001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions Copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2006-2008 Sun Microsystems, Inc. 015 * Portions Copyright 2014-2015 ForgeRock AS. 016 */ 017package org.opends.server.extensions; 018 019 020 021import org.forgerock.i18n.LocalizableMessage; 022import org.opends.server.admin.std.server.Base64PasswordStorageSchemeCfg; 023import org.opends.server.api.PasswordStorageScheme; 024import org.forgerock.opendj.config.server.ConfigException; 025import org.forgerock.i18n.slf4j.LocalizedLogger; 026import org.opends.server.types.*; 027import org.forgerock.opendj.ldap.ResultCode; 028import org.forgerock.opendj.ldap.ByteString; 029import org.forgerock.opendj.ldap.ByteSequence; 030import org.opends.server.util.Base64; 031 032import static org.opends.messages.ExtensionMessages.*; 033import static org.opends.server.extensions.ExtensionsConstants.*; 034 035 036 037/** 038 * This class defines a Directory Server password storage scheme that will store 039 * the values in base64-encoded form. This is a reversible algorithm that 040 * offers very little actual protection -- it will merely obscure the plaintext 041 * value from the casual observer. 042 */ 043public class Base64PasswordStorageScheme 044 extends PasswordStorageScheme<Base64PasswordStorageSchemeCfg> 045{ 046 private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass(); 047 048 049 050 /** 051 * Creates a new instance of this password storage scheme. Note that no 052 * initialization should be performed here, as all initialization should be 053 * done in the <CODE>initializePasswordStorageScheme</CODE> method. 054 */ 055 public Base64PasswordStorageScheme() 056 { 057 super(); 058 } 059 060 061 062 /** {@inheritDoc} */ 063 @Override 064 public void initializePasswordStorageScheme( 065 Base64PasswordStorageSchemeCfg configuration) 066 throws ConfigException, InitializationException 067 { 068 // No initialization is required. 069 } 070 071 072 073 /** {@inheritDoc} */ 074 @Override 075 public String getStorageSchemeName() 076 { 077 return STORAGE_SCHEME_NAME_BASE64; 078 } 079 080 081 082 /** {@inheritDoc} */ 083 @Override 084 public ByteString encodePassword(ByteSequence plaintext) 085 throws DirectoryException 086 { 087 return ByteString.valueOfUtf8(Base64.encode(plaintext)); 088 } 089 090 091 092 /** {@inheritDoc} */ 093 @Override 094 public ByteString encodePasswordWithScheme(ByteSequence plaintext) 095 throws DirectoryException 096 { 097 StringBuilder buffer = new StringBuilder(); 098 buffer.append('{'); 099 buffer.append(STORAGE_SCHEME_NAME_BASE64); 100 buffer.append('}'); 101 buffer.append(Base64.encode(plaintext)); 102 103 return ByteString.valueOfUtf8(buffer); 104 } 105 106 107 108 /** {@inheritDoc} */ 109 @Override 110 public boolean passwordMatches(ByteSequence plaintextPassword, 111 ByteSequence storedPassword) 112 { 113 String userString = Base64.encode(plaintextPassword); 114 String storedString = storedPassword.toString(); 115 return userString.equals(storedString); 116 } 117 118 119 120 /** {@inheritDoc} */ 121 @Override 122 public boolean isReversible() 123 { 124 return true; 125 } 126 127 128 129 /** {@inheritDoc} */ 130 @Override 131 public ByteString getPlaintextValue(ByteSequence storedPassword) 132 throws DirectoryException 133 { 134 try 135 { 136 return ByteString.wrap(Base64.decode(storedPassword.toString())); 137 } 138 catch (Exception e) 139 { 140 logger.traceException(e); 141 142 LocalizableMessage message = ERR_PWSCHEME_CANNOT_BASE64_DECODE_STORED_PASSWORD.get( 143 storedPassword, e); 144 throw new DirectoryException(ResultCode.INVALID_CREDENTIALS, message, e); 145 } 146 } 147 148 149 150 /** {@inheritDoc} */ 151 @Override 152 public boolean supportsAuthPasswordSyntax() 153 { 154 // This storage scheme does not support the authentication password syntax. 155 return false; 156 } 157 158 159 160 /** {@inheritDoc} */ 161 @Override 162 public ByteString encodeAuthPassword(ByteSequence plaintext) 163 throws DirectoryException 164 { 165 LocalizableMessage message = 166 ERR_PWSCHEME_DOES_NOT_SUPPORT_AUTH_PASSWORD.get(getStorageSchemeName()); 167 throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, message); 168 } 169 170 171 172 /** {@inheritDoc} */ 173 @Override 174 public boolean authPasswordMatches(ByteSequence plaintextPassword, 175 String authInfo, String authValue) 176 { 177 // This storage scheme does not support the authentication password syntax. 178 return false; 179 } 180 181 182 183 /** {@inheritDoc} */ 184 @Override 185 public ByteString getAuthPasswordPlaintextValue(String authInfo, 186 String authValue) 187 throws DirectoryException 188 { 189 LocalizableMessage message = 190 ERR_PWSCHEME_DOES_NOT_SUPPORT_AUTH_PASSWORD.get(getStorageSchemeName()); 191 throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, message); 192 } 193 194 195 196 /** {@inheritDoc} */ 197 @Override 198 public boolean isStorageSchemeSecure() 199 { 200 // Base64-encoded values may be easily decoded with no key or special 201 // knowledge. 202 return false; 203 } 204} 205