001    /*
002     * CDDL HEADER START
003     *
004     * The contents of this file are subject to the terms of the
005     * Common Development and Distribution License, Version 1.0 only
006     * (the "License").  You may not use this file except in compliance
007     * with the License.
008     *
009     * You can obtain a copy of the license at
010     * trunk/opends/resource/legal-notices/OpenDS.LICENSE
011     * or https://OpenDS.dev.java.net/OpenDS.LICENSE.
012     * See the License for the specific language governing permissions
013     * and limitations under the License.
014     *
015     * When distributing Covered Code, include this CDDL HEADER in each
016     * file and include the License file at
017     * trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
018     * add the following below this CDDL HEADER, with the fields enclosed
019     * by brackets "[]" replaced with your own identifying information:
020     *      Portions Copyright [yyyy] [name of copyright owner]
021     *
022     * CDDL HEADER END
023     *
024     *
025     *      Copyright 2006-2008 Sun Microsystems, Inc.
026     */
027    package org.opends.server.schema;
028    
029    
030    
031    import java.util.Arrays;
032    
033    import org.opends.server.admin.std.server.EqualityMatchingRuleCfg;
034    import org.opends.server.api.EqualityMatchingRule;
035    import org.opends.server.api.PasswordStorageScheme;
036    import org.opends.server.config.ConfigException;
037    import org.opends.server.core.DirectoryServer;
038    import org.opends.server.protocols.asn1.ASN1OctetString;
039    import org.opends.server.types.AttributeValue;
040    import org.opends.server.types.ByteString;
041    import org.opends.server.types.ConditionResult;
042    import org.opends.server.types.DirectoryException;
043    import org.opends.server.types.InitializationException;
044    
045    import static org.opends.server.loggers.debug.DebugLogger.*;
046    import org.opends.server.loggers.debug.DebugTracer;
047    import org.opends.server.types.DebugLogLevel;
048    import static org.opends.server.schema.SchemaConstants.*;
049    
050    
051    
052    /**
053     * This class implements the authPasswordMatch matching rule defined in RFC
054     * 3112.
055     */
056    public class AuthPasswordEqualityMatchingRule
057           extends EqualityMatchingRule
058    {
059      /**
060       * The tracer object for the debug logger.
061       */
062      private static final DebugTracer TRACER = getTracer();
063    
064    
065    
066    
067      /**
068       * Creates a new instance of this authPasswordMatch matching rule.
069       */
070      public AuthPasswordEqualityMatchingRule()
071      {
072        super();
073      }
074    
075    
076    
077      /**
078       * {@inheritDoc}
079       */
080      public void initializeMatchingRule(EqualityMatchingRuleCfg configuration)
081             throws ConfigException, InitializationException
082      {
083        // No initialization is required.
084      }
085    
086    
087    
088      /**
089       * Retrieves the common name for this matching rule.
090       *
091       * @return  The common name for this matching rule, or <CODE>null</CODE> if
092       * it does not have a name.
093       */
094      public String getName()
095      {
096        return EMR_AUTH_PASSWORD_NAME;
097      }
098    
099    
100    
101      /**
102       * Retrieves the OID for this matching rule.
103       *
104       * @return  The OID for this matching rule.
105       */
106      public String getOID()
107      {
108        return EMR_AUTH_PASSWORD_OID;
109      }
110    
111    
112    
113      /**
114       * Retrieves the description for this matching rule.
115       *
116       * @return  The description for this matching rule, or <CODE>null</CODE> if
117       *          there is none.
118       */
119      public String getDescription()
120      {
121        // There is no standard description for this matching rule.
122        return EMR_AUTH_PASSWORD_DESCRIPTION;
123      }
124    
125    
126    
127      /**
128       * Retrieves the OID of the syntax with which this matching rule is
129       * associated.
130       *
131       * @return  The OID of the syntax with which this matching rule is associated.
132       */
133      public String getSyntaxOID()
134      {
135        return SYNTAX_AUTH_PASSWORD_OID;
136      }
137    
138    
139    
140      /**
141       * Retrieves the normalized form of the provided value, which is best suited
142       * for efficiently performing matching operations on that value.
143       *
144       * @param  value  The value to be normalized.
145       *
146       * @return  The normalized version of the provided value.
147       *
148       * @throws  DirectoryException  If the provided value is invalid according to
149       *                              the associated attribute syntax.
150       */
151      public ByteString normalizeValue(ByteString value)
152             throws DirectoryException
153      {
154        // We will not alter the value in any way, but we'll create a new value
155        // just in case something else is using the underlying array.
156        byte[] currentValue = value.value();
157        byte[] newValue     = new byte[currentValue.length];
158        System.arraycopy(currentValue, 0, newValue, 0, currentValue.length);
159    
160        return new ASN1OctetString(newValue);
161      }
162    
163    
164    
165      /**
166       * Indicates whether the two provided normalized values are equal to each
167       * other.
168       *
169       * @param  value1  The normalized form of the first value to compare.
170       * @param  value2  The normalized form of the second value to compare.
171       *
172       * @return  <CODE>true</CODE> if the provided values are equal, or
173       *          <CODE>false</CODE> if not.
174       */
175      public boolean areEqual(ByteString value1, ByteString value2)
176      {
177        // Since the values are already normalized, we just need to compare the
178        // associated byte arrays.
179        return Arrays.equals(value1.value(), value2.value());
180      }
181    
182    
183    
184      /**
185       * Indicates whether the provided attribute value should be considered a match
186       * for the given assertion value.  This will only be used for the purpose of
187       * extensible matching.  Other forms of matching against equality matching
188       * rules should use the <CODE>areEqual</CODE> method.
189       *
190       * @param  attributeValue  The attribute value in a form that has been
191       *                         normalized according to this matching rule.
192       * @param  assertionValue  The assertion value in a form that has been
193       *                         normalized according to this matching rule.
194       *
195       * @return  <CODE>true</CODE> if the attribute value should be considered a
196       *          match for the provided assertion value, or <CODE>false</CODE> if
197       *          not.
198       */
199      public ConditionResult valuesMatch(ByteString attributeValue,
200                                         ByteString assertionValue)
201      {
202        // We must be able to decode the attribute value using the authentication
203        // password syntax.
204        StringBuilder[] authPWComponents;
205        try
206        {
207          authPWComponents =
208               AuthPasswordSyntax.decodeAuthPassword(attributeValue.stringValue());
209        }
210        catch (Exception e)
211        {
212          if (debugEnabled())
213          {
214            TRACER.debugCaught(DebugLogLevel.ERROR, e);
215          }
216    
217          return ConditionResult.FALSE;
218        }
219    
220    
221        // The first element of the array will be the scheme.  Make sure that we
222        // support the requested scheme.
223        PasswordStorageScheme storageScheme =
224             DirectoryServer.getAuthPasswordStorageScheme(
225                  authPWComponents[0].toString());
226        if (storageScheme == null)
227        {
228          // It's not a scheme that we can support.
229          return ConditionResult.FALSE;
230        }
231    
232    
233        // We support the scheme, so make the determination.
234        if (storageScheme.authPasswordMatches(assertionValue,
235                                              authPWComponents[1].toString(),
236                                              authPWComponents[2].toString()))
237        {
238          return ConditionResult.TRUE;
239        }
240        else
241        {
242          return ConditionResult.FALSE;
243        }
244      }
245    
246    
247    
248      /**
249       * Generates a hash code for the provided attribute value.  This version of
250       * the method will simply create a hash code from the normalized form of the
251       * attribute value.  For matching rules explicitly designed to work in cases
252       * where byte-for-byte comparisons of normalized values is not sufficient for
253       * determining equality (e.g., if the associated attribute syntax is based on
254       * hashed or encrypted values), then this method must be overridden to provide
255       * an appropriate implementation for that case.
256       *
257       * @param  attributeValue  The attribute value for which to generate the hash
258       *                         code.
259       *
260       * @return  The hash code generated for the provided attribute value.
261       */
262      public int generateHashCode(AttributeValue attributeValue)
263      {
264        // Because of the variable encoding that may be used, we have no way of
265        // comparing two auth password values by hash code and therefore we'll
266        // always return the same value so that the valuesMatch method will be
267        // invoked to make the determination.
268        return 1;
269      }
270    }
271