/** {@inheritDoc} */
  @Override
  public boolean passwordMatches(ByteSequence plaintextPassword, ByteSequence storedPassword) {
    // TODO: Can we avoid this copy?
    byte[] plaintextPasswordBytes = null;
    ByteString userPWDigestBytes;

    synchronized (digestLock) {
      try {
        plaintextPasswordBytes = plaintextPassword.toByteArray();
        userPWDigestBytes = ByteString.wrap(messageDigest.digest(plaintextPasswordBytes));
      } catch (Exception e) {
        logger.traceException(e);

        return false;
      } finally {
        if (plaintextPasswordBytes != null) {
          Arrays.fill(plaintextPasswordBytes, (byte) 0);
        }
      }
    }

    ByteString storedPWDigestBytes;
    try {
      storedPWDigestBytes = ByteString.wrap(Base64.decode(storedPassword.toString()));
    } catch (Exception e) {
      logger.traceException(e);
      logger.error(ERR_PWSCHEME_CANNOT_BASE64_DECODE_STORED_PASSWORD, storedPassword, e);
      return false;
    }

    return userPWDigestBytes.equals(storedPWDigestBytes);
  }
  @Override
  public ByteString normalizeAttributeValue(final Schema schema, final ByteSequence value)
      throws DecodeException {
    final String definition = value.toString();
    final SubstringReader reader = new SubstringReader(definition);

    // We'll do this a character at a time. First, skip over any leading whitespace.
    reader.skipWhitespaces();

    if (reader.remaining() <= 0) {
      // Value was empty or contained only whitespace. This is illegal.
      final LocalizableMessage message = ERR_ATTR_SYNTAX_EMPTY_VALUE.get();
      throw DecodeException.error(message);
    }

    // The next character must be an open parenthesis.
    // If it is not, then that is an error.
    final char c = reader.read();
    if (c != '(') {
      throw DecodeException.error(
          ERR_ATTR_SYNTAX_EXPECTED_OPEN_PARENTHESIS.get(definition, reader.pos() - 1, c));
    }

    // Skip over any spaces immediately following the opening parenthesis.
    reader.skipWhitespaces();

    // The next set of characters must be the OID.
    final String oid = readOID(reader, schema.getOption(ALLOW_MALFORMED_NAMES_AND_OPTIONS));
    return ByteString.valueOf(resolveNames(schema, oid));
  }
示例#3
0
  /**
   * Decodes the contents of the provided ASN.1 octet string as a DIT content rule definition
   * according to the rules of this syntax. Note that the provided octet string value does not need
   * to be normalized (and in fact, it should not be in order to allow the desired capitalization to
   * be preserved).
   *
   * @param value The ASN.1 octet string containing the value to decode (it does not need to be
   *     normalized).
   * @param schema The schema to use to resolve references to other schema elements.
   * @param allowUnknownElements Indicates whether to allow values that reference a name form and/or
   *     superior rules which are not defined in the server schema. This should only be true when
   *     called by {@code valueIsAcceptable}.
   * @return The decoded DIT content rule definition.
   * @throws DirectoryException If the provided value cannot be decoded as an DIT content rule
   *     definition.
   */
  public static DITContentRule decodeDITContentRule(
      ByteSequence value, Schema schema, boolean allowUnknownElements) throws DirectoryException {
    // Get string representations of the provided value using the provided form
    // and with all lowercase characters.
    String valueStr = value.toString();
    String lowerStr = toLowerCase(valueStr);

    // We'll do this a character at a time.  First, skip over any leading
    // whitespace.
    int pos = 0;
    int length = valueStr.length();
    while (pos < length && valueStr.charAt(pos) == ' ') {
      pos++;
    }

    if (pos >= length) {
      // This means that the value was empty or contained only whitespace.  That
      // is illegal.
      LocalizableMessage message = ERR_ATTR_SYNTAX_DCR_EMPTY_VALUE.get();
      throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message);
    }

    // The next character must be an open parenthesis.  If it is not, then that
    // is an error.
    char c = valueStr.charAt(pos++);
    if (c != '(') {
      LocalizableMessage message =
          ERR_ATTR_SYNTAX_DCR_EXPECTED_OPEN_PARENTHESIS.get(valueStr, pos - 1, c);
      throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message);
    }

    // Skip over any spaces immediately following the opening parenthesis.
    while (pos < length && ((c = valueStr.charAt(pos)) == ' ')) {
      pos++;
    }

    if (pos >= length) {
      // This means that the end of the value was reached before we could find
      // the OID.  Ths is illegal.
      LocalizableMessage message = ERR_ATTR_SYNTAX_DCR_TRUNCATED_VALUE.get(valueStr);
      throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message);
    }

    // The next set of characters must be the OID.  Strictly speaking, this
    // should only be a numeric OID, but we'll also allow for the
    // "ocname-oid" case as well.  Look at the first character to figure out
    // which we will be using.
    int oidStartPos = pos;
    if (isDigit(c)) {
      // This must be a numeric OID.  In that case, we will accept only digits
      // and periods, but not consecutive periods.
      boolean lastWasPeriod = false;
      while (pos < length && ((c = valueStr.charAt(pos++)) != ' ')) {
        if (c == '.') {
          if (lastWasPeriod) {
            LocalizableMessage message =
                ERR_ATTR_SYNTAX_DCR_DOUBLE_PERIOD_IN_NUMERIC_OID.get(valueStr, pos - 1);
            throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message);
          }
          lastWasPeriod = true;
        } else if (!isDigit(c)) {
          // This must have been an illegal character.
          LocalizableMessage message =
              ERR_ATTR_SYNTAX_DCR_ILLEGAL_CHAR_IN_NUMERIC_OID.get(valueStr, c, pos - 1);
          throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message);
        } else {
          lastWasPeriod = false;
        }
      }
    } else {
      // This must be a "fake" OID.  In this case, we will only accept
      // alphabetic characters, numeric digits, and the hyphen.
      while (pos < length && ((c = valueStr.charAt(pos++)) != ' ')) {
        if (isAlpha(c)
            || isDigit(c)
            || c == '-'
            || (c == '_' && DirectoryServer.allowAttributeNameExceptions())) {
          // This is fine.  It is an acceptable character.
        } else {
          // This must have been an illegal character.
          LocalizableMessage message =
              ERR_ATTR_SYNTAX_DCR_ILLEGAL_CHAR_IN_STRING_OID.get(valueStr, c, pos - 1);
          throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message);
        }
      }
    }

    // If we're at the end of the value, then it isn't a valid DIT content rule
    // description.  Otherwise, parse out the OID.
    if (pos >= length) {
      LocalizableMessage message = ERR_ATTR_SYNTAX_DCR_TRUNCATED_VALUE.get(valueStr);
      throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message);
    }

    String oid = lowerStr.substring(oidStartPos, pos - 1);

    // Get the objectclass with the specified OID.  If it does not exist or is
    // not structural, then fail.
    ObjectClass structuralClass = schema.getObjectClass(oid);
    if (structuralClass == null) {
      if (allowUnknownElements) {
        structuralClass = DirectoryServer.getDefaultObjectClass(oid);
      } else {
        LocalizableMessage message =
            ERR_ATTR_SYNTAX_DCR_UNKNOWN_STRUCTURAL_CLASS.get(valueStr, oid);
        throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message);
      }
    } else if (structuralClass.getObjectClassType() != ObjectClassType.STRUCTURAL) {
      LocalizableMessage message =
          ERR_ATTR_SYNTAX_DCR_STRUCTURAL_CLASS_NOT_STRUCTURAL.get(
              valueStr, oid, structuralClass.getNameOrOID(), structuralClass.getObjectClassType());
      throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message);
    }

    // Skip over the space(s) after the OID.
    while (pos < length && ((c = valueStr.charAt(pos)) == ' ')) {
      pos++;
    }

    if (pos >= length) {
      // This means that the end of the value was reached before we could find
      // the OID.  Ths is illegal.
      LocalizableMessage message = ERR_ATTR_SYNTAX_DCR_TRUNCATED_VALUE.get(valueStr);
      throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message);
    }

    // At this point, we should have a pretty specific syntax that describes
    // what may come next, but some of the components are optional and it would
    // be pretty easy to put something in the wrong order, so we will be very
    // flexible about what we can accept.  Just look at the next token, figure
    // out what it is and how to treat what comes after it, then repeat until
    // we get to the end of the value.  But before we start, set default values
    // for everything else we might need to know.
    LinkedHashMap<String, String> names = new LinkedHashMap<>();
    String description = null;
    boolean isObsolete = false;
    LinkedHashSet<ObjectClass> auxiliaryClasses = new LinkedHashSet<>();
    LinkedHashSet<AttributeType> requiredAttributes = new LinkedHashSet<>();
    LinkedHashSet<AttributeType> optionalAttributes = new LinkedHashSet<>();
    LinkedHashSet<AttributeType> prohibitedAttributes = new LinkedHashSet<>();
    LinkedHashMap<String, List<String>> extraProperties = new LinkedHashMap<>();

    while (true) {
      StringBuilder tokenNameBuffer = new StringBuilder();
      pos = readTokenName(valueStr, tokenNameBuffer, pos);
      String tokenName = tokenNameBuffer.toString();
      String lowerTokenName = toLowerCase(tokenName);
      if (tokenName.equals(")")) {
        // We must be at the end of the value.  If not, then that's a problem.
        if (pos < length) {
          LocalizableMessage message =
              ERR_ATTR_SYNTAX_DCR_UNEXPECTED_CLOSE_PARENTHESIS.get(valueStr, pos - 1);
          throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message);
        }

        break;
      } else if (lowerTokenName.equals("name")) {
        // This specifies the set of names for the DIT content rule.  It may be
        // a single name in single quotes, or it may be an open parenthesis
        // followed by one or more names in single quotes separated by spaces.
        c = valueStr.charAt(pos++);
        if (c == '\'') {
          StringBuilder userBuffer = new StringBuilder();
          StringBuilder lowerBuffer = new StringBuilder();
          pos = readQuotedString(valueStr, lowerStr, userBuffer, lowerBuffer, pos - 1);
          names.put(lowerBuffer.toString(), userBuffer.toString());
        } else if (c == '(') {
          StringBuilder userBuffer = new StringBuilder();
          StringBuilder lowerBuffer = new StringBuilder();
          pos = readQuotedString(valueStr, lowerStr, userBuffer, lowerBuffer, pos);
          names.put(lowerBuffer.toString(), userBuffer.toString());

          while (true) {
            if (valueStr.charAt(pos) == ')') {
              // Skip over any spaces after the parenthesis.
              pos++;
              while (pos < length && ((c = valueStr.charAt(pos)) == ' ')) {
                pos++;
              }

              break;
            } else {
              userBuffer = new StringBuilder();
              lowerBuffer = new StringBuilder();

              pos = readQuotedString(valueStr, lowerStr, userBuffer, lowerBuffer, pos);
              names.put(lowerBuffer.toString(), userBuffer.toString());
            }
          }
        } else {
          // This is an illegal character.
          LocalizableMessage message = ERR_ATTR_SYNTAX_DCR_ILLEGAL_CHAR.get(valueStr, c, pos - 1);
          throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message);
        }
      } else if (lowerTokenName.equals("desc")) {
        // This specifies the description for the DIT content rule.  It is an
        // arbitrary string of characters enclosed in single quotes.
        StringBuilder descriptionBuffer = new StringBuilder();
        pos = readQuotedString(valueStr, descriptionBuffer, pos);
        description = descriptionBuffer.toString();
      } else if (lowerTokenName.equals("obsolete")) {
        // This indicates whether the DIT content rule should be considered
        // obsolete.  We do not need to do any more parsing for this token.
        isObsolete = true;
      } else if (lowerTokenName.equals("aux")) {
        LinkedList<ObjectClass> ocs = new LinkedList<>();

        // This specifies the set of required auxiliary objectclasses for this
        // DIT content rule.  It may be a single name or OID (not in quotes), or
        // it may be an open parenthesis followed by one or more names separated
        // by spaces and the dollar sign character, followed by a closing
        // parenthesis.
        c = valueStr.charAt(pos++);
        if (c == '(') {
          while (true) {
            StringBuilder woidBuffer = new StringBuilder();
            pos = readWOID(lowerStr, woidBuffer, pos);

            ObjectClass oc = schema.getObjectClass(woidBuffer.toString());
            if (oc == null) {
              // This isn't good because it is an unknown auxiliary class.
              if (allowUnknownElements) {
                oc = DirectoryServer.getDefaultAuxiliaryObjectClass(woidBuffer.toString());
              } else {
                throw new DirectoryException(
                    ResultCode.CONSTRAINT_VIOLATION,
                    ERR_ATTR_SYNTAX_DCR_UNKNOWN_AUXILIARY_CLASS.get(valueStr, woidBuffer));
              }
            } else if (oc.getObjectClassType() != ObjectClassType.AUXILIARY) {
              // This isn't good because it isn't an auxiliary class.
              LocalizableMessage message =
                  ERR_ATTR_SYNTAX_DCR_AUXILIARY_CLASS_NOT_AUXILIARY.get(
                      valueStr, woidBuffer, oc.getObjectClassType());
              throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message);
            }

            ocs.add(oc);

            // The next character must be either a dollar sign or a closing
            // parenthesis.
            c = valueStr.charAt(pos++);
            if (c == ')') {
              // This denotes the end of the list.
              break;
            } else if (c != '$') {
              LocalizableMessage message =
                  ERR_ATTR_SYNTAX_DCR_ILLEGAL_CHAR.get(valueStr, c, pos - 1);
              throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message);
            }
          }
        } else {
          StringBuilder woidBuffer = new StringBuilder();
          pos = readWOID(lowerStr, woidBuffer, pos - 1);

          ObjectClass oc = schema.getObjectClass(woidBuffer.toString());
          if (oc == null) {
            // This isn't good because it is an unknown auxiliary class.
            if (allowUnknownElements) {
              oc = DirectoryServer.getDefaultAuxiliaryObjectClass(woidBuffer.toString());
            } else {
              throw new DirectoryException(
                  ResultCode.CONSTRAINT_VIOLATION,
                  ERR_ATTR_SYNTAX_DCR_UNKNOWN_AUXILIARY_CLASS.get(valueStr, woidBuffer));
            }
          } else if (oc.getObjectClassType() != ObjectClassType.AUXILIARY) {
            // This isn't good because it isn't an auxiliary class.
            LocalizableMessage message =
                ERR_ATTR_SYNTAX_DCR_AUXILIARY_CLASS_NOT_AUXILIARY.get(
                    valueStr, woidBuffer, oc.getObjectClassType());
            throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message);
          }

          ocs.add(oc);
        }

        auxiliaryClasses.addAll(ocs);
      } else if (lowerTokenName.equals("must")) {
        LinkedList<AttributeType> attrs = new LinkedList<>();

        // This specifies the set of required attributes for the DIT content
        // rule.  It may be a single name or OID (not in quotes), or it may be
        // an open parenthesis followed by one or more names separated by spaces
        // and the dollar sign character, followed by a closing parenthesis.
        c = valueStr.charAt(pos++);
        if (c == '(') {
          while (true) {
            StringBuilder woidBuffer = new StringBuilder();
            pos = readWOID(lowerStr, woidBuffer, pos);
            attrs.add(
                getAttribute(
                    schema,
                    allowUnknownElements,
                    valueStr,
                    woidBuffer,
                    ERR_ATTR_SYNTAX_DCR_UNKNOWN_REQUIRED_ATTR));

            // The next character must be either a dollar sign or a closing parenthesis.
            c = valueStr.charAt(pos++);
            if (c == ')') {
              // This denotes the end of the list.
              break;
            } else if (c != '$') {
              LocalizableMessage message =
                  ERR_ATTR_SYNTAX_DCR_ILLEGAL_CHAR.get(valueStr, c, pos - 1);
              throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message);
            }
          }
        } else {
          StringBuilder woidBuffer = new StringBuilder();
          pos = readWOID(lowerStr, woidBuffer, pos - 1);
          attrs.add(
              getAttribute(
                  schema,
                  allowUnknownElements,
                  valueStr,
                  woidBuffer,
                  ERR_ATTR_SYNTAX_DCR_UNKNOWN_REQUIRED_ATTR));
        }

        requiredAttributes.addAll(attrs);
      } else if (lowerTokenName.equals("may")) {
        LinkedList<AttributeType> attrs = new LinkedList<>();

        // This specifies the set of optional attributes for the DIT content
        // rule.  It may be a single name or OID (not in quotes), or it may be
        // an open parenthesis followed by one or more names separated by spaces
        // and the dollar sign character, followed by a closing parenthesis.
        c = valueStr.charAt(pos++);
        if (c == '(') {
          while (true) {
            StringBuilder woidBuffer = new StringBuilder();
            pos = readWOID(lowerStr, woidBuffer, pos);
            attrs.add(
                getAttribute(
                    schema,
                    allowUnknownElements,
                    valueStr,
                    woidBuffer,
                    ERR_ATTR_SYNTAX_DCR_UNKNOWN_OPTIONAL_ATTR));

            // The next character must be either a dollar sign or a closing parenthesis.
            c = valueStr.charAt(pos++);
            if (c == ')') {
              // This denotes the end of the list.
              break;
            } else if (c != '$') {
              LocalizableMessage message =
                  ERR_ATTR_SYNTAX_DCR_ILLEGAL_CHAR.get(valueStr, c, pos - 1);
              throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message);
            }
          }
        } else {
          StringBuilder woidBuffer = new StringBuilder();
          pos = readWOID(lowerStr, woidBuffer, pos - 1);
          attrs.add(
              getAttribute(
                  schema,
                  allowUnknownElements,
                  valueStr,
                  woidBuffer,
                  ERR_ATTR_SYNTAX_DCR_UNKNOWN_OPTIONAL_ATTR));
        }

        optionalAttributes.addAll(attrs);
      } else if (lowerTokenName.equals("not")) {
        LinkedList<AttributeType> attrs = new LinkedList<>();

        // This specifies the set of prohibited attributes for the DIT content
        // rule.  It may be a single name or OID (not in quotes), or it may be
        // an open parenthesis followed by one or more names separated by spaces
        // and the dollar sign character, followed by a closing parenthesis.
        c = valueStr.charAt(pos++);
        if (c == '(') {
          while (true) {
            StringBuilder woidBuffer = new StringBuilder();
            pos = readWOID(lowerStr, woidBuffer, pos);
            attrs.add(
                getAttribute(
                    schema,
                    allowUnknownElements,
                    valueStr,
                    woidBuffer,
                    ERR_ATTR_SYNTAX_DCR_UNKNOWN_PROHIBITED_ATTR));

            // The next character must be either a dollar sign or a closing parenthesis.
            c = valueStr.charAt(pos++);
            if (c == ')') {
              // This denotes the end of the list.
              break;
            } else if (c != '$') {
              LocalizableMessage message =
                  ERR_ATTR_SYNTAX_DCR_ILLEGAL_CHAR.get(valueStr, c, pos - 1);
              throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message);
            }
          }
        } else {
          StringBuilder woidBuffer = new StringBuilder();
          pos = readWOID(lowerStr, woidBuffer, pos - 1);
          attrs.add(
              getAttribute(
                  schema,
                  allowUnknownElements,
                  valueStr,
                  woidBuffer,
                  ERR_ATTR_SYNTAX_DCR_UNKNOWN_PROHIBITED_ATTR));
        }

        prohibitedAttributes.addAll(attrs);
      } else {
        // This must be a non-standard property and it must be followed by
        // either a single value in single quotes or an open parenthesis
        // followed by one or more values in single quotes separated by spaces
        // followed by a close parenthesis.
        LinkedList<String> valueList = new LinkedList<>();
        pos = readExtraParameterValues(valueStr, valueList, pos);
        extraProperties.put(tokenName, valueList);
      }
    }

    // Make sure that none of the prohibited attributes is required by the
    // structural or any of the auxiliary classes.
    for (AttributeType t : prohibitedAttributes) {
      if (structuralClass.isRequired(t)) {
        LocalizableMessage message =
            ERR_ATTR_SYNTAX_DCR_PROHIBITED_REQUIRED_BY_STRUCTURAL.get(
                valueStr, t.getNameOrOID(), structuralClass.getNameOrOID());
        throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message);
      }

      for (ObjectClass oc : auxiliaryClasses) {
        if (oc.isRequired(t)) {
          LocalizableMessage message =
              ERR_ATTR_SYNTAX_DCR_PROHIBITED_REQUIRED_BY_AUXILIARY.get(
                  valueStr, t.getNameOrOID(), oc.getNameOrOID());
          throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message);
        }
      }
    }

    return new DITContentRule(
        value.toString(),
        structuralClass,
        names,
        description,
        auxiliaryClasses,
        requiredAttributes,
        optionalAttributes,
        prohibitedAttributes,
        isObsolete,
        extraProperties);
  }
  public ByteString normalizeAttributeValue(final Schema schema, final ByteSequence value)
      throws DecodeException {
    if (value.length() != 36) {
      final LocalizableMessage message =
          WARN_ATTR_SYNTAX_UUID_INVALID_LENGTH.get(value.toString(), value.length());
      throw DecodeException.error(message);
    }

    final StringBuilder builder = new StringBuilder(36);
    char c;
    for (int i = 0; i < 36; i++) {
      // The 9th, 14th, 19th, and 24th characters must be dashes. All
      // others must be hex. Convert all uppercase hex characters to
      // lowercase.
      c = (char) value.byteAt(i);
      switch (i) {
        case 8:
        case 13:
        case 18:
        case 23:
          if (c != '-') {
            final LocalizableMessage message =
                WARN_ATTR_SYNTAX_UUID_EXPECTED_DASH.get(value.toString(), i, String.valueOf(c));
            throw DecodeException.error(message);
          }
          builder.append(c);
          break;
        default:
          switch (c) {
            case '0':
            case '1':
            case '2':
            case '3':
            case '4':
            case '5':
            case '6':
            case '7':
            case '8':
            case '9':
            case 'a':
            case 'b':
            case 'c':
            case 'd':
            case 'e':
            case 'f':
              // These are all fine.
              builder.append(c);
              break;
            case 'A':
              builder.append('a');
              break;
            case 'B':
              builder.append('b');
              break;
            case 'C':
              builder.append('c');
              break;
            case 'D':
              builder.append('d');
              break;
            case 'E':
              builder.append('e');
              break;
            case 'F':
              builder.append('f');
              break;
            default:
              final LocalizableMessage message =
                  WARN_ATTR_SYNTAX_UUID_EXPECTED_HEX.get(
                      value.toString(), i, String.valueOf(value.byteAt(i)));
              throw DecodeException.error(message);
          }
      }
    }

    return ByteString.valueOf(builder);
  }
 @Override
 public String keyToHumanReadableString(ByteSequence key) {
   return key.toString();
 }