Class Credential

  • All Implemented Interfaces:
    java.io.Serializable
    Direct Known Subclasses:
    Credential.Crypt, Credential.MD5, Password

    public abstract class Credential
    extends java.lang.Object
    implements java.io.Serializable
    Credentials. The Credential class represents an abstract mechanism for checking authentication credentials. A credential instance either represents a secret, or some data that could only be derived from knowing the secret.

    Often a Credential is related to a Password via a one way algorithm, so while a Password itself is a Credential, a UnixCrypt or MD5 digest of a a password is only a credential that can be checked against the password.

    This class includes an implementation for unix Crypt an MD5 digest.

    See Also:
    Password, Serialized Form
    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description
      static class  Credential.Crypt
      Unix Crypt Credentials
      static class  Credential.MD5
      MD5 Credentials
    • Constructor Summary

      Constructors 
      Constructor Description
      Credential()  
    • Method Summary

      All Methods Static Methods Instance Methods Abstract Methods Concrete Methods 
      Modifier and Type Method Description
      protected static boolean byteEquals​(byte[] known, byte[] unknown)
      Utility method that replaces Arrays.equals() to avoid timing attacks.
      abstract boolean check​(java.lang.Object credentials)
      Check a credential
      static Credential getCredential​(java.lang.String credential)
      Get a credential from a String.
      protected static boolean stringEquals​(java.lang.String known, java.lang.String unknown)
      Utility method that replaces String.equals() to avoid timing attacks.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • Credential

        public Credential()
    • Method Detail

      • check

        public abstract boolean check​(java.lang.Object credentials)
        Check a credential
        Parameters:
        credentials - The credential to check against. This may either be another Credential object, a Password object or a String which is interpreted by this credential.
        Returns:
        True if the credentials indicated that the shared secret is known to both this Credential and the passed credential.
      • getCredential

        public static Credential getCredential​(java.lang.String credential)
        Get a credential from a String. If the credential String starts with a known Credential type (eg "CRYPT:" or "MD5:" ) then a Credential of that type is returned. Otherwise, it tries to find a credential provider whose prefix matches with the start of the credential String. Else the credential is assumed to be a Password.
        Parameters:
        credential - String representation of the credential
        Returns:
        A Credential or Password instance.
      • stringEquals

        protected static boolean stringEquals​(java.lang.String known,
                                              java.lang.String unknown)

        Utility method that replaces String.equals() to avoid timing attacks. The length of the loop executed will always be the length of the unknown credential

        Parameters:
        known - the first string to compare (should be known string)
        unknown - the second string to compare (should be the unknown string)
        Returns:
        whether the two strings are equal
      • byteEquals

        protected static boolean byteEquals​(byte[] known,
                                            byte[] unknown)

        Utility method that replaces Arrays.equals() to avoid timing attacks. The length of the loop executed will always be the length of the unknown credential

        Parameters:
        known - the first byte array to compare (should be known value)
        unknown - the second byte array to compare (should be unknown value)
        Returns:
        whether the two byte arrays are equal