Class Argon2PasswordStorageScheme

    • Constructor Detail

      • Argon2PasswordStorageScheme

        public Argon2PasswordStorageScheme()
    • Method Detail

      • isConfigurationAcceptable

        public boolean isConfigurationAcceptable​(Argon2PasswordStorageSchemeCfg configuration,
                                                 List<LocalizableMessage> unacceptableReasons)
        Description copied from class: PasswordStorageScheme
        Indicates whether the provided configuration is acceptable for this password storage scheme. It should be possible to call this method on an uninitialized password storage scheme instance in order to determine whether the password storage scheme would be able to use the provided configuration.
        Overrides:
        isConfigurationAcceptable in class PasswordStorageScheme<Argon2PasswordStorageSchemeCfg>
        Parameters:
        configuration - The password storage scheme configuration for which to make the determination.
        unacceptableReasons - A list that may be used to hold the reasons that the provided configuration is not acceptable.
        Returns:
        true if the provided configuration is acceptable for this password storage scheme, or false if not.
      • passwordMatches

        public boolean passwordMatches​(ByteSequence plaintextPassword,
                                       ByteSequence storedPassword)
        Description copied from class: PasswordStorageScheme
        Indicates whether the provided plaintext password included in a bind request matches the given stored value. The provided stored value should not include the scheme name in curly braces.
        Specified by:
        passwordMatches in class PasswordStorageScheme<Argon2PasswordStorageSchemeCfg>
        Parameters:
        plaintextPassword - The plaintext password provided by the user as part of a simple bind attempt.
        storedPassword - The stored password to compare against the provided plaintext password.
        Returns:
        true if the provided plaintext password matches the provided stored password, or false if not.
      • isStorageSchemeSecure

        public boolean isStorageSchemeSecure()
        Description copied from class: PasswordStorageScheme
        Indicates whether this password storage scheme should be considered "secure". If the encoding used for this scheme does not obscure the value at all, or if it uses a method that is trivial to reverse (e.g., base64), then it should not be considered secure.

        This may be used to determine whether a password may be included in a set of search results, including the possibility of overriding access controls in the case that access controls would allow the password to be returned but the password is considered too insecure to reveal.
        Specified by:
        isStorageSchemeSecure in class PasswordStorageScheme<Argon2PasswordStorageSchemeCfg>
        Returns:
        false if it may be trivial to discover the original plain-text password from the encoded form, or true if the scheme offers sufficient protection that revealing the encoded password will not easily reveal the corresponding plain-text value.
      • isRehashNeeded

        public boolean isRehashNeeded​(ByteSequence storedPassword)
        Description copied from class: PasswordStorageScheme
        Indicates whether the encoded password needs to be rehashed because the password storage scheme configuration changed. Only password storage schemes with specific configuration parameters, such as PBKDF2, need to override this method.
        Overrides:
        isRehashNeeded in class PasswordStorageScheme<Argon2PasswordStorageSchemeCfg>
        Parameters:
        storedPassword - An existing hashed password including the name of the storage scheme.
        Returns:
        whether the stored password should be rehashed.