Examples of PasswordDigest

com.caucho.server.security.PasswordDigest
Calculates a digest for the user and password.
If the realm is missing, the digest will calculate:
```
 MD5(user + ':' + password) 
```
If the realm is specified, the digest will calculate:
```
 MD5(user + ':' + realm + ':' + password) 
```
The second version matches the way HTTP digest authentication is handled, so it is the preferred method for storing passwords.
The returned result is the base64 encoding of the digest.
org.waveprotocol.box.server.authentication.PasswordDigest
A simple, secure, immutable password class. Passwords are stored using a salted SHA-384 digest. To persist a password object, use Java's serialization interface or save the salt and digest, and recreate the password object using Password.from(salt, digest). Character arrays are used instead of strings so the contents can be cleared before they are garbage collected. (Java's strings are immutable). Passwords should never be stored as strings at any intermediate stage. To serialize a digest to disk / database, either use Java's Serialization or store the byte arrays returned by both getSalt() and getDigest(). To deserialize a digest from disk / database, use {@code PasswordDigest.from(salt, digest);} @author josephg@gmail.com (Joseph Gentle)

Examples of com.caucho.server.security.PasswordDigest


      if (p > 0) {
        String algorithm = _passwordDigestAlgorithm.substring(0, p);
        String format = _passwordDigestAlgorithm.substring(p + 1);


        _passwordDigest = new PasswordDigest();
        _passwordDigest.setAlgorithm(algorithm);
        _passwordDigest.setFormat(format);
        _passwordDigest.setRealm(_passwordDigestRealm);


        _passwordDigest.init();

View Full Code Here

Examples of com.caucho.server.security.PasswordDigest


      if (p > 0) {
        String algorithm = _passwordDigestAlgorithm.substring(0, p);
        String format = _passwordDigestAlgorithm.substring(p + 1);


        _passwordDigest = new PasswordDigest();
        _passwordDigest.setAlgorithm(algorithm);
        _passwordDigest.setFormat(format);
        _passwordDigest.setRealm(_passwordDigestRealm);


        _passwordDigest.init();

View Full Code Here

Examples of org.waveprotocol.box.server.authentication.PasswordDigest

        new RobotAccountDataImpl(ROBOT_ID, "example.com", "secret", new RobotCapabilities(
            capabilities, "FAKEHASH", ProtocolVersion.DEFAULT), true);


    humanAccount = new HumanAccountDataImpl(HUMAN_ID);
    humanAccountWithDigest = new HumanAccountDataImpl(HUMAN_ID,
        new PasswordDigest("password".toCharArray()));
  }

View Full Code Here

Examples of org.waveprotocol.box.server.authentication.PasswordDigest

  }


  public void testPasswordDigestVerifies() {
    HumanAccountData account =
        new HumanAccountDataImpl(ParticipantId.ofUnsafe("captainhammer@example.com"),
            new PasswordDigest("wonderflownium".toCharArray()));


    assertNotNull(account.getPasswordDigest());
    assertTrue(account.getPasswordDigest().verify("wonderflownium".toCharArray()));
  }

View Full Code Here

Examples of org.waveprotocol.box.server.authentication.PasswordDigest

   * @throws PersistenceException if the persistence layer fails.
   * @throws IllegalArgumentException if the user doesn't exist.
   */
  public static void changeUserPassword(String newPassword, ParticipantId participantId,
      AccountStore accountStore) throws PersistenceException, IllegalArgumentException {
    PasswordDigest newPasswordDigest = new PasswordDigest(newPassword.toCharArray());
    HumanAccountDataImpl account = new HumanAccountDataImpl(participantId, newPasswordDigest);
    if (accountStore.getAccount(participantId) != null) {
      accountStore.removeAccount(participantId);
      accountStore.putAccount(account);
    } else {

View Full Code Here

Examples of org.waveprotocol.box.server.authentication.PasswordDigest

    throws PersistenceException, IllegalArgumentException {
    if (accountStore.getAccount(participantId) != null) {
      throw new IllegalArgumentException(String.format("User %s already exists on this domain.", participantId.getAddress()));
    }


    HumanAccountDataImpl account = new HumanAccountDataImpl(participantId, new PasswordDigest(password.toCharArray()));
    accountStore.putAccount(account);
  }

View Full Code Here

Examples of org.waveprotocol.box.server.authentication.PasswordDigest

  
  public final void testRoundtripHumanAccountWithPassword() throws Exception {
    AccountStore accountStore = newAccountStore();
    
    accountStore.putAccount(
        new HumanAccountDataImpl(HUMAN_ID, new PasswordDigest("internet".toCharArray())));
    AccountData retrievedAccount = accountStore.getAccount(HUMAN_ID);
    assertTrue(retrievedAccount.asHuman().getPasswordDigest().verify("internet".toCharArray()));
  }

View Full Code Here

Examples of org.waveprotocol.box.server.authentication.PasswordDigest

  protected void setUp() throws Exception {
    MockitoAnnotations.initMocks(this);


    AccountStore store = new MemoryStore();
    HumanAccountData account =
        new HumanAccountDataImpl(USER, new PasswordDigest("password".toCharArray()));
    store.putAccount(account);


    servlet = new AuthenticationServlet(store, AuthTestUtil.makeConfiguration(),
        manager, "examPLe.com", false, "", false, false, welcomeBot, "UA-someid");
    AccountStoreHolder.init(store, "eXaMple.com");

View Full Code Here

Examples of org.waveprotocol.box.server.authentication.PasswordDigest

  // ****** HumanAccountData serialization


  private DBObject humanToObject(HumanAccountData account) {
    DBObject object = new BasicDBObject();


    PasswordDigest digest = account.getPasswordDigest();
    if (digest != null) {
      DBObject digestObj = new BasicDBObject();
      digestObj.put(PASSWORD_SALT_FIELD, digest.getSalt());
      digestObj.put(PASSWORD_DIGEST_FIELD, digest.getDigest());


      object.put(HUMAN_PASSWORD_FIELD, digestObj);
    }


    return object;

View Full Code Here

Examples of org.waveprotocol.box.server.authentication.PasswordDigest


    return object;
  }


  private HumanAccountData objectToHuman(ParticipantId id, DBObject object) {
    PasswordDigest passwordDigest = null;


    DBObject digestObj = (DBObject) object.get(HUMAN_PASSWORD_FIELD);
    if (digestObj != null) {
      byte[] salt = (byte[]) digestObj.get(PASSWORD_SALT_FIELD);
      byte[] digest = (byte[]) digestObj.get(PASSWORD_DIGEST_FIELD);

View Full Code Here

0 1

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.