-safe

    Since:
    1.7
    Author:
    Daniel Fernández
    • Constructor Summary

      Constructors 
      Constructor Description
      RFC2307SSHAPasswordEncryptor()
      Creates a new instance of RFC2307OpenLDAPSSHAPasswordEncryptor
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      boolean checkPassword​(String plainPassword, String encryptedPassword)
      Checks an unencrypted (plain) password against an encrypted one (a digest) to see if they match.
      String encryptPassword​(String password)
      Encrypts (digests) a password.
      void setSaltSizeBytes​(int saltSizeBytes)
      Sets the size (in bytes) of the salt to be used.
      void setStringOutputType​(String stringOutputType)
      Sets the the form in which String output will be encoded.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • RFC2307SSHAPasswordEncryptor

        public RFC2307SSHAPasswordEncryptor()
        Creates a new instance of RFC2307OpenLDAPSSHAPasswordEncryptor
    • Method Detail

      • setSaltSizeBytes

        public void setSaltSizeBytes​(int saltSizeBytes)

        Sets the size (in bytes) of the salt to be used.

        Default is 8.

        Parameters:
        saltSizeBytes - the salt size in bytes
      • setStringOutputType

        public void setStringOutputType​(String stringOutputType)

        Sets the the form in which String output will be encoded. Available encoding types are:

        • base64 (default)
        • hexadecimal
        Parameters:
        stringOutputType - the string output type.
      • checkPassword

        public boolean checkPassword​(String plainPassword,
                                     String encryptedPassword)

        Checks an unencrypted (plain) password against an encrypted one (a digest) to see if they match.

        This password encryptor expects encrypted passwords being matched to include the "{SSHA}" prefix, and will fail if not.

        Specified by:
        checkPassword in interface PasswordEncryptor
        Parameters:
        plainPassword - the plain password to check.
        encryptedPassword - the digest against which to check the password.
        Returns:
        true if passwords match, false if not.
        See Also:
        StandardStringDigester.matches(String, String)