Class ConfigurablePasswordEncryptor
- java.lang.Object
-
- org.jasypt.util.password.ConfigurablePasswordEncryptor
-
- All Implemented Interfaces:
PasswordEncryptor
public final class ConfigurablePasswordEncryptor extends java.lang.Object implements PasswordEncryptor
Utility class for easily performing password digesting and checking.
This class internally holds a
StandardStringDigester
which can be configured by the user by optionally choosing the algorithm to be used, the output format (BASE64 or hexadecimal) the mechanism of encryption (plain digests vs. use of random salt and iteration count (default)) and even use aDigesterConfig
object for more advanced configuration.The results obtained when encoding with this class are encoded in BASE64 form.
The required steps to use it are:
- Create an instance (using new).
- Configure if needed with the setX() methods.
- Perform the desired
encryptPassword(String)
orcheckPassword(String, String)
operations.
This class is thread-safe
- Since:
- 1.2
-
-
Field Summary
Fields Modifier and Type Field Description private StandardStringDigester
digester
-
Constructor Summary
Constructors Constructor Description ConfigurablePasswordEncryptor()
Creates a new instance of ConfigurablePasswordEncryptor
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
checkPassword(java.lang.String plainPassword, java.lang.String encryptedPassword)
Checks an unencrypted (plain) password against an encrypted one (a digest) to see if they match.java.lang.String
encryptPassword(java.lang.String password)
Encrypts (digests) a password.void
setAlgorithm(java.lang.String algorithm)
Sets the algorithm to be used for digesting, like MD5 or SHA-1.void
setConfig(DigesterConfig config)
Lets the user configure this encryptor with aDigesterConfig
object, like if he/she were using aStandardStringDigester
object directly.void
setPlainDigest(boolean plainDigest)
Lets the user specify if he/she wants a plain digest used as an encryption mechanism (no salt or iterations, as withMessageDigest
), or rather use the jasypt's usual stronger mechanism for password encryption (based on the use of a salt and the iteration of the hash function).void
setProvider(java.security.Provider provider)
Sets the security provider to be asked for the digest algorithm.void
setProviderName(java.lang.String providerName)
Sets the name of the security provider to be asked for the digest algorithm.void
setStringOutputType(java.lang.String stringOutputType)
Sets the the form in which String output will be encoded.
-
-
-
Field Detail
-
digester
private final StandardStringDigester digester
-
-
Method Detail
-
setConfig
public void setConfig(DigesterConfig config)
Lets the user configure this encryptor with aDigesterConfig
object, like if he/she were using aStandardStringDigester
object directly.- Parameters:
config
- the DigesterConfig object to be set for configuration.- See Also:
StandardStringDigester.setConfig(DigesterConfig)
-
setAlgorithm
public void setAlgorithm(java.lang.String algorithm)
Sets the algorithm to be used for digesting, like MD5 or SHA-1.
This algorithm has to be supported by your security infrastructure, and it should be allowed as an algorithm for creating java.security.MessageDigest instances.
If you are specifying a security provider with
setProvider(Provider)
orsetProviderName(String)
, this algorithm should be supported by your specified provider.If you are not specifying a provider, you will be able to use those algorithms provided by the default security provider of your JVM vendor. For valid names in the Sun JVM, see Java Cryptography Architecture API Specification & Reference.
- Parameters:
algorithm
- the name of the algorithm to be used.- See Also:
StandardStringDigester.setAlgorithm(String)
-
setProviderName
public void setProviderName(java.lang.String providerName)
Sets the name of the security provider to be asked for the digest algorithm. This security provider has to be registered beforehand at the JVM security framework.
The provider can also be set with the
setProvider(Provider)
method, in which case it will not be necessary neither registering the provider beforehand, nor calling thissetProviderName(String)
method to specify a provider name.Note that a call to
setProvider(Provider)
overrides any value set by this method.If no provider name / provider is explicitly set, the default JVM provider will be used.
- Parameters:
providerName
- the name of the security provider to be asked for the digest algorithm.- Throws:
AlreadyInitializedException
- if it has already been initialized, this is, ifencryptPassword(String)
orcheckPassword(String, String)
have been called at least once.- Since:
- 1.3
-
setProvider
public void setProvider(java.security.Provider provider)
Sets the security provider to be asked for the digest algorithm. The provider does not have to be registered at the security infrastructure beforehand, and its being used here will not result in it being registered.
If this method is called, calling
setProviderName(String)
becomes unnecessary.If no provider name / provider is explicitly set, the default JVM provider will be used.
- Parameters:
provider
- the provider to be asked for the chosen algorithm- Throws:
AlreadyInitializedException
- if it has already been initialized, this is, ifencryptPassword(String)
orcheckPassword(String, String)
have been called at least once.- Since:
- 1.3
-
setPlainDigest
public void setPlainDigest(boolean plainDigest)
Lets the user specify if he/she wants a plain digest used as an encryption mechanism (no salt or iterations, as withMessageDigest
), or rather use the jasypt's usual stronger mechanism for password encryption (based on the use of a salt and the iteration of the hash function).- Parameters:
plainDigest
- true for using plain digests, false for the strong salt and iteration count based mechanism.
-
setStringOutputType
public void setStringOutputType(java.lang.String stringOutputType)
Sets the the form in which String output will be encoded. Available encoding types are:
- base64 (default)
- hexadecimal
- Parameters:
stringOutputType
- the string output type.- Since:
- 1.3
-
encryptPassword
public java.lang.String encryptPassword(java.lang.String password)
Encrypts (digests) a password.- Specified by:
encryptPassword
in interfacePasswordEncryptor
- Parameters:
password
- the password to be encrypted.- Returns:
- the resulting digest.
- See Also:
StandardStringDigester.digest(String)
-
checkPassword
public boolean checkPassword(java.lang.String plainPassword, java.lang.String encryptedPassword)
Checks an unencrypted (plain) password against an encrypted one (a digest) to see if they match.- Specified by:
checkPassword
in interfacePasswordEncryptor
- Parameters:
plainPassword
- the plain password to check.encryptedPassword
- the digest against which to check the password.- Returns:
- true if passwords match, false if not.
- See Also:
StandardStringDigester.matches(String, String)
-
-