From db0343719a4a9c715a199ea562706b298720704c Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Thu, 21 Sep 2006 14:56:09 +0000
Subject: [PATCH] Make three changes to code relating to password policy and storage schemes:
---
opends/src/server/org/opends/server/extensions/SaltedSHA512PasswordStorageScheme.java | 160 +----
opends/src/server/org/opends/server/extensions/SHA1PasswordStorageScheme.java | 149 +----
opends/src/server/org/opends/server/core/PasswordPolicyState.java | 123 ++++
opends/src/server/org/opends/server/extensions/SaltedSHA384PasswordStorageScheme.java | 160 +----
opends/src/server/org/opends/server/api/PasswordStorageScheme.java | 24
opends/src/server/org/opends/server/extensions/SaltedSHA256PasswordStorageScheme.java | 160 +----
opends/src/server/org/opends/server/extensions/ClearPasswordStorageScheme.java | 149 +----
opends/src/server/org/opends/server/extensions/SaltedMD5PasswordStorageScheme.java | 159 +----
opends/src/server/org/opends/server/extensions/Base64PasswordStorageScheme.java | 149 +----
opends/src/server/org/opends/server/extensions/MD5PasswordStorageScheme.java | 149 +----
opends/src/server/org/opends/server/extensions/SaltedSHA1PasswordStorageScheme.java | 159 +----
11 files changed, 529 insertions(+), 1,012 deletions(-)
diff --git a/opends/src/server/org/opends/server/api/PasswordStorageScheme.java b/opends/src/server/org/opends/server/api/PasswordStorageScheme.java
index 1a918db..a4ab549 100644
--- a/opends/src/server/org/opends/server/api/PasswordStorageScheme.java
+++ b/opends/src/server/org/opends/server/api/PasswordStorageScheme.java
@@ -277,6 +277,30 @@
/**
+ * Retrieves the original plaintext value for the provided password
+ * stored in the authPassword syntax. Note that this should only be
+ * called if <CODE>isReversible</CODE> returns <CODE>true</CODE>.
+ *
+ * @param authInfo The authInfo component of the password encoded
+ * in the authentication password syntax.
+ * @param authValue The authValue component of the password
+ * encoded in the authentication password syntax.
+ *
+ * @return The plaintext value for the provided stored password.
+ *
+ * @throws DirectoryException If it is not possible to obtain the
+ * plaintext value for the provided
+ * stored password, or if this storage
+ * scheme does not support the
+ * authPassword syntax..
+ */
+ public abstract ByteString getAuthPasswordPlaintextValue(
+ String authInfo, String authValue)
+ throws DirectoryException;
+
+
+
+ /**
* Indicates whether this password storage scheme should be
* considered "secure". If the encoding used for this scheme does
* not obscure the value at all, or if it uses a method that is
diff --git a/opends/src/server/org/opends/server/core/PasswordPolicyState.java b/opends/src/server/org/opends/server/core/PasswordPolicyState.java
index ec810b2..59d414b 100644
--- a/opends/src/server/org/opends/server/core/PasswordPolicyState.java
+++ b/opends/src/server/org/opends/server/core/PasswordPolicyState.java
@@ -3380,6 +3380,129 @@
/**
+ * Retrieves a list of the clear-text passwords for the user. If the user
+ * does not have any passwords in the clear, then the list will be empty.
+ *
+ * @return A list of the clear-text passwords for the user.
+ */
+ public List<ByteString> getClearPasswords()
+ {
+ LinkedList<ByteString> clearPasswords = new LinkedList<ByteString>();
+
+ List<Attribute> attrList =
+ userEntry.getAttribute(passwordPolicy.getPasswordAttribute());
+ if (attrList != null)
+ {
+ if (passwordPolicy.usesAuthPasswordSyntax())
+ {
+ for (Attribute a : attrList)
+ {
+ for (AttributeValue v : a.getValues())
+ {
+ try
+ {
+ StringBuilder[] pwComponents =
+ AuthPasswordSyntax.decodeAuthPassword(v.getStringValue());
+ PasswordStorageScheme scheme =
+ DirectoryServer.getAuthPasswordStorageScheme(
+ pwComponents[0].toString());
+ if (scheme == null)
+ {
+ if (debug)
+ {
+ debugMessage(DebugLogCategory.PASSWORD_POLICY,
+ DebugLogSeverity.WARNING, CLASS_NAME,
+ "getClearPasswords",
+ "User entry " + userDNString + " contains an " +
+ "authPassword with scheme " + pwComponents[0] +
+ " that is not defined in the server.");
+ }
+
+ continue;
+ }
+ else if (scheme.isReversible())
+ {
+ ByteString clearValue =
+ scheme.getAuthPasswordPlaintextValue(
+ pwComponents[1].toString(),
+ pwComponents[2].toString());
+ clearPasswords.add(clearValue);
+ }
+ }
+ catch (Exception e)
+ {
+ assert debugException(CLASS_NAME, "getClearPasswords", e);
+
+ if (debug)
+ {
+ debugMessage(DebugLogCategory.PASSWORD_POLICY,
+ DebugLogSeverity.WARNING, CLASS_NAME,
+ "getClearPasswords",
+ "Cannot get clear authPassword value for user " +
+ userDNString + ": " + e);
+ }
+ }
+ }
+ }
+ }
+ else
+ {
+ for (Attribute a : attrList)
+ {
+ for (AttributeValue v : a.getValues())
+ {
+ try
+ {
+ String[] pwComponents =
+ UserPasswordSyntax.decodeUserPassword(v.getStringValue());
+ PasswordStorageScheme scheme =
+ DirectoryServer.getPasswordStorageScheme(pwComponents[0]);
+ if (scheme == null)
+ {
+ if (debug)
+ {
+ debugMessage(DebugLogCategory.PASSWORD_POLICY,
+ DebugLogSeverity.WARNING, CLASS_NAME,
+ "getClearPasswords",
+ "User entry " + userDNString + " contains a " +
+ "password with scheme " + pwComponents[0] +
+ " that is not defined in the server.");
+ }
+
+ continue;
+ }
+ else if (scheme.isReversible())
+ {
+ ByteString clearValue =
+ scheme.getPlaintextValue(
+ new ASN1OctetString(pwComponents[1]));
+ clearPasswords.add(clearValue);
+ }
+ }
+ catch (Exception e)
+ {
+ assert debugException(CLASS_NAME, "getClearPasswords", e);
+
+ if (debug)
+ {
+ debugMessage(DebugLogCategory.PASSWORD_POLICY,
+ DebugLogSeverity.WARNING, CLASS_NAME,
+ "getClearPasswords",
+ "Cannot get clear password value for user " +
+ userDNString + ": " + e);
+ }
+ }
+ }
+ }
+ }
+ }
+
+ return clearPasswords;
+ }
+
+
+
+ /**
* Indicates whether the provided password value matches any of the stored
* passwords in the user entry.
*
diff --git a/opends/src/server/org/opends/server/extensions/Base64PasswordStorageScheme.java b/opends/src/server/org/opends/server/extensions/Base64PasswordStorageScheme.java
index 6b1ae0e..4fabf5b 100644
--- a/opends/src/server/org/opends/server/extensions/Base64PasswordStorageScheme.java
+++ b/opends/src/server/org/opends/server/extensions/Base64PasswordStorageScheme.java
@@ -78,21 +78,9 @@
/**
- * Initializes this password storage scheme handler based on the information
- * in the provided configuration entry. It should also register itself with
- * the Directory Server for the particular storage scheme that it will manage.
- *
- * @param configEntry The configuration entry that contains the information
- * to use to initialize this password storage scheme
- * handler.
- *
- * @throws ConfigException If an unrecoverable problem arises in the
- * process of performing the initialization.
- *
- * @throws InitializationException If a problem occurs during initialization
- * that is not related to the server
- * configuration.
+ * {@inheritDoc}
*/
+ @Override()
public void initializePasswordStorageScheme(ConfigEntry configEntry)
throws ConfigException, InitializationException
{
@@ -105,10 +93,9 @@
/**
- * Retrieves the name of the password storage scheme provided by this handler.
- *
- * @return The name of the password storage scheme provided by this handler.
+ * {@inheritDoc}
*/
+ @Override()
public String getStorageSchemeName()
{
assert debugEnter(CLASS_NAME, "getStorageSchemeName");
@@ -119,15 +106,9 @@
/**
- * Encodes the provided plaintext password for this storage scheme. Note that
- * the provided plaintext password should not be altered in any way.
- *
- * @param plaintext The plaintext version of the password.
- *
- * @return The password that has been encoded using this storage scheme.
- *
- * @throws DirectoryException If a problem occurs while processing.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString encodePassword(ByteString plaintext)
throws DirectoryException
{
@@ -139,16 +120,9 @@
/**
- * Encodes the provided plaintext password for this storage scheme, prepending
- * the name of the scheme in curly braces. Note that the provided plaintext
- * password should not be altered in any way.
- *
- * @param plaintext The plaintext version of the password.
- *
- * @return The encoded password, including the name of the storage scheme.
- *
- * @throws DirectoryException If a problem occurs while processing.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString encodePasswordWithScheme(ByteString plaintext)
throws DirectoryException
{
@@ -167,17 +141,9 @@
/**
- * Indicates whether the provided plaintext password included in a bind
- * request matches the given stored value.
- *
- * @param plaintextPassword The plaintext password provided by the user as
- * part of a simple bind attempt.
- * @param storedPassword The stored password to compare against the
- * provided plaintext password.
- *
- * @return <CODE>true</CODE> if the provided plaintext password matches the
- * provided stored password, or <CODE>false</CODE> if not.
+ * {@inheritDoc}
*/
+ @Override()
public boolean passwordMatches(ByteString plaintextPassword,
ByteString storedPassword)
{
@@ -194,12 +160,9 @@
/**
- * Indicates whether this storage scheme is reversible (i.e., it is possible
- * to obtain the original plaintext value from the stored password).
- *
- * @return <CODE>true</CODE> if this is a reversible password storage scheme,
- * or <CODE>false</CODE> if it is not.
+ * {@inheritDoc}
*/
+ @Override()
public boolean isReversible()
{
assert debugEnter(CLASS_NAME, "isReversible");
@@ -210,18 +173,9 @@
/**
- * Retrieves the original plaintext value for the provided stored password.
- * Note that this should only be called if <CODE>isReversible</CODE> returns
- * <CODE>true</CODE>.
- *
- * @param storedPassword The password for which to obtain the plaintext
- * value.
- *
- * @return The plaintext value for the provided stored password.
- *
- * @throws DirectoryException If it is not possible to obtain the plaintext
- * value for the provided stored password.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString getPlaintextValue(ByteString storedPassword)
throws DirectoryException
{
@@ -247,14 +201,9 @@
/**
- * Indicates whether this password storage scheme supports the ability to
- * interact with values using the authentication password syntax defined in
- * RFC 3112.
- *
- * @return <CODE>true</CODE> if this password storage scheme supports the
- * ability to interact with values using the authentication password
- * syntax, or <CODE>false</CODE> if it does not.
+ * {@inheritDoc}
*/
+ @Override()
public boolean supportsAuthPasswordSyntax()
{
assert debugEnter(CLASS_NAME, "supportsAuthPasswordSyntax");
@@ -266,19 +215,9 @@
/**
- * Encodes the provided plaintext password for this storage scheme using the
- * authentication password syntax defined in RFC 3112. Note that the
- * provided plaintext password should not be altered in any way.
- *
- * @param plaintext The plaintext version of the password.
- *
- * @return The password that has been encoded in the authentication password
- * syntax.
- *
- * @throws DirectoryException If a problem occurs while processing of if
- * this storage scheme does not support the
- * authentication password syntax.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString encodeAuthPassword(ByteString plaintext)
throws DirectoryException
{
@@ -295,21 +234,9 @@
/**
- * Indicates whether the provided plaintext password matches the encoded
- * password using the authentication password syntax with the given authInfo
- * and authValue components.
- *
- * @param plaintextPassword The plaintext password provided by the user.
- * @param authInfo The authInfo component of the password encoded
- * in the authentication password syntax.
- * @param authValue The authValue component of the password encoded
- * in the authentication password syntax.
- *
- * @return <CODE>true</CODE> if the provided plaintext password matches the
- * encoded password according to the authentication password info
- * syntax, or <CODE>false</CODE> if it does not or this storage
- * scheme does not support the authentication password syntax.
+ * {@inheritDoc}
*/
+ @Override()
public boolean authPasswordMatches(ByteString plaintextPassword,
String authInfo, String authValue)
{
@@ -325,22 +252,28 @@
/**
- * Indicates whether this password storage scheme should be considered
- * "secure". If the encoding used for this scheme does not obscure the value
- * at all, or if it uses a method that is trivial to reverse (e.g., base64),
- * then it should not be considered secure.
- * <BR><BR>
- * This may be used to determine whether a password may be included in a set
- * of search results, including the possibility of overriding access controls
- * in the case that access controls would allow the password to be returned
- * but the password is considered too insecure to reveal.
- *
- * @return <CODE>false</CODE> if it may be trivial to discover the original
- * plain-text password from the encoded form, or <CODE>true</CODE> if
- * the scheme offers sufficient protection that revealing the encoded
- * password will not easily reveal the corresponding plain-text
- * value.
+ * {@inheritDoc}
*/
+ @Override()
+ public ByteString getAuthPasswordPlaintextValue(String authInfo,
+ String authValue)
+ throws DirectoryException
+ {
+ assert debugEnter(CLASS_NAME, "getAuthPasswordPlaintextValue",
+ String.valueOf(authInfo), String.valueOf(authValue));
+
+ int msgID = MSGID_PWSCHEME_DOES_NOT_SUPPORT_AUTH_PASSWORD;
+ String message = getMessage(msgID, getStorageSchemeName());
+ throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, message,
+ msgID);
+ }
+
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override()
public boolean isStorageSchemeSecure()
{
assert debugEnter(CLASS_NAME, "isStorageSchemeSecure");
diff --git a/opends/src/server/org/opends/server/extensions/ClearPasswordStorageScheme.java b/opends/src/server/org/opends/server/extensions/ClearPasswordStorageScheme.java
index 3f80f3c..0483547 100644
--- a/opends/src/server/org/opends/server/extensions/ClearPasswordStorageScheme.java
+++ b/opends/src/server/org/opends/server/extensions/ClearPasswordStorageScheme.java
@@ -78,21 +78,9 @@
/**
- * Initializes this password storage scheme handler based on the information
- * in the provided configuration entry. It should also register itself with
- * the Directory Server for the particular storage scheme that it will manage.
- *
- * @param configEntry The configuration entry that contains the information
- * to use to initialize this password storage scheme
- * handler.
- *
- * @throws ConfigException If an unrecoverable problem arises in the
- * process of performing the initialization.
- *
- * @throws InitializationException If a problem occurs during initialization
- * that is not related to the server
- * configuration.
+ * {@inheritDoc}
*/
+ @Override()
public void initializePasswordStorageScheme(ConfigEntry configEntry)
throws ConfigException, InitializationException
{
@@ -105,10 +93,9 @@
/**
- * Retrieves the name of the password storage scheme provided by this handler.
- *
- * @return The name of the password storage scheme provided by this handler.
+ * {@inheritDoc}
*/
+ @Override()
public String getStorageSchemeName()
{
assert debugEnter(CLASS_NAME, "getStorageSchemeName");
@@ -119,15 +106,9 @@
/**
- * Encodes the provided plaintext password for this storage scheme. Note that
- * the provided plaintext password should not be altered in any way.
- *
- * @param plaintext The plaintext version of the password.
- *
- * @return The password that has been encoded using this storage scheme.
- *
- * @throws DirectoryException If a problem occurs while processing.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString encodePassword(ByteString plaintext)
throws DirectoryException
{
@@ -139,16 +120,9 @@
/**
- * Encodes the provided plaintext password for this storage scheme, prepending
- * the name of the scheme in curly braces. Note that the provided plaintext
- * password should not be altered in any way.
- *
- * @param plaintext The plaintext version of the password.
- *
- * @return The encoded password, including the name of the storage scheme.
- *
- * @throws DirectoryException If a problem occurs while processing.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString encodePasswordWithScheme(ByteString plaintext)
throws DirectoryException
{
@@ -166,17 +140,9 @@
/**
- * Indicates whether the provided plaintext password included in a bind
- * request matches the given stored value.
- *
- * @param plaintextPassword The plaintext password provided by the user as
- * part of a simple bind attempt.
- * @param storedPassword The stored password to compare against the
- * provided plaintext password.
- *
- * @return <CODE>true</CODE> if the provided plaintext password matches the
- * provided stored password, or <CODE>false</CODE> if not.
+ * {@inheritDoc}
*/
+ @Override()
public boolean passwordMatches(ByteString plaintextPassword,
ByteString storedPassword)
{
@@ -190,12 +156,9 @@
/**
- * Indicates whether this storage scheme is reversible (i.e., it is possible
- * to obtain the original plaintext value from the stored password).
- *
- * @return <CODE>true</CODE> if this is a reversible password storage scheme,
- * or <CODE>false</CODE> if it is not.
+ * {@inheritDoc}
*/
+ @Override()
public boolean isReversible()
{
assert debugEnter(CLASS_NAME, "isReversible");
@@ -206,18 +169,9 @@
/**
- * Retrieves the original plaintext value for the provided stored password.
- * Note that this should only be called if <CODE>isReversible</CODE> returns
- * <CODE>true</CODE>.
- *
- * @param storedPassword The password for which to obtain the plaintext
- * value.
- *
- * @return The plaintext value for the provided stored password.
- *
- * @throws DirectoryException If it is not possible to obtain the plaintext
- * value for the provided stored password.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString getPlaintextValue(ByteString storedPassword)
throws DirectoryException
{
@@ -230,14 +184,9 @@
/**
- * Indicates whether this password storage scheme supports the ability to
- * interact with values using the authentication password syntax defined in
- * RFC 3112.
- *
- * @return <CODE>true</CODE> if this password storage scheme supports the
- * ability to interact with values using the authentication password
- * syntax, or <CODE>false</CODE> if it does not.
+ * {@inheritDoc}
*/
+ @Override()
public boolean supportsAuthPasswordSyntax()
{
assert debugEnter(CLASS_NAME, "supportsAuthPasswordSyntax");
@@ -249,19 +198,9 @@
/**
- * Encodes the provided plaintext password for this storage scheme using the
- * authentication password syntax defined in RFC 3112. Note that the
- * provided plaintext password should not be altered in any way.
- *
- * @param plaintext The plaintext version of the password.
- *
- * @return The password that has been encoded in the authentication password
- * syntax.
- *
- * @throws DirectoryException If a problem occurs while processing of if
- * this storage scheme does not support the
- * authentication password syntax.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString encodeAuthPassword(ByteString plaintext)
throws DirectoryException
{
@@ -278,21 +217,9 @@
/**
- * Indicates whether the provided plaintext password matches the encoded
- * password using the authentication password syntax with the given authInfo
- * and authValue components.
- *
- * @param plaintextPassword The plaintext password provided by the user.
- * @param authInfo The authInfo component of the password encoded
- * in the authentication password syntax.
- * @param authValue The authValue component of the password encoded
- * in the authentication password syntax.
- *
- * @return <CODE>true</CODE> if the provided plaintext password matches the
- * encoded password according to the authentication password info
- * syntax, or <CODE>false</CODE> if it does not or this storage
- * scheme does not support the authentication password syntax.
+ * {@inheritDoc}
*/
+ @Override()
public boolean authPasswordMatches(ByteString plaintextPassword,
String authInfo, String authValue)
{
@@ -308,22 +235,28 @@
/**
- * Indicates whether this password storage scheme should be considered
- * "secure". If the encoding used for this scheme does not obscure the value
- * at all, or if it uses a method that is trivial to reverse (e.g., base64),
- * then it should not be considered secure.
- * <BR><BR>
- * This may be used to determine whether a password may be included in a set
- * of search results, including the possibility of overriding access controls
- * in the case that access controls would allow the password to be returned
- * but the password is considered too insecure to reveal.
- *
- * @return <CODE>false</CODE> if it may be trivial to discover the original
- * plain-text password from the encoded form, or <CODE>true</CODE> if
- * the scheme offers sufficient protection that revealing the encoded
- * password will not easily reveal the corresponding plain-text
- * value.
+ * {@inheritDoc}
*/
+ @Override()
+ public ByteString getAuthPasswordPlaintextValue(String authInfo,
+ String authValue)
+ throws DirectoryException
+ {
+ assert debugEnter(CLASS_NAME, "getAuthPasswordPlaintextValue",
+ String.valueOf(authInfo), String.valueOf(authValue));
+
+ int msgID = MSGID_PWSCHEME_DOES_NOT_SUPPORT_AUTH_PASSWORD;
+ String message = getMessage(msgID, getStorageSchemeName());
+ throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, message,
+ msgID);
+ }
+
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override()
public boolean isStorageSchemeSecure()
{
assert debugEnter(CLASS_NAME, "isStorageSchemeSecure");
diff --git a/opends/src/server/org/opends/server/extensions/MD5PasswordStorageScheme.java b/opends/src/server/org/opends/server/extensions/MD5PasswordStorageScheme.java
index 9cc485b..d63876d 100644
--- a/opends/src/server/org/opends/server/extensions/MD5PasswordStorageScheme.java
+++ b/opends/src/server/org/opends/server/extensions/MD5PasswordStorageScheme.java
@@ -97,21 +97,9 @@
/**
- * Initializes this password storage scheme handler based on the information
- * in the provided configuration entry. It should also register itself with
- * the Directory Server for the particular storage scheme that it will manage.
- *
- * @param configEntry The configuration entry that contains the information
- * to use to initialize this password storage scheme
- * handler.
- *
- * @throws ConfigException If an unrecoverable problem arises in the
- * process of performing the initialization.
- *
- * @throws InitializationException If a problem occurs during initialization
- * that is not related to the server
- * configuration.
+ * {@inheritDoc}
*/
+ @Override()
public void initializePasswordStorageScheme(ConfigEntry configEntry)
throws ConfigException, InitializationException
{
@@ -138,10 +126,9 @@
/**
- * Retrieves the name of the password storage scheme provided by this handler.
- *
- * @return The name of the password storage scheme provided by this handler.
+ * {@inheritDoc}
*/
+ @Override()
public String getStorageSchemeName()
{
assert debugEnter(CLASS_NAME, "getStorageSchemeName");
@@ -152,15 +139,9 @@
/**
- * Encodes the provided plaintext password for this storage scheme. Note that
- * the provided plaintext password should not be altered in any way.
- *
- * @param plaintext The plaintext version of the password.
- *
- * @return The password that has been encoded using this storage scheme.
- *
- * @throws DirectoryException If a problem occurs while processing.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString encodePassword(ByteString plaintext)
throws DirectoryException
{
@@ -196,16 +177,9 @@
/**
- * Encodes the provided plaintext password for this storage scheme, prepending
- * the name of the scheme in curly braces. Note that the provided plaintext
- * password should not be altered in any way.
- *
- * @param plaintext The plaintext version of the password.
- *
- * @return The encoded password, including the name of the storage scheme.
- *
- * @throws DirectoryException If a problem occurs while processing.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString encodePasswordWithScheme(ByteString plaintext)
throws DirectoryException
{
@@ -250,17 +224,9 @@
/**
- * Indicates whether the provided plaintext password included in a bind
- * request matches the given stored value.
- *
- * @param plaintextPassword The plaintext password provided by the user as
- * part of a simple bind attempt.
- * @param storedPassword The stored password to compare against the
- * provided plaintext password.
- *
- * @return <CODE>true</CODE> if the provided plaintext password matches the
- * provided stored password, or <CODE>false</CODE> if not.
+ * {@inheritDoc}
*/
+ @Override()
public boolean passwordMatches(ByteString plaintextPassword,
ByteString storedPassword)
{
@@ -309,14 +275,9 @@
/**
- * Indicates whether this password storage scheme supports the ability to
- * interact with values using the authentication password syntax defined in
- * RFC 3112.
- *
- * @return <CODE>true</CODE> if this password storage scheme supports the
- * ability to interact with values using the authentication password
- * syntax, or <CODE>false</CODE> if it does not.
+ * {@inheritDoc}
*/
+ @Override()
public boolean supportsAuthPasswordSyntax()
{
assert debugEnter(CLASS_NAME, "supportsAuthPasswordSyntax");
@@ -328,19 +289,9 @@
/**
- * Encodes the provided plaintext password for this storage scheme using the
- * authentication password syntax defined in RFC 3112. Note that the
- * provided plaintext password should not be altered in any way.
- *
- * @param plaintext The plaintext version of the password.
- *
- * @return The password that has been encoded in the authentication password
- * syntax.
- *
- * @throws DirectoryException If a problem occurs while processing of if
- * this storage scheme does not support the
- * authentication password syntax.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString encodeAuthPassword(ByteString plaintext)
throws DirectoryException
{
@@ -357,21 +308,9 @@
/**
- * Indicates whether the provided plaintext password matches the encoded
- * password using the authentication password syntax with the given authInfo
- * and authValue components.
- *
- * @param plaintextPassword The plaintext password provided by the user.
- * @param authInfo The authInfo component of the password encoded
- * in the authentication password syntax.
- * @param authValue The authValue component of the password encoded
- * in the authentication password syntax.
- *
- * @return <CODE>true</CODE> if the provided plaintext password matches the
- * encoded password according to the authentication password info
- * syntax, or <CODE>false</CODE> if it does not or this storage
- * scheme does not support the authentication password syntax.
+ * {@inheritDoc}
*/
+ @Override()
public boolean authPasswordMatches(ByteString plaintextPassword,
String authInfo, String authValue)
{
@@ -387,12 +326,9 @@
/**
- * Indicates whether this storage scheme is reversible (i.e., it is possible
- * to obtain the original plaintext value from the stored password).
- *
- * @return <CODE>true</CODE> if this is a reversible password storage scheme,
- * or <CODE>false</CODE> if it is not.
+ * {@inheritDoc}
*/
+ @Override()
public boolean isReversible()
{
assert debugEnter(CLASS_NAME, "isReversible");
@@ -403,18 +339,9 @@
/**
- * Retrieves the original plaintext value for the provided stored password.
- * Note that this should only be called if <CODE>isReversible</CODE> returns
- * <CODE>true</CODE>.
- *
- * @param storedPassword The password for which to obtain the plaintext
- * value.
- *
- * @return The plaintext value for the provided stored password.
- *
- * @throws DirectoryException If it is not possible to obtain the plaintext
- * value for the provided stored password.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString getPlaintextValue(ByteString storedPassword)
throws DirectoryException
{
@@ -430,22 +357,28 @@
/**
- * Indicates whether this password storage scheme should be considered
- * "secure". If the encoding used for this scheme does not obscure the value
- * at all, or if it uses a method that is trivial to reverse (e.g., base64),
- * then it should not be considered secure.
- * <BR><BR>
- * This may be used to determine whether a password may be included in a set
- * of search results, including the possibility of overriding access controls
- * in the case that access controls would allow the password to be returned
- * but the password is considered too insecure to reveal.
- *
- * @return <CODE>false</CODE> if it may be trivial to discover the original
- * plain-text password from the encoded form, or <CODE>true</CODE> if
- * the scheme offers sufficient protection that revealing the encoded
- * password will not easily reveal the corresponding plain-text
- * value.
+ * {@inheritDoc}
*/
+ @Override()
+ public ByteString getAuthPasswordPlaintextValue(String authInfo,
+ String authValue)
+ throws DirectoryException
+ {
+ assert debugEnter(CLASS_NAME, "getAuthPasswordPlaintextValue",
+ String.valueOf(authInfo), String.valueOf(authValue));
+
+ int msgID = MSGID_PWSCHEME_DOES_NOT_SUPPORT_AUTH_PASSWORD;
+ String message = getMessage(msgID, getStorageSchemeName());
+ throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, message,
+ msgID);
+ }
+
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override()
public boolean isStorageSchemeSecure()
{
assert debugEnter(CLASS_NAME, "isStorageSchemeSecure");
diff --git a/opends/src/server/org/opends/server/extensions/SHA1PasswordStorageScheme.java b/opends/src/server/org/opends/server/extensions/SHA1PasswordStorageScheme.java
index 83bc473..f83a28c 100644
--- a/opends/src/server/org/opends/server/extensions/SHA1PasswordStorageScheme.java
+++ b/opends/src/server/org/opends/server/extensions/SHA1PasswordStorageScheme.java
@@ -97,21 +97,9 @@
/**
- * Initializes this password storage scheme handler based on the information
- * in the provided configuration entry. It should also register itself with
- * the Directory Server for the particular storage scheme that it will manage.
- *
- * @param configEntry The configuration entry that contains the information
- * to use to initialize this password storage scheme
- * handler.
- *
- * @throws ConfigException If an unrecoverable problem arises in the
- * process of performing the initialization.
- *
- * @throws InitializationException If a problem occurs during initialization
- * that is not related to the server
- * configuration.
+ * {@inheritDoc}
*/
+ @Override()
public void initializePasswordStorageScheme(ConfigEntry configEntry)
throws ConfigException, InitializationException
{
@@ -138,10 +126,9 @@
/**
- * Retrieves the name of the password storage scheme provided by this handler.
- *
- * @return The name of the password storage scheme provided by this handler.
+ * {@inheritDoc}
*/
+ @Override()
public String getStorageSchemeName()
{
assert debugEnter(CLASS_NAME, "getStorageSchemeName");
@@ -152,15 +139,9 @@
/**
- * Encodes the provided plaintext password for this storage scheme. Note that
- * the provided plaintext password should not be altered in any way.
- *
- * @param plaintext The plaintext version of the password.
- *
- * @return The password that has been encoded using this storage scheme.
- *
- * @throws DirectoryException If a problem occurs while processing.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString encodePassword(ByteString plaintext)
throws DirectoryException
{
@@ -196,16 +177,9 @@
/**
- * Encodes the provided plaintext password for this storage scheme, prepending
- * the name of the scheme in curly braces. Note that the provided plaintext
- * password should not be altered in any way.
- *
- * @param plaintext The plaintext version of the password.
- *
- * @return The encoded password, including the name of the storage scheme.
- *
- * @throws DirectoryException If a problem occurs while processing.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString encodePasswordWithScheme(ByteString plaintext)
throws DirectoryException
{
@@ -249,17 +223,9 @@
/**
- * Indicates whether the provided plaintext password included in a bind
- * request matches the given stored value.
- *
- * @param plaintextPassword The plaintext password provided by the user as
- * part of a simple bind attempt.
- * @param storedPassword The stored password to compare against the
- * provided plaintext password.
- *
- * @return <CODE>true</CODE> if the provided plaintext password matches the
- * provided stored password, or <CODE>false</CODE> if not.
+ * {@inheritDoc}
*/
+ @Override()
public boolean passwordMatches(ByteString plaintextPassword,
ByteString storedPassword)
{
@@ -308,14 +274,9 @@
/**
- * Indicates whether this password storage scheme supports the ability to
- * interact with values using the authentication password syntax defined in
- * RFC 3112.
- *
- * @return <CODE>true</CODE> if this password storage scheme supports the
- * ability to interact with values using the authentication password
- * syntax, or <CODE>false</CODE> if it does not.
+ * {@inheritDoc}
*/
+ @Override()
public boolean supportsAuthPasswordSyntax()
{
assert debugEnter(CLASS_NAME, "supportsAuthPasswordSyntax");
@@ -327,19 +288,9 @@
/**
- * Encodes the provided plaintext password for this storage scheme using the
- * authentication password syntax defined in RFC 3112. Note that the
- * provided plaintext password should not be altered in any way.
- *
- * @param plaintext The plaintext version of the password.
- *
- * @return The password that has been encoded in the authentication password
- * syntax.
- *
- * @throws DirectoryException If a problem occurs while processing of if
- * this storage scheme does not support the
- * authentication password syntax.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString encodeAuthPassword(ByteString plaintext)
throws DirectoryException
{
@@ -356,21 +307,9 @@
/**
- * Indicates whether the provided plaintext password matches the encoded
- * password using the authentication password syntax with the given authInfo
- * and authValue components.
- *
- * @param plaintextPassword The plaintext password provided by the user.
- * @param authInfo The authInfo component of the password encoded
- * in the authentication password syntax.
- * @param authValue The authValue component of the password encoded
- * in the authentication password syntax.
- *
- * @return <CODE>true</CODE> if the provided plaintext password matches the
- * encoded password according to the authentication password info
- * syntax, or <CODE>false</CODE> if it does not or this storage
- * scheme does not support the authentication password syntax.
+ * {@inheritDoc}
*/
+ @Override()
public boolean authPasswordMatches(ByteString plaintextPassword,
String authInfo, String authValue)
{
@@ -386,12 +325,9 @@
/**
- * Indicates whether this storage scheme is reversible (i.e., it is possible
- * to obtain the original plaintext value from the stored password).
- *
- * @return <CODE>true</CODE> if this is a reversible password storage scheme,
- * or <CODE>false</CODE> if it is not.
+ * {@inheritDoc}
*/
+ @Override()
public boolean isReversible()
{
assert debugEnter(CLASS_NAME, "isReversible");
@@ -402,18 +338,9 @@
/**
- * Retrieves the original plaintext value for the provided stored password.
- * Note that this should only be called if <CODE>isReversible</CODE> returns
- * <CODE>true</CODE>.
- *
- * @param storedPassword The password for which to obtain the plaintext
- * value.
- *
- * @return The plaintext value for the provided stored password.
- *
- * @throws DirectoryException If it is not possible to obtain the plaintext
- * value for the provided stored password.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString getPlaintextValue(ByteString storedPassword)
throws DirectoryException
{
@@ -429,22 +356,28 @@
/**
- * Indicates whether this password storage scheme should be considered
- * "secure". If the encoding used for this scheme does not obscure the value
- * at all, or if it uses a method that is trivial to reverse (e.g., base64),
- * then it should not be considered secure.
- * <BR><BR>
- * This may be used to determine whether a password may be included in a set
- * of search results, including the possibility of overriding access controls
- * in the case that access controls would allow the password to be returned
- * but the password is considered too insecure to reveal.
- *
- * @return <CODE>false</CODE> if it may be trivial to discover the original
- * plain-text password from the encoded form, or <CODE>true</CODE> if
- * the scheme offers sufficient protection that revealing the encoded
- * password will not easily reveal the corresponding plain-text
- * value.
+ * {@inheritDoc}
*/
+ @Override()
+ public ByteString getAuthPasswordPlaintextValue(String authInfo,
+ String authValue)
+ throws DirectoryException
+ {
+ assert debugEnter(CLASS_NAME, "getAuthPasswordPlaintextValue",
+ String.valueOf(authInfo), String.valueOf(authValue));
+
+ int msgID = MSGID_PWSCHEME_DOES_NOT_SUPPORT_AUTH_PASSWORD;
+ String message = getMessage(msgID, getStorageSchemeName());
+ throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, message,
+ msgID);
+ }
+
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override()
public boolean isStorageSchemeSecure()
{
assert debugEnter(CLASS_NAME, "isStorageSchemeSecure");
diff --git a/opends/src/server/org/opends/server/extensions/SaltedMD5PasswordStorageScheme.java b/opends/src/server/org/opends/server/extensions/SaltedMD5PasswordStorageScheme.java
index 62b6f50..d0f40dd 100644
--- a/opends/src/server/org/opends/server/extensions/SaltedMD5PasswordStorageScheme.java
+++ b/opends/src/server/org/opends/server/extensions/SaltedMD5PasswordStorageScheme.java
@@ -111,21 +111,9 @@
/**
- * Initializes this password storage scheme handler based on the information
- * in the provided configuration entry. It should also register itself with
- * the Directory Server for the particular storage scheme that it will manage.
- *
- * @param configEntry The configuration entry that contains the information
- * to use to initialize this password storage scheme
- * handler.
- *
- * @throws ConfigException If an unrecoverable problem arises in the
- * process of performing the initialization.
- *
- * @throws InitializationException If a problem occurs during initialization
- * that is not related to the server
- * configuration.
+ * {@inheritDoc}
*/
+ @Override()
public void initializePasswordStorageScheme(ConfigEntry configEntry)
throws ConfigException, InitializationException
{
@@ -154,10 +142,9 @@
/**
- * Retrieves the name of the password storage scheme provided by this handler.
- *
- * @return The name of the password storage scheme provided by this handler.
+ * {@inheritDoc}
*/
+ @Override()
public String getStorageSchemeName()
{
assert debugEnter(CLASS_NAME, "getStorageSchemeName");
@@ -168,15 +155,9 @@
/**
- * Encodes the provided plaintext password for this storage scheme. Note that
- * the provided plaintext password should not be altered in any way.
- *
- * @param plaintext The plaintext version of the password.
- *
- * @return The password that has been encoded using this storage scheme.
- *
- * @throws DirectoryException If a problem occurs while processing.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString encodePassword(ByteString plaintext)
throws DirectoryException
{
@@ -231,16 +212,9 @@
/**
- * Encodes the provided plaintext password for this storage scheme, prepending
- * the name of the scheme in curly braces. Note that the provided plaintext
- * password should not be altered in any way.
- *
- * @param plaintext The plaintext version of the password.
- *
- * @return The encoded password, including the name of the storage scheme.
- *
- * @throws DirectoryException If a problem occurs while processing.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString encodePasswordWithScheme(ByteString plaintext)
throws DirectoryException
{
@@ -302,17 +276,9 @@
/**
- * Indicates whether the provided plaintext password included in a bind
- * request matches the given stored value.
- *
- * @param plaintextPassword The plaintext password provided by the user as
- * part of a simple bind attempt.
- * @param storedPassword The stored password to compare against the
- * provided plaintext password.
- *
- * @return <CODE>true</CODE> if the provided plaintext password matches the
- * provided stored password, or <CODE>false</CODE> if not.
+ * {@inheritDoc}
*/
+ @Override()
public boolean passwordMatches(ByteString plaintextPassword,
ByteString storedPassword)
{
@@ -379,14 +345,9 @@
/**
- * Indicates whether this password storage scheme supports the ability to
- * interact with values using the authentication password syntax defined in
- * RFC 3112.
- *
- * @return <CODE>true</CODE> if this password storage scheme supports the
- * ability to interact with values using the authentication password
- * syntax, or <CODE>false</CODE> if it does not.
+ * {@inheritDoc}
*/
+ @Override()
public boolean supportsAuthPasswordSyntax()
{
assert debugEnter(CLASS_NAME, "supportsAuthPasswordSyntax");
@@ -398,15 +359,9 @@
/**
- * Retrieves the scheme name that should be used with this password storage
- * scheme when it is used in the context of the authentication password
- * syntax. This default implementation will return the same value as the
- * <CODE>getStorageSchemeName</CODE> method.
- *
- * @return The scheme name that should be used with this password storage
- * scheme when it is used in the context of the authentication
- * password syntax.
+ * {@inheritDoc}
*/
+ @Override()
public String getAuthPasswordSchemeName()
{
assert debugEnter(CLASS_NAME, "getAuthPasswordSchemeName");
@@ -417,19 +372,9 @@
/**
- * Encodes the provided plaintext password for this storage scheme using the
- * authentication password syntax defined in RFC 3112. Note that the
- * provided plaintext password should not be altered in any way.
- *
- * @param plaintext The plaintext version of the password.
- *
- * @return The password that has been encoded in the authentication password
- * syntax.
- *
- * @throws DirectoryException If a problem occurs while processing of if
- * this storage scheme does not support the
- * authentication password syntax.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString encodeAuthPassword(ByteString plaintext)
throws DirectoryException
{
@@ -488,21 +433,9 @@
/**
- * Indicates whether the provided plaintext password matches the encoded
- * password using the authentication password syntax with the given authInfo
- * and authValue components.
- *
- * @param plaintextPassword The plaintext password provided by the user.
- * @param authInfo The authInfo component of the password encoded
- * in the authentication password syntax.
- * @param authValue The authValue component of the password encoded
- * in the authentication password syntax.
- *
- * @return <CODE>true</CODE> if the provided plaintext password matches the
- * encoded password according to the authentication password info
- * syntax, or <CODE>false</CODE> if it does not or this storage
- * scheme does not support the authentication password syntax.
+ * {@inheritDoc}
*/
+ @Override()
public boolean authPasswordMatches(ByteString plaintextPassword,
String authInfo, String authValue)
{
@@ -548,12 +481,9 @@
/**
- * Indicates whether this storage scheme is reversible (i.e., it is possible
- * to obtain the original plaintext value from the stored password).
- *
- * @return <CODE>true</CODE> if this is a reversible password storage scheme,
- * or <CODE>false</CODE> if it is not.
+ * {@inheritDoc}
*/
+ @Override()
public boolean isReversible()
{
assert debugEnter(CLASS_NAME, "isReversible");
@@ -564,18 +494,9 @@
/**
- * Retrieves the original plaintext value for the provided stored password.
- * Note that this should only be called if <CODE>isReversible</CODE> returns
- * <CODE>true</CODE>.
- *
- * @param storedPassword The password for which to obtain the plaintext
- * value.
- *
- * @return The plaintext value for the provided stored password.
- *
- * @throws DirectoryException If it is not possible to obtain the plaintext
- * value for the provided stored password.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString getPlaintextValue(ByteString storedPassword)
throws DirectoryException
{
@@ -591,22 +512,28 @@
/**
- * Indicates whether this password storage scheme should be considered
- * "secure". If the encoding used for this scheme does not obscure the value
- * at all, or if it uses a method that is trivial to reverse (e.g., base64),
- * then it should not be considered secure.
- * <BR><BR>
- * This may be used to determine whether a password may be included in a set
- * of search results, including the possibility of overriding access controls
- * in the case that access controls would allow the password to be returned
- * but the password is considered too insecure to reveal.
- *
- * @return <CODE>false</CODE> if it may be trivial to discover the original
- * plain-text password from the encoded form, or <CODE>true</CODE> if
- * the scheme offers sufficient protection that revealing the encoded
- * password will not easily reveal the corresponding plain-text
- * value.
+ * {@inheritDoc}
*/
+ @Override()
+ public ByteString getAuthPasswordPlaintextValue(String authInfo,
+ String authValue)
+ throws DirectoryException
+ {
+ assert debugEnter(CLASS_NAME, "getAuthPasswordPlaintextValue",
+ String.valueOf(authInfo), String.valueOf(authValue));
+
+ int msgID = MSGID_PWSCHEME_NOT_REVERSIBLE;
+ String message = getMessage(msgID, AUTH_PASSWORD_SCHEME_NAME_SALTED_MD5);
+ throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message,
+ msgID);
+ }
+
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override()
public boolean isStorageSchemeSecure()
{
assert debugEnter(CLASS_NAME, "isStorageSchemeSecure");
diff --git a/opends/src/server/org/opends/server/extensions/SaltedSHA1PasswordStorageScheme.java b/opends/src/server/org/opends/server/extensions/SaltedSHA1PasswordStorageScheme.java
index 5932b67..db90ac2 100644
--- a/opends/src/server/org/opends/server/extensions/SaltedSHA1PasswordStorageScheme.java
+++ b/opends/src/server/org/opends/server/extensions/SaltedSHA1PasswordStorageScheme.java
@@ -111,21 +111,9 @@
/**
- * Initializes this password storage scheme handler based on the information
- * in the provided configuration entry. It should also register itself with
- * the Directory Server for the particular storage scheme that it will manage.
- *
- * @param configEntry The configuration entry that contains the information
- * to use to initialize this password storage scheme
- * handler.
- *
- * @throws ConfigException If an unrecoverable problem arises in the
- * process of performing the initialization.
- *
- * @throws InitializationException If a problem occurs during initialization
- * that is not related to the server
- * configuration.
+ * {@inheritDoc}
*/
+ @Override()
public void initializePasswordStorageScheme(ConfigEntry configEntry)
throws ConfigException, InitializationException
{
@@ -153,10 +141,9 @@
/**
- * Retrieves the name of the password storage scheme provided by this handler.
- *
- * @return The name of the password storage scheme provided by this handler.
+ * {@inheritDoc}
*/
+ @Override()
public String getStorageSchemeName()
{
assert debugEnter(CLASS_NAME, "getStorageSchemeName");
@@ -167,15 +154,9 @@
/**
- * Encodes the provided plaintext password for this storage scheme. Note that
- * the provided plaintext password should not be altered in any way.
- *
- * @param plaintext The plaintext version of the password.
- *
- * @return The password that has been encoded using this storage scheme.
- *
- * @throws DirectoryException If a problem occurs while processing.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString encodePassword(ByteString plaintext)
throws DirectoryException
{
@@ -230,16 +211,9 @@
/**
- * Encodes the provided plaintext password for this storage scheme, prepending
- * the name of the scheme in curly braces. Note that the provided plaintext
- * password should not be altered in any way.
- *
- * @param plaintext The plaintext version of the password.
- *
- * @return The encoded password, including the name of the storage scheme.
- *
- * @throws DirectoryException If a problem occurs while processing.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString encodePasswordWithScheme(ByteString plaintext)
throws DirectoryException
{
@@ -301,17 +275,9 @@
/**
- * Indicates whether the provided plaintext password included in a bind
- * request matches the given stored value.
- *
- * @param plaintextPassword The plaintext password provided by the user as
- * part of a simple bind attempt.
- * @param storedPassword The stored password to compare against the
- * provided plaintext password.
- *
- * @return <CODE>true</CODE> if the provided plaintext password matches the
- * provided stored password, or <CODE>false</CODE> if not.
+ * {@inheritDoc}
*/
+ @Override()
public boolean passwordMatches(ByteString plaintextPassword,
ByteString storedPassword)
{
@@ -378,14 +344,9 @@
/**
- * Indicates whether this password storage scheme supports the ability to
- * interact with values using the authentication password syntax defined in
- * RFC 3112.
- *
- * @return <CODE>true</CODE> if this password storage scheme supports the
- * ability to interact with values using the authentication password
- * syntax, or <CODE>false</CODE> if it does not.
+ * {@inheritDoc}
*/
+ @Override()
public boolean supportsAuthPasswordSyntax()
{
assert debugEnter(CLASS_NAME, "supportsAuthPasswordSyntax");
@@ -397,15 +358,9 @@
/**
- * Retrieves the scheme name that should be used with this password storage
- * scheme when it is used in the context of the authentication password
- * syntax. This default implementation will return the same value as the
- * <CODE>getStorageSchemeName</CODE> method.
- *
- * @return The scheme name that should be used with this password storage
- * scheme when it is used in the context of the authentication
- * password syntax.
+ * {@inheritDoc}
*/
+ @Override()
public String getAuthPasswordSchemeName()
{
assert debugEnter(CLASS_NAME, "getAuthPasswordSchemeName");
@@ -416,19 +371,9 @@
/**
- * Encodes the provided plaintext password for this storage scheme using the
- * authentication password syntax defined in RFC 3112. Note that the
- * provided plaintext password should not be altered in any way.
- *
- * @param plaintext The plaintext version of the password.
- *
- * @return The password that has been encoded in the authentication password
- * syntax.
- *
- * @throws DirectoryException If a problem occurs while processing of if
- * this storage scheme does not support the
- * authentication password syntax.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString encodeAuthPassword(ByteString plaintext)
throws DirectoryException
{
@@ -487,21 +432,9 @@
/**
- * Indicates whether the provided plaintext password matches the encoded
- * password using the authentication password syntax with the given authInfo
- * and authValue components.
- *
- * @param plaintextPassword The plaintext password provided by the user.
- * @param authInfo The authInfo component of the password encoded
- * in the authentication password syntax.
- * @param authValue The authValue component of the password encoded
- * in the authentication password syntax.
- *
- * @return <CODE>true</CODE> if the provided plaintext password matches the
- * encoded password according to the authentication password info
- * syntax, or <CODE>false</CODE> if it does not or this storage
- * scheme does not support the authentication password syntax.
+ * {@inheritDoc}
*/
+ @Override()
public boolean authPasswordMatches(ByteString plaintextPassword,
String authInfo, String authValue)
{
@@ -547,12 +480,9 @@
/**
- * Indicates whether this storage scheme is reversible (i.e., it is possible
- * to obtain the original plaintext value from the stored password).
- *
- * @return <CODE>true</CODE> if this is a reversible password storage scheme,
- * or <CODE>false</CODE> if it is not.
+ * {@inheritDoc}
*/
+ @Override()
public boolean isReversible()
{
assert debugEnter(CLASS_NAME, "isReversible");
@@ -563,18 +493,9 @@
/**
- * Retrieves the original plaintext value for the provided stored password.
- * Note that this should only be called if <CODE>isReversible</CODE> returns
- * <CODE>true</CODE>.
- *
- * @param storedPassword The password for which to obtain the plaintext
- * value.
- *
- * @return The plaintext value for the provided stored password.
- *
- * @throws DirectoryException If it is not possible to obtain the plaintext
- * value for the provided stored password.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString getPlaintextValue(ByteString storedPassword)
throws DirectoryException
{
@@ -590,22 +511,28 @@
/**
- * Indicates whether this password storage scheme should be considered
- * "secure". If the encoding used for this scheme does not obscure the value
- * at all, or if it uses a method that is trivial to reverse (e.g., base64),
- * then it should not be considered secure.
- * <BR><BR>
- * This may be used to determine whether a password may be included in a set
- * of search results, including the possibility of overriding access controls
- * in the case that access controls would allow the password to be returned
- * but the password is considered too insecure to reveal.
- *
- * @return <CODE>false</CODE> if it may be trivial to discover the original
- * plain-text password from the encoded form, or <CODE>true</CODE> if
- * the scheme offers sufficient protection that revealing the encoded
- * password will not easily reveal the corresponding plain-text
- * value.
+ * {@inheritDoc}
*/
+ @Override()
+ public ByteString getAuthPasswordPlaintextValue(String authInfo,
+ String authValue)
+ throws DirectoryException
+ {
+ assert debugEnter(CLASS_NAME, "getAuthPasswordPlaintextValue",
+ String.valueOf(authInfo), String.valueOf(authValue));
+
+ int msgID = MSGID_PWSCHEME_NOT_REVERSIBLE;
+ String message = getMessage(msgID, AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1);
+ throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message,
+ msgID);
+ }
+
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override()
public boolean isStorageSchemeSecure()
{
assert debugEnter(CLASS_NAME, "isStorageSchemeSecure");
diff --git a/opends/src/server/org/opends/server/extensions/SaltedSHA256PasswordStorageScheme.java b/opends/src/server/org/opends/server/extensions/SaltedSHA256PasswordStorageScheme.java
index d2c6f53..f0dc5eb 100644
--- a/opends/src/server/org/opends/server/extensions/SaltedSHA256PasswordStorageScheme.java
+++ b/opends/src/server/org/opends/server/extensions/SaltedSHA256PasswordStorageScheme.java
@@ -112,21 +112,9 @@
/**
- * Initializes this password storage scheme handler based on the information
- * in the provided configuration entry. It should also register itself with
- * the Directory Server for the particular storage scheme that it will manage.
- *
- * @param configEntry The configuration entry that contains the information
- * to use to initialize this password storage scheme
- * handler.
- *
- * @throws ConfigException If an unrecoverable problem arises in the
- * process of performing the initialization.
- *
- * @throws InitializationException If a problem occurs during initialization
- * that is not related to the server
- * configuration.
+ * {@inheritDoc}
*/
+ @Override()
public void initializePasswordStorageScheme(ConfigEntry configEntry)
throws ConfigException, InitializationException
{
@@ -156,10 +144,9 @@
/**
- * Retrieves the name of the password storage scheme provided by this handler.
- *
- * @return The name of the password storage scheme provided by this handler.
+ * {@inheritDoc}
*/
+ @Override()
public String getStorageSchemeName()
{
assert debugEnter(CLASS_NAME, "getStorageSchemeName");
@@ -170,15 +157,9 @@
/**
- * Encodes the provided plaintext password for this storage scheme. Note that
- * the provided plaintext password should not be altered in any way.
- *
- * @param plaintext The plaintext version of the password.
- *
- * @return The password that has been encoded using this storage scheme.
- *
- * @throws DirectoryException If a problem occurs while processing.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString encodePassword(ByteString plaintext)
throws DirectoryException
{
@@ -233,16 +214,9 @@
/**
- * Encodes the provided plaintext password for this storage scheme, prepending
- * the name of the scheme in curly braces. Note that the provided plaintext
- * password should not be altered in any way.
- *
- * @param plaintext The plaintext version of the password.
- *
- * @return The encoded password, including the name of the storage scheme.
- *
- * @throws DirectoryException If a problem occurs while processing.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString encodePasswordWithScheme(ByteString plaintext)
throws DirectoryException
{
@@ -304,17 +278,9 @@
/**
- * Indicates whether the provided plaintext password included in a bind
- * request matches the given stored value.
- *
- * @param plaintextPassword The plaintext password provided by the user as
- * part of a simple bind attempt.
- * @param storedPassword The stored password to compare against the
- * provided plaintext password.
- *
- * @return <CODE>true</CODE> if the provided plaintext password matches the
- * provided stored password, or <CODE>false</CODE> if not.
+ * {@inheritDoc}
*/
+ @Override()
public boolean passwordMatches(ByteString plaintextPassword,
ByteString storedPassword)
{
@@ -381,14 +347,9 @@
/**
- * Indicates whether this password storage scheme supports the ability to
- * interact with values using the authentication password syntax defined in
- * RFC 3112.
- *
- * @return <CODE>true</CODE> if this password storage scheme supports the
- * ability to interact with values using the authentication password
- * syntax, or <CODE>false</CODE> if it does not.
+ * {@inheritDoc}
*/
+ @Override()
public boolean supportsAuthPasswordSyntax()
{
assert debugEnter(CLASS_NAME, "supportsAuthPasswordSyntax");
@@ -400,15 +361,9 @@
/**
- * Retrieves the scheme name that should be used with this password storage
- * scheme when it is used in the context of the authentication password
- * syntax. This default implementation will return the same value as the
- * <CODE>getStorageSchemeName</CODE> method.
- *
- * @return The scheme name that should be used with this password storage
- * scheme when it is used in the context of the authentication
- * password syntax.
+ * {@inheritDoc}
*/
+ @Override()
public String getAuthPasswordSchemeName()
{
assert debugEnter(CLASS_NAME, "getAuthPasswordSchemeName");
@@ -419,19 +374,9 @@
/**
- * Encodes the provided plaintext password for this storage scheme using the
- * authentication password syntax defined in RFC 3112. Note that the
- * provided plaintext password should not be altered in any way.
- *
- * @param plaintext The plaintext version of the password.
- *
- * @return The password that has been encoded in the authentication password
- * syntax.
- *
- * @throws DirectoryException If a problem occurs while processing of if
- * this storage scheme does not support the
- * authentication password syntax.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString encodeAuthPassword(ByteString plaintext)
throws DirectoryException
{
@@ -490,21 +435,9 @@
/**
- * Indicates whether the provided plaintext password matches the encoded
- * password using the authentication password syntax with the given authInfo
- * and authValue components.
- *
- * @param plaintextPassword The plaintext password provided by the user.
- * @param authInfo The authInfo component of the password encoded
- * in the authentication password syntax.
- * @param authValue The authValue component of the password encoded
- * in the authentication password syntax.
- *
- * @return <CODE>true</CODE> if the provided plaintext password matches the
- * encoded password according to the authentication password info
- * syntax, or <CODE>false</CODE> if it does not or this storage
- * scheme does not support the authentication password syntax.
+ * {@inheritDoc}
*/
+ @Override()
public boolean authPasswordMatches(ByteString plaintextPassword,
String authInfo, String authValue)
{
@@ -550,12 +483,9 @@
/**
- * Indicates whether this storage scheme is reversible (i.e., it is possible
- * to obtain the original plaintext value from the stored password).
- *
- * @return <CODE>true</CODE> if this is a reversible password storage scheme,
- * or <CODE>false</CODE> if it is not.
+ * {@inheritDoc}
*/
+ @Override()
public boolean isReversible()
{
assert debugEnter(CLASS_NAME, "isReversible");
@@ -566,18 +496,9 @@
/**
- * Retrieves the original plaintext value for the provided stored password.
- * Note that this should only be called if <CODE>isReversible</CODE> returns
- * <CODE>true</CODE>.
- *
- * @param storedPassword The password for which to obtain the plaintext
- * value.
- *
- * @return The plaintext value for the provided stored password.
- *
- * @throws DirectoryException If it is not possible to obtain the plaintext
- * value for the provided stored password.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString getPlaintextValue(ByteString storedPassword)
throws DirectoryException
{
@@ -593,22 +514,29 @@
/**
- * Indicates whether this password storage scheme should be considered
- * "secure". If the encoding used for this scheme does not obscure the value
- * at all, or if it uses a method that is trivial to reverse (e.g., base64),
- * then it should not be considered secure.
- * <BR><BR>
- * This may be used to determine whether a password may be included in a set
- * of search results, including the possibility of overriding access controls
- * in the case that access controls would allow the password to be returned
- * but the password is considered too insecure to reveal.
- *
- * @return <CODE>false</CODE> if it may be trivial to discover the original
- * plain-text password from the encoded form, or <CODE>true</CODE> if
- * the scheme offers sufficient protection that revealing the encoded
- * password will not easily reveal the corresponding plain-text
- * value.
+ * {@inheritDoc}
*/
+ @Override()
+ public ByteString getAuthPasswordPlaintextValue(String authInfo,
+ String authValue)
+ throws DirectoryException
+ {
+ assert debugEnter(CLASS_NAME, "getAuthPasswordPlaintextValue",
+ String.valueOf(authInfo), String.valueOf(authValue));
+
+ int msgID = MSGID_PWSCHEME_NOT_REVERSIBLE;
+ String message = getMessage(msgID,
+ AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_256);
+ throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message,
+ msgID);
+ }
+
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override()
public boolean isStorageSchemeSecure()
{
assert debugEnter(CLASS_NAME, "isStorageSchemeSecure");
diff --git a/opends/src/server/org/opends/server/extensions/SaltedSHA384PasswordStorageScheme.java b/opends/src/server/org/opends/server/extensions/SaltedSHA384PasswordStorageScheme.java
index 3053cda..06051ae 100644
--- a/opends/src/server/org/opends/server/extensions/SaltedSHA384PasswordStorageScheme.java
+++ b/opends/src/server/org/opends/server/extensions/SaltedSHA384PasswordStorageScheme.java
@@ -112,21 +112,9 @@
/**
- * Initializes this password storage scheme handler based on the information
- * in the provided configuration entry. It should also register itself with
- * the Directory Server for the particular storage scheme that it will manage.
- *
- * @param configEntry The configuration entry that contains the information
- * to use to initialize this password storage scheme
- * handler.
- *
- * @throws ConfigException If an unrecoverable problem arises in the
- * process of performing the initialization.
- *
- * @throws InitializationException If a problem occurs during initialization
- * that is not related to the server
- * configuration.
+ * {@inheritDoc}
*/
+ @Override()
public void initializePasswordStorageScheme(ConfigEntry configEntry)
throws ConfigException, InitializationException
{
@@ -156,10 +144,9 @@
/**
- * Retrieves the name of the password storage scheme provided by this handler.
- *
- * @return The name of the password storage scheme provided by this handler.
+ * {@inheritDoc}
*/
+ @Override()
public String getStorageSchemeName()
{
assert debugEnter(CLASS_NAME, "getStorageSchemeName");
@@ -170,15 +157,9 @@
/**
- * Encodes the provided plaintext password for this storage scheme. Note that
- * the provided plaintext password should not be altered in any way.
- *
- * @param plaintext The plaintext version of the password.
- *
- * @return The password that has been encoded using this storage scheme.
- *
- * @throws DirectoryException If a problem occurs while processing.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString encodePassword(ByteString plaintext)
throws DirectoryException
{
@@ -233,16 +214,9 @@
/**
- * Encodes the provided plaintext password for this storage scheme, prepending
- * the name of the scheme in curly braces. Note that the provided plaintext
- * password should not be altered in any way.
- *
- * @param plaintext The plaintext version of the password.
- *
- * @return The encoded password, including the name of the storage scheme.
- *
- * @throws DirectoryException If a problem occurs while processing.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString encodePasswordWithScheme(ByteString plaintext)
throws DirectoryException
{
@@ -304,17 +278,9 @@
/**
- * Indicates whether the provided plaintext password included in a bind
- * request matches the given stored value.
- *
- * @param plaintextPassword The plaintext password provided by the user as
- * part of a simple bind attempt.
- * @param storedPassword The stored password to compare against the
- * provided plaintext password.
- *
- * @return <CODE>true</CODE> if the provided plaintext password matches the
- * provided stored password, or <CODE>false</CODE> if not.
+ * {@inheritDoc}
*/
+ @Override()
public boolean passwordMatches(ByteString plaintextPassword,
ByteString storedPassword)
{
@@ -381,14 +347,9 @@
/**
- * Indicates whether this password storage scheme supports the ability to
- * interact with values using the authentication password syntax defined in
- * RFC 3112.
- *
- * @return <CODE>true</CODE> if this password storage scheme supports the
- * ability to interact with values using the authentication password
- * syntax, or <CODE>false</CODE> if it does not.
+ * {@inheritDoc}
*/
+ @Override()
public boolean supportsAuthPasswordSyntax()
{
assert debugEnter(CLASS_NAME, "supportsAuthPasswordSyntax");
@@ -400,15 +361,9 @@
/**
- * Retrieves the scheme name that should be used with this password storage
- * scheme when it is used in the context of the authentication password
- * syntax. This default implementation will return the same value as the
- * <CODE>getStorageSchemeName</CODE> method.
- *
- * @return The scheme name that should be used with this password storage
- * scheme when it is used in the context of the authentication
- * password syntax.
+ * {@inheritDoc}
*/
+ @Override()
public String getAuthPasswordSchemeName()
{
assert debugEnter(CLASS_NAME, "getAuthPasswordSchemeName");
@@ -419,19 +374,9 @@
/**
- * Encodes the provided plaintext password for this storage scheme using the
- * authentication password syntax defined in RFC 3112. Note that the
- * provided plaintext password should not be altered in any way.
- *
- * @param plaintext The plaintext version of the password.
- *
- * @return The password that has been encoded in the authentication password
- * syntax.
- *
- * @throws DirectoryException If a problem occurs while processing of if
- * this storage scheme does not support the
- * authentication password syntax.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString encodeAuthPassword(ByteString plaintext)
throws DirectoryException
{
@@ -490,21 +435,9 @@
/**
- * Indicates whether the provided plaintext password matches the encoded
- * password using the authentication password syntax with the given authInfo
- * and authValue components.
- *
- * @param plaintextPassword The plaintext password provided by the user.
- * @param authInfo The authInfo component of the password encoded
- * in the authentication password syntax.
- * @param authValue The authValue component of the password encoded
- * in the authentication password syntax.
- *
- * @return <CODE>true</CODE> if the provided plaintext password matches the
- * encoded password according to the authentication password info
- * syntax, or <CODE>false</CODE> if it does not or this storage
- * scheme does not support the authentication password syntax.
+ * {@inheritDoc}
*/
+ @Override()
public boolean authPasswordMatches(ByteString plaintextPassword,
String authInfo, String authValue)
{
@@ -550,12 +483,9 @@
/**
- * Indicates whether this storage scheme is reversible (i.e., it is possible
- * to obtain the original plaintext value from the stored password).
- *
- * @return <CODE>true</CODE> if this is a reversible password storage scheme,
- * or <CODE>false</CODE> if it is not.
+ * {@inheritDoc}
*/
+ @Override()
public boolean isReversible()
{
assert debugEnter(CLASS_NAME, "isReversible");
@@ -566,18 +496,9 @@
/**
- * Retrieves the original plaintext value for the provided stored password.
- * Note that this should only be called if <CODE>isReversible</CODE> returns
- * <CODE>true</CODE>.
- *
- * @param storedPassword The password for which to obtain the plaintext
- * value.
- *
- * @return The plaintext value for the provided stored password.
- *
- * @throws DirectoryException If it is not possible to obtain the plaintext
- * value for the provided stored password.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString getPlaintextValue(ByteString storedPassword)
throws DirectoryException
{
@@ -593,22 +514,29 @@
/**
- * Indicates whether this password storage scheme should be considered
- * "secure". If the encoding used for this scheme does not obscure the value
- * at all, or if it uses a method that is trivial to reverse (e.g., base64),
- * then it should not be considered secure.
- * <BR><BR>
- * This may be used to determine whether a password may be included in a set
- * of search results, including the possibility of overriding access controls
- * in the case that access controls would allow the password to be returned
- * but the password is considered too insecure to reveal.
- *
- * @return <CODE>false</CODE> if it may be trivial to discover the original
- * plain-text password from the encoded form, or <CODE>true</CODE> if
- * the scheme offers sufficient protection that revealing the encoded
- * password will not easily reveal the corresponding plain-text
- * value.
+ * {@inheritDoc}
*/
+ @Override()
+ public ByteString getAuthPasswordPlaintextValue(String authInfo,
+ String authValue)
+ throws DirectoryException
+ {
+ assert debugEnter(CLASS_NAME, "getAuthPasswordPlaintextValue",
+ String.valueOf(authInfo), String.valueOf(authValue));
+
+ int msgID = MSGID_PWSCHEME_NOT_REVERSIBLE;
+ String message = getMessage(msgID,
+ AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_384);
+ throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message,
+ msgID);
+ }
+
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override()
public boolean isStorageSchemeSecure()
{
assert debugEnter(CLASS_NAME, "isStorageSchemeSecure");
diff --git a/opends/src/server/org/opends/server/extensions/SaltedSHA512PasswordStorageScheme.java b/opends/src/server/org/opends/server/extensions/SaltedSHA512PasswordStorageScheme.java
index 0c76c4f..b5aec83 100644
--- a/opends/src/server/org/opends/server/extensions/SaltedSHA512PasswordStorageScheme.java
+++ b/opends/src/server/org/opends/server/extensions/SaltedSHA512PasswordStorageScheme.java
@@ -112,21 +112,9 @@
/**
- * Initializes this password storage scheme handler based on the information
- * in the provided configuration entry. It should also register itself with
- * the Directory Server for the particular storage scheme that it will manage.
- *
- * @param configEntry The configuration entry that contains the information
- * to use to initialize this password storage scheme
- * handler.
- *
- * @throws ConfigException If an unrecoverable problem arises in the
- * process of performing the initialization.
- *
- * @throws InitializationException If a problem occurs during initialization
- * that is not related to the server
- * configuration.
+ * {@inheritDoc}
*/
+ @Override()
public void initializePasswordStorageScheme(ConfigEntry configEntry)
throws ConfigException, InitializationException
{
@@ -155,10 +143,9 @@
/**
- * Retrieves the name of the password storage scheme provided by this handler.
- *
- * @return The name of the password storage scheme provided by this handler.
+ * {@inheritDoc}
*/
+ @Override()
public String getStorageSchemeName()
{
assert debugEnter(CLASS_NAME, "getStorageSchemeName");
@@ -169,15 +156,9 @@
/**
- * Encodes the provided plaintext password for this storage scheme. Note that
- * the provided plaintext password should not be altered in any way.
- *
- * @param plaintext The plaintext version of the password.
- *
- * @return The password that has been encoded using this storage scheme.
- *
- * @throws DirectoryException If a problem occurs while processing.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString encodePassword(ByteString plaintext)
throws DirectoryException
{
@@ -232,16 +213,9 @@
/**
- * Encodes the provided plaintext password for this storage scheme, prepending
- * the name of the scheme in curly braces. Note that the provided plaintext
- * password should not be altered in any way.
- *
- * @param plaintext The plaintext version of the password.
- *
- * @return The encoded password, including the name of the storage scheme.
- *
- * @throws DirectoryException If a problem occurs while processing.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString encodePasswordWithScheme(ByteString plaintext)
throws DirectoryException
{
@@ -303,17 +277,9 @@
/**
- * Indicates whether the provided plaintext password included in a bind
- * request matches the given stored value.
- *
- * @param plaintextPassword The plaintext password provided by the user as
- * part of a simple bind attempt.
- * @param storedPassword The stored password to compare against the
- * provided plaintext password.
- *
- * @return <CODE>true</CODE> if the provided plaintext password matches the
- * provided stored password, or <CODE>false</CODE> if not.
+ * {@inheritDoc}
*/
+ @Override()
public boolean passwordMatches(ByteString plaintextPassword,
ByteString storedPassword)
{
@@ -380,14 +346,9 @@
/**
- * Indicates whether this password storage scheme supports the ability to
- * interact with values using the authentication password syntax defined in
- * RFC 3112.
- *
- * @return <CODE>true</CODE> if this password storage scheme supports the
- * ability to interact with values using the authentication password
- * syntax, or <CODE>false</CODE> if it does not.
+ * {@inheritDoc}
*/
+ @Override()
public boolean supportsAuthPasswordSyntax()
{
assert debugEnter(CLASS_NAME, "supportsAuthPasswordSyntax");
@@ -399,15 +360,9 @@
/**
- * Retrieves the scheme name that should be used with this password storage
- * scheme when it is used in the context of the authentication password
- * syntax. This default implementation will return the same value as the
- * <CODE>getStorageSchemeName</CODE> method.
- *
- * @return The scheme name that should be used with this password storage
- * scheme when it is used in the context of the authentication
- * password syntax.
+ * {@inheritDoc}
*/
+ @Override()
public String getAuthPasswordSchemeName()
{
assert debugEnter(CLASS_NAME, "getAuthPasswordSchemeName");
@@ -418,19 +373,9 @@
/**
- * Encodes the provided plaintext password for this storage scheme using the
- * authentication password syntax defined in RFC 3112. Note that the
- * provided plaintext password should not be altered in any way.
- *
- * @param plaintext The plaintext version of the password.
- *
- * @return The password that has been encoded in the authentication password
- * syntax.
- *
- * @throws DirectoryException If a problem occurs while processing of if
- * this storage scheme does not support the
- * authentication password syntax.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString encodeAuthPassword(ByteString plaintext)
throws DirectoryException
{
@@ -489,21 +434,9 @@
/**
- * Indicates whether the provided plaintext password matches the encoded
- * password using the authentication password syntax with the given authInfo
- * and authValue components.
- *
- * @param plaintextPassword The plaintext password provided by the user.
- * @param authInfo The authInfo component of the password encoded
- * in the authentication password syntax.
- * @param authValue The authValue component of the password encoded
- * in the authentication password syntax.
- *
- * @return <CODE>true</CODE> if the provided plaintext password matches the
- * encoded password according to the authentication password info
- * syntax, or <CODE>false</CODE> if it does not or this storage
- * scheme does not support the authentication password syntax.
+ * {@inheritDoc}
*/
+ @Override()
public boolean authPasswordMatches(ByteString plaintextPassword,
String authInfo, String authValue)
{
@@ -549,12 +482,9 @@
/**
- * Indicates whether this storage scheme is reversible (i.e., it is possible
- * to obtain the original plaintext value from the stored password).
- *
- * @return <CODE>true</CODE> if this is a reversible password storage scheme,
- * or <CODE>false</CODE> if it is not.
+ * {@inheritDoc}
*/
+ @Override()
public boolean isReversible()
{
assert debugEnter(CLASS_NAME, "isReversible");
@@ -565,18 +495,9 @@
/**
- * Retrieves the original plaintext value for the provided stored password.
- * Note that this should only be called if <CODE>isReversible</CODE> returns
- * <CODE>true</CODE>.
- *
- * @param storedPassword The password for which to obtain the plaintext
- * value.
- *
- * @return The plaintext value for the provided stored password.
- *
- * @throws DirectoryException If it is not possible to obtain the plaintext
- * value for the provided stored password.
+ * {@inheritDoc}
*/
+ @Override()
public ByteString getPlaintextValue(ByteString storedPassword)
throws DirectoryException
{
@@ -592,22 +513,29 @@
/**
- * Indicates whether this password storage scheme should be considered
- * "secure". If the encoding used for this scheme does not obscure the value
- * at all, or if it uses a method that is trivial to reverse (e.g., base64),
- * then it should not be considered secure.
- * <BR><BR>
- * This may be used to determine whether a password may be included in a set
- * of search results, including the possibility of overriding access controls
- * in the case that access controls would allow the password to be returned
- * but the password is considered too insecure to reveal.
- *
- * @return <CODE>false</CODE> if it may be trivial to discover the original
- * plain-text password from the encoded form, or <CODE>true</CODE> if
- * the scheme offers sufficient protection that revealing the encoded
- * password will not easily reveal the corresponding plain-text
- * value.
+ * {@inheritDoc}
*/
+ @Override()
+ public ByteString getAuthPasswordPlaintextValue(String authInfo,
+ String authValue)
+ throws DirectoryException
+ {
+ assert debugEnter(CLASS_NAME, "getAuthPasswordPlaintextValue",
+ String.valueOf(authInfo), String.valueOf(authValue));
+
+ int msgID = MSGID_PWSCHEME_NOT_REVERSIBLE;
+ String message = getMessage(msgID,
+ AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_512);
+ throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message,
+ msgID);
+ }
+
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override()
public boolean isStorageSchemeSecure()
{
assert debugEnter(CLASS_NAME, "isStorageSchemeSecure");
--
Gitblit v1.10.0