Package com.unboundid.ldap.listener
Class UnsaltedMessageDigestInMemoryPasswordEncoder
- java.lang.Object
-
- com.unboundid.ldap.listener.InMemoryPasswordEncoder
-
- com.unboundid.ldap.listener.UnsaltedMessageDigestInMemoryPasswordEncoder
-
@ThreadSafety(level=NOT_THREADSAFE) public final class UnsaltedMessageDigestInMemoryPasswordEncoder extends InMemoryPasswordEncoder
This class provides an implementation of an in-memory directory server password encoder that uses a message digest to encode passwords. No salt will be used when generating the digest, so the same clear-text password will always result in the same encoded representation.
-
-
Constructor Summary
Constructors Constructor Description UnsaltedMessageDigestInMemoryPasswordEncoder(java.lang.String prefix, PasswordEncoderOutputFormatter outputFormatter, java.security.MessageDigest messageDigest)
Creates a new instance of this in-memory directory server password encoder with the provided information.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected byte[]
encodePassword(byte[] clearPassword, ReadOnlyEntry userEntry, java.util.List<Modification> modifications)
Encodes the provided clear-text password for storage in the in-memory directory server.protected void
ensurePreEncodedPasswordAppearsValid(byte[] unPrefixedUnFormattedEncodedPasswordBytes, ReadOnlyEntry userEntry, java.util.List<Modification> modifications)
Verifies that the provided pre-encoded password (with the prefix removed and any output formatting reverted) is compatible with the validation performed by this password encoder.protected byte[]
extractClearPassword(byte[] unPrefixedUnFormattedEncodedPasswordBytes, ReadOnlyEntry userEntry)
Attempts to extract the clear-text password used to generate the provided encoded representation, if possible.java.lang.String
getDigestAlgorithm()
Retrieves the digest algorithm that will be used when encoding passwords.int
getDigestLengthBytes()
Retrieves the digest length, in bytes.protected boolean
passwordMatches(byte[] clearPasswordBytes, byte[] unPrefixedUnFormattedEncodedPasswordBytes, ReadOnlyEntry userEntry)
Indicates whether the provided clear-text password could have been used to generate the given encoded password.void
toString(java.lang.StringBuilder buffer)
Appends a string representation of this password encoder to the provided buffer.-
Methods inherited from class com.unboundid.ldap.listener.InMemoryPasswordEncoder
clearPasswordMatchesEncodedPassword, encodePassword, ensurePreEncodedPasswordAppearsValid, extractClearPasswordFromEncodedPassword, getOutputFormatter, getPrefix, passwordStartsWithPrefix, toString
-
-
-
-
Constructor Detail
-
UnsaltedMessageDigestInMemoryPasswordEncoder
public UnsaltedMessageDigestInMemoryPasswordEncoder(@NotNull java.lang.String prefix, @Nullable PasswordEncoderOutputFormatter outputFormatter, @NotNull java.security.MessageDigest messageDigest)
Creates a new instance of this in-memory directory server password encoder with the provided information.- Parameters:
prefix
- The string that will appear at the beginning of encoded passwords. It must not benull
or empty.outputFormatter
- The output formatter that will be used to format the encoded representation of clear-text passwords. It may benull
if no special formatting should be applied to the raw bytes.messageDigest
- The message digest that will be used to actually perform the encoding. It must not benull
, it must have a fixed length, and it must properly report that length via theMessageDigest.getDigestLength
method.
-
-
Method Detail
-
getDigestAlgorithm
@NotNull public java.lang.String getDigestAlgorithm()
Retrieves the digest algorithm that will be used when encoding passwords.- Returns:
- The message digest
-
getDigestLengthBytes
public int getDigestLengthBytes()
Retrieves the digest length, in bytes.- Returns:
- The digest length, in bytes.
-
encodePassword
@NotNull protected byte[] encodePassword(@NotNull byte[] clearPassword, @NotNull ReadOnlyEntry userEntry, @NotNull java.util.List<Modification> modifications) throws LDAPException
Encodes the provided clear-text password for storage in the in-memory directory server. The encoded password that is returned must not include the prefix, and no output formatting should have been applied.
This method will be invoked when adding data into the server, including through LDAP add operations or LDIF imports, and when modifying existing entries through LDAP modify operations.- Specified by:
encodePassword
in classInMemoryPasswordEncoder
- Parameters:
clearPassword
- The bytes that comprise the clear-text password to be encoded. It must not benull
or empty.userEntry
- The entry in which the encoded password will appear. It must not benull
. If the entry is in the process of being modified, then this will be a representation of the entry as it appeared before any changes have been applied.modifications
- A set of modifications to be applied to the user entry. It must not be [@code null}. It will be an empty list for entries created via LDAP add and LDIF import operations. It will be a non-empty list for LDAP modifications.- Returns:
- The bytes that comprise encoded representation of the provided clear-text password, without the prefix, and without any output formatting applied.
- Throws:
LDAPException
- If a problem is encountered while trying to encode the provided clear-text password.
-
ensurePreEncodedPasswordAppearsValid
protected void ensurePreEncodedPasswordAppearsValid(@NotNull byte[] unPrefixedUnFormattedEncodedPasswordBytes, @NotNull ReadOnlyEntry userEntry, @NotNull java.util.List<Modification> modifications) throws LDAPException
Verifies that the provided pre-encoded password (with the prefix removed and any output formatting reverted) is compatible with the validation performed by this password encoder.
Note that this method should returntrue
if the providedunPrefixedUnFormattedEncodedPasswordBytes
value could be used in conjunction with theInMemoryPasswordEncoder.passwordMatches(byte[], byte[], com.unboundid.ldap.sdk.ReadOnlyEntry)
method, even if it does not exactly match the format of the output that would have been generated by theInMemoryPasswordEncoder.encodePassword(com.unboundid.asn1.ASN1OctetString, com.unboundid.ldap.sdk.ReadOnlyEntry, java.util.List<com.unboundid.ldap.sdk.Modification>)
method. For example, if this password encoder uses a salt, then it may be desirable to accept passwords encoded with a salt that has a different length than theencodePassword
method would use when encoding a clear-test password. This may allow the in-memory directory server to support pre-encoded passwords generated from other types of directory servers that may use different settings when encoding passwords, but still generates encoded passwords that are compatible with this password encoder.- Specified by:
ensurePreEncodedPasswordAppearsValid
in classInMemoryPasswordEncoder
- Parameters:
unPrefixedUnFormattedEncodedPasswordBytes
- The bytes that comprise the pre-encoded password to validate, with the prefix stripped off and the output formatting reverted.userEntry
- The entry in which the password will appear. It must not benull
. If the entry is in the process of being modified, then this will be a representation of the entry as it appeared before any changes have been applied.modifications
- A set of modifications to be applied to the user entry. It must not be [@code null}. It will be an empty list for entries created via LDAP add and LDIF import operations. It will be a non-empty list for LDAP modifications.- Throws:
LDAPException
- If the provided encoded password is not compatible with the validation performed by this password encoder, or if a problem is encountered while making the determination.
-
passwordMatches
protected boolean passwordMatches(@NotNull byte[] clearPasswordBytes, @NotNull byte[] unPrefixedUnFormattedEncodedPasswordBytes, @NotNull ReadOnlyEntry userEntry) throws LDAPException
Indicates whether the provided clear-text password could have been used to generate the given encoded password. This method will be invoked when verifying a provided clear-text password during bind processing, or when removing an existing password in a modify operation.- Specified by:
passwordMatches
in classInMemoryPasswordEncoder
- Parameters:
clearPasswordBytes
- The bytes that comprise the clear-text password to be compared against the encoded password. It must not benull
or empty.unPrefixedUnFormattedEncodedPasswordBytes
- The bytes that comprise the encoded password, with the prefix stripped off and the output formatting reverted.userEntry
- The entry in which the encoded password appears. It must not benull
.- Returns:
true
if the provided clear-text password could have been used to generate the given encoded password, orfalse
if not.- Throws:
LDAPException
- If a problem is encountered while attempting to make the determination.
-
extractClearPassword
@NotNull protected byte[] extractClearPassword(@NotNull byte[] unPrefixedUnFormattedEncodedPasswordBytes, @NotNull ReadOnlyEntry userEntry) throws LDAPException
Attempts to extract the clear-text password used to generate the provided encoded representation, if possible. Many password encoder implementations may use one-way encoding mechanisms, so it will often not be possible to obtain the original clear-text password from its encoded representation.- Specified by:
extractClearPassword
in classInMemoryPasswordEncoder
- Parameters:
unPrefixedUnFormattedEncodedPasswordBytes
- The bytes that comprise the encoded password, with the prefix stripped off and the output formatting reverted.userEntry
- The entry in which the encoded password appears. It must not benull
.- Returns:
- The clear-text password used to generate the provided encoded representation.
- Throws:
LDAPException
- If this password encoder is not reversible, or if a problem occurs while trying to extract the clear-text representation from the provided encoded password.
-
toString
public void toString(@NotNull java.lang.StringBuilder buffer)
Appends a string representation of this password encoder to the provided buffer.- Specified by:
toString
in classInMemoryPasswordEncoder
- Parameters:
buffer
- The buffer to which the information should be appended.
-
-