Package com.unboundid.ldap.listener
Class InMemoryPasswordEncoder
- java.lang.Object
-
- com.unboundid.ldap.listener.InMemoryPasswordEncoder
-
- Direct Known Subclasses:
ClearInMemoryPasswordEncoder
,SaltedMessageDigestInMemoryPasswordEncoder
,UnsaltedMessageDigestInMemoryPasswordEncoder
@Extensible @ThreadSafety(level=INTERFACE_NOT_THREADSAFE) public abstract class InMemoryPasswordEncoder extends java.lang.Object
This class defines an API that may be used to interact with clear-text passwords provided to the in-memory directory server. It can be used to ensure that clear-text passwords are encoded when storing them in the server, and to determine whether a provided clear-text password matches an encoded value.
-
-
Constructor Summary
Constructors Modifier Constructor Description protected
InMemoryPasswordEncoder(java.lang.String prefix, PasswordEncoderOutputFormatter outputFormatter)
Creates a new instance of this in-memory directory server password encoder with the provided information.
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description boolean
clearPasswordMatchesEncodedPassword(ASN1OctetString clearPassword, ASN1OctetString prefixedFormattedEncodedPassword, ReadOnlyEntry userEntry)
Indicates whether the provided clear-text password could have been used to generate the given encoded password.protected abstract byte[]
encodePassword(byte[] clearPassword, ReadOnlyEntry userEntry, java.util.List<Modification> modifications)
Encodes the provided clear-text password for storage in the in-memory directory server.ASN1OctetString
encodePassword(ASN1OctetString clearPassword, ReadOnlyEntry userEntry, java.util.List<Modification> modifications)
Encodes the provided clear-text password for storage in the in-memory directory server.protected abstract void
ensurePreEncodedPasswordAppearsValid(byte[] unPrefixedUnFormattedEncodedPasswordBytes, ReadOnlyEntry userEntry, java.util.List<Modification> modifications)
Verifies that the provided pre-encoded password (with the prefix removed and any output formatting reverted) is compatible with the validation performed by this password encoder.void
ensurePreEncodedPasswordAppearsValid(ASN1OctetString prefixedFormattedEncodedPassword, ReadOnlyEntry userEntry, java.util.List<Modification> modifications)
Verifies that the provided pre-encoded password (including the prefix, and with any appropriate output formatting applied) is compatible with the validation performed by this password encoder.protected abstract byte[]
extractClearPassword(byte[] unPrefixedUnFormattedEncodedPasswordBytes, ReadOnlyEntry userEntry)
Attempts to extract the clear-text password used to generate the provided encoded representation, if possible.ASN1OctetString
extractClearPasswordFromEncodedPassword(ASN1OctetString prefixedFormattedEncodedPassword, ReadOnlyEntry userEntry)
Attempts to extract the clear-text password used to generate the provided encoded representation, if possible.PasswordEncoderOutputFormatter
getOutputFormatter()
Retrieves the output formatter that will be used when generating the encoded representation of a password.java.lang.String
getPrefix()
Retrieves the string that will appear at the beginning of encoded passwords.protected abstract boolean
passwordMatches(byte[] clearPasswordBytes, byte[] unPrefixedUnFormattedEncodedPasswordBytes, ReadOnlyEntry userEntry)
Indicates whether the provided clear-text password could have been used to generate the given encoded password.boolean
passwordStartsWithPrefix(ASN1OctetString password)
Indicates whether the provided password starts with the encoded password prefix.java.lang.String
toString()
Retrieves a string representation of this password encoder.abstract void
toString(java.lang.StringBuilder buffer)
Appends a string representation of this password encoder to the provided buffer.
-
-
-
Constructor Detail
-
InMemoryPasswordEncoder
protected InMemoryPasswordEncoder(java.lang.String prefix, PasswordEncoderOutputFormatter outputFormatter)
Creates a new instance of this in-memory directory server password encoder with the provided information.- Parameters:
prefix
- The string that will appear at the beginning of encoded passwords. It must not benull
or empty.outputFormatter
- The output formatter that will be used to format the encoded representation of clear-text passwords. It may benull
if no special formatting should be applied to the raw bytes.
-
-
Method Detail
-
getPrefix
public final java.lang.String getPrefix()
Retrieves the string that will appear at the beginning of encoded passwords.- Returns:
- The string that will appear at the beginning of encoded passwords.
-
getOutputFormatter
public final PasswordEncoderOutputFormatter getOutputFormatter()
Retrieves the output formatter that will be used when generating the encoded representation of a password.- Returns:
- The output formatter that will be used when generating the encoded
representation of a password, or
nulL
if no output formatting will be applied.
-
encodePassword
public final ASN1OctetString encodePassword(ASN1OctetString clearPassword, ReadOnlyEntry userEntry, java.util.List<Modification> modifications) throws LDAPException
Encodes the provided clear-text password for storage in the in-memory directory server. The encoded password that is returned will include the prefix, and any appropriate output formatting will have been applied.
This method will be invoked when adding data into the server, including through LDAP add operations or LDIF imports, and when modifying existing entries through LDAP modify operations.- Parameters:
clearPassword
- The clear-text password to be encoded. It must not benull
or empty, and it must not be pre-encoded.userEntry
- The entry in which the encoded password will appear. It must not benull
. If the entry is in the process of being modified, then this will be a representation of the entry as it appeared before any changes have been applied.modifications
- A set of modifications to be applied to the user entry. It must not be [@code null}. It will be an empty list for entries created via LDAP add and LDIF import operations. It will be a non-empty list for LDAP modifications.- Returns:
- The encoded representation of the provided clear-text password. It will include the prefix, and any appropriate output formatting will have been applied.
- Throws:
LDAPException
- If a problem is encountered while trying to encode the provided clear-text password.
-
encodePassword
protected abstract byte[] encodePassword(byte[] clearPassword, ReadOnlyEntry userEntry, java.util.List<Modification> modifications) throws LDAPException
Encodes the provided clear-text password for storage in the in-memory directory server. The encoded password that is returned must not include the prefix, and no output formatting should have been applied.
This method will be invoked when adding data into the server, including through LDAP add operations or LDIF imports, and when modifying existing entries through LDAP modify operations.- Parameters:
clearPassword
- The bytes that comprise the clear-text password to be encoded. It must not benull
or empty.userEntry
- The entry in which the encoded password will appear. It must not benull
. If the entry is in the process of being modified, then this will be a representation of the entry as it appeared before any changes have been applied.modifications
- A set of modifications to be applied to the user entry. It must not be [@code null}. It will be an empty list for entries created via LDAP add and LDIF import operations. It will be a non-empty list for LDAP modifications.- Returns:
- The bytes that comprise encoded representation of the provided clear-text password, without the prefix, and without any output formatting applied.
- Throws:
LDAPException
- If a problem is encountered while trying to encode the provided clear-text password.
-
ensurePreEncodedPasswordAppearsValid
public final void ensurePreEncodedPasswordAppearsValid(ASN1OctetString prefixedFormattedEncodedPassword, ReadOnlyEntry userEntry, java.util.List<Modification> modifications) throws LDAPException
Verifies that the provided pre-encoded password (including the prefix, and with any appropriate output formatting applied) is compatible with the validation performed by this password encoder.
This method will be invoked when adding data into the server, including through LDAP add operations or LDIF imports, and when modifying existing entries through LDAP modify operations. Any password included in any of these entries that starts with a prefix registered with the in-memory directory server will be validated with the encoder that corresponds to that password's prefix.- Parameters:
prefixedFormattedEncodedPassword
- The pre-encoded password to validate. It must not benull
, and it should include the prefix and any applicable output formatting.userEntry
- The entry in which the password will appear. It must not benull
. If the entry is in the process of being modified, then this will be a representation of the entry as it appeared before any changes have been applied.modifications
- A set of modifications to be applied to the user entry. It must not be [@code null}. It will be an empty list for entries created via LDAP add and LDIF import operations. It will be a non-empty list for LDAP modifications.- Throws:
LDAPException
- If the provided encoded password is not compatible with the validation performed by this password encoder, or if a problem is encountered while making the determination.
-
ensurePreEncodedPasswordAppearsValid
protected abstract void ensurePreEncodedPasswordAppearsValid(byte[] unPrefixedUnFormattedEncodedPasswordBytes, ReadOnlyEntry userEntry, java.util.List<Modification> modifications) throws LDAPException
Verifies that the provided pre-encoded password (with the prefix removed and any output formatting reverted) is compatible with the validation performed by this password encoder.
Note that this method should returntrue
if the providedunPrefixedUnFormattedEncodedPasswordBytes
value could be used in conjunction with thepasswordMatches(byte[], byte[], com.unboundid.ldap.sdk.ReadOnlyEntry)
method, even if it does not exactly match the format of the output that would have been generated by theencodePassword(com.unboundid.asn1.ASN1OctetString, com.unboundid.ldap.sdk.ReadOnlyEntry, java.util.List<com.unboundid.ldap.sdk.Modification>)
method. For example, if this password encoder uses a salt, then it may be desirable to accept passwords encoded with a salt that has a different length than theencodePassword
method would use when encoding a clear-test password. This may allow the in-memory directory server to support pre-encoded passwords generated from other types of directory servers that may use different settings when encoding passwords, but still generates encoded passwords that are compatible with this password encoder.- Parameters:
unPrefixedUnFormattedEncodedPasswordBytes
- The bytes that comprise the pre-encoded password to validate, with the prefix stripped off and the output formatting reverted.userEntry
- The entry in which the password will appear. It must not benull
. If the entry is in the process of being modified, then this will be a representation of the entry as it appeared before any changes have been applied.modifications
- A set of modifications to be applied to the user entry. It must not be [@code null}. It will be an empty list for entries created via LDAP add and LDIF import operations. It will be a non-empty list for LDAP modifications.- Throws:
LDAPException
- If the provided encoded password is not compatible with the validation performed by this password encoder, or if a problem is encountered while making the determination.
-
clearPasswordMatchesEncodedPassword
public final boolean clearPasswordMatchesEncodedPassword(ASN1OctetString clearPassword, ASN1OctetString prefixedFormattedEncodedPassword, ReadOnlyEntry userEntry) throws LDAPException
Indicates whether the provided clear-text password could have been used to generate the given encoded password. This method will be invoked when verifying a provided clear-text password during bind processing, or when removing an existing password in a modify operation.- Parameters:
clearPassword
- The clear-text password to be compared against the encoded password. It must not benull
or empty.prefixedFormattedEncodedPassword
- The encoded password to compare against the clear-text password. It must not benull
, it must include the prefix, and any appropriate output formatting must have been applied.userEntry
- The entry in which the encoded password appears. It must not benull
.- Returns:
true
if the provided clear-text password could be used to generate the given encoded password, orfalse
if not.- Throws:
LDAPException
- If a problem is encountered while making the determination.
-
passwordMatches
protected abstract boolean passwordMatches(byte[] clearPasswordBytes, byte[] unPrefixedUnFormattedEncodedPasswordBytes, ReadOnlyEntry userEntry) throws LDAPException
Indicates whether the provided clear-text password could have been used to generate the given encoded password. This method will be invoked when verifying a provided clear-text password during bind processing, or when removing an existing password in a modify operation.- Parameters:
clearPasswordBytes
- The bytes that comprise the clear-text password to be compared against the encoded password. It must not benull
or empty.unPrefixedUnFormattedEncodedPasswordBytes
- The bytes that comprise the encoded password, with the prefix stripped off and the output formatting reverted.userEntry
- The entry in which the encoded password appears. It must not benull
.- Returns:
true
if the provided clear-text password could have been used to generate the given encoded password, orfalse
if not.- Throws:
LDAPException
- If a problem is encountered while attempting to make the determination.
-
extractClearPasswordFromEncodedPassword
public final ASN1OctetString extractClearPasswordFromEncodedPassword(ASN1OctetString prefixedFormattedEncodedPassword, ReadOnlyEntry userEntry) throws LDAPException
Attempts to extract the clear-text password used to generate the provided encoded representation, if possible. Many password encoder implementations may use one-way encoding mechanisms, so it will often not be possible to obtain the original clear-text password from its encoded representation.- Parameters:
prefixedFormattedEncodedPassword
- The encoded password from which to extract the clear-text password. It must not benull
, it must include the prefix, and any appropriate output formatting must have been applied.userEntry
- The entry in which the encoded password appears. It must not benull
.- Returns:
- The clear-text password used to generate the provided encoded representation.
- Throws:
LDAPException
- If this password encoder is not reversible, or if a problem occurs while trying to extract the clear-text representation from the provided encoded password.
-
extractClearPassword
protected abstract byte[] extractClearPassword(byte[] unPrefixedUnFormattedEncodedPasswordBytes, ReadOnlyEntry userEntry) throws LDAPException
Attempts to extract the clear-text password used to generate the provided encoded representation, if possible. Many password encoder implementations may use one-way encoding mechanisms, so it will often not be possible to obtain the original clear-text password from its encoded representation.- Parameters:
unPrefixedUnFormattedEncodedPasswordBytes
- The bytes that comprise the encoded password, with the prefix stripped off and the output formatting reverted.userEntry
- The entry in which the encoded password appears. It must not benull
.- Returns:
- The clear-text password used to generate the provided encoded representation.
- Throws:
LDAPException
- If this password encoder is not reversible, or if a problem occurs while trying to extract the clear-text representation from the provided encoded password.
-
passwordStartsWithPrefix
public final boolean passwordStartsWithPrefix(ASN1OctetString password)
Indicates whether the provided password starts with the encoded password prefix.- Parameters:
password
- The password for which to make the determination.- Returns:
true
if the provided password starts with the encoded password prefix, orfalse
if not.
-
toString
public final java.lang.String toString()
Retrieves a string representation of this password encoder.- Overrides:
toString
in classjava.lang.Object
- Returns:
- A string representation of this password encoder.
-
toString
public abstract void toString(java.lang.StringBuilder buffer)
Appends a string representation of this password encoder to the provided buffer.- Parameters:
buffer
- The buffer to which the information should be appended.
-
-