/** {@inheritDoc} */
@Override
public boolean passwordMatches(ByteSequence plaintextPassword, ByteSequence storedPassword) {
// TODO: Can we avoid this copy?
byte[] plaintextPasswordBytes = null;
ByteString userPWDigestBytes;
synchronized (digestLock) {
try {
plaintextPasswordBytes = plaintextPassword.toByteArray();
userPWDigestBytes = ByteString.wrap(messageDigest.digest(plaintextPasswordBytes));
} catch (Exception e) {
logger.traceException(e);
return false;
} finally {
if (plaintextPasswordBytes != null) {
Arrays.fill(plaintextPasswordBytes, (byte) 0);
}
}
}
ByteString storedPWDigestBytes;
try {
storedPWDigestBytes = ByteString.wrap(Base64.decode(storedPassword.toString()));
} catch (Exception e) {
logger.traceException(e);
logger.error(ERR_PWSCHEME_CANNOT_BASE64_DECODE_STORED_PASSWORD, storedPassword, e);
return false;
}
return userPWDigestBytes.equals(storedPWDigestBytes);
}
/** {@inheritDoc} */
@Override
public ByteString encodePasswordWithScheme(ByteSequence plaintext) throws DirectoryException {
StringBuilder buffer = new StringBuilder();
buffer.append('{');
buffer.append(STORAGE_SCHEME_NAME_SHA_1);
buffer.append('}');
// TODO: Can we avoid this copy?
byte[] plaintextBytes = null;
byte[] digestBytes;
synchronized (digestLock) {
try {
plaintextBytes = plaintext.toByteArray();
digestBytes = messageDigest.digest(plaintextBytes);
} catch (Exception e) {
logger.traceException(e);
LocalizableMessage message =
ERR_PWSCHEME_CANNOT_ENCODE_PASSWORD.get(CLASS_NAME, getExceptionMessage(e));
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message, e);
} finally {
if (plaintextBytes != null) {
Arrays.fill(plaintextBytes, (byte) 0);
}
}
}
buffer.append(Base64.encode(digestBytes));
return ByteString.valueOfUtf8(buffer);
}
@Override
public ByteString normalizeAttributeValue(final Schema schema, final ByteSequence value)
throws DecodeException {
final String definition = value.toString();
final SubstringReader reader = new SubstringReader(definition);
// We'll do this a character at a time. First, skip over any leading whitespace.
reader.skipWhitespaces();
if (reader.remaining() <= 0) {
// Value was empty or contained only whitespace. This is illegal.
final LocalizableMessage message = ERR_ATTR_SYNTAX_EMPTY_VALUE.get();
throw DecodeException.error(message);
}
// The next character must be an open parenthesis.
// If it is not, then that is an error.
final char c = reader.read();
if (c != '(') {
throw DecodeException.error(
ERR_ATTR_SYNTAX_EXPECTED_OPEN_PARENTHESIS.get(definition, reader.pos() - 1, c));
}
// Skip over any spaces immediately following the opening parenthesis.
reader.skipWhitespaces();
// The next set of characters must be the OID.
final String oid = readOID(reader, schema.getOption(ALLOW_MALFORMED_NAMES_AND_OPTIONS));
return ByteString.valueOf(resolveNames(schema, oid));
}
/**
* Decodes the contents of the provided ASN.1 octet string as a DIT content rule definition
* according to the rules of this syntax. Note that the provided octet string value does not need
* to be normalized (and in fact, it should not be in order to allow the desired capitalization to
* be preserved).
*
* @param value The ASN.1 octet string containing the value to decode (it does not need to be
* normalized).
* @param schema The schema to use to resolve references to other schema elements.
* @param allowUnknownElements Indicates whether to allow values that reference a name form and/or
* superior rules which are not defined in the server schema. This should only be true when
* called by {@code valueIsAcceptable}.
* @return The decoded DIT content rule definition.
* @throws DirectoryException If the provided value cannot be decoded as an DIT content rule
* definition.
*/
public static DITContentRule decodeDITContentRule(
ByteSequence value, Schema schema, boolean allowUnknownElements) throws DirectoryException {
// Get string representations of the provided value using the provided form
// and with all lowercase characters.
String valueStr = value.toString();
String lowerStr = toLowerCase(valueStr);
// We'll do this a character at a time. First, skip over any leading
// whitespace.
int pos = 0;
int length = valueStr.length();
while (pos < length && valueStr.charAt(pos) == ' ') {
pos++;
}
if (pos >= length) {
// This means that the value was empty or contained only whitespace. That
// is illegal.
LocalizableMessage message = ERR_ATTR_SYNTAX_DCR_EMPTY_VALUE.get();
throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message);
}
// The next character must be an open parenthesis. If it is not, then that
// is an error.
char c = valueStr.charAt(pos++);
if (c != '(') {
LocalizableMessage message =
ERR_ATTR_SYNTAX_DCR_EXPECTED_OPEN_PARENTHESIS.get(valueStr, pos - 1, c);
throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message);
}
// Skip over any spaces immediately following the opening parenthesis.
while (pos < length && ((c = valueStr.charAt(pos)) == ' ')) {
pos++;
}
if (pos >= length) {
// This means that the end of the value was reached before we could find
// the OID. Ths is illegal.
LocalizableMessage message = ERR_ATTR_SYNTAX_DCR_TRUNCATED_VALUE.get(valueStr);
throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message);
}
// The next set of characters must be the OID. Strictly speaking, this
// should only be a numeric OID, but we'll also allow for the
// "ocname-oid" case as well. Look at the first character to figure out
// which we will be using.
int oidStartPos = pos;
if (isDigit(c)) {
// This must be a numeric OID. In that case, we will accept only digits
// and periods, but not consecutive periods.
boolean lastWasPeriod = false;
while (pos < length && ((c = valueStr.charAt(pos++)) != ' ')) {
if (c == '.') {
if (lastWasPeriod) {
LocalizableMessage message =
ERR_ATTR_SYNTAX_DCR_DOUBLE_PERIOD_IN_NUMERIC_OID.get(valueStr, pos - 1);
throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message);
}
lastWasPeriod = true;
} else if (!isDigit(c)) {
// This must have been an illegal character.
LocalizableMessage message =
ERR_ATTR_SYNTAX_DCR_ILLEGAL_CHAR_IN_NUMERIC_OID.get(valueStr, c, pos - 1);
throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message);
} else {
lastWasPeriod = false;
}
}
} else {
// This must be a "fake" OID. In this case, we will only accept
// alphabetic characters, numeric digits, and the hyphen.
while (pos < length && ((c = valueStr.charAt(pos++)) != ' ')) {
if (isAlpha(c)
|| isDigit(c)
|| c == '-'
|| (c == '_' && DirectoryServer.allowAttributeNameExceptions())) {
// This is fine. It is an acceptable character.
} else {
// This must have been an illegal character.
LocalizableMessage message =
ERR_ATTR_SYNTAX_DCR_ILLEGAL_CHAR_IN_STRING_OID.get(valueStr, c, pos - 1);
throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message);
}
}
}
// If we're at the end of the value, then it isn't a valid DIT content rule
// description. Otherwise, parse out the OID.
if (pos >= length) {
LocalizableMessage message = ERR_ATTR_SYNTAX_DCR_TRUNCATED_VALUE.get(valueStr);
throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message);
}
String oid = lowerStr.substring(oidStartPos, pos - 1);
// Get the objectclass with the specified OID. If it does not exist or is
// not structural, then fail.
ObjectClass structuralClass = schema.getObjectClass(oid);
if (structuralClass == null) {
if (allowUnknownElements) {
structuralClass = DirectoryServer.getDefaultObjectClass(oid);
} else {
LocalizableMessage message =
ERR_ATTR_SYNTAX_DCR_UNKNOWN_STRUCTURAL_CLASS.get(valueStr, oid);
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message);
}
} else if (structuralClass.getObjectClassType() != ObjectClassType.STRUCTURAL) {
LocalizableMessage message =
ERR_ATTR_SYNTAX_DCR_STRUCTURAL_CLASS_NOT_STRUCTURAL.get(
valueStr, oid, structuralClass.getNameOrOID(), structuralClass.getObjectClassType());
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message);
}
// Skip over the space(s) after the OID.
while (pos < length && ((c = valueStr.charAt(pos)) == ' ')) {
pos++;
}
if (pos >= length) {
// This means that the end of the value was reached before we could find
// the OID. Ths is illegal.
LocalizableMessage message = ERR_ATTR_SYNTAX_DCR_TRUNCATED_VALUE.get(valueStr);
throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message);
}
// At this point, we should have a pretty specific syntax that describes
// what may come next, but some of the components are optional and it would
// be pretty easy to put something in the wrong order, so we will be very
// flexible about what we can accept. Just look at the next token, figure
// out what it is and how to treat what comes after it, then repeat until
// we get to the end of the value. But before we start, set default values
// for everything else we might need to know.
LinkedHashMap<String, String> names = new LinkedHashMap<>();
String description = null;
boolean isObsolete = false;
LinkedHashSet<ObjectClass> auxiliaryClasses = new LinkedHashSet<>();
LinkedHashSet<AttributeType> requiredAttributes = new LinkedHashSet<>();
LinkedHashSet<AttributeType> optionalAttributes = new LinkedHashSet<>();
LinkedHashSet<AttributeType> prohibitedAttributes = new LinkedHashSet<>();
LinkedHashMap<String, List<String>> extraProperties = new LinkedHashMap<>();
while (true) {
StringBuilder tokenNameBuffer = new StringBuilder();
pos = readTokenName(valueStr, tokenNameBuffer, pos);
String tokenName = tokenNameBuffer.toString();
String lowerTokenName = toLowerCase(tokenName);
if (tokenName.equals(")")) {
// We must be at the end of the value. If not, then that's a problem.
if (pos < length) {
LocalizableMessage message =
ERR_ATTR_SYNTAX_DCR_UNEXPECTED_CLOSE_PARENTHESIS.get(valueStr, pos - 1);
throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message);
}
break;
} else if (lowerTokenName.equals("name")) {
// This specifies the set of names for the DIT content rule. It may be
// a single name in single quotes, or it may be an open parenthesis
// followed by one or more names in single quotes separated by spaces.
c = valueStr.charAt(pos++);
if (c == '\'') {
StringBuilder userBuffer = new StringBuilder();
StringBuilder lowerBuffer = new StringBuilder();
pos = readQuotedString(valueStr, lowerStr, userBuffer, lowerBuffer, pos - 1);
names.put(lowerBuffer.toString(), userBuffer.toString());
} else if (c == '(') {
StringBuilder userBuffer = new StringBuilder();
StringBuilder lowerBuffer = new StringBuilder();
pos = readQuotedString(valueStr, lowerStr, userBuffer, lowerBuffer, pos);
names.put(lowerBuffer.toString(), userBuffer.toString());
while (true) {
if (valueStr.charAt(pos) == ')') {
// Skip over any spaces after the parenthesis.
pos++;
while (pos < length && ((c = valueStr.charAt(pos)) == ' ')) {
pos++;
}
break;
} else {
userBuffer = new StringBuilder();
lowerBuffer = new StringBuilder();
pos = readQuotedString(valueStr, lowerStr, userBuffer, lowerBuffer, pos);
names.put(lowerBuffer.toString(), userBuffer.toString());
}
}
} else {
// This is an illegal character.
LocalizableMessage message = ERR_ATTR_SYNTAX_DCR_ILLEGAL_CHAR.get(valueStr, c, pos - 1);
throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message);
}
} else if (lowerTokenName.equals("desc")) {
// This specifies the description for the DIT content rule. It is an
// arbitrary string of characters enclosed in single quotes.
StringBuilder descriptionBuffer = new StringBuilder();
pos = readQuotedString(valueStr, descriptionBuffer, pos);
description = descriptionBuffer.toString();
} else if (lowerTokenName.equals("obsolete")) {
// This indicates whether the DIT content rule should be considered
// obsolete. We do not need to do any more parsing for this token.
isObsolete = true;
} else if (lowerTokenName.equals("aux")) {
LinkedList<ObjectClass> ocs = new LinkedList<>();
// This specifies the set of required auxiliary objectclasses for this
// DIT content rule. It may be a single name or OID (not in quotes), or
// it may be an open parenthesis followed by one or more names separated
// by spaces and the dollar sign character, followed by a closing
// parenthesis.
c = valueStr.charAt(pos++);
if (c == '(') {
while (true) {
StringBuilder woidBuffer = new StringBuilder();
pos = readWOID(lowerStr, woidBuffer, pos);
ObjectClass oc = schema.getObjectClass(woidBuffer.toString());
if (oc == null) {
// This isn't good because it is an unknown auxiliary class.
if (allowUnknownElements) {
oc = DirectoryServer.getDefaultAuxiliaryObjectClass(woidBuffer.toString());
} else {
throw new DirectoryException(
ResultCode.CONSTRAINT_VIOLATION,
ERR_ATTR_SYNTAX_DCR_UNKNOWN_AUXILIARY_CLASS.get(valueStr, woidBuffer));
}
} else if (oc.getObjectClassType() != ObjectClassType.AUXILIARY) {
// This isn't good because it isn't an auxiliary class.
LocalizableMessage message =
ERR_ATTR_SYNTAX_DCR_AUXILIARY_CLASS_NOT_AUXILIARY.get(
valueStr, woidBuffer, oc.getObjectClassType());
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message);
}
ocs.add(oc);
// The next character must be either a dollar sign or a closing
// parenthesis.
c = valueStr.charAt(pos++);
if (c == ')') {
// This denotes the end of the list.
break;
} else if (c != '$') {
LocalizableMessage message =
ERR_ATTR_SYNTAX_DCR_ILLEGAL_CHAR.get(valueStr, c, pos - 1);
throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message);
}
}
} else {
StringBuilder woidBuffer = new StringBuilder();
pos = readWOID(lowerStr, woidBuffer, pos - 1);
ObjectClass oc = schema.getObjectClass(woidBuffer.toString());
if (oc == null) {
// This isn't good because it is an unknown auxiliary class.
if (allowUnknownElements) {
oc = DirectoryServer.getDefaultAuxiliaryObjectClass(woidBuffer.toString());
} else {
throw new DirectoryException(
ResultCode.CONSTRAINT_VIOLATION,
ERR_ATTR_SYNTAX_DCR_UNKNOWN_AUXILIARY_CLASS.get(valueStr, woidBuffer));
}
} else if (oc.getObjectClassType() != ObjectClassType.AUXILIARY) {
// This isn't good because it isn't an auxiliary class.
LocalizableMessage message =
ERR_ATTR_SYNTAX_DCR_AUXILIARY_CLASS_NOT_AUXILIARY.get(
valueStr, woidBuffer, oc.getObjectClassType());
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message);
}
ocs.add(oc);
}
auxiliaryClasses.addAll(ocs);
} else if (lowerTokenName.equals("must")) {
LinkedList<AttributeType> attrs = new LinkedList<>();
// This specifies the set of required attributes for the DIT content
// rule. It may be a single name or OID (not in quotes), or it may be
// an open parenthesis followed by one or more names separated by spaces
// and the dollar sign character, followed by a closing parenthesis.
c = valueStr.charAt(pos++);
if (c == '(') {
while (true) {
StringBuilder woidBuffer = new StringBuilder();
pos = readWOID(lowerStr, woidBuffer, pos);
attrs.add(
getAttribute(
schema,
allowUnknownElements,
valueStr,
woidBuffer,
ERR_ATTR_SYNTAX_DCR_UNKNOWN_REQUIRED_ATTR));
// The next character must be either a dollar sign or a closing parenthesis.
c = valueStr.charAt(pos++);
if (c == ')') {
// This denotes the end of the list.
break;
} else if (c != '$') {
LocalizableMessage message =
ERR_ATTR_SYNTAX_DCR_ILLEGAL_CHAR.get(valueStr, c, pos - 1);
throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message);
}
}
} else {
StringBuilder woidBuffer = new StringBuilder();
pos = readWOID(lowerStr, woidBuffer, pos - 1);
attrs.add(
getAttribute(
schema,
allowUnknownElements,
valueStr,
woidBuffer,
ERR_ATTR_SYNTAX_DCR_UNKNOWN_REQUIRED_ATTR));
}
requiredAttributes.addAll(attrs);
} else if (lowerTokenName.equals("may")) {
LinkedList<AttributeType> attrs = new LinkedList<>();
// This specifies the set of optional attributes for the DIT content
// rule. It may be a single name or OID (not in quotes), or it may be
// an open parenthesis followed by one or more names separated by spaces
// and the dollar sign character, followed by a closing parenthesis.
c = valueStr.charAt(pos++);
if (c == '(') {
while (true) {
StringBuilder woidBuffer = new StringBuilder();
pos = readWOID(lowerStr, woidBuffer, pos);
attrs.add(
getAttribute(
schema,
allowUnknownElements,
valueStr,
woidBuffer,
ERR_ATTR_SYNTAX_DCR_UNKNOWN_OPTIONAL_ATTR));
// The next character must be either a dollar sign or a closing parenthesis.
c = valueStr.charAt(pos++);
if (c == ')') {
// This denotes the end of the list.
break;
} else if (c != '$') {
LocalizableMessage message =
ERR_ATTR_SYNTAX_DCR_ILLEGAL_CHAR.get(valueStr, c, pos - 1);
throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message);
}
}
} else {
StringBuilder woidBuffer = new StringBuilder();
pos = readWOID(lowerStr, woidBuffer, pos - 1);
attrs.add(
getAttribute(
schema,
allowUnknownElements,
valueStr,
woidBuffer,
ERR_ATTR_SYNTAX_DCR_UNKNOWN_OPTIONAL_ATTR));
}
optionalAttributes.addAll(attrs);
} else if (lowerTokenName.equals("not")) {
LinkedList<AttributeType> attrs = new LinkedList<>();
// This specifies the set of prohibited attributes for the DIT content
// rule. It may be a single name or OID (not in quotes), or it may be
// an open parenthesis followed by one or more names separated by spaces
// and the dollar sign character, followed by a closing parenthesis.
c = valueStr.charAt(pos++);
if (c == '(') {
while (true) {
StringBuilder woidBuffer = new StringBuilder();
pos = readWOID(lowerStr, woidBuffer, pos);
attrs.add(
getAttribute(
schema,
allowUnknownElements,
valueStr,
woidBuffer,
ERR_ATTR_SYNTAX_DCR_UNKNOWN_PROHIBITED_ATTR));
// The next character must be either a dollar sign or a closing parenthesis.
c = valueStr.charAt(pos++);
if (c == ')') {
// This denotes the end of the list.
break;
} else if (c != '$') {
LocalizableMessage message =
ERR_ATTR_SYNTAX_DCR_ILLEGAL_CHAR.get(valueStr, c, pos - 1);
throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message);
}
}
} else {
StringBuilder woidBuffer = new StringBuilder();
pos = readWOID(lowerStr, woidBuffer, pos - 1);
attrs.add(
getAttribute(
schema,
allowUnknownElements,
valueStr,
woidBuffer,
ERR_ATTR_SYNTAX_DCR_UNKNOWN_PROHIBITED_ATTR));
}
prohibitedAttributes.addAll(attrs);
} else {
// This must be a non-standard property and it must be followed by
// either a single value in single quotes or an open parenthesis
// followed by one or more values in single quotes separated by spaces
// followed by a close parenthesis.
LinkedList<String> valueList = new LinkedList<>();
pos = readExtraParameterValues(valueStr, valueList, pos);
extraProperties.put(tokenName, valueList);
}
}
// Make sure that none of the prohibited attributes is required by the
// structural or any of the auxiliary classes.
for (AttributeType t : prohibitedAttributes) {
if (structuralClass.isRequired(t)) {
LocalizableMessage message =
ERR_ATTR_SYNTAX_DCR_PROHIBITED_REQUIRED_BY_STRUCTURAL.get(
valueStr, t.getNameOrOID(), structuralClass.getNameOrOID());
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message);
}
for (ObjectClass oc : auxiliaryClasses) {
if (oc.isRequired(t)) {
LocalizableMessage message =
ERR_ATTR_SYNTAX_DCR_PROHIBITED_REQUIRED_BY_AUXILIARY.get(
valueStr, t.getNameOrOID(), oc.getNameOrOID());
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message);
}
}
}
return new DITContentRule(
value.toString(),
structuralClass,
names,
description,
auxiliaryClasses,
requiredAttributes,
optionalAttributes,
prohibitedAttributes,
isObsolete,
extraProperties);
}
public ByteString normalizeAttributeValue(final Schema schema, final ByteSequence value)
throws DecodeException {
if (value.length() != 36) {
final LocalizableMessage message =
WARN_ATTR_SYNTAX_UUID_INVALID_LENGTH.get(value.toString(), value.length());
throw DecodeException.error(message);
}
final StringBuilder builder = new StringBuilder(36);
char c;
for (int i = 0; i < 36; i++) {
// The 9th, 14th, 19th, and 24th characters must be dashes. All
// others must be hex. Convert all uppercase hex characters to
// lowercase.
c = (char) value.byteAt(i);
switch (i) {
case 8:
case 13:
case 18:
case 23:
if (c != '-') {
final LocalizableMessage message =
WARN_ATTR_SYNTAX_UUID_EXPECTED_DASH.get(value.toString(), i, String.valueOf(c));
throw DecodeException.error(message);
}
builder.append(c);
break;
default:
switch (c) {
case '0':
case '1':
case '2':
case '3':
case '4':
case '5':
case '6':
case '7':
case '8':
case '9':
case 'a':
case 'b':
case 'c':
case 'd':
case 'e':
case 'f':
// These are all fine.
builder.append(c);
break;
case 'A':
builder.append('a');
break;
case 'B':
builder.append('b');
break;
case 'C':
builder.append('c');
break;
case 'D':
builder.append('d');
break;
case 'E':
builder.append('e');
break;
case 'F':
builder.append('f');
break;
default:
final LocalizableMessage message =
WARN_ATTR_SYNTAX_UUID_EXPECTED_HEX.get(
value.toString(), i, String.valueOf(value.byteAt(i)));
throw DecodeException.error(message);
}
}
}
return ByteString.valueOf(builder);
}
@Override
public String keyToHumanReadableString(ByteSequence key) {
return key.toString();
}