BCryptPbkdf2PasswordHash (hash-lib 0.1.0 API)

java.lang.Object
- org.sterl.hash.BCryptPbkdf2PasswordHash

All Implemented Interfaces:

PasswordHasher
```
public class BCryptPbkdf2PasswordHash
extends Object
implements PasswordHasher
```
Main class which should be used to hash and to match the passwords. This class delegates the work either to PBKDF2WithHmacSHA for Java EE algorithms and BCryptPasswordEncoder for Spring boot supported security stores. Support the following hash Algorithm:
```
PBKDF2WithHmacSHA224
PBKDF2WithHmacSHA256
PBKDF2WithHmacSHA384
PBKDF2WithHmacSHA512
BCrypt
 
```
The encoded format as follows for *SHA* algorithms:
```
 <algorithm>:<iterations>:<base64(salt)>:<base64(hash)>
 
```
Where:
- algorithm -- the algorithm used to generate the hash
- iterations -- the number of iterations used to generate the hash
- base64(salt) -- the salt used to generate the hash, base64-encoded
- base64(hash) -- the hash value, base64-encoded
For The encoded format as follows for *BCrypt algorithm:
```
 <spring boot BCrypt encoded password>
 
```
See Also:

Pbkdf2PasswordHashImpl.java, BCryptPasswordEncoder.java

Field Summary

Fields
Modifier and Type	Field and Description
`static int`	`DEFAULT_BCRYPT_STRENGTH` the log rounds to use, between 4 and 31, default is 10
`static BCryptPasswordEncoder.BCryptVersion`	`DEFAULT_VERSION`

Constructor Summary

Constructors
Constructor and Description
`BCryptPbkdf2PasswordHash()` Creates a new instance using `Algorithm.BCrypt` to hash passwords.
`BCryptPbkdf2PasswordHash(Algorithm algorithm)` Creates a new `BCryptPbkdf2PasswordHash` using the `Algorithm` in the default config.
`BCryptPbkdf2PasswordHash(PasswordHasher defaultHasher, PBKDF2WithHmacSHA pbkdf2WithHmacSHA, BCryptPasswordEncoder bCryptPasswordEncoder)` Consider using the static factory methods.

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`String`	`encode(CharSequence rawPassword)` Encodes the password using the `Algorithm` of the constructor.
`boolean`	`matches(CharSequence rawPassword, String encodedPassword)` Decodes the password based of the prefixed algorithm, using either PBKDF2xx or BCrypt.
`static BCryptPbkdf2PasswordHash`	`newBCryptPasswordEncoder(int strength, BCryptPasswordEncoder.BCryptVersion version, SecureRandom random)` Creates a new instance of `BCryptPbkdf2PasswordHash` using `BCrypt` to hash new passwords.
`static BCryptPbkdf2PasswordHash`	`newPBKDF2Encoder(int iterations, int saltSizeBytes, int keySizeBytes, Algorithm algorithm, SecureRandom random)` Creates a new instance of `BCryptPbkdf2PasswordHash` using `PBKDF2WithHmacSHA` to hash new passwords.
`String`	`toString()`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

- Field Detail
  - DEFAULT_BCRYPT_STRENGTH
```
public static final int DEFAULT_BCRYPT_STRENGTH
```
    the log rounds to use, between 4 and 31, default is 10
    
    See Also:
    
    Constant Field Values
  - DEFAULT_VERSION
```
public static final BCryptPasswordEncoder.BCryptVersion DEFAULT_VERSION
```
- Constructor Detail
  - BCryptPbkdf2PasswordHash
```
public BCryptPbkdf2PasswordHash()
```
    Creates a new instance using Algorithm.BCrypt to hash passwords.
  - BCryptPbkdf2PasswordHash
```
public BCryptPbkdf2PasswordHash(Algorithm algorithm)
```
    Creates a new BCryptPbkdf2PasswordHash using the Algorithm in the default config.
    
    Parameters:
    
    algorithm - the Algorithm to use.
  - BCryptPbkdf2PasswordHash
```
public BCryptPbkdf2PasswordHash(PasswordHasher defaultHasher,
                                PBKDF2WithHmacSHA pbkdf2WithHmacSHA,
                                BCryptPasswordEncoder bCryptPasswordEncoder)
```
    Consider using the static factory methods. This constructor allows the init of this class.
    
    Parameters:
    
    defaultHasher - the hasher to use if encode(CharSequence) is called
    
    pbkdf2WithHmacSHA - the configured PBKDF2WithHmacSHA
    
    bCryptPasswordEncoder - the configured BCryptPasswordEncoder
- Method Detail
  - newBCryptPasswordEncoder
```
public static BCryptPbkdf2PasswordHash newBCryptPasswordEncoder(int strength,
                                                                BCryptPasswordEncoder.BCryptVersion version,
                                                                SecureRandom random)
```
    Creates a new instance of BCryptPbkdf2PasswordHash using BCrypt to hash new passwords.
    
    Parameters:
    
    strength - the log rounds to use, between 4 and 31, default is 10
    
    version - (optional) default is BCryptPasswordEncoder.BCryptVersion.$2A
    
    random - (optional) SecureRandom used to hash new passwords
    
    Returns:
    
    the BCryptPbkdf2PasswordHash, never null
  - newPBKDF2Encoder
```
public static BCryptPbkdf2PasswordHash newPBKDF2Encoder(int iterations,
                                                        int saltSizeBytes,
                                                        int keySizeBytes,
                                                        Algorithm algorithm,
                                                        SecureRandom random)
```
    Creates a new instance of BCryptPbkdf2PasswordHash using PBKDF2WithHmacSHA to hash new passwords. Algorithms:
```
 PBKDF2WithHmacSHA224
 PBKDF2WithHmacSHA256
 PBKDF2WithHmacSHA384
 PBKDF2WithHmacSHA512
 
```
    Parameters:
    
    iterations - basically the strength, default 2048
    
    saltSizeBytes - e.g. 32
    
    keySizeBytes - e.g. 32
    
    algorithm - (optional) default PBKDF2WithHmacSHA512
    
    random - (optional) SecureRandom to generate the salt
    
    Returns:
    
    a new instance of BCryptPbkdf2PasswordHash, never null
  - encode
```
public String encode(CharSequence rawPassword)
```
    Encodes the password using the Algorithm of the constructor. Encode the raw password using a hash algorithm and salt.
    
    Specified by:
    
    encode in interface PasswordHasher
    
    Parameters:
    
    rawPassword - the raw password to encode
    
    Returns:
    
    the hashed / encoded password
  - matches
```
public boolean matches(CharSequence rawPassword,
                       String encodedPassword)
```
    Decodes the password based of the prefixed algorithm, using either PBKDF2xx or BCrypt. Verify the encoded password the raw password after. Returns true if the passwords matches, false if they do not.
    
    Specified by:
    
    matches in interface PasswordHasher
    
    Parameters:
    
    rawPassword - the raw password to encode and match
    
    encodedPassword - the encoded password from storage to compare with
    
    Returns:
    
    true if the raw password matches the encoded one.
  - toString
```
public String toString()
```
    Overrides:
    
    toString in class Object

Class BCryptPbkdf2PasswordHash

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

DEFAULT_BCRYPT_STRENGTH

DEFAULT_VERSION

Constructor Detail

BCryptPbkdf2PasswordHash

BCryptPbkdf2PasswordHash

BCryptPbkdf2PasswordHash

Method Detail

newBCryptPasswordEncoder

newPBKDF2Encoder

encode

matches

toString