001 /* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at 010 * trunk/opends/resource/legal-notices/OpenDS.LICENSE 011 * or https://OpenDS.dev.java.net/OpenDS.LICENSE. 012 * See the License for the specific language governing permissions 013 * and limitations under the License. 014 * 015 * When distributing Covered Code, include this CDDL HEADER in each 016 * file and include the License file at 017 * trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable, 018 * add the following below this CDDL HEADER, with the fields enclosed 019 * by brackets "[]" replaced with your own identifying information: 020 * Portions Copyright [yyyy] [name of copyright owner] 021 * 022 * CDDL HEADER END 023 * 024 * 025 * Copyright 2006-2008 Sun Microsystems, Inc. 026 */ 027 package org.opends.server.schema; 028 029 030 031 import java.util.Arrays; 032 033 import org.opends.server.admin.std.server.EqualityMatchingRuleCfg; 034 import org.opends.server.api.EqualityMatchingRule; 035 import org.opends.server.api.PasswordStorageScheme; 036 import org.opends.server.config.ConfigException; 037 import org.opends.server.core.DirectoryServer; 038 import org.opends.server.protocols.asn1.ASN1OctetString; 039 import org.opends.server.types.AttributeValue; 040 import org.opends.server.types.ByteString; 041 import org.opends.server.types.ConditionResult; 042 import org.opends.server.types.DirectoryException; 043 import org.opends.server.types.InitializationException; 044 045 import static org.opends.server.loggers.debug.DebugLogger.*; 046 import org.opends.server.loggers.debug.DebugTracer; 047 import org.opends.server.types.DebugLogLevel; 048 import static org.opends.server.schema.SchemaConstants.*; 049 050 051 052 /** 053 * This class implements the authPasswordMatch matching rule defined in RFC 054 * 3112. 055 */ 056 public class AuthPasswordEqualityMatchingRule 057 extends EqualityMatchingRule 058 { 059 /** 060 * The tracer object for the debug logger. 061 */ 062 private static final DebugTracer TRACER = getTracer(); 063 064 065 066 067 /** 068 * Creates a new instance of this authPasswordMatch matching rule. 069 */ 070 public AuthPasswordEqualityMatchingRule() 071 { 072 super(); 073 } 074 075 076 077 /** 078 * {@inheritDoc} 079 */ 080 public void initializeMatchingRule(EqualityMatchingRuleCfg configuration) 081 throws ConfigException, InitializationException 082 { 083 // No initialization is required. 084 } 085 086 087 088 /** 089 * Retrieves the common name for this matching rule. 090 * 091 * @return The common name for this matching rule, or <CODE>null</CODE> if 092 * it does not have a name. 093 */ 094 public String getName() 095 { 096 return EMR_AUTH_PASSWORD_NAME; 097 } 098 099 100 101 /** 102 * Retrieves the OID for this matching rule. 103 * 104 * @return The OID for this matching rule. 105 */ 106 public String getOID() 107 { 108 return EMR_AUTH_PASSWORD_OID; 109 } 110 111 112 113 /** 114 * Retrieves the description for this matching rule. 115 * 116 * @return The description for this matching rule, or <CODE>null</CODE> if 117 * there is none. 118 */ 119 public String getDescription() 120 { 121 // There is no standard description for this matching rule. 122 return EMR_AUTH_PASSWORD_DESCRIPTION; 123 } 124 125 126 127 /** 128 * Retrieves the OID of the syntax with which this matching rule is 129 * associated. 130 * 131 * @return The OID of the syntax with which this matching rule is associated. 132 */ 133 public String getSyntaxOID() 134 { 135 return SYNTAX_AUTH_PASSWORD_OID; 136 } 137 138 139 140 /** 141 * Retrieves the normalized form of the provided value, which is best suited 142 * for efficiently performing matching operations on that value. 143 * 144 * @param value The value to be normalized. 145 * 146 * @return The normalized version of the provided value. 147 * 148 * @throws DirectoryException If the provided value is invalid according to 149 * the associated attribute syntax. 150 */ 151 public ByteString normalizeValue(ByteString value) 152 throws DirectoryException 153 { 154 // We will not alter the value in any way, but we'll create a new value 155 // just in case something else is using the underlying array. 156 byte[] currentValue = value.value(); 157 byte[] newValue = new byte[currentValue.length]; 158 System.arraycopy(currentValue, 0, newValue, 0, currentValue.length); 159 160 return new ASN1OctetString(newValue); 161 } 162 163 164 165 /** 166 * Indicates whether the two provided normalized values are equal to each 167 * other. 168 * 169 * @param value1 The normalized form of the first value to compare. 170 * @param value2 The normalized form of the second value to compare. 171 * 172 * @return <CODE>true</CODE> if the provided values are equal, or 173 * <CODE>false</CODE> if not. 174 */ 175 public boolean areEqual(ByteString value1, ByteString value2) 176 { 177 // Since the values are already normalized, we just need to compare the 178 // associated byte arrays. 179 return Arrays.equals(value1.value(), value2.value()); 180 } 181 182 183 184 /** 185 * Indicates whether the provided attribute value should be considered a match 186 * for the given assertion value. This will only be used for the purpose of 187 * extensible matching. Other forms of matching against equality matching 188 * rules should use the <CODE>areEqual</CODE> method. 189 * 190 * @param attributeValue The attribute value in a form that has been 191 * normalized according to this matching rule. 192 * @param assertionValue The assertion value in a form that has been 193 * normalized according to this matching rule. 194 * 195 * @return <CODE>true</CODE> if the attribute value should be considered a 196 * match for the provided assertion value, or <CODE>false</CODE> if 197 * not. 198 */ 199 public ConditionResult valuesMatch(ByteString attributeValue, 200 ByteString assertionValue) 201 { 202 // We must be able to decode the attribute value using the authentication 203 // password syntax. 204 StringBuilder[] authPWComponents; 205 try 206 { 207 authPWComponents = 208 AuthPasswordSyntax.decodeAuthPassword(attributeValue.stringValue()); 209 } 210 catch (Exception e) 211 { 212 if (debugEnabled()) 213 { 214 TRACER.debugCaught(DebugLogLevel.ERROR, e); 215 } 216 217 return ConditionResult.FALSE; 218 } 219 220 221 // The first element of the array will be the scheme. Make sure that we 222 // support the requested scheme. 223 PasswordStorageScheme storageScheme = 224 DirectoryServer.getAuthPasswordStorageScheme( 225 authPWComponents[0].toString()); 226 if (storageScheme == null) 227 { 228 // It's not a scheme that we can support. 229 return ConditionResult.FALSE; 230 } 231 232 233 // We support the scheme, so make the determination. 234 if (storageScheme.authPasswordMatches(assertionValue, 235 authPWComponents[1].toString(), 236 authPWComponents[2].toString())) 237 { 238 return ConditionResult.TRUE; 239 } 240 else 241 { 242 return ConditionResult.FALSE; 243 } 244 } 245 246 247 248 /** 249 * Generates a hash code for the provided attribute value. This version of 250 * the method will simply create a hash code from the normalized form of the 251 * attribute value. For matching rules explicitly designed to work in cases 252 * where byte-for-byte comparisons of normalized values is not sufficient for 253 * determining equality (e.g., if the associated attribute syntax is based on 254 * hashed or encrypted values), then this method must be overridden to provide 255 * an appropriate implementation for that case. 256 * 257 * @param attributeValue The attribute value for which to generate the hash 258 * code. 259 * 260 * @return The hash code generated for the provided attribute value. 261 */ 262 public int generateHashCode(AttributeValue attributeValue) 263 { 264 // Because of the variable encoding that may be used, we have no way of 265 // comparing two auth password values by hash code and therefore we'll 266 // always return the same value so that the valuesMatch method will be 267 // invoked to make the determination. 268 return 1; 269 } 270 } 271