Package org.postgresql.util

Class PasswordUtil

  • public class PasswordUtil
extends java.lang.Object

    • Constructor Summary

      Constructors 
      Constructor Description
      PasswordUtil()  

    • Method Summary

      All Methods Static Methods Concrete Methods Deprecated Methods 
      Modifier and Type Method Description
      static java.lang.String encodeMd5​(java.lang.String user, char[] password)
      Deprecated.
      prefer PGConnection.alterUserPassword(String, char[], String) or encodeScramSha256(char[]) for better security.
      static java.lang.String encodePassword​(java.lang.String user, char[] password, java.lang.String encryptionType)
      Encode the given password for the specified encryption type.
      static java.lang.String encodeScramSha256​(char[] password)
      Encode the given password for SCRAM-SHA-256 authentication using the default iteration count and a random salt.
      static java.lang.String encodeScramSha256​(char[] password, int iterations, byte[] salt)
      Generate the encoded text representation of the given password for SCRAM-SHA-256 authentication.
      static java.lang.String genAlterUserPasswordSQL​(java.lang.String user, char[] password, java.lang.String encryptionType)
      Generate the SQL statement to alter a user's password using the given encryption.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • PasswordUtil

        public PasswordUtil()

    • Method Detail

      • encodeScramSha256

        public static java.lang.String encodeScramSha256​(char[] password,
                                                 int iterations,
                                                 byte[] salt)
        Generate the encoded text representation of the given password for SCRAM-SHA-256 authentication. The return value of this method is the literal text that may be used when creating or modifying a user with the given password without the surrounding single quotes.
        Parameters:
        password - The plain text of the user's password. The implementation will zero out the array after use
        iterations - The number of iterations of the hashing algorithm to perform
        salt - The random salt value
        Returns:
        The text representation of the password encrypted for SCRAM-SHA-256 authentication

      • encodeScramSha256

        public static java.lang.String encodeScramSha256​(char[] password)
        Encode the given password for SCRAM-SHA-256 authentication using the default iteration count and a random salt.
        Parameters:
        password - The plain text of the user's password. The implementation will zero out the array after use
        Returns:
        The text representation of the password encrypted for SCRAM-SHA-256 authentication

      • encodeMd5

        @Deprecated
public static java.lang.String encodeMd5​(java.lang.String user,
                                         char[] password)
        Deprecated.
        prefer PGConnection.alterUserPassword(String, char[], String) or encodeScramSha256(char[]) for better security.
        Encode the given password for use with md5 authentication. The PostgreSQL server uses the username as the per-user salt so that must also be provided. The return value of this method is the literal text that may be used when creating or modifying a user with the given password without the surrounding single quotes.
        Parameters:
        user - The username of the database user
        password - The plain text of the user's password. The implementation will zero out the array after use
        Returns:
        The text representation of the password encrypted for md5 authentication.

      • encodePassword

        public static java.lang.String encodePassword​(java.lang.String user,
                                              char[] password,
                                              java.lang.String encryptionType)
                                       throws java.sql.SQLException
        Encode the given password for the specified encryption type. The word "encryption" is used here to match the verbiage in the PostgreSQL server, i.e. the "password_encryption" setting. In reality, a cryptographic digest / HMAC operation is being performed. The database user is only required for the md5 encryption type.
        Parameters:
        user - The username of the database user
        password - The plain text of the user's password. The implementation will zero out the array after use
        encryptionType - The encryption type for which to encode the user's password. This should match the database's supported methods and value of the password_encryption setting.
        Returns:
        The encoded password
        Throws:
        java.sql.SQLException - If an error occurs encoding the password

      • genAlterUserPasswordSQL

        public static java.lang.String genAlterUserPasswordSQL​(java.lang.String user,
                                                       char[] password,
                                                       java.lang.String encryptionType)
                                                throws java.sql.SQLException
        Generate the SQL statement to alter a user's password using the given encryption. All other encryption settings for the password will use the driver's defaults.
        Parameters:
        user - The username of the database user
        password - The plain text of the user's password. The implementation will zero out the array after use
        encryptionType - The encryption type of the password
        Returns:
        An SQL statement that may be executed to change the user's password
        Throws:
        java.sql.SQLException - If an error occurs encoding the password