Package org.opends.server.extensions

Class ScramSha512PasswordStorageScheme

    • Constructor Detail

      • ScramSha512PasswordStorageScheme

        public ScramSha512PasswordStorageScheme()

    • Method Detail

      • initializePasswordStorageScheme

        public final void initializePasswordStorageScheme​(C configuration,
                                                  ServerContext serverContext)
                                           throws ConfigException
        Description copied from class: PasswordStorageScheme
        Initializes this password storage scheme handler based on the information in the provided configuration entry. It should also register itself with the Directory Server for the particular storage scheme that it will manage.
        Specified by:
        initializePasswordStorageScheme in class PasswordStorageScheme<C extends PasswordStorageSchemeCfg>
        Parameters:
        configuration - The configuration entry that contains the information to use to initialize this password storage scheme handler.
        serverContext - The server context
        Throws:
        ConfigException - If an unrecoverable problem arises in the process of performing the initialization.

      • isConfigurationChangeAcceptable

        public final boolean isConfigurationChangeAcceptable​(C configuration,
                                                     List<LocalizableMessage> unacceptableReasons)
        Description copied from interface: ConfigurationChangeListener
        Indicates whether the proposed change to the configuration is acceptable to this change listener.
        Specified by:
        isConfigurationChangeAcceptable in interface ConfigurationChangeListener<C extends PasswordStorageSchemeCfg>
        Parameters:
        configuration - The new configuration containing the changes.
        unacceptableReasons - A list that can be used to hold messages about why the provided configuration is not acceptable.
        Returns:
        Returns true if the proposed change is acceptable, or false if it is not.

      • encodePassword

        public final ByteString encodePassword​(ByteSequence plaintext)
        Description copied from class: PasswordStorageScheme
        Encodes the provided plaintext password for this storage scheme, without the name of the associated scheme. Note that the provided plaintext password should not be altered in any way.
        Specified by:
        encodePassword in class PasswordStorageScheme<C extends PasswordStorageSchemeCfg>
        Parameters:
        plaintext - The plaintext version of the password.
        Returns:
        The password that has been encoded using this storage scheme.

      • passwordMatches

        public final boolean passwordMatches​(ByteSequence plaintextPassword,
                                     ByteSequence storedPassword)
        Description copied from class: PasswordStorageScheme
        Indicates whether the provided plaintext password included in a bind request matches the given stored value. The provided stored value should not include the scheme name in curly braces.
        Specified by:
        passwordMatches in class PasswordStorageScheme<C extends PasswordStorageSchemeCfg>
        Parameters:
        plaintextPassword - The plaintext password provided by the user as part of a simple bind attempt.
        storedPassword - The stored password to compare against the provided plaintext password.
        Returns:
        true if the provided plaintext password matches the provided stored password, or false if not.

      • supportsAuthPasswordSyntax

        public final boolean supportsAuthPasswordSyntax()
        Description copied from class: PasswordStorageScheme
        Indicates whether this password storage scheme supports the ability to interact with values using the authentication password syntax defined in RFC 3112.
        Overrides:
        supportsAuthPasswordSyntax in class PasswordStorageScheme<C extends PasswordStorageSchemeCfg>
        Returns:
        true if this password storage scheme supports the ability to interact with values using the authentication password syntax, or false if it does not.

      • getAuthPasswordSchemeName

        public final String getAuthPasswordSchemeName()
        Description copied from class: PasswordStorageScheme
        Retrieves the scheme name that should be used with this password storage scheme when it is used in the context of the authentication password syntax. This default implementation will return the same value as the getStorageSchemeName method.
        Overrides:
        getAuthPasswordSchemeName in class PasswordStorageScheme<C extends PasswordStorageSchemeCfg>
        Returns:
        The scheme name that should be used with this password storage scheme when it is used in the context of the authentication password syntax.

      • encodeAuthPassword

        public final ByteString encodeAuthPassword​(ByteSequence plaintext)
        Description copied from class: PasswordStorageScheme
        Encodes the provided plaintext password for this storage scheme using the authentication password syntax defined in RFC 3112. Note that the provided plaintext password should not be altered in any way.
        Overrides:
        encodeAuthPassword in class PasswordStorageScheme<C extends PasswordStorageSchemeCfg>
        Parameters:
        plaintext - The plaintext version of the password.
        Returns:
        The password that has been encoded in the authentication password syntax.

      • authPasswordMatches

        public final boolean authPasswordMatches​(ByteSequence plaintextPassword,
                                         String authInfo,
                                         String authValue)
        Description copied from class: PasswordStorageScheme
        Indicates whether the provided plaintext password matches the encoded password using the authentication password syntax with the given authInfo and authValue components.

        This is the historical method signature used by clients' custom password storage scheme. Be careful to not modify it.

        Overrides:
        authPasswordMatches in class PasswordStorageScheme<C extends PasswordStorageSchemeCfg>
        Parameters:
        plaintextPassword - The plaintext password provided by the user.
        authInfo - The authInfo component of the password encoded in the authentication password syntax.
        authValue - The authValue component of the password encoded in the authentication password syntax.
        Returns:
        true if the provided plaintext password matches the encoded password according to the authentication password info syntax, or false if it does not or this storage scheme does not support the authentication password syntax.

      • isStorageSchemeSecure

        public final boolean isStorageSchemeSecure()
        Description copied from class: PasswordStorageScheme
        Indicates whether this password storage scheme should be considered "secure". If the encoding used for this scheme does not obscure the value at all, or if it uses a method that is trivial to reverse (e.g., base64), then it should not be considered secure.

        This may be used to determine whether a password may be included in a set of search results, including the possibility of overriding access controls in the case that access controls would allow the password to be returned but the password is considered too insecure to reveal.
        Specified by:
        isStorageSchemeSecure in class PasswordStorageScheme<C extends PasswordStorageSchemeCfg>
        Returns:
        false if it may be trivial to discover the original plain-text password from the encoded form, or true if the scheme offers sufficient protection that revealing the encoded password will not easily reveal the corresponding plain-text value.