@Extensible @DirectoryServerExtension @DirectoryProxyServerExtension(appliesToLocalContent=true, appliesToRemoteContent=false) @SynchronizationServerExtension(appliesToLocalContent=true, appliesToSynchronizedContent=false) @ThreadSafety(level=INTERFACE_THREADSAFE) public abstract class PasswordStorageScheme extends java.lang.Object implements UnboundIDExtension, Reconfigurable<PasswordStorageSchemeConfig>, ExampleUsageProvider
EnhancedPasswordStorageScheme
class provides both a
simpler and more functional API for interacting with passwords. It may be
desirable for new storage scheme implementations to implement that API rather
than this older version.
dsconfig create-password-storage-scheme \ --scheme-name "{scheme-name}" \ --type third-party \ --set enabled:true \ --set "extension-class:{class-name}" \ --set "extension-argument:{name=value}"where "{scheme-name}" is the name to use for the password storage scheme instance, "{class-name}" is the fully-qualified name of the Java class that extends
com.unboundid.directory.sdk.ds.api.PasswordStorageScheme
, and
"{name=value}" represents name-value pairs for any arguments to
provide to the password storage scheme. If multiple arguments should be
provided to the password storage scheme, then the
"--set extension-argument:{name=value}
" option should be
provided multiple times.EnhancedPasswordStorageScheme
Constructor and Description |
---|
PasswordStorageScheme()
Creates a new instance of this password storage scheme.
|
Modifier and Type | Method and Description |
---|---|
ResultCode |
applyConfiguration(PasswordStorageSchemeConfig config,
ArgumentParser parser,
java.util.List<java.lang.String> adminActionsRequired,
java.util.List<java.lang.String> messages)
Attempts to apply the configuration from the provided argument parser to
this extension.
|
boolean |
authPasswordMatches(ByteString plaintext,
java.lang.String authInfo,
java.lang.String authValue)
Indicates whether the provided plaintext password may be used to generate
an encoded password with the given authInfo and authValue elements when
using the authentication password syntax as defined in RFC 3112.
|
void |
defineConfigArguments(ArgumentParser parser)
Updates the provided argument parser to define any configuration arguments
which may be used by this extension.
|
ByteString |
encodeAuthPassword(ByteString plaintext)
Encodes the provided plaintext password using the authentication password
syntax as defined in RFC 3112.
|
abstract ByteString |
encodePassword(ByteString plaintext)
Encodes the provided plaintext password.
|
ByteString |
encodePasswordWithScheme(ByteString plaintext)
Encodes the provided plaintext password, prefixing the encoded
representation with the name of the storage scheme in curly braces.
|
ByteString |
encodePasswordWithScheme(ByteString plaintext,
DN entryDN)
Encodes the provided plaintext password, prefixing the encoded
representation with the name of the storage scheme in curly braces.
|
void |
finalizePasswordStorageScheme()
Performs any cleanup which may be necessary when this password storage
scheme is to be taken out of service.
|
ByteString |
getAuthPasswordPlaintextValue(java.lang.String authInfo,
java.lang.String authValue)
Obtains the plaintext password that was used to generate an encoded
password with the given authInfo and authValue elements when using the
authentication password syntax as described in RFC 3112.
|
java.lang.String |
getAuthPasswordSchemeName()
Retrieves the name that should be used to identify this password storage
scheme when encoding passwords using the authentication password syntax as
described in RFC 3112.
|
java.util.Map<java.util.List<java.lang.String>,java.lang.String> |
getExamplesArgumentSets()
Retrieves a map containing examples of configurations that may be used for
this extension.
|
abstract java.lang.String[] |
getExtensionDescription()
Retrieves a human-readable description for this extension.
|
abstract java.lang.String |
getExtensionName()
Retrieves a human-readable name for this extension.
|
abstract ByteString |
getPlaintextValue(ByteString encoded)
Attempts to determine the plaintext password used to generate the provided
encoded password.
|
abstract java.lang.String |
getStorageSchemeName()
Retrieves the name for this password storage scheme.
|
void |
initializePasswordStorageScheme(DirectoryServerContext serverContext,
PasswordStorageSchemeConfig config,
ArgumentParser parser)
Initializes this password storage scheme.
|
boolean |
isConfigurationAcceptable(PasswordStorageSchemeConfig config,
ArgumentParser parser,
java.util.List<java.lang.String> unacceptableReasons)
Indicates whether the configuration represented by the provided argument
parser is acceptable for use by this extension.
|
abstract boolean |
isReversible()
Indicates whether this password storage scheme encodes passwords in a form
that allows the original plaintext value to be obtained from the encoded
representation.
|
abstract boolean |
isSecure()
Indicates whether this password storage scheme encodes passwords in a form
that may be considered secure.
|
abstract boolean |
passwordMatches(ByteString plaintext,
ByteString encoded)
Indicates whether the provided plaintext password could have been used to
generate the given encoded password.
|
boolean |
supportsAuthPasswordSyntax()
Indicates whether this password storage scheme provides the ability to
encode passwords in the authentication password syntax as described in RFC
3112.
|
public PasswordStorageScheme()
initializePasswordStorageScheme
method.public abstract java.lang.String getExtensionName()
getExtensionName
in interface UnboundIDExtension
public abstract java.lang.String[] getExtensionDescription()
getExtensionDescription
in interface UnboundIDExtension
null
or an empty array if no description should be available.public void defineConfigArguments(ArgumentParser parser) throws ArgumentException
defineConfigArguments
in interface Configurable
parser
- The argument parser to be updated with the configuration
arguments which may be used by this extension.ArgumentException
- If a problem is encountered while updating the
provided argument parser.public void initializePasswordStorageScheme(DirectoryServerContext serverContext, PasswordStorageSchemeConfig config, ArgumentParser parser) throws LDAPException
serverContext
- A handle to the server context for the server in
which this extension is running.config
- The general configuration for this password storage
scheme.parser
- The argument parser which has been initialized from
the configuration for this password storage scheme.LDAPException
- If a problem occurs while initializing this
password storage scheme.public boolean isConfigurationAcceptable(PasswordStorageSchemeConfig config, ArgumentParser parser, java.util.List<java.lang.String> unacceptableReasons)
isConfigurationAcceptable
in interface Reconfigurable<PasswordStorageSchemeConfig>
config
- The general configuration for this extension.parser
- The argument parser that has been used to
parse the proposed configuration for this
extension.unacceptableReasons
- A list to which messages may be added to
provide additional information about why the
provided configuration is not acceptable.true
if the configuration in the provided argument parser
appears to be acceptable, or false
if not.public ResultCode applyConfiguration(PasswordStorageSchemeConfig config, ArgumentParser parser, java.util.List<java.lang.String> adminActionsRequired, java.util.List<java.lang.String> messages)
applyConfiguration
in interface Reconfigurable<PasswordStorageSchemeConfig>
config
- The general configuration for this extension.parser
- The argument parser that has been used to
parse the new configuration for this
extension.adminActionsRequired
- A list to which messages may be added to
provide additional information about any
additional administrative actions that may
be required to apply some of the
configuration changes.messages
- A list to which messages may be added to
provide additional information about the
processing performed by this method.SUCCESS
should be
used to indicate that all processing completed successfully. Any
other result will indicate that a problem occurred during
processing.public void finalizePasswordStorageScheme()
public abstract java.lang.String getStorageSchemeName()
public abstract boolean isReversible()
true
if the original plaintext password may be obtained
from the encoded password, or false
if not.public abstract boolean isSecure()
true
if this password storage scheme may be considered
secure, or false
if not.public abstract ByteString encodePassword(ByteString plaintext) throws LDAPException
plaintext
- The plaintext password to be encoded. It must not be
null
. Note that there is no guarantee that
password validators have yet been invoked for this
password, so this password storage scheme implementation
should not make any assumptions about the format of the
plaintext password or whether it will actually be
allowed for use in the entry.LDAPException
- If a problem occurs while attempting to encode the
password.public ByteString encodePasswordWithScheme(ByteString plaintext) throws LDAPException
plaintext
- The plaintext password to be encoded. It must not be
null
. Note that there is no guarantee that
password validators have yet been invoked for this
password, so this password storage scheme implementation
should not make any assumptions about the format of the
plaintext password or whether it will actually be
allowed for use in the entry.LDAPException
- If a problem occurs while attempting to encode the
password.public ByteString encodePasswordWithScheme(ByteString plaintext, DN entryDN) throws LDAPException
plaintext
- The plaintext password to be encoded. It must not be
null
. Note that there is no guarantee that
password validators have yet been invoked for this
password, so this password storage scheme implementation
should not make any assumptions about the format of the
plaintext password or whether it will actually be
allowed for use in the entry.entryDN
- The DN of the entry in which the encoded password will
appear. This may be null
if it is not known.LDAPException
- If a problem occurs while attempting to encode the
password.public abstract boolean passwordMatches(ByteString plaintext, ByteString encoded)
plaintext
- The plaintext password for which to make the
determination.encoded
- The encoded password for which to make the
determination. It will not include the scheme name.true
if the provided clear-text password could have been
used to generate the encoded password, or false
if not.public abstract ByteString getPlaintextValue(ByteString encoded) throws LDAPException
isReversible()
method returns true
.encoded
- The encoded password for which to obtain the original
plaintext password. It must not be null
and will
not be prefixed with the scheme name.LDAPException
- If this password storage scheme is not reversible,
or if the provided value could not be decoded to
its plaintext representation.public boolean supportsAuthPasswordSyntax()
true
if this password storage scheme supports the
authentication password syntax, or false
if not.public java.lang.String getAuthPasswordSchemeName()
supportsAuthPasswordSyntax()
method returns true
.public ByteString encodeAuthPassword(ByteString plaintext) throws LDAPException
supportsAuthPasswordSyntax()
method returns true
.plaintext
- The plaintext password to be encoded. It must not be
null
. Note that there is no guarantee that
password validators have yet been invoked for this
password, so this password storage scheme implementation
should not make any assumptions about the format of the
plaintext password or whether it will actually be
allowed for use in the entry.LDAPException
- If a problem occurs while encoding the provided
password, or if this password storage scheme does
not support the authentication password syntax.public boolean authPasswordMatches(ByteString plaintext, java.lang.String authInfo, java.lang.String authValue)
supportsAuthPasswordSyntax()
method
returns true
.plaintext
- The plaintext password for which to make the
determination.authInfo
- The authInfo portion of the encoded password for which
to make the determination.authValue
- The authValue portion of the encoded password for which
to make the determination.true
if the provided plaintext password could be used to
generate an encoded password with the given authInfo and authValue
portions, or false
if not.public ByteString getAuthPasswordPlaintextValue(java.lang.String authInfo, java.lang.String authValue) throws LDAPException
supportsAuthPasswordSyntax()
and
isReversible()
methods return true
.authInfo
- The authInfo portion of the encoded password for which
to retrieve the corresponding plaintext value.authValue
- The authValue portion of the encoded password for which
to retrieve the corresponding plaintext value.LDAPException
- If this password storage scheme is not reversible,
if this password storage scheme does not support
the authentication password syntax, or if some
other problem is encountered while attempting to
determine the plaintext password.public java.util.Map<java.util.List<java.lang.String>,java.lang.String> getExamplesArgumentSets()
getExamplesArgumentSets
in interface ExampleUsageProvider
null
or empty if there should
not be any example argument sets.