001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020 021package org.apache.directory.api.ldap.model.password; 022 023 024import org.apache.directory.api.ldap.model.constants.LdapSecurityConstants; 025import org.apache.directory.api.util.Strings; 026 027 028/** 029 * A class to store all informations about the existing 030 * password found in the cache or get from the backend. 031 * 032 * This is necessary as we have to compute : 033 * - the used algorithm 034 * - the salt if any 035 * - the password itself. 036 * 037 * If we have a on-way encrypted password, it is stored using this 038 * format : 039 * {<algorithm>}<encrypted password> 040 * where the encrypted password format can be : 041 * - MD5/SHA : base64(<password>) 042 * - SMD5/SSH/PKCS5S2 : base64(<salted-password-digest><salt (4 or 8 bytes)>) 043 * - crypt : <salt (2 btytes)><password> 044 * 045 * Algorithm are currently MD5, SMD5, SHA, SSHA, SHA2, SSHA-2 (except SHA-224), PKCS5S2, CRYPT and empty 046 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 047 */ 048public class EncryptionMethod 049{ 050 private byte[] salt; 051 private LdapSecurityConstants algorithm; 052 053 054 public EncryptionMethod( LdapSecurityConstants algorithm, byte[] salt ) 055 { 056 this.algorithm = algorithm; 057 this.salt = salt; 058 } 059 060 061 public LdapSecurityConstants getAlgorithm() 062 { 063 return algorithm; 064 } 065 066 067 public byte[] getSalt() 068 { 069 return salt; 070 } 071 072 073 public void setSalt( byte[] salt ) 074 { 075 // just to make this class immutable, though we have a setter 076 if ( this.salt != null ) 077 { 078 throw new IllegalStateException( "salt will only be allowed to set once" ); 079 } 080 081 this.salt = salt; 082 } 083 084 085 @Override 086 public String toString() 087 { 088 return "EncryptionMethod [algorithm=" + algorithm.getName().toUpperCase() + ", salt=" 089 + Strings.dumpBytes( salt ) + "]"; 090 } 091 092}