org.opends.server.extensions
Class ClearPasswordStorageScheme

java.lang.Object
  extended by org.opends.server.api.PasswordStorageScheme<ClearPasswordStorageSchemeCfg>
      extended by org.opends.server.extensions.ClearPasswordStorageScheme

public class ClearPasswordStorageScheme
extends PasswordStorageScheme<ClearPasswordStorageSchemeCfg>

This class defines a Directory Server password storage scheme that will store the values in clear-text with no encoding at all. This is not at all secure but may be required for backward-compatibility and support for certain legacy applications.


Constructor Summary
ClearPasswordStorageScheme()
          Creates a new instance of this password storage scheme.
 
Method Summary
 boolean authPasswordMatches(ByteString plaintextPassword, java.lang.String authInfo, java.lang.String authValue)
          Indicates whether the provided plaintext password matches the encoded password using the authentication password syntax with the given authInfo and authValue components.
 ByteString encodeAuthPassword(ByteString plaintext)
          Encodes the provided plaintext password for this storage scheme using the authentication password syntax defined in RFC 3112.
 ByteString encodePassword(ByteString plaintext)
          Encodes the provided plaintext password for this storage scheme, without the name of the associated scheme.
 ByteString encodePasswordWithScheme(ByteString plaintext)
          Encodes the provided plaintext password for this storage scheme, prepending the name of the scheme in curly braces.
 ByteString getAuthPasswordPlaintextValue(java.lang.String authInfo, java.lang.String authValue)
          Retrieves the original plaintext value for the provided password stored in the authPassword syntax.
 ByteString getPlaintextValue(ByteString storedPassword)
          Retrieves the original plaintext value for the provided stored password.
 java.lang.String getStorageSchemeName()
          Retrieves the name of the password storage scheme provided by this handler.
 void initializePasswordStorageScheme(ClearPasswordStorageSchemeCfg configuration)
          Initializes this password storage scheme handler based on the information in the provided configuration entry.
 boolean isReversible()
          Indicates whether this storage scheme is reversible (i.e., it is possible to obtain the original plaintext value from the stored password).
 boolean isStorageSchemeSecure()
          Indicates whether this password storage scheme should be considered "secure".
 boolean passwordMatches(ByteString plaintextPassword, ByteString storedPassword)
          Indicates whether the provided plaintext password included in a bind request matches the given stored value.
 boolean supportsAuthPasswordSyntax()
          Indicates whether this password storage scheme supports the ability to interact with values using the authentication password syntax defined in RFC 3112.
 
Methods inherited from class org.opends.server.api.PasswordStorageScheme
finalizePasswordStorageScheme, getAuthPasswordSchemeName, isConfigurationAcceptable
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

ClearPasswordStorageScheme

public ClearPasswordStorageScheme()
Creates a new instance of this password storage scheme. Note that no initialization should be performed here, as all initialization should be done in the initializePasswordStorageScheme method.

Method Detail

initializePasswordStorageScheme

public void initializePasswordStorageScheme(ClearPasswordStorageSchemeCfg configuration)
                                     throws ConfigException,
                                            InitializationException
Initializes this password storage scheme handler based on the information in the provided configuration entry. It should also register itself with the Directory Server for the particular storage scheme that it will manage.

Specified by:
initializePasswordStorageScheme in class PasswordStorageScheme<ClearPasswordStorageSchemeCfg>
Parameters:
configuration - The configuration entry that contains the information to use to initialize this password storage scheme handler.
Throws:
ConfigException - If an unrecoverable problem arises in the process of performing the initialization.
InitializationException - If a problem occurs during initialization that is not related to the server configuration.

getStorageSchemeName

public java.lang.String getStorageSchemeName()
Retrieves the name of the password storage scheme provided by this handler.

Specified by:
getStorageSchemeName in class PasswordStorageScheme<ClearPasswordStorageSchemeCfg>
Returns:
The name of the password storage scheme provided by this handler.

encodePassword

public ByteString encodePassword(ByteString plaintext)
                          throws DirectoryException
Encodes the provided plaintext password for this storage scheme, without the name of the associated scheme. Note that the provided plaintext password should not be altered in any way.

Specified by:
encodePassword in class PasswordStorageScheme<ClearPasswordStorageSchemeCfg>
Parameters:
plaintext - The plaintext version of the password.
Returns:
The password that has been encoded using this storage scheme.
Throws:
DirectoryException - If a problem occurs while processing.

encodePasswordWithScheme

public ByteString encodePasswordWithScheme(ByteString plaintext)
                                    throws DirectoryException
Encodes the provided plaintext password for this storage scheme, prepending the name of the scheme in curly braces. Note that the provided plaintext password should not be altered in any way.

Specified by:
encodePasswordWithScheme in class PasswordStorageScheme<ClearPasswordStorageSchemeCfg>
Parameters:
plaintext - The plaintext version of the password.
Returns:
The encoded password, including the name of the storage scheme.
Throws:
DirectoryException - If a problem occurs while processing.

passwordMatches

public boolean passwordMatches(ByteString plaintextPassword,
                               ByteString storedPassword)
Indicates whether the provided plaintext password included in a bind request matches the given stored value. The provided stored value should not include the scheme name in curly braces.

Specified by:
passwordMatches in class PasswordStorageScheme<ClearPasswordStorageSchemeCfg>
Parameters:
plaintextPassword - The plaintext password provided by the user as part of a simple bind attempt.
storedPassword - The stored password to compare against the provided plaintext password.
Returns:
true if the provided plaintext password matches the provided stored password, or false if not.

isReversible

public boolean isReversible()
Indicates whether this storage scheme is reversible (i.e., it is possible to obtain the original plaintext value from the stored password).

Specified by:
isReversible in class PasswordStorageScheme<ClearPasswordStorageSchemeCfg>
Returns:
true if this is a reversible password storage scheme, or false if it is not.

getPlaintextValue

public ByteString getPlaintextValue(ByteString storedPassword)
                             throws DirectoryException
Retrieves the original plaintext value for the provided stored password. Note that this should only be called if isReversible returns true.

Specified by:
getPlaintextValue in class PasswordStorageScheme<ClearPasswordStorageSchemeCfg>
Parameters:
storedPassword - The password for which to obtain the plaintext value. It should not include the scheme name in curly braces.
Returns:
The plaintext value for the provided stored password.
Throws:
DirectoryException - If it is not possible to obtain the plaintext value for the provided stored password.

supportsAuthPasswordSyntax

public boolean supportsAuthPasswordSyntax()
Indicates whether this password storage scheme supports the ability to interact with values using the authentication password syntax defined in RFC 3112.

Specified by:
supportsAuthPasswordSyntax in class PasswordStorageScheme<ClearPasswordStorageSchemeCfg>
Returns:
true if this password storage scheme supports the ability to interact with values using the authentication password syntax, or false if it does not.

encodeAuthPassword

public ByteString encodeAuthPassword(ByteString plaintext)
                              throws DirectoryException
Encodes the provided plaintext password for this storage scheme using the authentication password syntax defined in RFC 3112. Note that the provided plaintext password should not be altered in any way.

Specified by:
encodeAuthPassword in class PasswordStorageScheme<ClearPasswordStorageSchemeCfg>
Parameters:
plaintext - The plaintext version of the password.
Returns:
The password that has been encoded in the authentication password syntax.
Throws:
DirectoryException - If a problem occurs while processing of if this storage scheme does not support the authentication password syntax.

authPasswordMatches

public boolean authPasswordMatches(ByteString plaintextPassword,
                                   java.lang.String authInfo,
                                   java.lang.String authValue)
Indicates whether the provided plaintext password matches the encoded password using the authentication password syntax with the given authInfo and authValue components.

Specified by:
authPasswordMatches in class PasswordStorageScheme<ClearPasswordStorageSchemeCfg>
Parameters:
plaintextPassword - The plaintext password provided by the user.
authInfo - The authInfo component of the password encoded in the authentication password syntax.
authValue - The authValue component of the password encoded in the authentication password syntax.
Returns:
true if the provided plaintext password matches the encoded password according to the authentication password info syntax, or false if it does not or this storage scheme does not support the authentication password syntax.

getAuthPasswordPlaintextValue

public ByteString getAuthPasswordPlaintextValue(java.lang.String authInfo,
                                                java.lang.String authValue)
                                         throws DirectoryException
Retrieves the original plaintext value for the provided password stored in the authPassword syntax. Note that this should only be called if isReversible returns true.

Specified by:
getAuthPasswordPlaintextValue in class PasswordStorageScheme<ClearPasswordStorageSchemeCfg>
Parameters:
authInfo - The authInfo component of the password encoded in the authentication password syntax.
authValue - The authValue component of the password encoded in the authentication password syntax.
Returns:
The plaintext value for the provided stored password.
Throws:
DirectoryException - If it is not possible to obtain the plaintext value for the provided stored password, or if this storage scheme does not support the authPassword syntax..

isStorageSchemeSecure

public boolean isStorageSchemeSecure()
Indicates whether this password storage scheme should be considered "secure". If the encoding used for this scheme does not obscure the value at all, or if it uses a method that is trivial to reverse (e.g., base64), then it should not be considered secure.

This may be used to determine whether a password may be included in a set of search results, including the possibility of overriding access controls in the case that access controls would allow the password to be returned but the password is considered too insecure to reveal.

Specified by:
isStorageSchemeSecure in class PasswordStorageScheme<ClearPasswordStorageSchemeCfg>
Returns:
false if it may be trivial to discover the original plain-text password from the encoded form, or true if the scheme offers sufficient protection that revealing the encoded password will not easily reveal the corresponding plain-text value.