...
| Code Block | ||||
|---|---|---|---|---|
| ||||
package org.apache.directory.samples.interceptor.pwdhash; import static org.apache.directory.samples.interceptor.pwdhash.HashTools.applyHashAlgorithm; import static org.apache.directory.samples.interceptor.pwdhash.HashTools.isAlreadyHashed; import java.util.List; import java.util.Set; import org.apache.directory.server.core.entry.ClonedServerEntry; import org.apache.directory.server.core.interceptor.BaseInterceptor; import org.apache.directory.server.core.interceptor.NextInterceptor; import org.apache.directory.server.core.interceptor.context.AddOperationContext; import org.apache.directory.server.core.interceptor.context.ModifyOperationContext; import org.apache.directory.shared.ldap.entry.EntryAttribute; import org.apache.directory.shared.ldap.entry.Modification; import org.apache.directory.shared.ldap.entry.ModificationOperation; import org.apache.directory.shared.ldap.schema.AttributeType; public class PasswordHashInterceptor extends BaseInterceptor { private String passwordAttributeNamehashAlgorithm = "userPasswordMD5"; private String hashAlgorithmpasswordAttributeName = "MD5userPassword"; public void setPasswordAttributeNamesetHashAlgorithm(String passwordAttributeNamehashAlgorithm) { this.passwordAttributeNamehashAlgorithm = passwordAttributeNamehashAlgorithm; } public void setHashAlgorithmsetPasswordAttributeName(String hashAlgorithmpasswordAttributeName) { this.hashAlgorithmpasswordAttributeName = hashAlgorithmpasswordAttributeName; } /** * Intercepts the modifyadd operation in order to replace plain password values * with hashed ones. */ @Override public void modifyadd(NextInterceptor next, ModifyOperationContextAddOperationContext opContext) throws Exception { List<Modification>ClonedServerEntry itemsentry = opContext.getModItemsgetEntry(); forEntryAttribute (Modificationattribute modification : items) { = entry.get(passwordAttributeName); if (modification.getOperation()attribute !== ModificationOperation.ADD_ATTRIBUTE null) { hashPasswordIfNeccessary(attribute); || modification.getOperation() == ModificationOperation.REPLACE_ATTRIBUTE) { } EntryAttribute attribute = modification.getAttribute(super.add(next, opContext); } /** * Intercepts the if (attribute.getId().equalsIgnoreCase(passwordAttributeName)) { modify operation in order to replace plain password values * with hashed ones. hashPasswordIfNeccessary(attribute);*/ @Override public void modify(NextInterceptor next, }ModifyOperationContext opContext) } throws Exception { } List<Modification> items = super.modify(next, opContextopContext.getModItems(); } /** * Intercepts the add operation in order to replace plain password values for (Modification modification : items) { *ModificationOperation withoperation hashed= onesmodification.getOperation(); */ @Override public voidif add(NextInterceptoroperation next, AddOperationContext opContext)== ModificationOperation.ADD_ATTRIBUTE throws Exception { ClonedServerEntry|| entryoperation == opContext.getEntry();ModificationOperation.REPLACE_ATTRIBUTE) { Set<AttributeType> attributeTypes = entry.getAttributeTypes(); EntryAttribute attribute for= (AttributeType attributeType : attributeTypes) { modification.getAttribute(); if (attributeTypeattribute.getNamegetId().equalsIgnoreCase(passwordAttributeName)) { EntryAttribute attribute = entry.gethashPasswordIfNeccessary(attributeTypeattribute); hashPasswordIfNeccessary(attribute);} } } super.addmodify(next, opContext); } protected void hashPasswordIfNeccessary(EntryAttribute attribute) { try { byte[] password = attribute.getBytes(); if (!isAlreadyHashed(password)) { byte[] hashed = applyHashAlgorithm(hashAlgorithm, password); attribute.clear(); attribute.add(hashed); } } catch (Exception e) { throw new RuntimeException("Password hash failed", e); } } } |
...