Versions Compared

Old Version 15

changes.mady.by.user Stefan Zoerner

Saved on

compared with

New Version 16

changes.mady.by.user Stefan Zoerner

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
java
java
package org.apache.directory.samples.interceptor.pwdhash;

import static org.apache.directory.samples.interceptor.pwdhash.HashTools.applyHashAlgorithm;
import static org.apache.directory.samples.interceptor.pwdhash.HashTools.isAlreadyHashed;

import java.util.List;
import java.util.Set;

import org.apache.directory.server.core.entry.ClonedServerEntry;
import org.apache.directory.server.core.interceptor.BaseInterceptor;
import org.apache.directory.server.core.interceptor.NextInterceptor;
import org.apache.directory.server.core.interceptor.context.AddOperationContext;
import org.apache.directory.server.core.interceptor.context.ModifyOperationContext;
import org.apache.directory.shared.ldap.entry.EntryAttribute;
import org.apache.directory.shared.ldap.entry.Modification;
import org.apache.directory.shared.ldap.entry.ModificationOperation;
import org.apache.directory.shared.ldap.schema.AttributeType;

public class PasswordHashInterceptor extends BaseInterceptor {

    private String passwordAttributeName = "userPassword";

    private String hashAlgorithm = "MD5";

    public void setPasswordAttributeName(String passwordAttributeName) {
        this.passwordAttributeName = passwordAttributeName;
    }

    public void setHashAlgorithm(String hashAlgorithm) {
        this.hashAlgorithm = hashAlgorithm;
    }

    /**
     * Intercepts the modify operation in order to replace plain password values
     * with hashed ones.
     */
    @Override
    public void modify(NextInterceptor next, ModifyOperationContext opContext)
            throws Exception {

        List<Modification> items = opContext.getModItems();
        for (Modification modification : items) {
            if (modification.getOperation() == ModificationOperation.ADD_ATTRIBUTE
                    || modification.getOperation() == ModificationOperation.REPLACE_ATTRIBUTE) {
                EntryAttribute attribute = modification.getAttribute();
                if (attribute.getId().equalsIgnoreCase(passwordAttributeName)) {
                    hashPasswordIfNeccessary(attribute);
                }
            }
        }
        super.modify(next, opContext);
    }

    /**
     * Intercepts the add operation in order to replace plain password values
     * with hashed ones.
     */
    @Override
    public void add(NextInterceptor next, AddOperationContext opContext)
            throws Exception {

        ClonedServerEntry entry = opContext.getEntry();
        Set<AttributeType> attributeTypes = entry.getAttributeTypes();
        for (AttributeType attributeType : attributeTypes) {
            if (attributeType.getName().equalsIgnoreCase(passwordAttributeName)) {
                EntryAttribute attribute = entry.get(attributeType);
                hashPasswordIfNeccessary(attribute);
            }
        }

        super.add(next, opContext);
    }

    protected void hashPasswordIfNeccessary(EntryAttribute attribute) {
        try {
            byte[] password = attribute.getBytes();
            if (!isAlreadyHashed(password)) {
                byte[] hashed = applyHashAlgorithm(hashAlgorithm, password);
                System.out.println("Hashed value:" + new String(hashed));
                attribute.clear();
                attribute.add(hashed);
            }
        } catch (Exception e) {
            throw new RuntimeException("Password hash failed", e);
        }
    }
}

...