Class UnsaltedMessageDigestInMemoryPasswordEncoder

    • Constructor Detail

      • UnsaltedMessageDigestInMemoryPasswordEncoder

        public UnsaltedMessageDigestInMemoryPasswordEncoder​(@NotNull
                                                            java.lang.String prefix,
                                                            @Nullable
                                                            PasswordEncoderOutputFormatter outputFormatter,
                                                            @NotNull
                                                            java.security.MessageDigest messageDigest)
        Creates a new instance of this in-memory directory server password encoder with the provided information.
        Parameters:
        prefix - The string that will appear at the beginning of encoded passwords. It must not be null or empty.
        outputFormatter - The output formatter that will be used to format the encoded representation of clear-text passwords. It may be null if no special formatting should be applied to the raw bytes.
        messageDigest - The message digest that will be used to actually perform the encoding. It must not be null, it must have a fixed length, and it must properly report that length via the MessageDigest.getDigestLength method.
    • Method Detail

      • getDigestAlgorithm

        @NotNull
        public java.lang.String getDigestAlgorithm()
        Retrieves the digest algorithm that will be used when encoding passwords.
        Returns:
        The message digest
      • getDigestLengthBytes

        public int getDigestLengthBytes()
        Retrieves the digest length, in bytes.
        Returns:
        The digest length, in bytes.
      • encodePassword

        @NotNull
        protected byte[] encodePassword​(@NotNull
                                        byte[] clearPassword,
                                        @NotNull
                                        ReadOnlyEntry userEntry,
                                        @NotNull
                                        java.util.List<Modification> modifications)
                                 throws LDAPException
        Encodes the provided clear-text password for storage in the in-memory directory server. The encoded password that is returned must not include the prefix, and no output formatting should have been applied.

        This method will be invoked when adding data into the server, including through LDAP add operations or LDIF imports, and when modifying existing entries through LDAP modify operations.
        Specified by:
        encodePassword in class InMemoryPasswordEncoder
        Parameters:
        clearPassword - The bytes that comprise the clear-text password to be encoded. It must not be null or empty.
        userEntry - The entry in which the encoded password will appear. It must not be null. If the entry is in the process of being modified, then this will be a representation of the entry as it appeared before any changes have been applied.
        modifications - A set of modifications to be applied to the user entry. It must not be [@code null}. It will be an empty list for entries created via LDAP add and LDIF import operations. It will be a non-empty list for LDAP modifications.
        Returns:
        The bytes that comprise encoded representation of the provided clear-text password, without the prefix, and without any output formatting applied.
        Throws:
        LDAPException - If a problem is encountered while trying to encode the provided clear-text password.
      • ensurePreEncodedPasswordAppearsValid

        protected void ensurePreEncodedPasswordAppearsValid​(@NotNull
                                                            byte[] unPrefixedUnFormattedEncodedPasswordBytes,
                                                            @NotNull
                                                            ReadOnlyEntry userEntry,
                                                            @NotNull
                                                            java.util.List<Modification> modifications)
                                                     throws LDAPException
        Verifies that the provided pre-encoded password (with the prefix removed and any output formatting reverted) is compatible with the validation performed by this password encoder.

        Note that this method should return true if the provided unPrefixedUnFormattedEncodedPasswordBytes value could be used in conjunction with the InMemoryPasswordEncoder.passwordMatches(byte[], byte[], com.unboundid.ldap.sdk.ReadOnlyEntry) method, even if it does not exactly match the format of the output that would have been generated by the InMemoryPasswordEncoder.encodePassword(com.unboundid.asn1.ASN1OctetString, com.unboundid.ldap.sdk.ReadOnlyEntry, java.util.List<com.unboundid.ldap.sdk.Modification>) method. For example, if this password encoder uses a salt, then it may be desirable to accept passwords encoded with a salt that has a different length than the encodePassword method would use when encoding a clear-test password. This may allow the in-memory directory server to support pre-encoded passwords generated from other types of directory servers that may use different settings when encoding passwords, but still generates encoded passwords that are compatible with this password encoder.
        Specified by:
        ensurePreEncodedPasswordAppearsValid in class InMemoryPasswordEncoder
        Parameters:
        unPrefixedUnFormattedEncodedPasswordBytes - The bytes that comprise the pre-encoded password to validate, with the prefix stripped off and the output formatting reverted.
        userEntry - The entry in which the password will appear. It must not be null. If the entry is in the process of being modified, then this will be a representation of the entry as it appeared before any changes have been applied.
        modifications - A set of modifications to be applied to the user entry. It must not be [@code null}. It will be an empty list for entries created via LDAP add and LDIF import operations. It will be a non-empty list for LDAP modifications.
        Throws:
        LDAPException - If the provided encoded password is not compatible with the validation performed by this password encoder, or if a problem is encountered while making the determination.
      • passwordMatches

        protected boolean passwordMatches​(@NotNull
                                          byte[] clearPasswordBytes,
                                          @NotNull
                                          byte[] unPrefixedUnFormattedEncodedPasswordBytes,
                                          @NotNull
                                          ReadOnlyEntry userEntry)
                                   throws LDAPException
        Indicates whether the provided clear-text password could have been used to generate the given encoded password. This method will be invoked when verifying a provided clear-text password during bind processing, or when removing an existing password in a modify operation.
        Specified by:
        passwordMatches in class InMemoryPasswordEncoder
        Parameters:
        clearPasswordBytes - The bytes that comprise the clear-text password to be compared against the encoded password. It must not be null or empty.
        unPrefixedUnFormattedEncodedPasswordBytes - The bytes that comprise the encoded password, with the prefix stripped off and the output formatting reverted.
        userEntry - The entry in which the encoded password appears. It must not be null.
        Returns:
        true if the provided clear-text password could have been used to generate the given encoded password, or false if not.
        Throws:
        LDAPException - If a problem is encountered while attempting to make the determination.
      • extractClearPassword

        @NotNull
        protected byte[] extractClearPassword​(@NotNull
                                              byte[] unPrefixedUnFormattedEncodedPasswordBytes,
                                              @NotNull
                                              ReadOnlyEntry userEntry)
                                       throws LDAPException
        Attempts to extract the clear-text password used to generate the provided encoded representation, if possible. Many password encoder implementations may use one-way encoding mechanisms, so it will often not be possible to obtain the original clear-text password from its encoded representation.
        Specified by:
        extractClearPassword in class InMemoryPasswordEncoder
        Parameters:
        unPrefixedUnFormattedEncodedPasswordBytes - The bytes that comprise the encoded password, with the prefix stripped off and the output formatting reverted.
        userEntry - The entry in which the encoded password appears. It must not be null.
        Returns:
        The clear-text password used to generate the provided encoded representation.
        Throws:
        LDAPException - If this password encoder is not reversible, or if a problem occurs while trying to extract the clear-text representation from the provided encoded password.
      • toString

        public void toString​(@NotNull
                             java.lang.StringBuilder buffer)
        Appends a string representation of this password encoder to the provided buffer.
        Specified by:
        toString in class InMemoryPasswordEncoder
        Parameters:
        buffer - The buffer to which the information should be appended.