[wildfly-dev] On the WildFly Elytron PasswordFactory API

David M. Lloyd david.lloyd at redhat.com
Wed Jun 4 12:07:33 EDT 2014 

The JDK's cryptography/security architecture includes facilities for 
handling many kinds of cryptographic key materials, but it does not 
include one to handle text passwords.

Text passwords are handled in a very wide variety of formats and used in 
a variety of ways, especially when you add challenge/response algorithms 
and legacy systems into the mix.  Pursuant to that, there is a new API 
inside of WildFly Elytron for the purpose of handling passwords and 
translating them between various useful formats.

At present this API is designed to be similar to and consistent with the 
JDK key handling APIs.

So I'll dive right in to examples of usage, based on the use cases that 
have been identified so far:

Example: Importing an verifying a passwd file password
------------------------------------------------------

    PasswordFactory pf = PasswordFactory.getInstance("crypt");
    // Get a Password for a crypt string
    PasswordSpec spec = new CryptStringPasswordSpec(passwdChars);
    Password password = pf.generatePassword(spec);
    // Now we can verify it
    if (! pf.verify(password, "mygu3ss".toCharArray())) {
        throw new AuthenticationException("Wrong password");
    }

Example: Importing and exporting a clear password
-------------------------------------------------

    PasswordFactory pf = PasswordFactory.getInstance("clear");
    // Import
    PasswordSpec spec = new ClearPasswordSpec("p4ssw0rd".toCharArray());
    Password password = pf.generatePassword(spec);
    // Verify
    boolean ok = pf.verify(password, "p4ssw0rd".toCharArray());
    // Is it clear?
    boolean isClear = pf.convertibleToKeySpec(password, 
ClearPasswordSpec.class);
    assert password instanceof TwoWayPassword;
    assert ! (password instanceof OneWayPassword);
    // Export again
    ClearPasswordSpec clearSpec = pf.getKeySpec(password, 
ClearPasswordSpec.class);
    System.out.printf("The password is: %s%n", new 
String(clearSpec.getEncodedPassword()));

Example: Encrypting a new password
----------------------------------

    PasswordFactory pf = PasswordFactory.getInstance("sha1crypt");
    // API not yet established but will be similar to this possibly:
    ???? parameters = new 
???SHA1CryptPasswordParameterSpec("p4ssw0rd".toCharArray());
    Password encrypted = pf.generatePassword(parameters);
    assert encrypted instanceof SHA1CryptPassword;

If anyone has other use cases they feel need to be covered, or questions 
or comments about the API, speak up.

-- 
- DML

More information about the wildfly-dev mailing list