6045N/A * The contents of this file are subject to the terms of the 6045N/A * Common Development and Distribution License, Version 1.0 only 6045N/A * (the "License"). You may not use this file except in compliance 6045N/A * See the License for the specific language governing permissions 6045N/A * and limitations under the License. 6045N/A * When distributing Covered Code, include this CDDL HEADER in each 6983N/A * If applicable, add the following below this CDDL HEADER, with the 6983N/A * fields enclosed by brackets "[]" replaced with your own identifying 6045N/A * Portions Copyright [yyyy] [name of copyright owner] 7222N/A * Copyright 2013-2014 ForgeRock AS. 6045N/A * This class defines a Directory Server password storage scheme based on the 6045N/A * PBKDF2 algorithm defined in RFC 2898. This is a one-way digest algorithm 6045N/A * so there is no way to retrieve the original clear-text version of the 6045N/A * password from the hashed value (although this means that it is not suitable 6045N/A * for things that need the clear-text password like DIGEST-MD5). This 6045N/A * implementation uses a configurable number of iterations. 7222N/A /** The tracer object for the debug logger. */ 7222N/A /** The fully-qualified name of this class. */ 7227N/A "org.opends.server.extensions.PBKDF2PasswordStorageScheme";
6045N/A * The number of bytes of random data to use as the salt when generating the 7222N/A /** The number of bytes the SHA-1 algorithm produces. */ 7222N/A /** The factory used to generate the PBKDF2 hashes. */ 7222N/A /** The lock used to provide thread-safe access to the message digest. */ 7222N/A /** The secure random number generator to use to generate the salt values. */ 7222N/A /** The current configuration for this storage scheme. */ 6045N/A * Creates a new instance of this password storage scheme. Note that no 6045N/A * initialization should be performed here, as all initialization should be 6045N/A * done in the <CODE>initializePasswordStorageScheme</CODE> method. 7222N/A // Split the iterations from the stored value (separated by a ':') 7222N/A // Base64-decode the remaining value and take the last 8 bytes as the salt. 7222N/A // Encode and return the value. 6045N/A * Generates an encoded password string from the given clear-text password. 6045N/A * This method is primarily intended for use when it is necessary to generate 6045N/A * a password with the server offline (e.g., when setting the initial root 6045N/A * @param passwordBytes The bytes that make up the clear-text password. 6045N/A * @return The encoded password string, including the scheme name in curly 6045N/A * @throws DirectoryException If a problem occurs during processing.