001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions Copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2006-2008 Sun Microsystems, Inc. 015 * Portions Copyright 2012-2016 ForgeRock AS. 016 */ 017package org.opends.server.schema; 018import static org.opends.messages.SchemaMessages.*; 019import static org.opends.server.schema.SchemaConstants.*; 020import static org.opends.server.util.StaticUtils.*; 021 022import org.forgerock.i18n.LocalizableMessage; 023import org.forgerock.i18n.slf4j.LocalizedLogger; 024import org.forgerock.opendj.ldap.ByteSequence; 025import org.forgerock.opendj.ldap.ResultCode; 026import org.forgerock.opendj.ldap.schema.Schema; 027import org.forgerock.opendj.ldap.schema.Syntax; 028import org.forgerock.opendj.server.config.server.AttributeSyntaxCfg; 029import org.opends.server.api.AttributeSyntax; 030import org.opends.server.types.DirectoryException; 031 032 033/** 034 * This class defines an attribute syntax used for storing values that have been 035 * encoded using a password storage scheme. The format for attribute values 036 * with this syntax is the concatenation of the following elements in the given 037 * order: 038 * <BR> 039 * <UL> 040 * <LI>An opening curly brace ("{ 041 042 private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass(); 043") character.</LI> 044 * <LI>The name of the storage scheme used to encode the value.</LI> 045 * <LI>A closing curly brace ("}") character.</LI> 046 * <LI>The encoded value.</LI> 047 * </UL> 048 */ 049public class UserPasswordSyntax 050 extends AttributeSyntax<AttributeSyntaxCfg> 051{ 052 053 private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass(); 054 055 056 /** 057 * Creates a new instance of this syntax. Note that the only thing that 058 * should be done here is to invoke the default constructor for the 059 * superclass. All initialization should be performed in the 060 * <CODE>initializeSyntax</CODE> method. 061 */ 062 public UserPasswordSyntax() 063 { 064 super(); 065 } 066 067 /** {@inheritDoc} */ 068 @Override 069 public Syntax getSDKSyntax(Schema schema) 070 { 071 return schema.getSyntax(SchemaConstants.SYNTAX_USER_PASSWORD_OID); 072 } 073 074 /** 075 * Retrieves the common name for this attribute syntax. 076 * 077 * @return The common name for this attribute syntax. 078 */ 079 @Override 080 public String getName() 081 { 082 return SYNTAX_USER_PASSWORD_NAME; 083 } 084 085 /** 086 * Retrieves the OID for this attribute syntax. 087 * 088 * @return The OID for this attribute syntax. 089 */ 090 @Override 091 public String getOID() 092 { 093 return SYNTAX_USER_PASSWORD_OID; 094 } 095 096 /** 097 * Retrieves a description for this attribute syntax. 098 * 099 * @return A description for this attribute syntax. 100 */ 101 @Override 102 public String getDescription() 103 { 104 return SYNTAX_USER_PASSWORD_DESCRIPTION; 105 } 106 107 108 /** 109 * Decodes the provided user password value into its component parts. 110 * 111 * @param userPasswordValue The user password value to be decoded. 112 * 113 * @return A two-element string array whose elements are the storage scheme 114 * name (in all lowercase characters) and the encoded value, in that 115 * order. 116 * 117 * @throws DirectoryException If a problem is encountered while attempting 118 * to decode the value. 119 */ 120 public static String[] decodeUserPassword(String userPasswordValue) 121 throws DirectoryException 122 { 123 // Make sure that there actually is a value to decode. 124 if (userPasswordValue == null || userPasswordValue.length() == 0) 125 { 126 LocalizableMessage message = ERR_ATTR_SYNTAX_USERPW_NO_VALUE.get(); 127 throw new DirectoryException( 128 ResultCode.INVALID_ATTRIBUTE_SYNTAX, message); 129 } 130 131 132 // The first character of an encoded value must be an opening curly brace. 133 if (userPasswordValue.charAt(0) != '{') 134 { 135 LocalizableMessage message = ERR_ATTR_SYNTAX_USERPW_NO_OPENING_BRACE.get(); 136 throw new DirectoryException( 137 ResultCode.INVALID_ATTRIBUTE_SYNTAX, message); 138 } 139 140 141 // There must be a corresponding closing brace. 142 int closePos = userPasswordValue.indexOf('}'); 143 if (closePos < 0) 144 { 145 LocalizableMessage message = ERR_ATTR_SYNTAX_USERPW_NO_CLOSING_BRACE.get(); 146 throw new DirectoryException( 147 ResultCode.INVALID_ATTRIBUTE_SYNTAX, message); 148 } 149 150 151 // Get the storage scheme name and encoded value. 152 String schemeName = userPasswordValue.substring(1, closePos); 153 String encodedValue = userPasswordValue.substring(closePos+1); 154 155 if (schemeName.length() == 0) 156 { 157 LocalizableMessage message = ERR_ATTR_SYNTAX_USERPW_NO_SCHEME.get(); 158 throw new DirectoryException( 159 ResultCode.INVALID_ATTRIBUTE_SYNTAX, message); 160 } 161 162 163 return new String[] { toLowerCase(schemeName), encodedValue }; 164 } 165 166 /** 167 * Indicates whether the provided value is encoded using the user password 168 * syntax. 169 * 170 * @param value The value for which to make the determination. 171 * 172 * @return <CODE>true</CODE> if the value appears to be encoded using the 173 * user password syntax, or <CODE>false</CODE> if not. 174 */ 175 public static boolean isEncoded(ByteSequence value) 176 { 177 // If the value is null or empty, then it's not. 178 if (value == null || value.length() == 0) 179 { 180 return false; 181 } 182 183 184 // If the value doesn't start with an opening curly brace, then it's not. 185 if (value.byteAt(0) != '{') 186 { 187 return false; 188 } 189 190 191 // There must be a corresponding closing curly brace, and there must be at 192 // least one character inside the brace. 193 int closingBracePos = -1; 194 for (int i=1; i < value.length(); i++) 195 { 196 if (value.byteAt(i) == '}') 197 { 198 closingBracePos = i; 199 break; 200 } 201 } 202 203 return closingBracePos >= 0 204 && closingBracePos != 1 205 // The closing curly brace must not be the last character of the password. 206 && closingBracePos != value.length() - 1; 207 } 208 209} 210