Class SecretKeyCredentialHandler

java.lang.Object
org.apache.catalina.realm.DigestCredentialHandlerBase
org.apache.catalina.realm.SecretKeyCredentialHandler
All Implemented Interfaces:
CredentialHandler
public class SecretKeyCredentialHandler extends DigestCredentialHandlerBase
A credential handler that uses a SecretKeyFactory (PBE) to hash credentials.

  • Field Details

    • DEFAULT_ALGORITHM

      public static final String DEFAULT_ALGORITHM
      The default algorithm used for key derivation.
      See Also:

    • DEFAULT_KEY_LENGTH

      public static final int DEFAULT_KEY_LENGTH
      The default derived key length in bits.
      See Also:

    • DEFAULT_ITERATIONS

      public static final int DEFAULT_ITERATIONS
      The default number of iterations for key derivation.
      See Also:

  • Constructor Details

  • Method Details

    • getAlgorithm

      public String getAlgorithm()
      Description copied from class: DigestCredentialHandlerBase
      Get the algorithm used to convert input credentials to stored credentials.
      Specified by:
      getAlgorithm in class DigestCredentialHandlerBase
      Returns:
      the algorithm used to convert input credentials to stored credentials.

    • setAlgorithm

      public void setAlgorithm(String algorithm) throws NoSuchAlgorithmException
      Description copied from class: DigestCredentialHandlerBase
      Set the algorithm used to convert input credentials to stored credentials.
      Specified by:
      setAlgorithm in class DigestCredentialHandlerBase
      Parameters:
      algorithm - the algorithm
      Throws:
      NoSuchAlgorithmException - if the specified algorithm is not supported

    • getKeyLength

      public int getKeyLength()
      Returns the key length.
      Returns:
      the key length

    • setKeyLength

      public void setKeyLength(int keyLength)
      Sets the key length.
      Parameters:
      keyLength - the key length

    • matches

      public boolean matches(String inputCredentials, String storedCredentials)
      Description copied from interface: CredentialHandler
      Checks to see if the input credentials match the stored credentials
      Parameters:
      inputCredentials - User provided credentials
      storedCredentials - Credentials stored in the Realm
      Returns:
      true if the inputCredentials match the storedCredentials, otherwise false

    • mutate

      protected String mutate(String inputCredentials, byte[] salt, int iterations)
      Description copied from class: DigestCredentialHandlerBase
      Generates the equivalent stored credentials for the given input credentials, salt and iterations. If the algorithm requires a key length, the default will be used.
      Specified by:
      mutate in class DigestCredentialHandlerBase
      Parameters:
      inputCredentials - User provided credentials
      salt - Salt, if any
      iterations - Number of iterations of the algorithm associated with this CredentialHandler applied to the inputCredentials to generate the equivalent stored credentials
      Returns:
      The equivalent stored credentials for the given input credentials or null if the generation fails

    • mutate

      protected String mutate(String inputCredentials, byte[] salt, int iterations, int keyLength)
      Description copied from class: DigestCredentialHandlerBase
      Generates the equivalent stored credentials for the given input credentials, salt, iterations and key length. The default implementation calls ignores the key length and calls DigestCredentialHandlerBase.mutate(String, byte[], int). Subclasses that use the key length should override this method.
      Overrides:
      mutate in class DigestCredentialHandlerBase
      Parameters:
      inputCredentials - User provided credentials
      salt - Salt, if any
      iterations - Number of iterations of the algorithm associated with this CredentialHandler applied to the inputCredentials to generate the equivalent stored credentials
      keyLength - Length of the produced digest in bits for implementations where it's applicable
      Returns:
      The equivalent stored credentials for the given input credentials or null if the generation fails

    • getDefaultIterations

      protected int getDefaultIterations()
      Description copied from class: DigestCredentialHandlerBase
      Get the default number of iterations used by the CredentialHandler.
      Specified by:
      getDefaultIterations in class DigestCredentialHandlerBase
      Returns:
      the default number of iterations used by the CredentialHandler.

    • getLog

      protected Log getLog()
      Description copied from class: DigestCredentialHandlerBase
      Get the logger for the CredentialHandler instance.
      Specified by:
      getLog in class DigestCredentialHandlerBase
      Returns:
      the logger for the CredentialHandler instance.