Package com.atlassian.crowd.password.encoder

Class AtlassianSHA1PasswordEncoder

java.lang.Object

com.atlassian.crowd.password.encoder.AtlassianSHA1PasswordEncoder

All Implemented Interfaces:

InternalPasswordEncoder, PasswordEncoder

public class AtlassianSHA1PasswordEncoder
extends Object
implements InternalPasswordEncoder

The Atlassian implementation of the SHA-1 password encoder, based on the OSUser implementation. It uses the Bouncy Castle SHA-512 digest, followed by the commons-codec base64 encoding.

Note: the password String is converted to bytes using the platform encoding, to preserve the same behaviour as OSUser.

Field Summary

Fields

Modifier and Type	Field	Description
static final String	ATLASSIAN_SHA1_KEY

Constructor Summary

Constructors

Constructor	Description
AtlassianSHA1PasswordEncoder()

Method Summary

Modifier and Type	Method	Description
String	encodePassword(String password, Object salt)	This method will handle the hashing of the passed in password param
String	getKey()	The key to define this password encoder
boolean	isPasswordValid(String encPass, String rawPass, Object salt)	Validates a specified "raw" password against an encoded password.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

ATLASSIAN_SHA1_KEY

public static final String ATLASSIAN_SHA1_KEY

See Also:

• Constant Field Values

Constructor Details

AtlassianSHA1PasswordEncoder

public AtlassianSHA1PasswordEncoder()

Method Details

encodePassword

public String encodePassword(String password,
 Object salt)

This method will handle the hashing of the passed in password param

Specified by:

encodePassword in interface PasswordEncoder

Parameters:

password - the password to encrypt

salt - can be null, and is not currently used by the underlying implementation

Returns:

java.util.String the hashed password

isPasswordValid

public boolean isPasswordValid(String encPass,
 String rawPass,
 Object salt)

Description copied from interface: PasswordEncoder

Validates a specified "raw" password against an encoded password.

The encoded password should have previously been generated by PasswordEncoder.encodePassword(String, Object). This method will encode the rawPass (using the optional salt), and then compared it with the presented encPass.

For a discussion of salts, please refer to PasswordEncoder.encodePassword(String, Object).

Specified by:

isPasswordValid in interface PasswordEncoder

Parameters:

encPass - a pre-encoded password

rawPass - a raw password to encode and compare against the pre-encoded password

salt - optionally used by the implementation to "salt" the raw password before encoding. A null value is legal.

Returns:

true if the password is valid , false otherwise

See Also:

• org.springframework.security.providers.encoding.PasswordEncoder#isPasswordValid(String, String, Object)

getKey

public String getKey()

Description copied from interface: PasswordEncoder

The key to define this password encoder

Specified by:

getKey in interface PasswordEncoder