Package org.opends.server.extensions

Class Base64PasswordStorageScheme

  • public final class Base64PasswordStorageScheme
extends PasswordStorageScheme<Base64PasswordStorageSchemeCfg>
    This class defines a Directory Server password storage scheme that will store the values in base64-encoded form. This is a reversible algorithm that offers very little actual protection -- it will merely obscure the plaintext value from the casual observer.

    • Constructor Detail

      • Base64PasswordStorageScheme

        public Base64PasswordStorageScheme()

    • Method Detail

      • encodePassword

        public ByteString encodePassword​(ByteString plaintext)
        Description copied from class: PasswordStorageScheme
        Encodes the provided plaintext password for this storage scheme, without the name of the associated scheme. Note that the provided plaintext password should not be altered in any way.
        Specified by:
        encodePassword in class PasswordStorageScheme<Base64PasswordStorageSchemeCfg>
        Parameters:
        plaintext - The plaintext version of the password.
        Returns:
        The password that has been encoded using this storage scheme.

      • passwordMatches

        public boolean passwordMatches​(ByteString plaintextPassword,
                               ByteString storedPassword)
        Description copied from class: PasswordStorageScheme
        Indicates whether the provided plaintext password included in a bind request matches the given stored value. The provided stored value should not include the scheme name in curly braces.
        Specified by:
        passwordMatches in class PasswordStorageScheme<Base64PasswordStorageSchemeCfg>
        Parameters:
        plaintextPassword - The plaintext password provided by the user as part of a simple bind attempt.
        storedPassword - The stored password to compare against the provided plaintext password.
        Returns:
        true if the provided plaintext password matches the provided stored password, or false if not.

      • getPlaintextValue

        public ByteString getPlaintextValue​(ByteString storedPassword)
                             throws LdapException
        Description copied from class: PasswordStorageScheme
        Retrieves the original plaintext value for the provided stored password. Note that this should only be called if isReversible returns true.
        Overrides:
        getPlaintextValue in class PasswordStorageScheme<Base64PasswordStorageSchemeCfg>
        Parameters:
        storedPassword - The password for which to obtain the plaintext value. It should not include the scheme name in curly braces.
        Returns:
        The plaintext value for the provided stored password.
        Throws:
        LdapException - If it is not possible to obtain the plaintext value for the provided stored password.

      • isStorageSchemeSecure

        public boolean isStorageSchemeSecure()
        Description copied from class: PasswordStorageScheme
        Indicates whether this password storage scheme should be considered "secure". If the encoding used for this scheme does not obscure the value at all, or if it uses a method that is trivial to reverse (e.g., base64), then it should not be considered secure.

        This may be used to determine whether a password may be included in a set of search results, including the possibility of overriding access controls in the case that access controls would allow the password to be returned but the password is considered too insecure to reveal.
        Specified by:
        isStorageSchemeSecure in class PasswordStorageScheme<Base64PasswordStorageSchemeCfg>
        Returns:
        false if it may be trivial to discover the original plain-text password from the encoded form, or true if the scheme offers sufficient protection that revealing the encoded password will not easily reveal the corresponding plain-text value.