From db0343719a4a9c715a199ea562706b298720704c Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Thu, 21 Sep 2006 14:56:09 +0000
Subject: [PATCH] Make three changes to code relating to password policy and storage schemes:
---
opends/src/server/org/opends/server/extensions/SaltedSHA512PasswordStorageScheme.java | 160 ++++++++++++++--------------------------------------
1 files changed, 44 insertions(+), 116 deletions(-)
diff --git a/opends/src/server/org/opends/server/extensions/SaltedSHA512PasswordStorageScheme.java b/opends/src/server/org/opends/server/extensions/SaltedSHA512PasswordStorageScheme.java
index 0c76c4f..b5aec83 100644
--- a/opends/src/server/org/opends/server/extensions/SaltedSHA512PasswordStorageScheme.java
+++ b/opends/src/server/org/opends/server/extensions/SaltedSHA512PasswordStorageScheme.java
@@ -112,21 +112,9 @@
/**
- * Initializes this password storage scheme handler based on the information
- * in the provided configuration entry. It should also register itself with
- * the Directory Server for the particular storage scheme that it will manage.
- *
- * @param configEntry The configuration entry that contains the information
- * to use to initialize this password storage scheme
- * handler.
- *
- * @throws ConfigException If an unrecoverable problem arises in the
- * process of performing the initialization.
- *
- * @throws InitializationException If a problem occurs during initialization
- * that is not related to the server
- * configuration.
+ * {@inheritDoc}
*/
+ @Override()
public void initializePasswordStorageScheme(ConfigEntry configEntry)
throws ConfigException, InitializationException
{
@@ -155,10 +143,9 @@
/**
- * Retrieves the name of the password storage scheme provided by this handler.
- *
- * @return The name of the password storage scheme provided by this handler.
+ * {@inheritDoc}
*/
+ @Override()
public String getStorageSchemeName()
{
assert debugEnter(CLASS_NAME, "getStorageSchemeName");
@@ -169,15 +156,9 @@
/**
- * Encodes the provided plaintext password for this storage scheme. Note that
- * the provided plaintext password should not be altered in any way.
- *
- * @param plaintext The plaintext version of the password.
- *
- * @return The password that has been encoded using this storage scheme.
- *
- * @throws DirectoryException If a problem occurs while processing.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString encodePassword(ByteString plaintext)
throws DirectoryException
{
@@ -232,16 +213,9 @@
/**
- * Encodes the provided plaintext password for this storage scheme, prepending
- * the name of the scheme in curly braces. Note that the provided plaintext
- * password should not be altered in any way.
- *
- * @param plaintext The plaintext version of the password.
- *
- * @return The encoded password, including the name of the storage scheme.
- *
- * @throws DirectoryException If a problem occurs while processing.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString encodePasswordWithScheme(ByteString plaintext)
throws DirectoryException
{
@@ -303,17 +277,9 @@
/**
- * Indicates whether the provided plaintext password included in a bind
- * request matches the given stored value.
- *
- * @param plaintextPassword The plaintext password provided by the user as
- * part of a simple bind attempt.
- * @param storedPassword The stored password to compare against the
- * provided plaintext password.
- *
- * @return <CODE>true</CODE> if the provided plaintext password matches the
- * provided stored password, or <CODE>false</CODE> if not.
+ * {@inheritDoc}
*/
+ @Override()
public boolean passwordMatches(ByteString plaintextPassword,
ByteString storedPassword)
{
@@ -380,14 +346,9 @@
/**
- * Indicates whether this password storage scheme supports the ability to
- * interact with values using the authentication password syntax defined in
- * RFC 3112.
- *
- * @return <CODE>true</CODE> if this password storage scheme supports the
- * ability to interact with values using the authentication password
- * syntax, or <CODE>false</CODE> if it does not.
+ * {@inheritDoc}
*/
+ @Override()
public boolean supportsAuthPasswordSyntax()
{
assert debugEnter(CLASS_NAME, "supportsAuthPasswordSyntax");
@@ -399,15 +360,9 @@
/**
- * Retrieves the scheme name that should be used with this password storage
- * scheme when it is used in the context of the authentication password
- * syntax. This default implementation will return the same value as the
- * <CODE>getStorageSchemeName</CODE> method.
- *
- * @return The scheme name that should be used with this password storage
- * scheme when it is used in the context of the authentication
- * password syntax.
+ * {@inheritDoc}
*/
+ @Override()
public String getAuthPasswordSchemeName()
{
assert debugEnter(CLASS_NAME, "getAuthPasswordSchemeName");
@@ -418,19 +373,9 @@
/**
- * Encodes the provided plaintext password for this storage scheme using the
- * authentication password syntax defined in RFC 3112. Note that the
- * provided plaintext password should not be altered in any way.
- *
- * @param plaintext The plaintext version of the password.
- *
- * @return The password that has been encoded in the authentication password
- * syntax.
- *
- * @throws DirectoryException If a problem occurs while processing of if
- * this storage scheme does not support the
- * authentication password syntax.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString encodeAuthPassword(ByteString plaintext)
throws DirectoryException
{
@@ -489,21 +434,9 @@
/**
- * Indicates whether the provided plaintext password matches the encoded
- * password using the authentication password syntax with the given authInfo
- * and authValue components.
- *
- * @param plaintextPassword The plaintext password provided by the user.
- * @param authInfo The authInfo component of the password encoded
- * in the authentication password syntax.
- * @param authValue The authValue component of the password encoded
- * in the authentication password syntax.
- *
- * @return <CODE>true</CODE> if the provided plaintext password matches the
- * encoded password according to the authentication password info
- * syntax, or <CODE>false</CODE> if it does not or this storage
- * scheme does not support the authentication password syntax.
+ * {@inheritDoc}
*/
+ @Override()
public boolean authPasswordMatches(ByteString plaintextPassword,
String authInfo, String authValue)
{
@@ -549,12 +482,9 @@
/**
- * Indicates whether this storage scheme is reversible (i.e., it is possible
- * to obtain the original plaintext value from the stored password).
- *
- * @return <CODE>true</CODE> if this is a reversible password storage scheme,
- * or <CODE>false</CODE> if it is not.
+ * {@inheritDoc}
*/
+ @Override()
public boolean isReversible()
{
assert debugEnter(CLASS_NAME, "isReversible");
@@ -565,18 +495,9 @@
/**
- * Retrieves the original plaintext value for the provided stored password.
- * Note that this should only be called if <CODE>isReversible</CODE> returns
- * <CODE>true</CODE>.
- *
- * @param storedPassword The password for which to obtain the plaintext
- * value.
- *
- * @return The plaintext value for the provided stored password.
- *
- * @throws DirectoryException If it is not possible to obtain the plaintext
- * value for the provided stored password.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString getPlaintextValue(ByteString storedPassword)
throws DirectoryException
{
@@ -592,22 +513,29 @@
/**
- * Indicates whether this password storage scheme should be considered
- * "secure". If the encoding used for this scheme does not obscure the value
- * at all, or if it uses a method that is trivial to reverse (e.g., base64),
- * then it should not be considered secure.
- * <BR><BR>
- * This may be used to determine whether a password may be included in a set
- * of search results, including the possibility of overriding access controls
- * in the case that access controls would allow the password to be returned
- * but the password is considered too insecure to reveal.
- *
- * @return <CODE>false</CODE> if it may be trivial to discover the original
- * plain-text password from the encoded form, or <CODE>true</CODE> if
- * the scheme offers sufficient protection that revealing the encoded
- * password will not easily reveal the corresponding plain-text
- * value.
+ * {@inheritDoc}
*/
+ @Override()
+ public ByteString getAuthPasswordPlaintextValue(String authInfo,
+ String authValue)
+ throws DirectoryException
+ {
+ assert debugEnter(CLASS_NAME, "getAuthPasswordPlaintextValue",
+ String.valueOf(authInfo), String.valueOf(authValue));
+
+ int msgID = MSGID_PWSCHEME_NOT_REVERSIBLE;
+ String message = getMessage(msgID,
+ AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_512);
+ throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message,
+ msgID);
+ }
+
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override()
public boolean isStorageSchemeSecure()
{
assert debugEnter(CLASS_NAME, "isStorageSchemeSecure");
--
Gitblit v1.10.0