From ff1293486c5e276c25f0c2c040ffda78520249c5 Mon Sep 17 00:00:00 2001
From: Jean-Noël Rouvignac <jean-noel.rouvignac@forgerock.com>
Date: Fri, 18 Sep 2015 13:59:37 +0000
Subject: [PATCH] Changed AuthPasswordSyntax*.decodeAuthPassword() return type from StringBuilder[] to String[]
---
opendj-server-legacy/src/main/java/org/opends/server/tools/EncodePassword.java | 15 -
opendj-server-legacy/src/main/java/org/opends/server/extensions/PasswordModifyExtendedOperation.java | 84 +++++------
opendj-core/src/main/java/org/forgerock/opendj/ldap/schema/AuthPasswordSyntaxImpl.java | 12 -
opendj-server-legacy/src/main/java/org/opends/server/core/PasswordPolicyState.java | 121 +++++++---------
opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java | 51 ++----
opendj-server-legacy/src/main/java/org/opends/server/schema/AuthPasswordEqualityMatchingRule.java | 27 +--
opendj-server-legacy/src/main/java/org/opends/server/schema/AuthPasswordSyntax.java | 18 -
opendj-server-legacy/src/test/java/org/opends/server/extensions/PasswordStorageSchemeTestCase.java | 18 -
opendj-core/src/main/java/org/forgerock/opendj/ldap/schema/AuthPasswordExactEqualityMatchingRuleImpl.java | 14 -
opendj-server-legacy/src/test/java/org/opends/server/schema/AuthPasswordEqualityMatchingRuleTest.java | 20 --
10 files changed, 150 insertions(+), 230 deletions(-)
diff --git a/opendj-core/src/main/java/org/forgerock/opendj/ldap/schema/AuthPasswordExactEqualityMatchingRuleImpl.java b/opendj-core/src/main/java/org/forgerock/opendj/ldap/schema/AuthPasswordExactEqualityMatchingRuleImpl.java
index 9f90b60..15a2a06 100644
--- a/opendj-core/src/main/java/org/forgerock/opendj/ldap/schema/AuthPasswordExactEqualityMatchingRuleImpl.java
+++ b/opendj-core/src/main/java/org/forgerock/opendj/ldap/schema/AuthPasswordExactEqualityMatchingRuleImpl.java
@@ -32,12 +32,8 @@
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.DecodeException;
-/**
- * This class implements the authPasswordMatch matching rule defined in RFC
- * 3112.
- */
+/** This class implements the authPasswordMatch matching rule defined in RFC 3112. */
final class AuthPasswordExactEqualityMatchingRuleImpl extends AbstractEqualityMatchingRuleImpl {
-
AuthPasswordExactEqualityMatchingRuleImpl() {
super(EMR_AUTH_PASSWORD_EXACT_NAME);
}
@@ -45,12 +41,10 @@
@Override
public ByteString normalizeAttributeValue(final Schema schema, final ByteSequence value)
throws DecodeException {
- final StringBuilder[] authPWComponents =
- AuthPasswordSyntaxImpl.decodeAuthPassword(value.toString());
+ final String[] authPWComponents = AuthPasswordSyntaxImpl.decodeAuthPassword(value.toString());
- final StringBuilder normalizedValue =
- new StringBuilder(2 + authPWComponents[0].length() + authPWComponents[1].length()
- + authPWComponents[2].length());
+ final StringBuilder normalizedValue = new StringBuilder(
+ 2 + authPWComponents[0].length() + authPWComponents[1].length() + authPWComponents[2].length());
normalizedValue.append(authPWComponents[0]);
normalizedValue.append('$');
normalizedValue.append(authPWComponents[1]);
diff --git a/opendj-core/src/main/java/org/forgerock/opendj/ldap/schema/AuthPasswordSyntaxImpl.java b/opendj-core/src/main/java/org/forgerock/opendj/ldap/schema/AuthPasswordSyntaxImpl.java
index 28e7500..5e9cedd 100644
--- a/opendj-core/src/main/java/org/forgerock/opendj/ldap/schema/AuthPasswordSyntaxImpl.java
+++ b/opendj-core/src/main/java/org/forgerock/opendj/ldap/schema/AuthPasswordSyntaxImpl.java
@@ -22,8 +22,8 @@
*
*
* Copyright 2009 Sun Microsystems, Inc.
+ * Portions Copyright 2015 ForgeRock AS.
*/
-
package org.forgerock.opendj.ldap.schema;
import static com.forgerock.opendj.ldap.CoreMessages.*;
@@ -42,18 +42,16 @@
*/
final class AuthPasswordSyntaxImpl extends AbstractSyntaxImpl {
/**
- * Decodes the provided authentication password value into its component
- * parts.
+ * Decodes the provided authentication password value into its component parts.
*
* @param authPasswordValue
* The authentication password value to be decoded.
* @return A three-element array, containing the scheme, authInfo, and
* authValue components of the given string, in that order.
* @throws DecodeException
- * If a problem is encountered while attempting to decode the
- * value.
+ * If a problem is encountered while attempting to decode the value.
*/
- static StringBuilder[] decodeAuthPassword(final String authPasswordValue)
+ static String[] decodeAuthPassword(final String authPasswordValue)
throws DecodeException {
// Create placeholders for the values to return.
final StringBuilder scheme = new StringBuilder();
@@ -229,7 +227,7 @@
}
// If we've gotten here, then everything must be OK.
- return new StringBuilder[] { scheme, authInfo, authValue };
+ return new String[] { scheme.toString(), authInfo.toString(), authValue.toString() };
}
/**
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/core/PasswordPolicyState.java b/opendj-server-legacy/src/main/java/org/opends/server/core/PasswordPolicyState.java
index 998709e..e0323fe 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/core/PasswordPolicyState.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/core/PasswordPolicyState.java
@@ -269,13 +269,12 @@
*
* @throws DirectoryException If the password could not be decoded.
*/
- private PasswordStorageScheme<?> getPasswordStorageScheme(ByteString v)
- throws DirectoryException
+ private PasswordStorageScheme<?> getPasswordStorageScheme(ByteString v) throws DirectoryException
{
if (passwordPolicy.isAuthPasswordSyntax())
{
- StringBuilder[] pwComps = AuthPasswordSyntax.decodeAuthPassword(v.toString());
- return DirectoryServer.getAuthPasswordStorageScheme(pwComps[0].toString());
+ String[] pwComps = AuthPasswordSyntax.decodeAuthPassword(v.toString());
+ return DirectoryServer.getAuthPasswordStorageScheme(pwComps[0]);
}
else
{
@@ -284,7 +283,6 @@
}
}
-
@Override
public PasswordPolicy getAuthenticationPolicy()
{
@@ -2146,18 +2144,14 @@
for (Attribute a : attrList)
{
- boolean usesAuthPasswordSyntax = passwordPolicy.isAuthPasswordSyntax();
-
for (ByteString v : a)
{
try
{
- StringBuilder[] pwComponents = getPwComponents(usesAuthPasswordSyntax, v);
+ String[] pwComponents = getPwComponents(v);
- String schemeName = pwComponents[0].toString();
- PasswordStorageScheme<?> scheme = usesAuthPasswordSyntax
- ? DirectoryServer.getAuthPasswordStorageScheme(schemeName)
- : DirectoryServer.getPasswordStorageScheme(schemeName);
+ String schemeName = pwComponents[0];
+ PasswordStorageScheme<?> scheme = getPasswordStorageScheme(schemeName);
if (scheme == null)
{
if (logger.isTraceEnabled())
@@ -2171,10 +2165,7 @@
if (scheme.isReversible())
{
- ByteString clearValue = usesAuthPasswordSyntax
- ? scheme.getAuthPasswordPlaintextValue(pwComponents[1].toString(), pwComponents[2].toString())
- : scheme.getPlaintextValue(ByteString.valueOf(pwComponents[1].toString()));
- clearPasswords.add(clearValue);
+ clearPasswords.add(getPlaintextValue(scheme, pwComponents));
}
}
catch (Exception e)
@@ -2192,7 +2183,13 @@
return clearPasswords;
}
-
+ private ByteString getPlaintextValue(PasswordStorageScheme<?> scheme, String[] pwComponents)
+ throws DirectoryException
+ {
+ return passwordPolicy.isAuthPasswordSyntax()
+ ? scheme.getAuthPasswordPlaintextValue(pwComponents[1], pwComponents[2])
+ : scheme.getPlaintextValue(ByteString.valueOf(pwComponents[1]));
+ }
@Override
public boolean passwordMatches(ByteString password)
@@ -2211,17 +2208,13 @@
for (Attribute a : attrList)
{
- boolean usesAuthPasswordSyntax = passwordPolicy.isAuthPasswordSyntax();
-
for (ByteString v : a)
{
try
{
- StringBuilder[] pwComponents = getPwComponents(usesAuthPasswordSyntax, v);
- String schemeName = pwComponents[0].toString();
- PasswordStorageScheme<?> scheme = usesAuthPasswordSyntax
- ? DirectoryServer.getAuthPasswordStorageScheme(schemeName)
- : DirectoryServer.getPasswordStorageScheme(schemeName);
+ String[] pwComponents = getPwComponents(v);
+ String schemeName = pwComponents[0];
+ PasswordStorageScheme<?> scheme = getPasswordStorageScheme(schemeName);
if (scheme == null)
{
if (logger.isTraceEnabled())
@@ -2233,10 +2226,7 @@
continue;
}
- boolean passwordMatches = usesAuthPasswordSyntax
- ? scheme.authPasswordMatches(password, pwComponents[1].toString(), pwComponents[2].toString())
- : scheme.passwordMatches(password, ByteString.valueOf(pwComponents[1].toString()));
- if (passwordMatches)
+ if (passwordMatches(password, pwComponents, scheme))
{
if (logger.isTraceEnabled())
{
@@ -2271,24 +2261,13 @@
*
* @return An array of components.
*/
- private StringBuilder[] getPwComponents(boolean usesAuthPasswordSyntax, ByteString v) throws DirectoryException
+ private String[] getPwComponents(ByteString v) throws DirectoryException
{
- if (usesAuthPasswordSyntax)
- {
- return AuthPasswordSyntax.decodeAuthPassword(v.toString());
- }
-
- String[] userPwComponents = UserPasswordSyntax.decodeUserPassword(v.toString());
- StringBuilder[] pwComponents = new StringBuilder[userPwComponents.length];
- for (int i = 0; i < userPwComponents.length; ++i)
- {
- pwComponents[i] = new StringBuilder(userPwComponents[i]);
- }
- return pwComponents;
+ return passwordPolicy.isAuthPasswordSyntax()
+ ? AuthPasswordSyntax.decodeAuthPassword(v.toString())
+ : UserPasswordSyntax.decodeUserPassword(v.toString());
}
-
-
/**
* Indicates whether the provided password value is pre-encoded.
*
@@ -2298,14 +2277,9 @@
*/
public boolean passwordIsPreEncoded(ByteString passwordValue)
{
- if (passwordPolicy.isAuthPasswordSyntax())
- {
- return AuthPasswordSyntax.isEncoded(passwordValue);
- }
- else
- {
- return UserPasswordSyntax.isEncoded(passwordValue);
- }
+ return passwordPolicy.isAuthPasswordSyntax()
+ ? AuthPasswordSyntax.isEncoded(passwordValue)
+ : UserPasswordSyntax.isEncoded(passwordValue);
}
@@ -2415,18 +2389,14 @@
LinkedHashSet<ByteString> removedValues = new LinkedHashSet<>();
LinkedHashSet<ByteString> updatedValues = new LinkedHashSet<>();
- boolean usesAuthPasswordSyntax = passwordPolicy.isAuthPasswordSyntax();
-
for (Attribute a : attrList)
{
for (ByteString v : a) {
try {
- StringBuilder[] pwComponents = getPwComponents(usesAuthPasswordSyntax, v);
+ String[] pwComponents = getPwComponents(v);
- String schemeName = pwComponents[0].toString();
- PasswordStorageScheme<?> scheme = usesAuthPasswordSyntax
- ? DirectoryServer.getAuthPasswordStorageScheme(schemeName)
- : DirectoryServer.getPasswordStorageScheme(schemeName);
+ String schemeName = pwComponents[0];
+ PasswordStorageScheme<?> scheme = getPasswordStorageScheme(schemeName);
if (scheme == null) {
if (logger.isTraceEnabled()) {
logger.trace("Skipping password value for user %s because the associated storage scheme %s " +
@@ -2435,11 +2405,8 @@
continue;
}
- boolean passwordMatches = usesAuthPasswordSyntax
- ? scheme.authPasswordMatches(password, pwComponents[1].toString(), pwComponents[2].toString())
- : scheme.passwordMatches(password, ByteString.valueOf(pwComponents[1].toString()));
-
- if (passwordMatches) {
+ if (passwordMatches(password, pwComponents, scheme))
+ {
if (passwordPolicy.isDefaultPasswordStorageScheme(schemeName)) {
existingDefaultSchemes.add(schemeName);
updatedValues.add(v);
@@ -2473,8 +2440,7 @@
{
try
{
- ByteString encodedPassword =
- usesAuthPasswordSyntax ? s.encodeAuthPassword(password) : s.encodePasswordWithScheme(password);
+ ByteString encodedPassword = encodePassword(password, s);
addedValues.add(encodedPassword);
updatedValues.add(encodedPassword);
}
@@ -2515,7 +2481,26 @@
}
}
+ private PasswordStorageScheme<?> getPasswordStorageScheme(String schemeName)
+ {
+ return passwordPolicy.isAuthPasswordSyntax()
+ ? DirectoryServer.getAuthPasswordStorageScheme(schemeName)
+ : DirectoryServer.getPasswordStorageScheme(schemeName);
+ }
+ private boolean passwordMatches(ByteString password, String[] pwComponents, PasswordStorageScheme<?> scheme)
+ {
+ return passwordPolicy.isAuthPasswordSyntax()
+ ? scheme.authPasswordMatches(password, pwComponents[1], pwComponents[2])
+ : scheme.passwordMatches(password, ByteString.valueOf(pwComponents[1]));
+ }
+
+ private ByteString encodePassword(ByteString password, PasswordStorageScheme<?> s) throws DirectoryException
+ {
+ return passwordPolicy.isAuthPasswordSyntax()
+ ? s.encodeAuthPassword(password)
+ : s.encodePasswordWithScheme(password);
+ }
/**
* Indicates whether password history information should be maintained for this user.
@@ -2751,9 +2736,9 @@
private boolean encodedAuthPasswordMatches(ByteString password, String encodedAuthPassword) throws DirectoryException
{
- StringBuilder[] authPWComponents = AuthPasswordSyntax.decodeAuthPassword(encodedAuthPassword);
- PasswordStorageScheme<?> scheme = DirectoryServer.getAuthPasswordStorageScheme(authPWComponents[0].toString());
- return scheme.authPasswordMatches(password, authPWComponents[1].toString(), authPWComponents[2].toString());
+ String[] authPWComponents = AuthPasswordSyntax.decodeAuthPassword(encodedAuthPassword);
+ PasswordStorageScheme<?> scheme = DirectoryServer.getAuthPasswordStorageScheme(authPWComponents[0]);
+ return scheme.authPasswordMatches(password, authPWComponents[1], authPWComponents[2]);
}
private boolean encodedUserPasswordMatches(ByteString password, String encodedUserPassword) throws DirectoryException
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/extensions/PasswordModifyExtendedOperation.java b/opendj-server-legacy/src/main/java/org/opends/server/extensions/PasswordModifyExtendedOperation.java
index 1af3d22..e665d96 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/extensions/PasswordModifyExtendedOperation.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/extensions/PasswordModifyExtendedOperation.java
@@ -689,60 +689,26 @@
// Remove all existing encoded values that match the old password.
Set<ByteString> existingValues = pwPolicyState.getPasswordValues();
Set<ByteString> deleteValues = new LinkedHashSet<>(existingValues.size());
- if (pwPolicyState.getAuthenticationPolicy().isAuthPasswordSyntax())
- {
- for (ByteString v : existingValues)
- {
- try
- {
- StringBuilder[] components = AuthPasswordSyntax.decodeAuthPassword(v.toString());
- PasswordStorageScheme<?> scheme =
- DirectoryServer.getAuthPasswordStorageScheme(components[0].toString());
- if (scheme == null)
- {
- // The password is encoded using an unknown scheme. Remove it from the user's entry.
- deleteValues.add(v);
- }
- else if (scheme.authPasswordMatches(oldPassword, components[1].toString(), components[2].toString()))
- {
- deleteValues.add(v);
- }
- }
- catch (DirectoryException de)
- {
- logger.traceException(de);
- // We couldn't decode the provided password value, so remove it from the user's entry.
+ for (ByteString v : existingValues)
+ {
+ try
+ {
+ String[] components = decodePassword(pwPolicyState, v.toString());
+ PasswordStorageScheme<?> scheme = getPasswordStorageScheme(pwPolicyState, components[0]);
+ if (// The password is encoded using an unknown scheme. Remove it from the user's entry.
+ scheme == null
+ || passwordMatches(pwPolicyState, scheme, oldPassword, components))
+ {
deleteValues.add(v);
}
}
- }
- else
- {
- for (ByteString v : existingValues)
+ catch (DirectoryException de)
{
- try
- {
- String[] components = UserPasswordSyntax.decodeUserPassword(v.toString());
- PasswordStorageScheme<?> scheme =
- DirectoryServer.getPasswordStorageScheme(toLowerCase(components[0]));
- if (scheme == null)
- {
- // The password is encoded using an unknown scheme. Remove it from the user's entry.
- deleteValues.add(v);
- }
- else if (scheme.passwordMatches(oldPassword, ByteString.valueOf(components[1])))
- {
- deleteValues.add(v);
- }
- }
- catch (DirectoryException de)
- {
- logger.traceException(de);
+ logger.traceException(de);
- // We couldn't decode the provided password value, so remove it from the user's entry.
- deleteValues.add(v);
- }
+ // We couldn't decode the provided password value, so remove it from the user's entry.
+ deleteValues.add(v);
}
}
@@ -897,6 +863,28 @@
}
}
+ private String[] decodePassword(PasswordPolicyState pwPolicyState, String encodedPassword) throws DirectoryException
+ {
+ return pwPolicyState.getAuthenticationPolicy().isAuthPasswordSyntax()
+ ? AuthPasswordSyntax.decodeAuthPassword(encodedPassword)
+ : UserPasswordSyntax.decodeUserPassword(encodedPassword);
+ }
+
+ private PasswordStorageScheme<?> getPasswordStorageScheme(PasswordPolicyState pwPolicyState, String scheme)
+ {
+ return pwPolicyState.getAuthenticationPolicy().isAuthPasswordSyntax()
+ ? DirectoryServer.getAuthPasswordStorageScheme(scheme)
+ : DirectoryServer.getPasswordStorageScheme(toLowerCase(scheme));
+ }
+
+ private boolean passwordMatches(
+ PasswordPolicyState pwPolicyState, PasswordStorageScheme<?> scheme, ByteString oldPassword, String[] components)
+ {
+ return pwPolicyState.getAuthenticationPolicy().isAuthPasswordSyntax()
+ ? scheme.authPasswordMatches(oldPassword, components[1], components[2])
+ : scheme.passwordMatches(oldPassword, ByteString.valueOf(components[1]));
+ }
+
private boolean isSelfChange(ByteString userIdentity, Entry requestorEntry, DN userDN, ByteString oldPassword)
{
if (userIdentity == null)
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/schema/AuthPasswordEqualityMatchingRule.java b/opendj-server-legacy/src/main/java/org/opends/server/schema/AuthPasswordEqualityMatchingRule.java
index 9be33e7..491fd95 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/schema/AuthPasswordEqualityMatchingRule.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/schema/AuthPasswordEqualityMatchingRule.java
@@ -22,32 +22,27 @@
*
*
* Copyright 2006-2008 Sun Microsystems, Inc.
- * Portions Copyright 2014 ForgeRock AS
+ * Portions Copyright 2014-2015 ForgeRock AS
*/
package org.opends.server.schema;
+import static org.opends.server.core.DirectoryServer.*;
+
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.ldap.ByteSequence;
import org.forgerock.opendj.ldap.ConditionResult;
import org.opends.server.api.PasswordStorageScheme;
-import static org.opends.server.core.DirectoryServer.*;
-
-/**
- * This class implements the authPasswordMatch matching rule defined in RFC
- * 3112.
- */
+/** This class implements the authPasswordMatch matching rule defined in RFC 3112. */
class AuthPasswordEqualityMatchingRule extends AbstractPasswordEqualityMatchingRuleImpl
{
private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
- /** {@inheritDoc} */
@Override
protected ConditionResult valuesMatch(ByteSequence attributeValue, ByteSequence assertionValue)
{
- // We must be able to decode the attribute value using the authentication
- // password syntax.
- StringBuilder[] authPWComponents;
+ // We must be able to decode the attribute value using the authentication password syntax.
+ String[] authPWComponents;
try
{
authPWComponents = AuthPasswordSyntax.decodeAuthPassword(attributeValue.toString());
@@ -60,18 +55,14 @@
// The first element of the array will be the scheme.
// Make sure that we support the requested scheme.
- PasswordStorageScheme<?> storageScheme = getAuthPasswordStorageScheme(authPWComponents[0].toString());
+ PasswordStorageScheme<?> storageScheme = getAuthPasswordStorageScheme(authPWComponents[0]);
if (storageScheme == null)
{
// It's not a scheme that we can support.
return ConditionResult.FALSE;
}
-
// We support the scheme, so make the determination.
- return ConditionResult.valueOf(
- storageScheme.authPasswordMatches(assertionValue,
- authPWComponents[1].toString(),
- authPWComponents[2].toString()));
+ return ConditionResult.valueOf(storageScheme.authPasswordMatches(
+ assertionValue, authPWComponents[1], authPWComponents[2]));
}
-
}
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/schema/AuthPasswordSyntax.java b/opendj-server-legacy/src/main/java/org/opends/server/schema/AuthPasswordSyntax.java
index 8a8fa1f..308a2b1 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/schema/AuthPasswordSyntax.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/schema/AuthPasswordSyntax.java
@@ -37,7 +37,6 @@
import org.opends.server.api.AttributeSyntax;
import org.opends.server.types.DirectoryException;
-
/**
* This class defines the auth password attribute syntax, which is defined in
* RFC 3112 and is used to hold authentication information. Only equality
@@ -58,7 +57,6 @@
super();
}
- /** {@inheritDoc} */
@Override
public Syntax getSDKSyntax(Schema schema)
{
@@ -110,8 +108,7 @@
* @throws DirectoryException If a problem is encountered while attempting
* to decode the value.
*/
- public static StringBuilder[] decodeAuthPassword(String authPasswordValue)
- throws DirectoryException
+ public static String[] decodeAuthPassword(String authPasswordValue) throws DirectoryException
{
// Create placeholders for the values to return.
StringBuilder scheme = new StringBuilder();
@@ -335,11 +332,11 @@
// If we've gotten here, then everything must be OK.
- return new StringBuilder[]
+ return new String[]
{
- scheme,
- authInfo,
- authValue
+ scheme.toString(),
+ authInfo.toString(),
+ authValue.toString()
};
}
@@ -354,10 +351,7 @@
*/
public static boolean isEncoded(ByteSequence value)
{
- // FIXME -- Make this more efficient, and don't use exceptions for flow
- // control.
-
-
+ // FIXME -- Make this more efficient, and don't use exceptions for flow control.
try
{
decodeAuthPassword(value.toString());
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/tools/EncodePassword.java b/opendj-server-legacy/src/main/java/org/opends/server/tools/EncodePassword.java
index d1c69d3..7d3cd75 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/tools/EncodePassword.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/tools/EncodePassword.java
@@ -469,17 +469,10 @@
// comparison. Otherwise, the user must have provided the storage scheme.
if (authPasswordSyntax.isPresent())
{
- String scheme;
- String authInfo;
- String authValue;
-
+ String[] authPWElements;
try
{
- StringBuilder[] authPWElements =
- AuthPasswordSyntax.decodeAuthPassword(encodedPW.toString());
- scheme = authPWElements[0].toString();
- authInfo = authPWElements[1].toString();
- authValue = authPWElements[2].toString();
+ authPWElements = AuthPasswordSyntax.decodeAuthPassword(encodedPW.toString());
}
catch (DirectoryException de)
{
@@ -492,6 +485,10 @@
return OPERATIONS_ERROR;
}
+ String scheme = authPWElements[0];
+ String authInfo = authPWElements[1];
+ String authValue = authPWElements[2];
+
PasswordStorageScheme storageScheme =
DirectoryServer.getAuthPasswordStorageScheme(scheme);
if (storageScheme == null)
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java b/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java
index b5cc4d1..ff86f19 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java
@@ -1174,49 +1174,38 @@
{
for (ByteString av : attr)
{
- if (pwPolicyState.getAuthenticationPolicy().isAuthPasswordSyntax())
+ if (pwPolicyState.passwordIsPreEncoded(av))
{
- if (AuthPasswordSyntax.isEncoded(av))
+ if (passwordMatches(val, av))
{
- StringBuilder[] components = AuthPasswordSyntax.decodeAuthPassword(av.toString());
- PasswordStorageScheme<?> scheme = DirectoryServer.getAuthPasswordStorageScheme(components[0].toString());
- if (scheme != null
- && scheme.authPasswordMatches(val, components[1].toString(), components[2].toString()))
- {
- builder.add(av);
- found = true;
- }
- }
- else if (av.equals(val))
- {
- builder.add(val);
+ builder.add(av);
found = true;
}
}
- else
+ else if (av.equals(val))
{
- if (UserPasswordSyntax.isEncoded(av))
- {
- String[] components = UserPasswordSyntax.decodeUserPassword(av.toString());
- PasswordStorageScheme<?> scheme = DirectoryServer.getPasswordStorageScheme(toLowerCase(components[0]));
- if (scheme != null
- && scheme.passwordMatches(val, ByteString.valueOf(components[1])))
- {
- builder.add(av);
- found = true;
- }
- }
- else if (av.equals(val))
- {
- builder.add(val);
- found = true;
- }
+ builder.add(val);
+ found = true;
}
}
}
return found;
}
+ private boolean passwordMatches(ByteString val, ByteString av) throws DirectoryException
+ {
+ if (pwPolicyState.getAuthenticationPolicy().isAuthPasswordSyntax())
+ {
+ String[] components = AuthPasswordSyntax.decodeAuthPassword(av.toString());
+ PasswordStorageScheme<?> scheme = DirectoryServer.getAuthPasswordStorageScheme(components[0].toString());
+ return scheme != null && scheme.authPasswordMatches(val, components[1], components[2]);
+ } else {
+ String[] components = UserPasswordSyntax.decodeUserPassword(av.toString());
+ PasswordStorageScheme<?> scheme = DirectoryServer.getPasswordStorageScheme(toLowerCase(components[0]));
+ return scheme != null && scheme.passwordMatches(val, ByteString.valueOf(components[1]));
+ }
+ }
+
/**
* Performs the initial schema processing for an add modification
* and updates the entry appropriately.
diff --git a/opendj-server-legacy/src/test/java/org/opends/server/extensions/PasswordStorageSchemeTestCase.java b/opendj-server-legacy/src/test/java/org/opends/server/extensions/PasswordStorageSchemeTestCase.java
index aa8bed8..9f6a960 100644
--- a/opendj-server-legacy/src/test/java/org/opends/server/extensions/PasswordStorageSchemeTestCase.java
+++ b/opendj-server-legacy/src/test/java/org/opends/server/extensions/PasswordStorageSchemeTestCase.java
@@ -28,6 +28,9 @@
import java.util.ArrayList;
+import org.forgerock.opendj.ldap.ByteString;
+import org.forgerock.opendj.ldap.ModificationType;
+import org.forgerock.opendj.ldap.ResultCode;
import org.opends.server.TestCaseUtils;
import org.opends.server.api.PasswordStorageScheme;
import org.opends.server.config.ConfigEntry;
@@ -38,22 +41,17 @@
import org.opends.server.schema.AuthPasswordSyntax;
import org.opends.server.schema.UserPasswordSyntax;
import org.opends.server.types.Attributes;
-import org.forgerock.opendj.ldap.ByteString;
import org.opends.server.types.DN;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.Modification;
-import org.forgerock.opendj.ldap.ModificationType;
-import org.forgerock.opendj.ldap.ResultCode;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
import static org.testng.Assert.*;
-/**
- * A set of generic test cases for password storage schemes.
- */
+/** A set of generic test cases for password storage schemes. */
@SuppressWarnings("javadoc")
public abstract class PasswordStorageSchemeTestCase
extends ExtensionsTestCase
@@ -185,12 +183,8 @@
{
assertNotNull(scheme.getAuthPasswordSchemeName());
ByteString encodedAuthPassword = scheme.encodeAuthPassword(plaintext);
- StringBuilder[] authPWComponents =
- AuthPasswordSyntax.decodeAuthPassword(
- encodedAuthPassword.toString());
- assertTrue(scheme.authPasswordMatches(plaintext,
- authPWComponents[1].toString(),
- authPWComponents[2].toString()));
+ String[] authPWComponents = AuthPasswordSyntax.decodeAuthPassword(encodedAuthPassword.toString());
+ assertTrue(scheme.authPasswordMatches(plaintext, authPWComponents[1], authPWComponents[2]));
assertFalse(scheme.authPasswordMatches(plaintext, ",", "foo"));
assertFalse(scheme.authPasswordMatches(plaintext, "foo", ","));
}
diff --git a/opendj-server-legacy/src/test/java/org/opends/server/schema/AuthPasswordEqualityMatchingRuleTest.java b/opendj-server-legacy/src/test/java/org/opends/server/schema/AuthPasswordEqualityMatchingRuleTest.java
index 338a84c..cc98c9c 100644
--- a/opendj-server-legacy/src/test/java/org/opends/server/schema/AuthPasswordEqualityMatchingRuleTest.java
+++ b/opendj-server-legacy/src/test/java/org/opends/server/schema/AuthPasswordEqualityMatchingRuleTest.java
@@ -44,13 +44,10 @@
import static org.opends.server.extensions.ExtensionsConstants.*;
import static org.testng.Assert.*;
-/**
- * Test the AuthPasswordEqualityMatchingRule.
- */
+/** Test the AuthPasswordEqualityMatchingRule. */
@SuppressWarnings("javadoc")
public class AuthPasswordEqualityMatchingRuleTest extends SchemaTestCase
{
-
@DataProvider(name="equalitymatchingrules")
public Object[][] createEqualityMatchingRuleTest()
{
@@ -83,9 +80,7 @@
scheme.initializePasswordStorageScheme(configuration);
ByteString encodedAuthPassword = scheme.encodeAuthPassword(bytePassword);
- StringBuilder[] authPWComponents =
- AuthPasswordSyntax.decodeAuthPassword(
- encodedAuthPassword.toString());
+ String[] authPWComponents = AuthPasswordSyntax.decodeAuthPassword(encodedAuthPassword.toString());
return new Object[] {
AUTH_PASSWORD_SCHEME_NAME_SALTED_MD5 + "$"
@@ -102,14 +97,13 @@
return new Object[][] {
generateValues("password"),
{"password", "something else", false},
- {"password", AUTH_PASSWORD_SCHEME_NAME_SALTED_MD5+"$something$else",
- false},
+ {"password", AUTH_PASSWORD_SCHEME_NAME_SALTED_MD5+"$something$else", false},
{"password", "scheme$something$else", false}
};
}
catch (Exception e)
{
- return new Object[][] {};
+ throw new RuntimeException(e);
}
}
@@ -119,9 +113,7 @@
getRule().normalizeAttributeValue(ByteString.valueOf(value));
}
- /**
- * Test the valuesMatch method used for extensible filters.
- */
+ /** Test the valuesMatch method used for extensible filters. */
@Test(dataProvider= "valuesMatch")
public void testValuesMatch(String value1, String value2, Boolean result) throws Exception
{
@@ -136,7 +128,6 @@
assertEquals(liveResult, ConditionResult.valueOf(result));
}
-
private MatchingRule getRule()
{
AuthPasswordEqualityMatchingRuleFactory factory = new AuthPasswordEqualityMatchingRuleFactory();
@@ -150,4 +141,3 @@
return factory.getMatchingRules().iterator().next();
}
}
-
--
Gitblit v1.10.0