PasswordDigest (Java API Reference for Oracle WebLogic Server)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

Oracle Fusion Middleware
Java API Reference for Oracle WebLogic Server
12c (12.1.2)

Part Number E27170-01

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

weblogic.security.spi
Interface PasswordDigest

public interface PasswordDigest

The getPasswordDigest interface allows an authentication provider to return a digest for a specified user's password.

Method Summary
`byte[]`	`getPasswordDigest(String username, byte[] seed, int numBytes)` Returns the digest value for the password for the specified username.

Method Detail

getPasswordDigest

byte[] getPasswordDigest(String username,
                         byte[] seed,
                         int numBytes)
                         throws DigestNotAvailableException

Returns the digest value for the password for the specified username. The seed and password are used to calculate a digest. This digest can then be used as a shared secret in cryptographic operations. A provider must implement the HMAC_SHA-1 algorithm for calculating the digest value. The HMAC_SHA-1 algorithm is described in section 5 of RFC 2246. The algorithm is as follows:

   P_SHA-1(secret, seed) = HMAC_SHA-1(secret, A(1) + seed) +
                           HMAC_SHA-1(secret, A(2) + seed) + 
                           HMAC_SHA-1(secret, A(3) + seed) + ...

Where:

     + indicates concatenation and
     A() is defined as: A(0) = seed and A(i) = HMAC_SHA-1 (secret, A(I-1)).

This digest functionality is currently used by the web services container.

Parameters:: username - String containing the user; seed - byte array of random value; numBytes - int number of bytes to return in password digest
Returns:: the digest value specific to the password and seed
Throws:: DigestNotAvailableException