directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kayyag...@apache.org
Subject svn commit: r1026513 - in /directory: apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/ shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/constants/
Date Fri, 22 Oct 2010 22:19:57 GMT
Author: kayyagari
Date: Fri Oct 22 22:19:57 2010
New Revision: 1026513

URL: http://svn.apache.org/viewvc?rev=1026513&view=rev
Log:
o moved reusable code from SimpleAuthenticator to PasswordUtil class and EncryptionMethod
class to a new public class 
o added support for SHA-2 group of algorithms(SHA-256,384 and 512 including the slated versions)

Added:
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/EncryptionMethod.java
Modified:
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
    directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/constants/LdapSecurityConstants.java

Added: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/EncryptionMethod.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/EncryptionMethod.java?rev=1026513&view=auto
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/EncryptionMethod.java
(added)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/EncryptionMethod.java
Fri Oct 22 22:19:57 2010
@@ -0,0 +1,92 @@
+/*
+ *   Licensed to the Apache Software Foundation (ASF) under one
+ *   or more contributor license agreements.  See the NOTICE file
+ *   distributed with this work for additional information
+ *   regarding copyright ownership.  The ASF licenses this file
+ *   to you under the Apache License, Version 2.0 (the
+ *   "License"); you may not use this file except in compliance
+ *   with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+
+package org.apache.directory.server.core.authn;
+
+
+import org.apache.directory.shared.ldap.constants.LdapSecurityConstants;
+import org.apache.directory.shared.ldap.util.StringTools;
+
+
+/**
+ * A class to store all informations about the existing
+ * password found in the cache or get from the backend.
+ *
+ * This is necessary as we have to compute :
+ * - the used algorithm
+ * - the salt if any
+ * - the password itself.
+ *
+ * If we have a on-way encrypted password, it is stored using this
+ * format :
+ * {<algorithm>}<encrypted password>
+ * where the encrypted password format can be :
+ * - MD5/SHA : base64(<password>)
+ * - SMD5/SSH : base64(<salted-password-digest><salt (4 or 8 bytes)>)
+ * - crypt : <salt (2 btytes)><password>
+ *
+ * Algorithm are currently MD5, SMD5, SHA, SSHA, SHA2, SSHA-2 (except SHA-224), CRYPT and
empty
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class EncryptionMethod
+{
+    private byte[] salt;
+    private LdapSecurityConstants algorithm;
+
+
+    /** package protected */EncryptionMethod( LdapSecurityConstants algorithm, byte[] salt
)
+    {
+        this.algorithm = algorithm;
+        this.salt = salt;
+    }
+
+
+    public LdapSecurityConstants getAlgorithm()
+    {
+        return algorithm;
+    }
+
+
+    public byte[] getSalt()
+    {
+        return salt;
+    }
+
+
+    /** package protected */ void setSalt( byte[] salt )
+    {
+        // just to make this class immutable, though we have a setter
+        if ( this.salt != null )
+        {
+            throw new IllegalStateException( "salt will only be allowed to set once" );
+        }
+        
+        this.salt = salt;
+    }
+
+
+    @Override
+    public String toString()
+    {
+        return "EncryptionMethod [algorithm=" + algorithm.getName().toUpperCase() + ", salt="
+ StringTools.dumpBytes( salt ) + "]";
+    }
+    
+    
+}

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java?rev=1026513&r1=1026512&r2=1026513&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java
Fri Oct 22 22:19:57 2010
@@ -21,10 +21,12 @@
 package org.apache.directory.server.core.authn;
 
 
+import java.io.UnsupportedEncodingException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Date;
 import java.util.Iterator;
 import java.util.List;
@@ -32,10 +34,12 @@ import java.util.List;
 import org.apache.directory.shared.ldap.constants.LdapSecurityConstants;
 import org.apache.directory.shared.ldap.entry.EntryAttribute;
 import org.apache.directory.shared.ldap.entry.Value;
+import org.apache.directory.shared.ldap.util.Base64;
 import org.apache.directory.shared.ldap.util.DateUtils;
 import org.apache.directory.shared.ldap.util.StringTools;
 import org.apache.directory.shared.ldap.util.UnixCrypt;
 
+
 /**
  * A utility class containing methods related to processing passwords.
  *
@@ -43,6 +47,23 @@ import org.apache.directory.shared.ldap.
  */
 public class PasswordUtil
 {
+
+    /** The SHA1 hash length */
+    public static final int SHA1_LENGTH = 20;
+
+    /** The SHA256 hash length */
+    public static final int SHA256_LENGTH = 32;
+
+    /** The SHA384 hash length */
+    public static final int SHA384_LENGTH = 48;
+
+    /** The SHA512 hash length */
+    public static final int SHA512_LENGTH = 64;
+
+    /** The MD5 hash length */
+    public static final int MD5_LENGTH = 16;
+
+
     /**
      * Get the algorithm from the stored password. 
      * It can be found on the beginning of the stored password, between 
@@ -97,7 +118,61 @@ public class PasswordUtil
         }
     }
 
-    
+
+    public static byte[] createStoragePassword( String credentials, LdapSecurityConstants
algorithm )
+    {
+        byte[] salt;
+        
+        switch( algorithm )
+        {
+            case HASH_METHOD_SSHA:
+            case HASH_METHOD_SSHA256:
+            case HASH_METHOD_SSHA384:
+            case HASH_METHOD_SSHA512:
+            case HASH_METHOD_SMD5:
+                salt = new byte[8]; // we use 8 byte salt always except for "crypt" which
needs 2 byte salt
+                new SecureRandom().nextBytes( salt );
+                break;
+                
+            case HASH_METHOD_CRYPT:
+                salt = null; // we calculate this salt in encryptPassword() method
+                
+            default:
+                salt = null;
+        }
+        
+        byte[] hashedPassword = encryptPassword( StringTools.getBytesUtf8( credentials ),
algorithm, salt );
+        StringBuffer sb = new StringBuffer();
+
+        if ( algorithm != null )
+        {
+            sb.append( '{' ).append( algorithm.getName().toUpperCase() ).append( '}' );
+
+            if ( algorithm == LdapSecurityConstants.HASH_METHOD_CRYPT )
+            {
+                sb.append( StringTools.utf8ToString( salt ) );
+                sb.append( StringTools.utf8ToString( hashedPassword ) );
+            }
+            else if ( salt != null )
+            {
+                byte[] hashedPasswordWithSaltBytes = new byte[hashedPassword.length + salt.length];
+                merge( hashedPasswordWithSaltBytes, hashedPassword, salt );
+                sb.append( String.valueOf( Base64.encode( hashedPasswordWithSaltBytes ) )
);
+            }
+            else
+            {
+                sb.append( String.valueOf( Base64.encode( hashedPassword ) ) );
+            }
+        }
+        else
+        {
+            sb.append( StringTools.utf8ToString( hashedPassword ) );
+        }
+        
+        return StringTools.getBytesUtf8( sb.toString() );
+    }
+
+
     /**
      * encrypts the given credentials based on the algorithm name and optional salt
      *
@@ -115,8 +190,17 @@ public class PasswordUtil
                 return digest( LdapSecurityConstants.HASH_METHOD_SHA, credentials, salt );
 
             case HASH_METHOD_SHA256:
+            case HASH_METHOD_SSHA256:
                 return digest( LdapSecurityConstants.HASH_METHOD_SHA256, credentials, salt
);
-                
+
+            case HASH_METHOD_SHA384:
+            case HASH_METHOD_SSHA384:
+                return digest( LdapSecurityConstants.HASH_METHOD_SHA384, credentials, salt
);
+
+            case HASH_METHOD_SHA512:
+            case HASH_METHOD_SSHA512:
+                return digest( LdapSecurityConstants.HASH_METHOD_SHA512, credentials, salt
);
+
             case HASH_METHOD_MD5:
             case HASH_METHOD_SMD5:
                 return digest( LdapSecurityConstants.HASH_METHOD_MD5, credentials, salt );
@@ -179,7 +263,143 @@ public class PasswordUtil
         }
     }
 
-    
+
+    /**
+     * Decompose the stored password in an algorithm, an eventual salt
+     * and the password itself.
+     *
+     * If the algorithm is SHA, SSHA, MD5 or SMD5, the part following the algorithm
+     * is base64 encoded
+     *
+     * @param encryptionMethod The structure to feed
+     * @return The password
+     * @param credentials the credentials to split
+     */
+    public static byte[] splitCredentials( byte[] credentials, EncryptionMethod encryptionMethod
)
+    {
+        int algoLength = encryptionMethod.getAlgorithm().getName().length() + 2;
+
+        int hashLen = 0;
+        
+        switch ( encryptionMethod.getAlgorithm() )
+        {
+            case HASH_METHOD_MD5:
+            case HASH_METHOD_SHA:
+                try
+                {
+                    // We just have the password just after the algorithm, base64 encoded.
+                    // Just decode the password and return it.
+                    return Base64
+                        .decode( new String( credentials, algoLength, credentials.length
- algoLength, "UTF-8" )
+                            .toCharArray() );
+                }
+                catch ( UnsupportedEncodingException uee )
+                {
+                    // do nothing
+                    return credentials;
+                }
+
+            case HASH_METHOD_SMD5:
+                try
+                {
+                    // The password is associated with a salt. Decompose it
+                    // in two parts, after having decoded the password.
+                    // The salt will be stored into the EncryptionMethod structure
+                    // The salt is at the end of the credentials, and is 8 bytes long
+                    byte[] passwordAndSalt = Base64.decode( new String( credentials, algoLength,
credentials.length
+                        - algoLength, "UTF-8" ).toCharArray() );
+
+                    int saltLength = passwordAndSalt.length - MD5_LENGTH;
+                    encryptionMethod.setSalt( new byte[saltLength] );
+                    byte[] password = new byte[MD5_LENGTH];
+                    split( passwordAndSalt, 0, password, encryptionMethod.getSalt() );
+
+                    return password;
+                }
+                catch ( UnsupportedEncodingException uee )
+                {
+                    // do nothing
+                    return credentials;
+                }
+
+            case HASH_METHOD_SSHA:
+                hashLen = SHA1_LENGTH;
+            
+            case HASH_METHOD_SHA256:
+            case HASH_METHOD_SSHA256:
+                if ( hashLen == 0 )
+                {
+                    hashLen = SHA256_LENGTH;
+                }
+            
+            case HASH_METHOD_SHA384:
+            case HASH_METHOD_SSHA384:
+                if ( hashLen == 0 )
+                {
+                    hashLen = SHA384_LENGTH;
+                }
+                
+            case HASH_METHOD_SHA512:
+            case HASH_METHOD_SSHA512:
+                if ( hashLen == 0 )
+                {
+                    hashLen = SHA512_LENGTH;
+                }
+                
+                try
+                {
+                    // The password is associated with a salt. Decompose it
+                    // in two parts, after having decoded the password.
+                    // The salt will be stored into the EncryptionMethod structure
+                    // The salt is at the end of the credentials, and is 8 bytes long
+                    byte[] passwordAndSalt = Base64.decode( new String( credentials, algoLength,
credentials.length
+                        - algoLength, "UTF-8" ).toCharArray() );
+
+                    int saltLength = passwordAndSalt.length - hashLen;
+                    encryptionMethod.setSalt( new byte[saltLength] );
+                    byte[] password = new byte[hashLen];
+                    split( passwordAndSalt, 0, password, encryptionMethod.getSalt() );
+
+                    return password;
+                }
+                catch ( UnsupportedEncodingException uee )
+                {
+                    // do nothing
+                    return credentials;
+                }
+
+            case HASH_METHOD_CRYPT:
+                // The password is associated with a salt. Decompose it
+                // in two parts, storing the salt into the EncryptionMethod structure.
+                // The salt comes first, not like for SSHA and SMD5, and is 2 bytes long
+                encryptionMethod.setSalt( new byte[2] );
+                byte[] password = new byte[credentials.length - encryptionMethod.getSalt().length
- algoLength];
+                split( credentials, algoLength, encryptionMethod.getSalt(), password );
+
+                return password;
+
+            default:
+                // unknown method
+                return credentials;
+
+        }
+    }
+
+
+    private static void split( byte[] all, int offset, byte[] left, byte[] right )
+    {
+        System.arraycopy( all, offset, left, 0, left.length );
+        System.arraycopy( all, offset + left.length, right, 0, right.length );
+    }
+
+
+    private static void merge( byte[] all, byte[] left, byte[] right )
+    {
+        System.arraycopy( left, 0, all, 0, left.length );
+        System.arraycopy( right, 0, all, left.length, right.length );
+    }
+
+
     /**
      * checks if the given password's change time is older than the max age 
      *
@@ -193,21 +413,21 @@ public class PasswordUtil
 
         long time = pwdMaxAgeSec * 1000;
         time += pwdChangeDate.getTime();
-        
+
         Date expiryDate = new Date( time );
         Date now = new Date();
-        
+
         boolean expired = false;
-        
-        if( expiryDate.equals( now ) || expiryDate.after( now ) )
+
+        if ( expiryDate.equals( now ) || expiryDate.after( now ) )
         {
-           expired = true;
+            expired = true;
         }
-        
+
         return expired;
     }
-    
-    
+
+
     /**
      * purges failure timestamps which are older than the configured interval
      * (section 7.6 in the draft)
@@ -216,34 +436,33 @@ public class PasswordUtil
     {
         long interval = config.getPwdFailureCountInterval();
 
-        if( interval == 0 )
+        if ( interval == 0 )
         {
             return;
         }
-        
+
         Iterator<Value<?>> itr = pwdFailTimeAt.getAll();
         interval *= 1000;
-        
+
         long currentTime = System.currentTimeMillis();
         List<Value<?>> valList = new ArrayList<Value<?>>();
-        
-        while( itr.hasNext() )
+
+        while ( itr.hasNext() )
         {
             Value<?> val = itr.next();
             String failureTime = val.getString();
             long time = DateUtils.getDate( failureTime ).getTime();
             time += interval;
-            
-            if(  currentTime > time )
+
+            if ( currentTime > time )
             {
                 valList.add( val );
             }
         }
-        
-        for( Value<?> val : valList )
+
+        for ( Value<?> val : valList )
         {
             pwdFailTimeAt.remove( val );
         }
     }
-
 }

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java?rev=1026513&r1=1026512&r2=1026513&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
Fri Oct 22 22:19:57 2010
@@ -20,7 +20,6 @@
 package org.apache.directory.server.core.authn;
 
 
-import java.io.UnsupportedEncodingException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.util.Arrays;
@@ -78,12 +77,6 @@ public class SimpleAuthenticator extends
     /** A speedup for logger in debug mode */
     private static final boolean IS_DEBUG = LOG.isDebugEnabled();
 
-    /** The SHA1 hash length */
-    private static final int SHA1_LENGTH = 20;
-
-    /** The MD5 hash length */
-    private static final int MD5_LENGTH = 16;
-
     /**
      * A cache to store passwords. It's a speedup, we will be able to avoid backend lookups.
      *
@@ -152,37 +145,6 @@ public class SimpleAuthenticator extends
         credentialCache = new LRUMap( cacheSize > 0 ? cacheSize : DEFAULT_CACHE_SIZE );
     }
 
-    /**
-     * A private class to store all informations about the existing
-     * password found in the cache or get from the backend.
-     *
-     * This is necessary as we have to compute :
-     * - the used algorithm
-     * - the salt if any
-     * - the password itself.
-     *
-     * If we have a on-way encrypted password, it is stored using this
-     * format :
-     * {<algorithm>}<encrypted password>
-     * where the encrypted password format can be :
-     * - MD5/SHA : base64([<salt (4 or 8 bytes)>]<password>)
-     * - crypt : <salt (2 btytes)><password>
-     *
-     * Algorithm are currently MD5, SMD5, SHA, SSHA, CRYPT and empty
-     */
-    private class EncryptionMethod
-    {
-        private byte[] salt;
-        private LdapSecurityConstants algorithm;
-
-
-        private EncryptionMethod( LdapSecurityConstants algorithm, byte[] salt )
-        {
-            this.algorithm = algorithm;
-            this.salt = salt;
-        }
-    }
-
 
     /**
      * Get the password either from cache or from backend.
@@ -305,11 +267,11 @@ public class SimpleAuthenticator extends
             // and the salt, if any.
             // But we should also get the algorithm and salt to
             // be able to encrypt the submitted user password in the next step
-            byte[] encryptedStored = splitCredentials( storedPassword, encryptionMethod );
+            byte[] encryptedStored = PasswordUtil.splitCredentials( storedPassword, encryptionMethod
);
 
             // Reuse the saltedPassword informations to construct the encrypted
             // password given by the user.
-            byte[] userPassword = PasswordUtil.encryptPassword( credentials, encryptionMethod.algorithm,
encryptionMethod.salt );
+            byte[] userPassword = PasswordUtil.encryptPassword( credentials, encryptionMethod.getAlgorithm(),
encryptionMethod.getSalt() );
 
             // Now, compare the two passwords.
             if ( Arrays.equals( userPassword, encryptedStored ) )
@@ -353,111 +315,6 @@ public class SimpleAuthenticator extends
     }
 
 
-    private static void split( byte[] all, int offset, byte[] left, byte[] right )
-    {
-        System.arraycopy( all, offset, left, 0, left.length );
-        System.arraycopy( all, offset + left.length, right, 0, right.length );
-    }
-
-
-    /**
-     * Decompose the stored password in an algorithm, an eventual salt
-     * and the password itself.
-     *
-     * If the algorithm is SHA, SSHA, MD5 or SMD5, the part following the algorithm
-     * is base64 encoded
-     *
-     * @param encryptionMethod The structure to feed
-     * @return The password
-     * @param credentials the credentials to split
-     */
-    private byte[] splitCredentials( byte[] credentials, EncryptionMethod encryptionMethod
)
-    {
-        int algoLength = encryptionMethod.algorithm.getName().length() + 2;
-
-        switch ( encryptionMethod.algorithm )
-        {
-            case HASH_METHOD_MD5:
-            case HASH_METHOD_SHA:
-            case HASH_METHOD_SHA256:
-                try
-                {
-                    // We just have the password just after the algorithm, base64 encoded.
-                    // Just decode the password and return it.
-                    return Base64
-                        .decode( new String( credentials, algoLength, credentials.length
- algoLength, "UTF-8" )
-                            .toCharArray() );
-                }
-                catch ( UnsupportedEncodingException uee )
-                {
-                    // do nothing
-                    return credentials;
-                }
-
-            case HASH_METHOD_SMD5:
-                try
-                {
-                    // The password is associated with a salt. Decompose it
-                    // in two parts, after having decoded the password.
-                    // The salt will be stored into the EncryptionMethod structure
-                    // The salt is at the end of the credentials, and is 8 bytes long
-                    byte[] passwordAndSalt = Base64.decode( new String( credentials, algoLength,
credentials.length
-                        - algoLength, "UTF-8" ).toCharArray() );
-
-                    int saltLength = passwordAndSalt.length - MD5_LENGTH;
-                    encryptionMethod.salt = new byte[saltLength];
-                    byte[] password = new byte[MD5_LENGTH];
-                    split( passwordAndSalt, 0, password, encryptionMethod.salt );
-
-                    return password;
-                }
-                catch ( UnsupportedEncodingException uee )
-                {
-                    // do nothing
-                    return credentials;
-                }
-
-            case HASH_METHOD_SSHA:
-                try
-                {
-                    // The password is associated with a salt. Decompose it
-                    // in two parts, after having decoded the password.
-                    // The salt will be stored into the EncryptionMethod structure
-                    // The salt is at the end of the credentials, and is 8 bytes long
-                    byte[] passwordAndSalt = Base64.decode( new String( credentials, algoLength,
credentials.length
-                        - algoLength, "UTF-8" ).toCharArray() );
-
-                    int saltLength = passwordAndSalt.length - SHA1_LENGTH;
-                    encryptionMethod.salt = new byte[saltLength];
-                    byte[] password = new byte[SHA1_LENGTH];
-                    split( passwordAndSalt, 0, password, encryptionMethod.salt );
-
-                    return password;
-                }
-                catch ( UnsupportedEncodingException uee )
-                {
-                    // do nothing
-                    return credentials;
-                }
-
-            case HASH_METHOD_CRYPT:
-                // The password is associated with a salt. Decompose it
-                // in two parts, storing the salt into the EncryptionMethod structure.
-                // The salt comes first, not like for SSHA and SMD5, and is 2 bytes long
-                encryptionMethod.salt = new byte[2];
-                byte[] password = new byte[credentials.length - encryptionMethod.salt.length
- algoLength];
-                split( credentials, algoLength, encryptionMethod.salt, password );
-
-                return password;
-
-            default:
-                // unknown method
-                return credentials;
-
-        }
-    }
-
-
     /**
      * Local function which request the password from the backend
      * @param bindContext the Bind operation context

Modified: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/constants/LdapSecurityConstants.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/constants/LdapSecurityConstants.java?rev=1026513&r1=1026512&r2=1026513&view=diff
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/constants/LdapSecurityConstants.java
(original)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/constants/LdapSecurityConstants.java
Fri Oct 22 22:19:57 2010
@@ -43,7 +43,36 @@ public enum LdapSecurityConstants
     HASH_METHOD_CRYPT("crypt"),
 
     /** The SHA-256 encryption method */
-    HASH_METHOD_SHA256("sha-256");
+    HASH_METHOD_SHA256("sha-256"),
+
+    /** The salted SHA-256 encryption method */
+    HASH_METHOD_SSHA256("ssha-256"),
+
+    /** The SHA-384 encryption method */
+    HASH_METHOD_SHA384("sha-384"),
+
+    /** The salted SHA-384 encryption method */
+    HASH_METHOD_SSHA384("ssha-384"),
+
+    /** The SHA-512 encryption method */
+    HASH_METHOD_SHA512("sha-512"),
+
+    /** The salted SHA-512 encryption method */
+    HASH_METHOD_SSHA512("ssha-512");
+
+    /* These encryption types are not yet supported 
+    ** The AES encryption method *
+    ENC_METHOD_AES("aes"),
+    
+    ** The 3DES encryption method *
+    ENC_METHOD_3DES("3des"),
+    
+    ** The Blowfish encryption method *
+    ENC_METHOD_BLOWFISH("blowfish"),
+    
+    ** The RC4 encryption method *
+    ENC_METHOD_RC4("rc4");
+    */
 
     /** The associated name */
     private String name;
@@ -114,6 +143,53 @@ public enum LdapSecurityConstants
             return HASH_METHOD_SHA256;
         }
 
+        if ( HASH_METHOD_SSHA256.getName().equalsIgnoreCase( algorithm ) )
+        {
+            return HASH_METHOD_SSHA256;
+        }
+
+        if ( HASH_METHOD_SHA384.getName().equalsIgnoreCase( algorithm ) )
+        {
+            return HASH_METHOD_SHA384;
+        }
+
+        if ( HASH_METHOD_SSHA384.getName().equalsIgnoreCase( algorithm ) )
+        {
+            return HASH_METHOD_SSHA384;
+        }
+
+        if ( HASH_METHOD_SHA512.getName().equalsIgnoreCase( algorithm ) )
+        {
+            return HASH_METHOD_SHA512;
+        }
+
+        if ( HASH_METHOD_SSHA512.getName().equalsIgnoreCase( algorithm ) )
+        {
+            return HASH_METHOD_SSHA512;
+        }
+
+        /*
+        if ( ENC_METHOD_AES.getName().equalsIgnoreCase( algorithm ) )
+        {
+            return ENC_METHOD_AES;
+        }
+
+        if ( ENC_METHOD_3DES.getName().equalsIgnoreCase( algorithm ) )
+        {
+            return ENC_METHOD_3DES;
+        }
+
+        if ( ENC_METHOD_BLOWFISH.getName().equalsIgnoreCase( algorithm ) )
+        {
+            return ENC_METHOD_BLOWFISH;
+        }
+
+        if ( ENC_METHOD_RC4.getName().equalsIgnoreCase( algorithm ) )
+        {
+            return ENC_METHOD_RC4;
+        }
+        */
+
         return null;
     }
 }



Mime
View raw message