Package com.thalesgroup.gemalto.cas

Class CasClient

  • public class CasClient
extends Object
    A class that constructs CasClient to communicate with CAS Server. This class helps to implement the E2EE password encryption, supports the creation of encrypted payload for the users when they perform operations such as setting or changing the user password, or authenticating with the user password.
    Since:
    6.1.0

    • Constructor Detail

      • CasClient

        public CasClient​(EncryptionVersion encryptionVersion,
                 String publicKey)
        Initialize an instance of the CasClient. By default, this instance uses the PasswordEncoding.HASHED encoding type.
        Parameters:
        encryptionVersion - The CAS encryption version that is based on the CAS specifications.
        publicKey - The RSA public key to be used for encryption. This key is provided by the CAS Server. Note: Multiple instances can be constructed.

      • CasClient

        public CasClient​(PasswordEncoding passwordEncoding,
                 EncryptionVersion encryptionVersion,
                 String publicKey)
        Initialize an instance of the CasClient.
        Parameters:
        passwordEncoding - The password encoding used by the CAS Server.
        encryptionVersion - The CAS encryption version that is based on the CAS specifications.
        publicKey - The RSA public key to be used for encryption. This key is provided by the CAS Server. Note: Multiple instances can be constructed.
        Since:
        6.3.0

    • Method Detail

      • setUserPassword

        public String setUserPassword​(String userName,
                              byte[] password,
                              byte[] salt)
                       throws CasException
        Generates the encrypted data to set the user's password. The password provided will be hashed and then encrypted with the RSA public key. Prerequisites on CAS server: The user's status must be active and the user must not have an existing password set. The user must be linked to a token that is in the active state.
        Parameters:
        userName - User ID.
        password - The password to be set in UTF-8 bytes format.
        salt - A salt value that is encoded in UTF-8 format. The salt should be a valid Hex string of even-length.
        Returns:
        The encrypted password.
        Throws:
        CasException - An error of type CasException.

      • authenticate

        public String authenticate​(String userName,
                           byte[] password,
                           byte[] salt)
                    throws CasException
        Generates the encrypted data to authenticate the current user. The password provided will be hashed and then encrypted with the RSA public key. Prerequisites on CAS server: The user's status must be active and the user has already set a password.
        Parameters:
        userName - User ID.
        password - The user's password that is encoded in UTF-8 format.
        salt - A salt value that is encoded in UTF-8 format. The salt should be a valid Hex string of even-length.
        Returns:
        The encrypted password.
        Throws:
        CasException - An error of type CasException.

      • changeUserPassword

        public String changeUserPassword​(String userName,
                                 byte[] oldPassword,
                                 byte[] newPassword,
                                 byte[] oldPasswordSalt,
                                 byte[] newPasswordSalt)
                          throws CasException
        Generates the encrypted data to change the user's password. The password provided will be hashed and then encrypted with the RSA public key. Prerequisites on CAS server: The user's status must be active and the user has already set a password.
        Parameters:
        userName - User ID.
        oldPassword - The user's existing password that is encoded in UTF-8 format.
        newPassword - The new password that is encoded in UTF-8 format.
        oldPasswordSalt - The existing salt value that is encoded in UTF-8 format. The salt should be a valid Hex string of even-length.
        newPasswordSalt - The new salt value that is encoded in UTF-8 format. The salt should be a valid Hex string of even-length.
        Returns:
        The encrypted password.
        Throws:
        CasException - An error of type CasException.

      • migrateUserPassword

        public String migrateUserPassword​(String userName,
                                  byte[] oldPassword,
                                  PasswordEncoding oldPasswordEncoding,
                                  byte[] newPassword,
                                  byte[] oldPasswordSalt,
                                  byte[] newPasswordSalt)
                           throws CasException
        Migrates the existing password using the PasswordEncoding.LEGACY to a new password using the encoding format specified in the CasClient instance. The password provided will be hashed and then encrypted with the RSA public key. Prerequisites on CAS server: The user's status must be active and the user must already have a password set.
        Parameters:
        userName - User ID.
        oldPassword - The user's existing password that is encoded in UTF-8 format.
        oldPasswordEncoding - The encoding format of the user's existing password.
        newPassword - The new password that is encoded in UTF-8 format.
        oldPasswordSalt - A salt value that is encoded in UTF-8 format. The salt should be a valid Hex string of even-length.
        newPasswordSalt - A salt value that is encoded in UTF-8 format. The salt should be a valid Hex string of even-length.
        Throws:
        CasException - An error of type CasException. Note: The salt for old password and new password can be the same. If the old password is already of the PasswordEncoding.HASHED format, this API would simply change the password to the intended type.
        Since:
        6.3.0