Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.xwiki.crypto.passwd.internal
Class DefaultPasswordCryptoService

java.lang.Object
  extended by org.xwiki.crypto.passwd.internal.DefaultPasswordCryptoService
All Implemented Interfaces:
PasswordCryptoService
@Component
public class DefaultPasswordCryptoService
extends java.lang.Object
implements PasswordCryptoService

This class allows the user to encrypt and decrypt text and data using a password. Base 64 encrypted ciphertext might look as follows: 

 -----BEGIN PASSWORD CIPHERTEXT-----
 rO0ABXNyADhvcmcueHdpa2kuY3J5cHRvLnBhc3N3ZC5pbnRlcm5hbC5DQVNUNVBh
 c3N3b3JkQ2lwaGVydGV4dGBjanGyQ5IzAgAAeHIAO29yZy54d2lraS5jcnlwdG8u
 cGFzc3dkLmludGVybmFsLkFic3RyYWN0UGFzc3dvcmRDaXBoZXJ0ZXh0wxB+AJ0R
 Z6ACAAJbAApjaXBoZXJ0ZXh0dAACW0JMAAtrZXlGdW5jdGlvbnQAL0xvcmcveHdp
 a2kvY3J5cHRvL3Bhc3N3ZC9LZXlEZXJpdmF0aW9uRnVuY3Rpb247eHB1cgACW0Ks
 8xf4BghU4AIAAHhwAAABGPyIkxLgotOse8w/uihvcuHCV9XdFdKzQ7KQDtr0N6Tx
 /cG7npgtTF6+9FAtONY7lg==
 -----END PASSWORD CIPHERTEXT-----
Users can also protect a password or other secret information so that it can be verified but not recovered. The output is a string of base-64 text without any header or footer as with encrypt.

Since:
2.5M1
Version:
$Id$

Constructor Summary
DefaultPasswordCryptoService()
           
 
Method Summary
 byte[] decryptBytes(byte[] rawCiphertext, java.lang.String password)
          Decrypt raw ciphertext created with PasswordCryptoService.encryptBytes(byte[], String).
 java.lang.String decryptText(java.lang.String base64Ciphertext, java.lang.String password)
          Decrypt a piece of text encrypted with encryptText.
 byte[] encryptBytes(byte[] message, java.lang.String password)
          Encipher the given byte array with the password.
 java.lang.String encryptText(java.lang.String plaintext, java.lang.String password)
          Encipher the given text with the password.
 boolean isPasswordCorrect(java.lang.String password, java.lang.String protectedPassword)
          Check the validity of a password.
 java.lang.String protectPassword(java.lang.String password)
          Hash a password with a hash function specifically designed to make password guessing attacks difficult.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

DefaultPasswordCryptoService

public DefaultPasswordCryptoService()
Method Detail

encryptText

public java.lang.String encryptText(java.lang.String plaintext,
                                    java.lang.String password)
                             throws java.security.GeneralSecurityException
Encipher the given text with the password. The same password will be able to decipher it.

Specified by:
encryptText in interface PasswordCryptoService
Parameters:
plaintext - the text to encrypt.
password - which will be needed to decrypt the text.
Returns:
Base64 encoded ciphertext which can be decrypted back to plaintext only with the decryptText function.
Throws:
java.security.GeneralSecurityException - if something goes wrong.
See Also:
PasswordCryptoService.encryptText(java.lang.String, java.lang.String)

decryptText

public java.lang.String decryptText(java.lang.String base64Ciphertext,
                                    java.lang.String password)
                             throws java.security.GeneralSecurityException
Decrypt a piece of text encrypted with encryptText.

Specified by:
decryptText in interface PasswordCryptoService
Parameters:
base64Ciphertext - Base64 encoded ciphertext to decrypt.
password - which was used to encrypt the text.
Returns:
the decrypted text or null if the provided password was wrong.
Throws:
java.security.GeneralSecurityException - if something goes wrong.
See Also:
org.xwiki.crypto.passwd.PasswdCryptoService#decryptText(String, String)

encryptBytes

public byte[] encryptBytes(byte[] message,
                           java.lang.String password)
                    throws java.security.GeneralSecurityException
Encipher the given byte array with the password. The same password will be able to decipher it.

Specified by:
encryptBytes in interface PasswordCryptoService
Parameters:
message - the message to encrypt.
password - which will be needed to decrypt the text.
Returns:
raw ciphertext which can be decrypted back to data using PasswordCryptoService.decryptBytes(byte[], String)
Throws:
java.security.GeneralSecurityException - if something goes wrong.
See Also:
PasswordCryptoService.encryptBytes(byte[], java.lang.String)

decryptBytes

public byte[] decryptBytes(byte[] rawCiphertext,
                           java.lang.String password)
                    throws java.security.GeneralSecurityException
Decrypt raw ciphertext created with PasswordCryptoService.encryptBytes(byte[], String). Most of the time the response is null if the password is incorrect, 1 out of 250 times the output is unintelligable garbage.

Specified by:
decryptBytes in interface PasswordCryptoService
Parameters:
rawCiphertext - the ciphertext to decrypt.
password - which was used to encrypt the text.
Returns:
the decrypted message or null if the provided password was wrong.
Throws:
java.security.GeneralSecurityException - if something goes wrong.
See Also:
PasswordCryptoService.decryptBytes(byte[], java.lang.String)

protectPassword

public java.lang.String protectPassword(java.lang.String password)
                                 throws java.security.GeneralSecurityException
Hash a password with a hash function specifically designed to make password guessing attacks difficult. This hash does salting and multiple iterations which incure not only CPU but memory expense.

Specified by:
protectPassword in interface PasswordCryptoService
Parameters:
password - the plain text user supplied password.
Returns:
a String of base-64 formatted bytes which can be used to verify the password later using isPasswordCorrect. It is generally considered impossible to derive a password from this data however for particularly easy to guess passwords, an attacker may guess the password using isPasswordCorrect although the underlying function is designed to make that resource intensive.
Throws:
java.security.GeneralSecurityException - on errors
See Also:
org.xwiki.crypto.passwd.PasswdCryptoService#protectPassword(String)

isPasswordCorrect

public boolean isPasswordCorrect(java.lang.String password,
                                 java.lang.String protectedPassword)
                          throws java.security.GeneralSecurityException
Check the validity of a password.

Specified by:
isPasswordCorrect in interface PasswordCryptoService
Parameters:
password - the plain text user supplied password.
protectedPassword - the result from calling protectPassword.
Returns:
true if after running the user supplied password through the same underlying function, the output matches the protectedPassword.
Throws:
java.security.GeneralSecurityException - on errors
See Also:
org.xwiki.crypto.passwd.PasswdCryptoService#isPasswordCorrect(String, String)
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2004-2011 XWiki. All Rights Reserved.