/** * Verifies that a hash value is a valid BCrypt password hash. * <p> * The hash must be a version 2a hash and must not use more than the configured * maximum number of iterations as returned by {@link #getMaxBcryptIterations()}. * * @param pwdHash The hash to verify. * @throws IllegalStateException if the secret does not match the criteria. */ protected void verifyBcryptPasswordHash(final String pwdHash) { Objects.requireNonNull(pwdHash); if (BCryptHelper.getIterations(pwdHash) > getMaxBcryptIterations()) { throw new IllegalStateException("password hash uses too many iterations, max is " + getMaxBcryptIterations()); } } }