Package org.opends.server.extensions
Class Argon2PasswordStorageScheme
- java.lang.Object
-
- org.opends.server.api.PasswordStorageScheme<Argon2PasswordStorageSchemeCfg>
-
- org.opends.server.extensions.Argon2PasswordStorageScheme
-
- All Implemented Interfaces:
ConfigurationChangeListener<Argon2PasswordStorageSchemeCfg>
public class Argon2PasswordStorageScheme extends PasswordStorageScheme<Argon2PasswordStorageSchemeCfg> implements ConfigurationChangeListener<Argon2PasswordStorageSchemeCfg>
This class defines a Directory Server password storage scheme that will encode values using the Argon2 encryption algorithm. This implementation supports only the user password syntax and not the auth password syntax.
-
-
Constructor Summary
Constructors Constructor Description Argon2PasswordStorageScheme()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description ConfigChangeResultapplyConfigurationChange(Argon2PasswordStorageSchemeCfg configuration)Applies the configuration changes to this change listener.ByteStringencodePassword(ByteSequence plaintext)Encodes the provided plaintext password for this storage scheme, without the name of the associated scheme.StringgetStorageSchemeName()Retrieves the name of the password storage scheme provided by this handler.voidinitializePasswordStorageScheme(Argon2PasswordStorageSchemeCfg configuration, ServerContext serverContext)Initializes this password storage scheme handler based on the information in the provided configuration entry.booleanisConfigurationChangeAcceptable(Argon2PasswordStorageSchemeCfg configuration, List<LocalizableMessage> unacceptableReasons)Indicates whether the proposed change to the configuration is acceptable to this change listener.booleanisRehashNeeded(ByteSequence storedPassword)Indicates whether the encoded password needs to be rehashed because the password storage scheme configuration changed.booleanisStorageSchemeSecure()Indicates whether this password storage scheme should be considered "secure".booleanpasswordMatches(ByteSequence plaintextPassword, ByteSequence storedPassword)Indicates whether the provided plaintext password included in a bind request matches the given stored value.-
Methods inherited from class org.opends.server.api.PasswordStorageScheme
authPasswordMatches, destroySilently, encodeAuthPassword, encodePasswordWithScheme, finalizePasswordStorageScheme, getAuthPasswordPlaintextValue, getAuthPasswordSchemeName, getPlaintextValue, isConfigurationAcceptable, isReversible, supportsAuthPasswordSyntax
-
-
-
-
Method Detail
-
initializePasswordStorageScheme
public void initializePasswordStorageScheme(Argon2PasswordStorageSchemeCfg configuration, ServerContext serverContext) throws InitializationException
Description copied from class:PasswordStorageSchemeInitializes this password storage scheme handler based on the information in the provided configuration entry. It should also register itself with the Directory Server for the particular storage scheme that it will manage.- Specified by:
initializePasswordStorageSchemein classPasswordStorageScheme<Argon2PasswordStorageSchemeCfg>- Parameters:
configuration- The configuration entry that contains the information to use to initialize this password storage scheme handler.serverContext- The server context- Throws:
InitializationException- If a problem occurs during initialization that is not related to the server configuration.
-
getStorageSchemeName
public String getStorageSchemeName()
Description copied from class:PasswordStorageSchemeRetrieves the name of the password storage scheme provided by this handler.- Specified by:
getStorageSchemeNamein classPasswordStorageScheme<Argon2PasswordStorageSchemeCfg>- Returns:
- The name of the password storage scheme provided by this handler.
-
isConfigurationChangeAcceptable
public boolean isConfigurationChangeAcceptable(Argon2PasswordStorageSchemeCfg configuration, List<LocalizableMessage> unacceptableReasons)
Description copied from interface:ConfigurationChangeListenerIndicates whether the proposed change to the configuration is acceptable to this change listener.- Specified by:
isConfigurationChangeAcceptablein interfaceConfigurationChangeListener<Argon2PasswordStorageSchemeCfg>- Parameters:
configuration- The new configuration containing the changes.unacceptableReasons- A list that can be used to hold messages about why the provided configuration is not acceptable.- Returns:
- Returns
trueif the proposed change is acceptable, orfalseif it is not.
-
applyConfigurationChange
public ConfigChangeResult applyConfigurationChange(Argon2PasswordStorageSchemeCfg configuration)
Description copied from interface:ConfigurationChangeListenerApplies the configuration changes to this change listener.- Specified by:
applyConfigurationChangein interfaceConfigurationChangeListener<Argon2PasswordStorageSchemeCfg>- Parameters:
configuration- The new configuration containing the changes.- Returns:
- Returns information about the result of changing the configuration.
-
encodePassword
public ByteString encodePassword(ByteSequence plaintext) throws LdapException
Description copied from class:PasswordStorageSchemeEncodes the provided plaintext password for this storage scheme, without the name of the associated scheme. Note that the provided plaintext password should not be altered in any way.- Specified by:
encodePasswordin classPasswordStorageScheme<Argon2PasswordStorageSchemeCfg>- Parameters:
plaintext- The plaintext version of the password.- Returns:
- The password that has been encoded using this storage scheme.
- Throws:
LdapException- If a problem occurs while processing.
-
passwordMatches
public boolean passwordMatches(ByteSequence plaintextPassword, ByteSequence storedPassword)
Description copied from class:PasswordStorageSchemeIndicates whether the provided plaintext password included in a bind request matches the given stored value. The provided stored value should not include the scheme name in curly braces.- Specified by:
passwordMatchesin classPasswordStorageScheme<Argon2PasswordStorageSchemeCfg>- Parameters:
plaintextPassword- The plaintext password provided by the user as part of a simple bind attempt.storedPassword- The stored password to compare against the provided plaintext password.- Returns:
trueif the provided plaintext password matches the provided stored password, orfalseif not.
-
isStorageSchemeSecure
public boolean isStorageSchemeSecure()
Description copied from class:PasswordStorageSchemeIndicates whether this password storage scheme should be considered "secure". If the encoding used for this scheme does not obscure the value at all, or if it uses a method that is trivial to reverse (e.g., base64), then it should not be considered secure.
This may be used to determine whether a password may be included in a set of search results, including the possibility of overriding access controls in the case that access controls would allow the password to be returned but the password is considered too insecure to reveal.- Specified by:
isStorageSchemeSecurein classPasswordStorageScheme<Argon2PasswordStorageSchemeCfg>- Returns:
falseif it may be trivial to discover the original plain-text password from the encoded form, ortrueif the scheme offers sufficient protection that revealing the encoded password will not easily reveal the corresponding plain-text value.
-
isRehashNeeded
public boolean isRehashNeeded(ByteSequence storedPassword)
Description copied from class:PasswordStorageSchemeIndicates whether the encoded password needs to be rehashed because the password storage scheme configuration changed. Only password storage schemes with specific configuration parameters, such as PBKDF2, need to override this method.- Overrides:
isRehashNeededin classPasswordStorageScheme<Argon2PasswordStorageSchemeCfg>- Parameters:
storedPassword- An existing hashed password including the name of the storage scheme.- Returns:
- whether the stored password should be rehashed.
-
-