@Extensible @ThreadSafety(level=INTERFACE_NOT_THREADSAFE) public abstract class InMemoryPasswordEncoder extends java.lang.Object
Modifier | Constructor and Description |
---|---|
protected |
InMemoryPasswordEncoder(java.lang.String prefix,
PasswordEncoderOutputFormatter outputFormatter)
Creates a new instance of this in-memory directory server password encoder
with the provided information.
|
Modifier and Type | Method and Description |
---|---|
boolean |
clearPasswordMatchesEncodedPassword(ASN1OctetString clearPassword,
ASN1OctetString prefixedFormattedEncodedPassword,
ReadOnlyEntry userEntry)
Indicates whether the provided clear-text password could have been used to
generate the given encoded password.
|
ASN1OctetString |
encodePassword(ASN1OctetString clearPassword,
ReadOnlyEntry userEntry,
java.util.List<Modification> modifications)
Encodes the provided clear-text password for storage in the in-memory
directory server.
|
protected abstract byte[] |
encodePassword(byte[] clearPassword,
ReadOnlyEntry userEntry,
java.util.List<Modification> modifications)
Encodes the provided clear-text password for storage in the in-memory
directory server.
|
void |
ensurePreEncodedPasswordAppearsValid(ASN1OctetString prefixedFormattedEncodedPassword,
ReadOnlyEntry userEntry,
java.util.List<Modification> modifications)
Verifies that the provided pre-encoded password (including the prefix, and
with any appropriate output formatting applied) is compatible with the
validation performed by this password encoder.
|
protected abstract void |
ensurePreEncodedPasswordAppearsValid(byte[] unPrefixedUnFormattedEncodedPasswordBytes,
ReadOnlyEntry userEntry,
java.util.List<Modification> modifications)
Verifies that the provided pre-encoded password (with the prefix removed
and any output formatting reverted) is compatible with the validation
performed by this password encoder.
|
protected abstract byte[] |
extractClearPassword(byte[] unPrefixedUnFormattedEncodedPasswordBytes,
ReadOnlyEntry userEntry)
Attempts to extract the clear-text password used to generate the provided
encoded representation, if possible.
|
ASN1OctetString |
extractClearPasswordFromEncodedPassword(ASN1OctetString prefixedFormattedEncodedPassword,
ReadOnlyEntry userEntry)
Attempts to extract the clear-text password used to generate the provided
encoded representation, if possible.
|
PasswordEncoderOutputFormatter |
getOutputFormatter()
Retrieves the output formatter that will be used when generating the
encoded representation of a password.
|
java.lang.String |
getPrefix()
Retrieves the string that will appear at the beginning of encoded
passwords.
|
protected abstract boolean |
passwordMatches(byte[] clearPasswordBytes,
byte[] unPrefixedUnFormattedEncodedPasswordBytes,
ReadOnlyEntry userEntry)
Indicates whether the provided clear-text password could have been used to
generate the given encoded password.
|
boolean |
passwordStartsWithPrefix(ASN1OctetString password)
Indicates whether the provided password starts with the encoded password
prefix.
|
java.lang.String |
toString()
Retrieves a string representation of this password encoder.
|
abstract void |
toString(java.lang.StringBuilder buffer)
Appends a string representation of this password encoder to the provided
buffer.
|
protected InMemoryPasswordEncoder(@NotNull java.lang.String prefix, @Nullable PasswordEncoderOutputFormatter outputFormatter)
prefix
- The string that will appear at the beginning of
encoded passwords. It must not be null
or
empty.outputFormatter
- The output formatter that will be used to format
the encoded representation of clear-text
passwords. It may be null
if no
special formatting should be applied to the raw
bytes.@NotNull public final java.lang.String getPrefix()
@Nullable public final PasswordEncoderOutputFormatter getOutputFormatter()
nulL
if no output
formatting will be applied.@NotNull public final ASN1OctetString encodePassword(@NotNull ASN1OctetString clearPassword, @NotNull ReadOnlyEntry userEntry, @NotNull java.util.List<Modification> modifications) throws LDAPException
clearPassword
- The clear-text password to be encoded. It must not
be null
or empty, and it must not be
pre-encoded.userEntry
- The entry in which the encoded password will appear.
It must not be null
. If the entry is in the
process of being modified, then this will be a
representation of the entry as it appeared before
any changes have been applied.modifications
- A set of modifications to be applied to the user
entry. It must not be [@code null}. It will be an
empty list for entries created via LDAP add and LDIF
import operations. It will be a non-empty list for
LDAP modifications.LDAPException
- If a problem is encountered while trying to encode
the provided clear-text password.@NotNull protected abstract byte[] encodePassword(@NotNull byte[] clearPassword, @NotNull ReadOnlyEntry userEntry, @NotNull java.util.List<Modification> modifications) throws LDAPException
clearPassword
- The bytes that comprise the clear-text password to
be encoded. It must not be null
or empty.userEntry
- The entry in which the encoded password will appear.
It must not be null
. If the entry is in the
process of being modified, then this will be a
representation of the entry as it appeared before
any changes have been applied.modifications
- A set of modifications to be applied to the user
entry. It must not be [@code null}. It will be an
empty list for entries created via LDAP add and LDIF
import operations. It will be a non-empty list for
LDAP modifications.LDAPException
- If a problem is encountered while trying to encode
the provided clear-text password.public final void ensurePreEncodedPasswordAppearsValid(@NotNull ASN1OctetString prefixedFormattedEncodedPassword, @NotNull ReadOnlyEntry userEntry, @NotNull java.util.List<Modification> modifications) throws LDAPException
prefixedFormattedEncodedPassword
- The pre-encoded password to validate. It must not be
null
, and it should include the prefix and any
applicable output formatting.userEntry
- The entry in which the password will appear. It must not be
null
. If the entry is in the process of being
modified, then this will be a representation of the entry
as it appeared before any changes have been applied.modifications
- A set of modifications to be applied to the user entry. It
must not be [@code null}. It will be an empty list for
entries created via LDAP add and LDIF import operations. It
will be a non-empty list for LDAP modifications.LDAPException
- If the provided encoded password is not compatible
with the validation performed by this password
encoder, or if a problem is encountered while
making the determination.protected abstract void ensurePreEncodedPasswordAppearsValid(@NotNull byte[] unPrefixedUnFormattedEncodedPasswordBytes, @NotNull ReadOnlyEntry userEntry, @NotNull java.util.List<Modification> modifications) throws LDAPException
true
if the provided
unPrefixedUnFormattedEncodedPasswordBytes
value could be used in
conjunction with the passwordMatches(byte[], byte[], com.unboundid.ldap.sdk.ReadOnlyEntry)
method, even if it does not
exactly match the format of the output that would have been generated by
the encodePassword(com.unboundid.asn1.ASN1OctetString, com.unboundid.ldap.sdk.ReadOnlyEntry, java.util.List<com.unboundid.ldap.sdk.Modification>)
method. For example, if this password encoder
uses a salt, then it may be desirable to accept passwords encoded with a
salt that has a different length than the encodePassword
method
would use when encoding a clear-test password. This may allow the
in-memory directory server to support pre-encoded passwords generated from
other types of directory servers that may use different settings when
encoding passwords, but still generates encoded passwords that are
compatible with this password encoder.unPrefixedUnFormattedEncodedPasswordBytes
- The bytes that comprise the pre-encoded password to validate,
with the prefix stripped off and the output formatting
reverted.userEntry
- The entry in which the password will appear. It must not be
null
. If the entry is in the process of being
modified, then this will be a representation of the entry
as it appeared before any changes have been applied.modifications
- A set of modifications to be applied to the user entry. It
must not be [@code null}. It will be an empty list for
entries created via LDAP add and LDIF import operations. It
will be a non-empty list for LDAP modifications.LDAPException
- If the provided encoded password is not compatible
with the validation performed by this password
encoder, or if a problem is encountered while
making the determination.public final boolean clearPasswordMatchesEncodedPassword(@NotNull ASN1OctetString clearPassword, @NotNull ASN1OctetString prefixedFormattedEncodedPassword, @NotNull ReadOnlyEntry userEntry) throws LDAPException
clearPassword
- The clear-text password to be compared against the encoded
password. It must not be null
or empty.prefixedFormattedEncodedPassword
- The encoded password to compare against the clear-text
password. It must not be null
, it must include the
prefix, and any appropriate output formatting must have been
applied.userEntry
- The entry in which the encoded password appears. It must not
be null
.true
if the provided clear-text password could be used to
generate the given encoded password, or false
if not.LDAPException
- If a problem is encountered while making the
determination.protected abstract boolean passwordMatches(@NotNull byte[] clearPasswordBytes, @NotNull byte[] unPrefixedUnFormattedEncodedPasswordBytes, @NotNull ReadOnlyEntry userEntry) throws LDAPException
clearPasswordBytes
- The bytes that comprise the clear-text password to be
compared against the encoded password. It must not be
null
or empty.unPrefixedUnFormattedEncodedPasswordBytes
- The bytes that comprise the encoded password, with the prefix
stripped off and the output formatting reverted.userEntry
- The entry in which the encoded password appears. It must not
be null
.true
if the provided clear-text password could have been
used to generate the given encoded password, or false
if
not.LDAPException
- If a problem is encountered while attempting to
make the determination.@NotNull public final ASN1OctetString extractClearPasswordFromEncodedPassword(@NotNull ASN1OctetString prefixedFormattedEncodedPassword, @NotNull ReadOnlyEntry userEntry) throws LDAPException
prefixedFormattedEncodedPassword
- The encoded password from which to extract the clear-text
password. It must not be null
, it must include the
prefix, and any appropriate output formatting must have been
applied.userEntry
- The entry in which the encoded password appears. It must not
be null
.LDAPException
- If this password encoder is not reversible, or if a
problem occurs while trying to extract the
clear-text representation from the provided encoded
password.@NotNull protected abstract byte[] extractClearPassword(@NotNull byte[] unPrefixedUnFormattedEncodedPasswordBytes, @NotNull ReadOnlyEntry userEntry) throws LDAPException
unPrefixedUnFormattedEncodedPasswordBytes
- The bytes that comprise the encoded password, with the prefix
stripped off and the output formatting reverted.userEntry
- The entry in which the encoded password appears. It must not
be null
.LDAPException
- If this password encoder is not reversible, or if a
problem occurs while trying to extract the
clear-text representation from the provided encoded
password.public final boolean passwordStartsWithPrefix(@NotNull ASN1OctetString password)
password
- The password for which to make the determination.true
if the provided password starts with the encoded
password prefix, or false
if not.@NotNull public final java.lang.String toString()
toString
in class java.lang.Object