From 61b9eb1be03fc03a9f4bb0013a08ff44a1059503 Mon Sep 17 00:00:00 2001
From: Jean-Noël Rouvignac <jean-noel.rouvignac@forgerock.com>
Date: Wed, 20 Apr 2016 14:25:46 +0000
Subject: [PATCH] opendj-server-legacy: added @Override + Autorefactor'ed comments
---
opendj-server-legacy/src/main/java/org/opends/server/extensions/CRAMMD5SASLMechanismHandler.java | 53 ++---------------------------------------------------
1 files changed, 2 insertions(+), 51 deletions(-)
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/extensions/CRAMMD5SASLMechanismHandler.java b/opendj-server-legacy/src/main/java/org/opends/server/extensions/CRAMMD5SASLMechanismHandler.java
index 92a2c9f..8149ec5 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/extensions/CRAMMD5SASLMechanismHandler.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/extensions/CRAMMD5SASLMechanismHandler.java
@@ -84,19 +84,12 @@
/** The message digest engine that will be used to create the MD5 digests. */
private MessageDigest md5Digest;
- /**
- * The lock that will be used to provide threadsafe access to the message
- * digest.
- */
+ /** The lock that will be used to provide threadsafe access to the message digest. */
private Object digestLock;
- /**
- * The random number generator that we will use to create the server challenge.
- */
+ /** The random number generator that we will use to create the server challenge. */
private SecureRandom randomGenerator;
-
-
/**
* Creates a new instance of this SASL mechanism handler. No initialization
* should be done in this method, as it should all be performed in the
@@ -107,9 +100,6 @@
super();
}
-
-
- /** {@inheritDoc} */
@Override
public void initializeSASLMechanismHandler(
CramMD5SASLMechanismHandlerCfg configuration)
@@ -135,14 +125,12 @@
throw new InitializationException(message, e);
}
-
// Create and fill the iPad and oPad arrays.
iPad = new byte[HMAC_MD5_BLOCK_LENGTH];
oPad = new byte[HMAC_MD5_BLOCK_LENGTH];
Arrays.fill(iPad, CRAMMD5_IPAD_BYTE);
Arrays.fill(oPad, CRAMMD5_OPAD_BYTE);
-
// Get the identity mapper that should be used to find users.
DN identityMapperDN = configuration.getIdentityMapperDN();
identityMapper = DirectoryServer.getIdentityMapper(identityMapperDN);
@@ -150,9 +138,6 @@
DirectoryServer.registerSASLMechanismHandler(SASL_MECHANISM_CRAM_MD5, this);
}
-
-
- /** {@inheritDoc} */
@Override
public void finalizeSASLMechanismHandler()
{
@@ -160,10 +145,6 @@
DirectoryServer.deregisterSASLMechanismHandler(SASL_MECHANISM_CRAM_MD5);
}
-
-
-
- /** {@inheritDoc} */
@Override
public void processSASLBind(BindOperation bindOperation)
{
@@ -195,7 +176,6 @@
return;
}
-
// If we've gotten here, then the client did provide credentials. First,
// make sure that we have a stored version of the credentials associated
// with the client connection. If not, then it likely means that the client
@@ -224,7 +204,6 @@
// Wipe out the stored challenge so it can't be used again.
clientConnection.setSASLAuthStateInfo(null);
-
// Now look at the client credentials and make sure that we can decode them.
// It should be a username followed by a space and a digest string. Since
// the username itself may contain spaces but the digest string may not,
@@ -243,7 +222,6 @@
String userName = credString.substring(0, spacePos);
String digest = credString.substring(spacePos+1);
-
// Look at the digest portion of the provided credentials. It must have a
// length of exactly 32 bytes and be comprised only of hex characters.
if (digest.length() != 2*MD5_DIGEST_LENGTH)
@@ -274,7 +252,6 @@
return;
}
-
// Get the user entry for the authentication ID. Allow for an
// authentication ID that is just a username (as per the CRAM-MD5 spec), but
// also allow a value in the authzid form specified in RFC 2829.
@@ -353,7 +330,6 @@
}
}
-
// At this point, we should have a user entry. If we don't then fail.
if (userEntry == null)
{
@@ -368,7 +344,6 @@
bindOperation.setSASLAuthUserEntry(userEntry);
}
-
// Get the clear-text passwords from the user entry, if there are any.
List<ByteString> clearPasswords;
try
@@ -405,7 +380,6 @@
return;
}
-
// Iterate through the clear-text values and see if any of them can be used
// in conjunction with the challenge to construct the provided digest.
boolean matchFound = false;
@@ -428,7 +402,6 @@
return;
}
-
// If we've gotten here, then the authentication was successful.
bindOperation.setResultCode(ResultCode.SUCCESS);
@@ -437,8 +410,6 @@
bindOperation.setAuthenticationInfo(authInfo);
}
-
-
/**
* Generates the appropriate HMAC-MD5 digest for a CRAM-MD5 authentication
* with the given information.
@@ -456,7 +427,6 @@
byte[] p = password.toByteArray();
byte[] c = challenge.toByteArray();
-
// Grab a lock to protect the MD5 digest generation.
synchronized (digestLock)
{
@@ -467,7 +437,6 @@
p = md5Digest.digest(p);
}
-
// Create byte arrays with data needed for the hash generation.
byte[] iPadAndData = new byte[HMAC_MD5_BLOCK_LENGTH + c.length];
System.arraycopy(iPad, 0, iPadAndData, 0, HMAC_MD5_BLOCK_LENGTH);
@@ -476,7 +445,6 @@
byte[] oPadAndHash = new byte[HMAC_MD5_BLOCK_LENGTH + MD5_DIGEST_LENGTH];
System.arraycopy(oPad, 0, oPadAndHash, 0, HMAC_MD5_BLOCK_LENGTH);
-
// Iterate through the bytes in the key and XOR them with the iPad and
// oPad as appropriate.
for (int i=0; i < p.length; i++)
@@ -485,21 +453,16 @@
oPadAndHash[i] ^= p[i];
}
-
// Copy an MD5 digest of the iPad-XORed key and the data into the array to
// be hashed.
System.arraycopy(md5Digest.digest(iPadAndData), 0, oPadAndHash,
HMAC_MD5_BLOCK_LENGTH, MD5_DIGEST_LENGTH);
-
// Return an MD5 digest of the resulting array.
return md5Digest.digest(oPadAndHash);
}
}
-
-
- /** {@inheritDoc} */
@Override
public boolean isPasswordBased(String mechanism)
{
@@ -507,9 +470,6 @@
return true;
}
-
-
- /** {@inheritDoc} */
@Override
public boolean isSecure(String mechanism)
{
@@ -517,9 +477,6 @@
return true;
}
-
-
- /** {@inheritDoc} */
@Override
public boolean isConfigurationAcceptable(
SASLMechanismHandlerCfg configuration,
@@ -530,9 +487,6 @@
return isConfigurationChangeAcceptable(config, unacceptableReasons);
}
-
-
- /** {@inheritDoc} */
@Override
public boolean isConfigurationChangeAcceptable(
CramMD5SASLMechanismHandlerCfg configuration,
@@ -541,9 +495,6 @@
return true;
}
-
-
- /** {@inheritDoc} */
@Override
public ConfigChangeResult applyConfigurationChange(
CramMD5SASLMechanismHandlerCfg configuration)
--
Gitblit v1.10.0