Package org.postgresql.util

Class PasswordUtil

java.lang.Object
org.postgresql.util.PasswordUtil
public class PasswordUtil extends Object

  • Constructor Details

    • PasswordUtil

      public PasswordUtil()

  • Method Details

    • encodeScramSha256

      public static String encodeScramSha256(char[] password, int iterations, byte[] salt)
      Generate the encoded text representation of the given password for SCRAM-SHA-256 authentication. The return value of this method is the literal text that may be used when creating or modifying a user with the given password without the surrounding single quotes.
      Parameters:
      password - The plain text of the user's password. The implementation will zero out the array after use
      iterations - The number of iterations of the hashing algorithm to perform
      salt - The random salt value
      Returns:
      The text representation of the password encrypted for SCRAM-SHA-256 authentication

    • encodeScramSha256

      public static String encodeScramSha256(char[] password)
      Encode the given password for SCRAM-SHA-256 authentication using the default iteration count and a random salt.
      Parameters:
      password - The plain text of the user's password. The implementation will zero out the array after use
      Returns:
      The text representation of the password encrypted for SCRAM-SHA-256 authentication

    • encodeMd5

      @Deprecated public static String encodeMd5(String user, char[] password)
      Deprecated.
      prefer PGConnection.alterUserPassword(String, char[], String) or encodeScramSha256(char[]) for better security.
      Encode the given password for use with md5 authentication. The PostgreSQL server uses the username as the per-user salt so that must also be provided. The return value of this method is the literal text that may be used when creating or modifying a user with the given password without the surrounding single quotes.
      Parameters:
      user - The username of the database user
      password - The plain text of the user's password. The implementation will zero out the array after use
      Returns:
      The text representation of the password encrypted for md5 authentication.

    • encodePassword

      public static String encodePassword(String user, char[] password, String encryptionType) throws SQLException
      Encode the given password for the specified encryption type. The word "encryption" is used here to match the verbiage in the PostgreSQL server, i.e. the "password_encryption" setting. In reality, a cryptographic digest / HMAC operation is being performed. The database user is only required for the md5 encryption type.
      Parameters:
      user - The username of the database user
      password - The plain text of the user's password. The implementation will zero out the array after use
      encryptionType - The encryption type for which to encode the user's password. This should match the database's supported methods and value of the password_encryption setting.
      Returns:
      The encoded password
      Throws:
      SQLException - If an error occurs encoding the password

    • genAlterUserPasswordSQL

      public static String genAlterUserPasswordSQL(String user, char[] password, String encryptionType) throws SQLException
      Generate the SQL statement to alter a user's password using the given encryption. All other encryption settings for the password will use the driver's defaults.
      Parameters:
      user - The username of the database user
      password - The plain text of the user's password. The implementation will zero out the array after use
      encryptionType - The encryption type of the password
      Returns:
      An SQL statement that may be executed to change the user's password
      Throws:
      SQLException - If an error occurs encoding the password