org.postgresql.util

Class PasswordUtil

java.lang.Object

org.postgresql.util.PasswordUtil

public class PasswordUtil
extends java.lang.Object

Constructor Summary

Constructors

Constructor and Description
PasswordUtil()

Method Summary

Modifier and Type	Method and Description
static java.lang.String	encodeMd5(java.lang.String user, char[] password) Deprecated. prefer PGConnection.alterUserPassword(String, char[], String) or encodeScramSha256(char[]) for better security.
static java.lang.String	encodePassword(java.lang.String user, char[] password, java.lang.String encryptionType) Encode the given password for the specified encryption type.
static java.lang.String	encodeScramSha256(char[] password) Encode the given password for SCRAM-SHA-256 authentication using the default iteration count and a random salt.
static java.lang.String	encodeScramSha256(char[] password, int iterations, byte[] salt) Generate the encoded text representation of the given password for SCRAM-SHA-256 authentication.
static java.lang.String	genAlterUserPasswordSQL(java.lang.String user, char[] password, java.lang.String encryptionType) Generate the SQL statement to alter a user's password using the given encryption.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PasswordUtil

public PasswordUtil()

Method Detail

encodeScramSha256

public static java.lang.String encodeScramSha256(char[] password,
                                                 int iterations,
                                                 byte[] salt)

Generate the encoded text representation of the given password for SCRAM-SHA-256 authentication. The return value of this method is the literal text that may be used when creating or modifying a user with the given password without the surrounding single quotes.

Parameters:

password - The plain text of the user's password. The implementation will zero out the array after use

iterations - The number of iterations of the hashing algorithm to perform

salt - The random salt value

Returns:

The text representation of the password encrypted for SCRAM-SHA-256 authentication

encodeScramSha256

public static java.lang.String encodeScramSha256(char[] password)

Encode the given password for SCRAM-SHA-256 authentication using the default iteration count and a random salt.

Parameters:

password - The plain text of the user's password. The implementation will zero out the array after use

Returns:

The text representation of the password encrypted for SCRAM-SHA-256 authentication

encodeMd5

@Deprecated
public static java.lang.String encodeMd5(java.lang.String user,
                                                     char[] password)

Deprecated. prefer PGConnection.alterUserPassword(String, char[], String) or encodeScramSha256(char[]) for better security.

Encode the given password for use with md5 authentication. The PostgreSQL server uses the username as the per-user salt so that must also be provided. The return value of this method is the literal text that may be used when creating or modifying a user with the given password without the surrounding single quotes.

Parameters:

user - The username of the database user

password - The plain text of the user's password. The implementation will zero out the array after use

Returns:

The text representation of the password encrypted for md5 authentication.

encodePassword

public static java.lang.String encodePassword(java.lang.String user,
                                              char[] password,
                                              java.lang.String encryptionType)
                                       throws java.sql.SQLException

Encode the given password for the specified encryption type. The word "encryption" is used here to match the verbiage in the PostgreSQL server, i.e. the "password_encryption" setting. In reality, a cryptographic digest / HMAC operation is being performed. The database user is only required for the md5 encryption type.

Parameters:

user - The username of the database user

password - The plain text of the user's password. The implementation will zero out the array after use

encryptionType - The encryption type for which to encode the user's password. This should match the database's supported methods and value of the password_encryption setting.

Returns:

The encoded password

Throws:

java.sql.SQLException - If an error occurs encoding the password

genAlterUserPasswordSQL

public static java.lang.String genAlterUserPasswordSQL(java.lang.String user,
                                                       char[] password,
                                                       java.lang.String encryptionType)
                                                throws java.sql.SQLException

Generate the SQL statement to alter a user's password using the given encryption. All other encryption settings for the password will use the driver's defaults.

Parameters:

user - The username of the database user

password - The plain text of the user's password. The implementation will zero out the array after use

encryptionType - The encryption type of the password

Returns:

An SQL statement that may be executed to change the user's password

Throws:

java.sql.SQLException - If an error occurs encoding the password