@Extensible @ThreadSafety(level=INTERFACE_NOT_THREADSAFE) public abstract class InMemoryPasswordEncoder extends java.lang.Object
Modifier | Constructor and Description |
---|---|
protected |
InMemoryPasswordEncoder(java.lang.String prefix,
PasswordEncoderOutputFormatter outputFormatter)
Creates a new instance of this in-memory directory server password encoder
with the provided information.
|
Modifier and Type | Method and Description |
---|---|
boolean |
clearPasswordMatchesEncodedPassword(ASN1OctetString clearPassword,
ASN1OctetString prefixedFormattedEncodedPassword,
ReadOnlyEntry userEntry)
Indicates whether the provided clear-text password could have been used to
generate the given encoded password.
|
ASN1OctetString |
encodePassword(ASN1OctetString clearPassword,
ReadOnlyEntry userEntry,
java.util.List<Modification> modifications)
Encodes the provided clear-text password for storage in the in-memory
directory server.
|
protected abstract byte[] |
encodePassword(byte[] clearPassword,
ReadOnlyEntry userEntry,
java.util.List<Modification> modifications)
Encodes the provided clear-text password for storage in the in-memory
directory server.
|
void |
ensurePreEncodedPasswordAppearsValid(ASN1OctetString prefixedFormattedEncodedPassword,
ReadOnlyEntry userEntry,
java.util.List<Modification> modifications)
Verifies that the provided pre-encoded password (including the prefix, and
with any appropriate output formatting applied) is compatible with the
validation performed by this password encoder.
|
protected abstract void |
ensurePreEncodedPasswordAppearsValid(byte[] unPrefixedUnFormattedEncodedPasswordBytes,
ReadOnlyEntry userEntry,
java.util.List<Modification> modifications)
Verifies that the provided pre-encoded password (with the prefix removed
and any output formatting reverted) is compatible with the validation
performed by this password encoder.
|
protected abstract byte[] |
extractClearPassword(byte[] unPrefixedUnFormattedEncodedPasswordBytes,
ReadOnlyEntry userEntry)
Attempts to extract the clear-text password used to generate the provided
encoded representation, if possible.
|
ASN1OctetString |
extractClearPasswordFromEncodedPassword(ASN1OctetString prefixedFormattedEncodedPassword,
ReadOnlyEntry userEntry)
Attempts to extract the clear-text password used to generate the provided
encoded representation, if possible.
|
PasswordEncoderOutputFormatter |
getOutputFormatter()
Retrieves the output formatter that will be used when generating the
encoded representation of a password.
|
java.lang.String |
getPrefix()
Retrieves the string that will appear at the beginning of encoded
passwords.
|
protected abstract boolean |
passwordMatches(byte[] clearPasswordBytes,
byte[] unPrefixedUnFormattedEncodedPasswordBytes,
ReadOnlyEntry userEntry)
Indicates whether the provided clear-text password could have been used to
generate the given encoded password.
|
boolean |
passwordStartsWithPrefix(ASN1OctetString password)
Indicates whether the provided password starts with the encoded password
prefix.
|
java.lang.String |
toString()
Retrieves a string representation of this password encoder.
|
abstract void |
toString(java.lang.StringBuilder buffer)
Appends a string representation of this password encoder to the provided
buffer.
|
protected InMemoryPasswordEncoder(java.lang.String prefix, PasswordEncoderOutputFormatter outputFormatter)
prefix
- The string that will appear at the beginning of
encoded passwords. It must not be null
or
empty.outputFormatter
- The output formatter that will be used to format
the encoded representation of clear-text
passwords. It may be null
if no
special formatting should be applied to the raw
bytes.public final java.lang.String getPrefix()
public final PasswordEncoderOutputFormatter getOutputFormatter()
nulL
if no output
formatting will be applied.public final ASN1OctetString encodePassword(ASN1OctetString clearPassword, ReadOnlyEntry userEntry, java.util.List<Modification> modifications) throws LDAPException
clearPassword
- The clear-text password to be encoded. It must not
be null
or empty, and it must not be
pre-encoded.userEntry
- The entry in which the encoded password will appear.
It must not be null
. If the entry is in the
process of being modified, then this will be a
representation of the entry as it appeared before
any changes have been applied.modifications
- A set of modifications to be applied to the user
entry. It must not be [@code null}. It will be an
empty list for entries created via LDAP add and LDIF
import operations. It will be a non-empty list for
LDAP modifications.LDAPException
- If a problem is encountered while trying to encode
the provided clear-text password.protected abstract byte[] encodePassword(byte[] clearPassword, ReadOnlyEntry userEntry, java.util.List<Modification> modifications) throws LDAPException
clearPassword
- The bytes that comprise the clear-text password to
be encoded. It must not be null
or empty.userEntry
- The entry in which the encoded password will appear.
It must not be null
. If the entry is in the
process of being modified, then this will be a
representation of the entry as it appeared before
any changes have been applied.modifications
- A set of modifications to be applied to the user
entry. It must not be [@code null}. It will be an
empty list for entries created via LDAP add and LDIF
import operations. It will be a non-empty list for
LDAP modifications.LDAPException
- If a problem is encountered while trying to encode
the provided clear-text password.public final void ensurePreEncodedPasswordAppearsValid(ASN1OctetString prefixedFormattedEncodedPassword, ReadOnlyEntry userEntry, java.util.List<Modification> modifications) throws LDAPException
prefixedFormattedEncodedPassword
- The pre-encoded password to validate. It must not be
null
, and it should include the prefix and any
applicable output formatting.userEntry
- The entry in which the password will appear. It must not be
null
. If the entry is in the process of being
modified, then this will be a representation of the entry
as it appeared before any changes have been applied.modifications
- A set of modifications to be applied to the user entry. It
must not be [@code null}. It will be an empty list for
entries created via LDAP add and LDIF import operations. It
will be a non-empty list for LDAP modifications.LDAPException
- If the provided encoded password is not compatible
with the validation performed by this password
encoder, or if a problem is encountered while
making the determination.protected abstract void ensurePreEncodedPasswordAppearsValid(byte[] unPrefixedUnFormattedEncodedPasswordBytes, ReadOnlyEntry userEntry, java.util.List<Modification> modifications) throws LDAPException
true
if the provided
unPrefixedUnFormattedEncodedPasswordBytes
value could be used in
conjunction with the passwordMatches(byte[], byte[], com.unboundid.ldap.sdk.ReadOnlyEntry)
method, even if it does not
exactly match the format of the output that would have been generated by
the encodePassword(com.unboundid.asn1.ASN1OctetString, com.unboundid.ldap.sdk.ReadOnlyEntry, java.util.List<com.unboundid.ldap.sdk.Modification>)
method. For example, if this password encoder
uses a salt, then it may be desirable to accept passwords encoded with a
salt that has a different length than the encodePassword
method
would use when encoding a clear-test password. This may allow the
in-memory directory server to support pre-encoded passwords generated from
other types of directory servers that may use different settings when
encoding passwords, but still generates encoded passwords that are
compatible with this password encoder.unPrefixedUnFormattedEncodedPasswordBytes
- The bytes that comprise the pre-encoded password to validate,
with the prefix stripped off and the output formatting
reverted.userEntry
- The entry in which the password will appear. It must not be
null
. If the entry is in the process of being
modified, then this will be a representation of the entry
as it appeared before any changes have been applied.modifications
- A set of modifications to be applied to the user entry. It
must not be [@code null}. It will be an empty list for
entries created via LDAP add and LDIF import operations. It
will be a non-empty list for LDAP modifications.LDAPException
- If the provided encoded password is not compatible
with the validation performed by this password
encoder, or if a problem is encountered while
making the determination.public final boolean clearPasswordMatchesEncodedPassword(ASN1OctetString clearPassword, ASN1OctetString prefixedFormattedEncodedPassword, ReadOnlyEntry userEntry) throws LDAPException
clearPassword
- The clear-text password to be compared against the encoded
password. It must not be null
or empty.prefixedFormattedEncodedPassword
- The encoded password to compare against the clear-text
password. It must not be null
, it must include the
prefix, and any appropriate output formatting must have been
applied.userEntry
- The entry in which the encoded password appears. It must not
be null
.true
if the provided clear-text password could be used to
generate the given encoded password, or false
if not.LDAPException
- If a problem is encountered while making the
determination.protected abstract boolean passwordMatches(byte[] clearPasswordBytes, byte[] unPrefixedUnFormattedEncodedPasswordBytes, ReadOnlyEntry userEntry) throws LDAPException
clearPasswordBytes
- The bytes that comprise the clear-text password to be
compared against the encoded password. It must not be
null
or empty.unPrefixedUnFormattedEncodedPasswordBytes
- The bytes that comprise the encoded password, with the prefix
stripped off and the output formatting reverted.userEntry
- The entry in which the encoded password appears. It must not
be null
.true
if the provided clear-text password could have been
used to generate the given encoded password, or false
if
not.LDAPException
- If a problem is encountered while attempting to
make the determination.public final ASN1OctetString extractClearPasswordFromEncodedPassword(ASN1OctetString prefixedFormattedEncodedPassword, ReadOnlyEntry userEntry) throws LDAPException
prefixedFormattedEncodedPassword
- The encoded password from which to extract the clear-text
password. It must not be null
, it must include the
prefix, and any appropriate output formatting must have been
applied.userEntry
- The entry in which the encoded password appears. It must not
be null
.LDAPException
- If this password encoder is not reversible, or if a
problem occurs while trying to extract the
clear-text representation from the provided encoded
password.protected abstract byte[] extractClearPassword(byte[] unPrefixedUnFormattedEncodedPasswordBytes, ReadOnlyEntry userEntry) throws LDAPException
unPrefixedUnFormattedEncodedPasswordBytes
- The bytes that comprise the encoded password, with the prefix
stripped off and the output formatting reverted.userEntry
- The entry in which the encoded password appears. It must not
be null
.LDAPException
- If this password encoder is not reversible, or if a
problem occurs while trying to extract the
clear-text representation from the provided encoded
password.public final boolean passwordStartsWithPrefix(ASN1OctetString password)
password
- The password for which to make the determination.true
if the provided password starts with the encoded
password prefix, or false
if not.public final java.lang.String toString()
toString
in class java.lang.Object
public abstract void toString(java.lang.StringBuilder buffer)
buffer
- The buffer to which the information should be appended.