/** * Generate a new {@link Password} object for the given specification. * * @param keySpec the specification * @return the password object * @throws InvalidKeySpecException if the key specification is not valid for this algorithm */ public Password generatePassword(KeySpec keySpec) throws InvalidKeySpecException { return spi.engineGeneratePassword(algorithm, keySpec); }
/** * Generate a key specification of the given type from the given password object. * * @param password the password object * @param specType the specification class * @param <T> the specification type * @return the key specification * @throws InvalidKeySpecException if the password cannot be translated to the given key specification type */ public <T extends KeySpec> T getKeySpec(Password password, Class<T> specType) throws InvalidKeySpecException { return spi.engineGetKeySpec(algorithm, password, specType); }
/** * Determine whether the given password can be translated into one which is consumable by this factory. If this * method returns {@code true}, then {@link #translate(Password)} will succeed. * * @param password the password object * @return {@code true} if the given password is supported by this algorithm, {@code false} otherwise */ public boolean isTranslatable(Password password) { return spi.engineIsTranslatablePassword(algorithm, password); }
/** * Encode the given {@link Password} to a byte array. * * @param password the password to encode * @param providers providers to use with the underlying {@link PasswordFactory} * @return a byte array representing the encoded password or null if no encoder was capable to encode the given password */ public static byte[] encode(Password password, Supplier<Provider[]> providers) throws NoSuchAlgorithmException, InvalidKeySpecException { PasswordFactory passwordFactory = PasswordFactory.getInstance(password.getAlgorithm(), providers); if (passwordFactory.convertibleToKeySpec(password, ClearPasswordSpec.class)) { return encodeClearPasswordSpec(passwordFactory.getKeySpec(password, ClearPasswordSpec.class)); } else if (passwordFactory.convertibleToKeySpec(password, DigestPasswordSpec.class)) { return encodeDigestPasswordSpec(passwordFactory.getKeySpec(password, DigestPasswordSpec.class)); } else if (passwordFactory.convertibleToKeySpec(password, SaltedHashPasswordSpec.class)) { return encodeSaltedHashPasswordSpec(passwordFactory.getKeySpec(password, SaltedHashPasswordSpec.class)); } else if (passwordFactory.convertibleToKeySpec(password, IteratedSaltedHashPasswordSpec.class)) { return encodeIteratedSaltedHashSpec(passwordFactory.getKeySpec(password, IteratedSaltedHashPasswordSpec.class)); } else if (passwordFactory.convertibleToKeySpec(password, HashPasswordSpec.class)) { return encodeHashPasswordSpec(passwordFactory.getKeySpec(password, HashPasswordSpec.class)); } return null; }
public boolean verify(final Supplier<Provider[]> providerSupplier, final Evidence evidence) { Assert.checkNotNullParam("providerSupplier", providerSupplier); Assert.checkNotNullParam("evidence", evidence); if (evidence instanceof PasswordGuessEvidence) try { final PasswordFactory factory = PasswordFactory.getInstance(password.getAlgorithm(), providerSupplier); return factory.verify(factory.translate(password), ((PasswordGuessEvidence) evidence).getGuess()); } catch (NoSuchAlgorithmException | InvalidKeyException ignored) { } return false; }
/** * Get a password factory instance. The returned password factory object will implement the given algorithm. * * @param algorithm the name of the algorithm * @return a password factory instance * @throws NoSuchAlgorithmException if the given algorithm has no available implementations */ public static PasswordFactory getInstance(String algorithm) throws NoSuchAlgorithmException { return getInstance(algorithm, INSTALLED_PROVIDERS); }
public String getAlgorithm() { return password.getAlgorithm(); }
/** * Cast this password type if the type and algorithm matches. * * @param passwordType the password type class to check * @param algorithmName the name of the algorithm or {@code null} if any algorithm is acceptable * @param <P> the password type * @return the password cast as the target type, or {@code null} if the password does not match the criteria */ default <P extends Password> P castAs(Class<P> passwordType, String algorithmName) { return castAndApply(passwordType, algorithmName, Function.identity()); }
/** * Get the password if it is of the given type; otherwise return {@code null}. * * @param type the password type class * @param <P> the password type * @return the password, or {@code null} if the password is not of the given type */ public <P extends Password> P getPassword(Class<P> type) { return getPassword().castAs(type); }
public boolean supportsParameters(final Class<? extends AlgorithmParameterSpec> paramSpecClass) { return paramSpecClass.isInstance(password.getParameterSpec()); }
/** * Translate the given password object to one which is consumable by this factory. * * @param password the password object * @return the equivalent password object that this factory can work with * @throws InvalidKeyException if the given password is not supported by this algorithm */ public Password translate(Password password) throws InvalidKeyException { return spi.engineTranslatePassword(algorithm, password); }
/** * Verify a password guess. * * @param password the password object * @param guess the guessed password characters * @return {@code true} if the guess matches the password, {@code false} otherwise * @throws InvalidKeyException if the given password is not supported by this factory */ public boolean verify(Password password, char[] guess) throws InvalidKeyException { return spi.engineVerify(algorithm, password, guess); }
/** * Determine whether the given password can be converted to the given key specification type by this factory. * * @param password the password object * @param specType the specification class * @param <T> the specification type * @return {@code true} if the password can be converted, {@code false} otherwise */ public <T extends KeySpec> boolean convertibleToKeySpec(Password password, Class<T> specType) { return spi.engineConvertibleToKeySpec(algorithm, password, specType); }
/** * Transform a password with new parameters. Not every transformation is allowed, but iterative password types * generally should allow increasing the number of iterations. * * @param password the password * @param parameterSpec the new parameters * @return the transformed password * @throws InvalidKeyException if the given password is invalid * @throws InvalidAlgorithmParameterException if the transformation cannot be applied to the given parameters */ public Password transform(Password password, AlgorithmParameterSpec parameterSpec) throws InvalidKeyException, InvalidAlgorithmParameterException { return spi.engineTransform(algorithm, password, parameterSpec); } }
public PasswordCredential clone() { final Password password = this.password; final Password clone = password.clone(); return clone == password ? this : new PasswordCredential(clone); }
public boolean impliesParameters(final AlgorithmParameterSpec parameterSpec) { Assert.checkNotNullParam("parameterSpec", parameterSpec); return password.impliesParameters(parameterSpec); }
private PasswordFactory getPasswordFactory(final String algorithm) { try { return PasswordFactory.getInstance(algorithm, providers); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException(e); } }
/** * Cast this password type if the type matches. * * @param passwordType the password type class to check * @param <P> the password type * @return the password cast as the target type, or {@code null} if the password does not match the criteria */ default <P extends Password> P castAs(Class<P> passwordType) { return castAndApply(passwordType, Function.identity()); }
public <P extends AlgorithmParameterSpec> P getParameters(final Class<P> paramSpecClass) { final AlgorithmParameterSpec parameterSpec = password.getParameterSpec(); return paramSpecClass.isInstance(parameterSpec) ? paramSpecClass.cast(parameterSpec) : null; }
/** * Set the provider to use to find the password factory. If this method is not called, the default is used. * * @param provider the provider to use (must not be {@code null}) * @return this builder */ public Builder setPasswordFactoryProvider(Provider provider) { checkNotNullParam("provider", provider); passwordFactoryFactory = () -> PasswordFactory.getInstance(ClearPassword.ALGORITHM_CLEAR, provider); return this; }