Interface PasswordDigest

public interface PasswordDigest

The getPasswordDigest interface allows an authentication provider to return a digest for a specified user's password.

Method Summary
 byte[] getPasswordDigest(String username, byte[] seed, int numBytes)
          Returns the digest value for the password for the specified username.

Method Detail


byte[] getPasswordDigest(String username,
                         byte[] seed,
                         int numBytes)
                         throws DigestNotAvailableException
Returns the digest value for the password for the specified username. The seed and password are used to calculate a digest. This digest can then be used as a shared secret in cryptographic operations. A provider must implement the HMAC_SHA-1 algorithm for calculating the digest value. The HMAC_SHA-1 algorithm is described in section 5 of RFC 2246. The algorithm is as follows:
   P_SHA-1(secret, seed) = HMAC_SHA-1(secret, A(1) + seed) +
                           HMAC_SHA-1(secret, A(2) + seed) + 
                           HMAC_SHA-1(secret, A(3) + seed) + ...
     + indicates concatenation and
     A() is defined as: A(0) = seed and A(i) = HMAC_SHA-1 (secret, A(I-1)).

This digest functionality is currently used by the web services container.

username - String containing the user
seed - byte array of random value
numBytes - int number of bytes to return in password digest
the digest value specific to the password and seed

Documentation is available at
Copyright 2008 Oracle