T
- The type of configuration handled by this password storage scheme@PublicAPI(stability=UNCOMMITTED, mayInstantiate=false, mayExtend=true, mayInvoke=false) public abstract class PasswordStorageScheme<T extends PasswordStorageSchemeCfg> extends Object
Constructor and Description |
---|
PasswordStorageScheme() |
Modifier and Type | Method and Description |
---|---|
boolean |
authPasswordMatches(ByteSequence plaintextPassword,
String authInfo,
String authValue)
Indicates whether the provided plaintext password matches the encoded password using the authentication password
syntax with the given authInfo and authValue components.
|
protected static void |
destroySilently(SecretKey secretKey)
Invokes
Destroyable.destroy() ignoring any errors which occurred. |
ByteString |
encodeAuthPassword(ByteSequence plaintext)
Encodes the provided plaintext password for this storage scheme using the authentication password syntax defined
in RFC 3112.
|
abstract ByteString |
encodePassword(ByteSequence plaintext)
Encodes the provided plaintext password for this storage scheme, without the name of the associated scheme.
|
ByteString |
encodePasswordWithScheme(ByteSequence plaintext)
Encodes the provided plaintext password for this storage scheme, prepending the name of the scheme in curly
braces.
|
void |
finalizePasswordStorageScheme()
Performs any necessary finalization that might be required when this password storage scheme is no longer needed
(e.g., the scheme is disabled or the server is shutting down).
|
ByteString |
getAuthPasswordPlaintextValue(String authInfo,
String authValue)
Retrieves the original plaintext value for the provided password stored in the authPassword syntax.
|
String |
getAuthPasswordSchemeName()
Retrieves the scheme name that should be used with this password storage scheme when it is used in the context of
the authentication password syntax.
|
ByteString |
getPlaintextValue(ByteSequence storedPassword)
Retrieves the original plaintext value for the provided stored password.
|
abstract String |
getStorageSchemeName()
Retrieves the name of the password storage scheme provided by this handler.
|
abstract void |
initializePasswordStorageScheme(T configuration)
Initializes this password storage scheme handler based on the information in the provided configuration entry.
|
boolean |
isConfigurationAcceptable(T configuration,
List<LocalizableMessage> unacceptableReasons)
Indicates whether the provided configuration is acceptable for this password storage scheme.
|
boolean |
isReversible()
Indicates whether this storage scheme is reversible (i.e., it is possible to obtain the original plaintext value
from the stored password).
|
abstract boolean |
isStorageSchemeSecure()
Indicates whether this password storage scheme should be considered "secure".
|
abstract boolean |
passwordMatches(ByteSequence plaintextPassword,
ByteSequence storedPassword)
Indicates whether the provided plaintext password included in a bind request matches the given stored value.
|
boolean |
supportsAuthPasswordSyntax()
Indicates whether this password storage scheme supports the ability to interact with values using the
authentication password syntax defined in RFC 3112.
|
public abstract void initializePasswordStorageScheme(T configuration) throws ConfigException, InitializationException
configuration
- The configuration entry that contains the information to use to initialize this password storage
scheme handler.ConfigException
- If an unrecoverable problem arises in the process of performing the initialization.InitializationException
- If a problem occurs during initialization that is not related to the server configuration.public boolean isConfigurationAcceptable(T configuration, List<LocalizableMessage> unacceptableReasons)
configuration
- The password storage scheme configuration for which to make the determination.unacceptableReasons
- A list that may be used to hold the reasons that the provided configuration is not acceptable.true
if the provided configuration is acceptable for this password storage scheme, or
false
if not.public void finalizePasswordStorageScheme()
public abstract String getStorageSchemeName()
public abstract ByteString encodePassword(ByteSequence plaintext) throws DirectoryException
plaintext
- The plaintext version of the password.DirectoryException
- If a problem occurs while processing.public ByteString encodePasswordWithScheme(ByteSequence plaintext) throws DirectoryException
plaintext
- The plaintext version of the password.DirectoryException
- If a problem occurs while processing.public abstract boolean passwordMatches(ByteSequence plaintextPassword, ByteSequence storedPassword)
plaintextPassword
- The plaintext password provided by the user as part of a simple bind attempt.storedPassword
- The stored password to compare against the provided plaintext password.true
if the provided plaintext password matches the provided stored password, or false
if
not.public boolean supportsAuthPasswordSyntax()
true
if this password storage scheme supports the ability to interact with values using the
authentication password syntax, or false
if it does not.public String getAuthPasswordSchemeName()
getStorageSchemeName
method.public ByteString encodeAuthPassword(ByteSequence plaintext) throws DirectoryException
plaintext
- The plaintext version of the password.DirectoryException
- If a problem occurs while processing of if this storage scheme does not support the authentication
password syntax.public boolean authPasswordMatches(ByteSequence plaintextPassword, String authInfo, String authValue)
plaintextPassword
- The plaintext password provided by the user.authInfo
- The authInfo component of the password encoded in the authentication password syntax.authValue
- The authValue component of the password encoded in the authentication password syntax.true
if the provided plaintext password matches the encoded password according to the
authentication password info syntax, or false
if it does not or this storage scheme does not
support the authentication password syntax.public boolean isReversible()
true
if this is a reversible password storage scheme, or false
if it is not.public ByteString getPlaintextValue(ByteSequence storedPassword) throws DirectoryException
isReversible
returns true
.storedPassword
- The password for which to obtain the plaintext value. It should not include the scheme name in curly
braces.DirectoryException
- If it is not possible to obtain the plaintext value for the provided stored password.public ByteString getAuthPasswordPlaintextValue(String authInfo, String authValue) throws DirectoryException
isReversible
returns true
.authInfo
- The authInfo component of the password encoded in the authentication password syntax.authValue
- The authValue component of the password encoded in the authentication password syntax.DirectoryException
- If it is not possible to obtain the plaintext value for the provided stored password, or if this
storage scheme does not support the authPassword syntax..public abstract boolean isStorageSchemeSecure()
false
if it may be trivial to discover the original plain-text password from the encoded form, or
true
if the scheme offers sufficient protection that revealing the encoded password will not
easily reveal the corresponding plain-text value.protected static void destroySilently(SecretKey secretKey)
Destroyable.destroy()
ignoring any errors which occurred.secretKey
- The secretKey to be destroyed, which may be null
.Copyright 2010-2020 ForgeRock AS.