001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions Copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2006-2008 Sun Microsystems, Inc.
015 * Portions Copyright 2012-2016 ForgeRock AS.
016 */
017package org.opends.server.schema;
018import static org.opends.messages.SchemaMessages.*;
019import static org.opends.server.schema.SchemaConstants.*;
020import static org.opends.server.util.StaticUtils.*;
021
022import org.forgerock.i18n.LocalizableMessage;
023import org.forgerock.i18n.slf4j.LocalizedLogger;
024import org.forgerock.opendj.ldap.ByteSequence;
025import org.forgerock.opendj.ldap.ResultCode;
026import org.forgerock.opendj.ldap.schema.Schema;
027import org.forgerock.opendj.ldap.schema.Syntax;
028import org.forgerock.opendj.server.config.server.AttributeSyntaxCfg;
029import org.opends.server.api.AttributeSyntax;
030import org.opends.server.types.DirectoryException;
031
032
033/**
034 * This class defines an attribute syntax used for storing values that have been
035 * encoded using a password storage scheme.  The format for attribute values
036 * with this syntax is the concatenation of the following elements in the given
037 * order:
038 * <BR>
039 * <UL>
040 *   <LI>An opening curly brace ("{
041
042  private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
043") character.</LI>
044 *   <LI>The name of the storage scheme used to encode the value.</LI>
045 *   <LI>A closing curly brace ("}") character.</LI>
046 *   <LI>The encoded value.</LI>
047 * </UL>
048 */
049public class UserPasswordSyntax
050       extends AttributeSyntax<AttributeSyntaxCfg>
051{
052
053  private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
054
055
056  /**
057   * Creates a new instance of this syntax.  Note that the only thing that
058   * should be done here is to invoke the default constructor for the
059   * superclass.  All initialization should be performed in the
060   * <CODE>initializeSyntax</CODE> method.
061   */
062  public UserPasswordSyntax()
063  {
064    super();
065  }
066
067  /** {@inheritDoc} */
068  @Override
069  public Syntax getSDKSyntax(Schema schema)
070  {
071    return schema.getSyntax(SchemaConstants.SYNTAX_USER_PASSWORD_OID);
072  }
073
074  /**
075   * Retrieves the common name for this attribute syntax.
076   *
077   * @return  The common name for this attribute syntax.
078   */
079  @Override
080  public String getName()
081  {
082    return SYNTAX_USER_PASSWORD_NAME;
083  }
084
085  /**
086   * Retrieves the OID for this attribute syntax.
087   *
088   * @return  The OID for this attribute syntax.
089   */
090  @Override
091  public String getOID()
092  {
093    return SYNTAX_USER_PASSWORD_OID;
094  }
095
096  /**
097   * Retrieves a description for this attribute syntax.
098   *
099   * @return  A description for this attribute syntax.
100   */
101  @Override
102  public String getDescription()
103  {
104    return SYNTAX_USER_PASSWORD_DESCRIPTION;
105  }
106
107
108  /**
109   * Decodes the provided user password value into its component parts.
110   *
111   * @param  userPasswordValue  The user password value to be decoded.
112   *
113   * @return  A two-element string array whose elements are the storage scheme
114   *          name (in all lowercase characters) and the encoded value, in that
115   *          order.
116   *
117   * @throws  DirectoryException  If a problem is encountered while attempting
118   *                              to decode the value.
119   */
120  public static String[] decodeUserPassword(String userPasswordValue)
121         throws DirectoryException
122  {
123    // Make sure that there actually is a value to decode.
124    if (userPasswordValue == null || userPasswordValue.length() == 0)
125    {
126      LocalizableMessage message = ERR_ATTR_SYNTAX_USERPW_NO_VALUE.get();
127      throw new DirectoryException(
128              ResultCode.INVALID_ATTRIBUTE_SYNTAX, message);
129    }
130
131
132    // The first character of an encoded value must be an opening curly brace.
133    if (userPasswordValue.charAt(0) != '{')
134    {
135      LocalizableMessage message = ERR_ATTR_SYNTAX_USERPW_NO_OPENING_BRACE.get();
136      throw new DirectoryException(
137              ResultCode.INVALID_ATTRIBUTE_SYNTAX, message);
138    }
139
140
141    // There must be a corresponding closing brace.
142    int closePos = userPasswordValue.indexOf('}');
143    if (closePos < 0)
144    {
145      LocalizableMessage message = ERR_ATTR_SYNTAX_USERPW_NO_CLOSING_BRACE.get();
146      throw new DirectoryException(
147              ResultCode.INVALID_ATTRIBUTE_SYNTAX, message);
148    }
149
150
151    // Get the storage scheme name and encoded value.
152    String schemeName   = userPasswordValue.substring(1, closePos);
153    String encodedValue = userPasswordValue.substring(closePos+1);
154
155    if (schemeName.length() == 0)
156    {
157      LocalizableMessage message = ERR_ATTR_SYNTAX_USERPW_NO_SCHEME.get();
158      throw new DirectoryException(
159              ResultCode.INVALID_ATTRIBUTE_SYNTAX, message);
160    }
161
162
163    return new String[] { toLowerCase(schemeName), encodedValue };
164  }
165
166  /**
167   * Indicates whether the provided value is encoded using the user password
168   * syntax.
169   *
170   * @param  value  The value for which to make the determination.
171   *
172   * @return  <CODE>true</CODE> if the value appears to be encoded using the
173   *          user password syntax, or <CODE>false</CODE> if not.
174   */
175  public static boolean isEncoded(ByteSequence value)
176  {
177    // If the value is null or empty, then it's not.
178    if (value == null || value.length() == 0)
179    {
180      return false;
181    }
182
183
184    // If the value doesn't start with an opening curly brace, then it's not.
185    if (value.byteAt(0) != '{')
186    {
187      return false;
188    }
189
190
191    // There must be a corresponding closing curly brace, and there must be at
192    // least one character inside the brace.
193    int closingBracePos = -1;
194    for (int i=1; i < value.length(); i++)
195    {
196      if (value.byteAt(i) == '}')
197      {
198        closingBracePos = i;
199        break;
200      }
201    }
202
203    return closingBracePos >= 0
204        && closingBracePos != 1
205        // The closing curly brace must not be the last character of the password.
206        && closingBracePos != value.length() - 1;
207  }
208
209}
210