org.wildfly.security.credential.PasswordCredential Maven / Gradle / Ivy
/*
* JBoss, Home of Professional Open Source.
* Copyright 2015 Red Hat, Inc., and individual contributors
* as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.wildfly.security.credential;
import static org.wildfly.security.provider.util.ProviderUtil.INSTALLED_PROVIDERS;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Objects;
import java.util.function.Supplier;
import org.wildfly.common.Assert;
import org.wildfly.security.evidence.Evidence;
import org.wildfly.security.evidence.PasswordGuessEvidence;
import org.wildfly.security.password.Password;
import org.wildfly.security.password.PasswordFactory;
/**
* A credential for password authentication.
*/
public final class PasswordCredential implements AlgorithmCredential {
private final Password password;
/**
* Construct a new instance.
*
* @param password the password (must not be {@code null})
*/
public PasswordCredential(final Password password) {
Assert.checkNotNullParam("password", password);
this.password = password;
}
/**
* Get the password.
*
* @return the password (not {@code null})
*/
public Password getPassword() {
return password;
}
/**
* Get the password if it is of the given type; otherwise return {@code null}.
*
* @param type the password type class
* @param the password type
* @return the password, or {@code null} if the password is not of the given type
*/
public
P getPassword(Class
type) {
return getPassword().castAs(type);
}
public String getAlgorithm() {
return password.getAlgorithm();
}
public boolean supportsParameters(final Class paramSpecClass) {
return paramSpecClass.isInstance(password.getParameterSpec());
}
public
P getParameters(final Class
paramSpecClass) {
final AlgorithmParameterSpec parameterSpec = password.getParameterSpec();
return paramSpecClass.isInstance(parameterSpec) ? paramSpecClass.cast(parameterSpec) : null;
}
public boolean impliesParameters(final AlgorithmParameterSpec parameterSpec) {
Assert.checkNotNullParam("parameterSpec", parameterSpec);
return password.impliesParameters(parameterSpec);
}
public boolean impliesSameParameters(final AlgorithmCredential other) {
Assert.checkNotNullParam("other", other);
return Objects.equals(password.getParameterSpec(), other.getParameters());
}
public boolean canVerify(final Class evidenceClass, final String algorithmName) {
return canVerifyEvidence(evidenceClass, algorithmName);
}
/**
* Determine whether this credential type can, generally speaking, verify the given evidence type.
*
* @param evidenceClass the evidence type (must not be {@code null})
* @param algorithmName the evidence algorithm name (may be {@code null} if the type of evidence does not support
* algorithm names)
*
* @return {@code true} if the evidence can be verified by this credential, {@code false} otherwise
*/
public static boolean canVerifyEvidence(final Class evidenceClass, final String algorithmName) {
Assert.checkNotNullParam("evidenceClass", evidenceClass);
return evidenceClass == PasswordGuessEvidence.class && algorithmName == null;
}
public boolean verify(final Supplier providerSupplier, final Evidence evidence) {
return verify(providerSupplier, evidence, StandardCharsets.UTF_8);
}
/**
* Verify the given evidence.
*
* @param providerSupplier the provider supplier to use for verification purposes (must not be {@code null})
* @param evidence the evidence to verify (must not be {@code null})
* @param hashCharset the character set to use when converting the password string to a byte array (must not be {@code null})
*
* @return {@code true} if the evidence is verified, {@code false} otherwise
*/
public boolean verify(final Supplier providerSupplier, final Evidence evidence, Charset hashCharset) {
Assert.checkNotNullParam("providerSupplier", providerSupplier);
Assert.checkNotNullParam("evidence", evidence);
Assert.checkNotNullParam("hashCharset", hashCharset);
if (evidence instanceof PasswordGuessEvidence) try {
final PasswordFactory factory = PasswordFactory.getInstance(password.getAlgorithm(), providerSupplier);
return factory.verify(factory.translate(password), ((PasswordGuessEvidence) evidence).getGuess(), hashCharset);
} catch (NoSuchAlgorithmException | InvalidKeyException ignored) {
}
return false;
}
/**
* Verify the given evidence.
*
* @param evidence the evidence to verify (must not be {@code null})
* @param hashCharset the character set to use when converting the password string to a byte array (must not be {@code null})
*
* @return {@code true} if the evidence is verified, {@code false} otherwise
*/
public boolean verify(final Evidence evidence, Charset hashCharset) {
return verify(INSTALLED_PROVIDERS, evidence, hashCharset);
}
public PasswordCredential clone() {
final Password password = this.password;
final Password clone = password.clone();
return clone == password ? this : new PasswordCredential(clone);
}
public int hashCode() {
return password.hashCode();
}
public boolean equals(final Object obj) {
return obj instanceof PasswordCredential && password.equals(((PasswordCredential) obj).password);
}
}