- All Implemented Interfaces:
- Direct Known Subclasses:
public abstract class Credential extends Object implements Serializable
Credentials. The Credential class represents an abstract mechanism for checking authentication credentials. A credential instance either represents a secret, or some data that could only be derived from knowing the secret.
Often a Credential is related to a Password via a one way algorithm, so while a Password itself is a Credential, a UnixCrypt or MD5 digest of a a password is only a credential that can be checked against the password.
This class includes an implementation for unix Crypt an MD5 digest.
- See Also:
Nested Class SummaryModifier and TypeClassDescription
static classUnix Crypt Credentials
static classMD5 Credentials
Method SummaryModifier and TypeMethodDescription
protected static boolean
(byte known, byte unknown)Utility method that replaces Arrays.equals() to avoid timing attacks.
abstract booleanCheck a credential
(String credential)Get a credential from a String.
protected static boolean
(String known, String unknown)Utility method that replaces String.equals() to avoid timing attacks.
checkpublic abstract boolean check
(Object credentials)Check a credential
credentials- The credential to check against. This may either be another Credential object, a Password object or a String which is interpreted by this credential.
- True if the credentials indicated that the shared secret is known to both this Credential and the passed credential.
getCredentialpublic static Credential getCredential
(String credential)Get a credential from a String. If the credential String starts with a known Credential type (eg "CRYPT:" or "MD5:" ) then a Credential of that type is returned. Otherwise, it tries to find a credential provider whose prefix matches with the start of the credential String. Else the credential is assumed to be a Password.
credential- String representation of the credential
- A Credential or Password instance.
Utility method that replaces String.equals() to avoid timing attacks. The length of the loop executed will always be the length of the unknown credential
known- the first string to compare (should be known string)
unknown- the second string to compare (should be the unknown string)
- whether the two strings are equal
byteEqualsprotected static boolean byteEquals
(byte known, byte unknown)
Utility method that replaces Arrays.equals() to avoid timing attacks. The length of the loop executed will always be the length of the unknown credential
known- the first byte array to compare (should be known value)
unknown- the second byte array to compare (should be unknown value)
- whether the two byte arrays are equal