C
- type of the configuration objectpublic abstract class SaltedAbstractPasswordStorageScheme<C extends PasswordStorageSchemeCfg> extends PasswordStorageScheme<C>
This is a one-way digest algorithm so there is no way to retrieve the original clear-text version of the password from the hashed value (although this means that it is not suitable for things that need the clear-text password like DIGEST-MD5).
The values that it generates are also salted, which protects against dictionary attacks. It does this by generating a 64-bit random salt which is appended to the clear-text value. A hash is then generated based on this, the salt is appended to the hash, and then the entire value is base64-encoded.
Constructor and Description |
---|
SaltedAbstractPasswordStorageScheme()
Creates a new instance of this password storage scheme.
|
Modifier and Type | Method and Description |
---|---|
boolean |
authPasswordMatches(ByteSequence plaintextPassword,
String authInfo,
String authValue)
Indicates whether the provided plaintext password matches the encoded password using the authentication password
syntax with the given authInfo and authValue components.
|
ByteString |
encodeAuthPassword(ByteSequence plaintext)
Encodes the provided plaintext password for this storage scheme using the authentication password syntax defined
in RFC 3112.
|
ByteString |
encodePassword(ByteSequence plaintext)
Encodes the provided plaintext password for this storage scheme, without the name of the associated scheme.
|
abstract String |
getAuthPasswordSchemeName()
Retrieves the scheme name that should be used with this password storage scheme when it is used in the context of
the authentication password syntax.
|
protected abstract int |
getDigestSize()
Returns the number of bytes the digest algorithm produces.
|
protected abstract String |
getMessageDigestAlgorithm()
Returns the algorithm to use for computing digests.
|
abstract String |
getStorageSchemeName()
Retrieves the name of the password storage scheme provided by this handler.
|
void |
initializePasswordStorageScheme(C configuration)
Initializes this password storage scheme handler based on the information in the provided configuration entry.
|
boolean |
isStorageSchemeSecure()
Indicates whether this password storage scheme should be considered "secure".
|
boolean |
passwordMatches(ByteSequence plaintextPassword,
ByteSequence storedPassword)
Indicates whether the provided plaintext password included in a bind request matches the given stored value.
|
boolean |
supportsAuthPasswordSyntax()
Indicates whether this password storage scheme supports the ability to interact with values using the
authentication password syntax defined in RFC 3112.
|
destroySilently, encodePasswordWithScheme, finalizePasswordStorageScheme, getAuthPasswordPlaintextValue, getPlaintextValue, isConfigurationAcceptable, isReversible
public SaltedAbstractPasswordStorageScheme()
initializePasswordStorageScheme
method.public abstract String getStorageSchemeName()
PasswordStorageScheme
getStorageSchemeName
in class PasswordStorageScheme<C extends PasswordStorageSchemeCfg>
public abstract String getAuthPasswordSchemeName()
PasswordStorageScheme
getStorageSchemeName
method.getAuthPasswordSchemeName
in class PasswordStorageScheme<C extends PasswordStorageSchemeCfg>
protected abstract String getMessageDigestAlgorithm()
protected abstract int getDigestSize()
public void initializePasswordStorageScheme(C configuration) throws ConfigException, InitializationException
PasswordStorageScheme
initializePasswordStorageScheme
in class PasswordStorageScheme<C extends PasswordStorageSchemeCfg>
configuration
- The configuration entry that contains the information to use to initialize this password storage
scheme handler.ConfigException
- If an unrecoverable problem arises in the process of performing the initialization.InitializationException
- If a problem occurs during initialization that is not related to the server configuration.public ByteString encodePassword(ByteSequence plaintext) throws DirectoryException
PasswordStorageScheme
encodePassword
in class PasswordStorageScheme<C extends PasswordStorageSchemeCfg>
plaintext
- The plaintext version of the password.DirectoryException
- If a problem occurs while processing.public boolean passwordMatches(ByteSequence plaintextPassword, ByteSequence storedPassword)
PasswordStorageScheme
passwordMatches
in class PasswordStorageScheme<C extends PasswordStorageSchemeCfg>
plaintextPassword
- The plaintext password provided by the user as part of a simple bind attempt.storedPassword
- The stored password to compare against the provided plaintext password.true
if the provided plaintext password matches the provided stored password, or false
if
not.public boolean supportsAuthPasswordSyntax()
PasswordStorageScheme
supportsAuthPasswordSyntax
in class PasswordStorageScheme<C extends PasswordStorageSchemeCfg>
true
if this password storage scheme supports the ability to interact with values using the
authentication password syntax, or false
if it does not.public ByteString encodeAuthPassword(ByteSequence plaintext) throws DirectoryException
PasswordStorageScheme
encodeAuthPassword
in class PasswordStorageScheme<C extends PasswordStorageSchemeCfg>
plaintext
- The plaintext version of the password.DirectoryException
- If a problem occurs while processing of if this storage scheme does not support the authentication
password syntax.public boolean authPasswordMatches(ByteSequence plaintextPassword, String authInfo, String authValue)
PasswordStorageScheme
authPasswordMatches
in class PasswordStorageScheme<C extends PasswordStorageSchemeCfg>
plaintextPassword
- The plaintext password provided by the user.authInfo
- The authInfo component of the password encoded in the authentication password syntax.authValue
- The authValue component of the password encoded in the authentication password syntax.true
if the provided plaintext password matches the encoded password according to the
authentication password info syntax, or false
if it does not or this storage scheme does not
support the authentication password syntax.public boolean isStorageSchemeSecure()
PasswordStorageScheme
isStorageSchemeSecure
in class PasswordStorageScheme<C extends PasswordStorageSchemeCfg>
false
if it may be trivial to discover the original plain-text password from the encoded form, or
true
if the scheme offers sufficient protection that revealing the encoded password will not
easily reveal the corresponding plain-text value.Copyright 2010-2020 ForgeRock AS.