org.opends.server.extensions

Class RC4PasswordStorageScheme

java.lang.Object

org.opends.server.api.PasswordStorageScheme<Rc4PasswordStorageSchemeCfg>

org.opends.server.extensions.RC4PasswordStorageScheme

public class RC4PasswordStorageScheme
extends PasswordStorageScheme<Rc4PasswordStorageSchemeCfg>

This class defines a Directory Server password storage scheme that will encode values using the RC4 reversible encryption algorithm. This implementation supports only the user password syntax and not the auth password syntax.

Constructor Summary

Constructors

Constructor and Description
RC4PasswordStorageScheme()

Method Summary

Modifier and Type	Method and Description
ByteString	encodePassword(ByteSequence plaintext) Encodes the provided plaintext password for this storage scheme, without the name of the associated scheme.
ByteString	getPlaintextValue(ByteSequence storedPassword) Retrieves the original plaintext value for the provided stored password.
String	getStorageSchemeName() Retrieves the name of the password storage scheme provided by this handler.
void	initializePasswordStorageScheme(Rc4PasswordStorageSchemeCfg configuration) Initializes this password storage scheme handler based on the information in the provided configuration entry.
boolean	isReversible() Indicates whether this storage scheme is reversible (i.e., it is possible to obtain the original plaintext value from the stored password).
boolean	isStorageSchemeSecure() Indicates whether this password storage scheme should be considered "secure".
boolean	passwordMatches(ByteSequence plaintextPassword, ByteSequence storedPassword) Indicates whether the provided plaintext password included in a bind request matches the given stored value.

Methods inherited from class org.opends.server.api.PasswordStorageScheme

authPasswordMatches, destroySilently, encodeAuthPassword, encodePasswordWithScheme, finalizePasswordStorageScheme, getAuthPasswordPlaintextValue, getAuthPasswordSchemeName, isConfigurationAcceptable, supportsAuthPasswordSyntax

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

RC4PasswordStorageScheme

public RC4PasswordStorageScheme()

Method Detail

initializePasswordStorageScheme

public void initializePasswordStorageScheme(Rc4PasswordStorageSchemeCfg configuration)
                                     throws ConfigException,
                                            InitializationException

Description copied from class: PasswordStorageScheme

Initializes this password storage scheme handler based on the information in the provided configuration entry. It should also register itself with the Directory Server for the particular storage scheme that it will manage.

Specified by:

initializePasswordStorageScheme in class PasswordStorageScheme<Rc4PasswordStorageSchemeCfg>

Parameters:

configuration - The configuration entry that contains the information to use to initialize this password storage scheme handler.

Throws:

ConfigException - If an unrecoverable problem arises in the process of performing the initialization.

InitializationException - If a problem occurs during initialization that is not related to the server configuration.

getStorageSchemeName

public String getStorageSchemeName()

Description copied from class: PasswordStorageScheme

Retrieves the name of the password storage scheme provided by this handler.

Specified by:

getStorageSchemeName in class PasswordStorageScheme<Rc4PasswordStorageSchemeCfg>

Returns:

The name of the password storage scheme provided by this handler.

encodePassword

public ByteString encodePassword(ByteSequence plaintext)
                          throws LdapException

Description copied from class: PasswordStorageScheme

Encodes the provided plaintext password for this storage scheme, without the name of the associated scheme. Note that the provided plaintext password should not be altered in any way.

Specified by:

encodePassword in class PasswordStorageScheme<Rc4PasswordStorageSchemeCfg>

Parameters:

plaintext - The plaintext version of the password.

Returns:

The password that has been encoded using this storage scheme.

Throws:

LdapException - If a problem occurs while processing.

passwordMatches

public boolean passwordMatches(ByteSequence plaintextPassword,
                               ByteSequence storedPassword)

Description copied from class: PasswordStorageScheme

Indicates whether the provided plaintext password included in a bind request matches the given stored value. The provided stored value should not include the scheme name in curly braces.

Specified by:

passwordMatches in class PasswordStorageScheme<Rc4PasswordStorageSchemeCfg>

Parameters:

plaintextPassword - The plaintext password provided by the user as part of a simple bind attempt.

storedPassword - The stored password to compare against the provided plaintext password.

Returns:

true if the provided plaintext password matches the provided stored password, or false if not.

isReversible

public boolean isReversible()

Description copied from class: PasswordStorageScheme

Indicates whether this storage scheme is reversible (i.e., it is possible to obtain the original plaintext value from the stored password).

Overrides:

isReversible in class PasswordStorageScheme<Rc4PasswordStorageSchemeCfg>

Returns:

true if this is a reversible password storage scheme, or false if it is not.

getPlaintextValue

public ByteString getPlaintextValue(ByteSequence storedPassword)
                             throws LdapException

Description copied from class: PasswordStorageScheme

Retrieves the original plaintext value for the provided stored password. Note that this should only be called if isReversible returns true.

Overrides:

getPlaintextValue in class PasswordStorageScheme<Rc4PasswordStorageSchemeCfg>

Parameters:

storedPassword - The password for which to obtain the plaintext value. It should not include the scheme name in curly braces.

Returns:

The plaintext value for the provided stored password.

Throws:

LdapException - If it is not possible to obtain the plaintext value for the provided stored password.

isStorageSchemeSecure

public boolean isStorageSchemeSecure()

Description copied from class: PasswordStorageScheme

Indicates whether this password storage scheme should be considered "secure". If the encoding used for this scheme does not obscure the value at all, or if it uses a method that is trivial to reverse (e.g., base64), then it should not be considered secure.

This may be used to determine whether a password may be included in a set of search results, including the possibility of overriding access controls in the case that access controls would allow the password to be returned but the password is considered too insecure to reveal.

Specified by:

isStorageSchemeSecure in class PasswordStorageScheme<Rc4PasswordStorageSchemeCfg>

Returns:

false if it may be trivial to discover the original plain-text password from the encoded form, or true if the scheme offers sufficient protection that revealing the encoded password will not easily reveal the corresponding plain-text value.