001/*
002 *   Licensed to the Apache Software Foundation (ASF) under one
003 *   or more contributor license agreements.  See the NOTICE file
004 *   distributed with this work for additional information
005 *   regarding copyright ownership.  The ASF licenses this file
006 *   to you under the Apache License, Version 2.0 (the
007 *   "License"); you may not use this file except in compliance
008 *   with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 *   Unless required by applicable law or agreed to in writing,
013 *   software distributed under the License is distributed on an
014 *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 *   KIND, either express or implied.  See the License for the
016 *   specific language governing permissions and limitations
017 *   under the License.
018 *
019 */
020
021package org.apache.directory.api.ldap.model.password;
022
023
024import org.apache.directory.api.ldap.model.constants.LdapSecurityConstants;
025import org.apache.directory.api.util.Strings;
026
027
028/**
029 * A class to store all informations about the existing
030 * password found in the cache or get from the backend.
031 *
032 * This is necessary as we have to compute :
033 * - the used algorithm
034 * - the salt if any
035 * - the password itself.
036 *
037 * If we have a on-way encrypted password, it is stored using this
038 * format :
039 * {<algorithm>}<encrypted password>
040 * where the encrypted password format can be :
041 * - MD5/SHA : base64(<password>)
042 * - SMD5/SSH/PKCS5S2 : base64(<salted-password-digest><salt (4 or 8 bytes)>)
043 * - crypt : <salt (2 btytes)><password>
044 *
045 * Algorithm are currently MD5, SMD5, SHA, SSHA, SHA2, SSHA-2 (except SHA-224), PKCS5S2, CRYPT and empty
046 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
047 */
048public class EncryptionMethod
049{
050    private byte[] salt;
051    private LdapSecurityConstants algorithm;
052
053
054    public EncryptionMethod( LdapSecurityConstants algorithm, byte[] salt )
055    {
056        this.algorithm = algorithm;
057        this.salt = salt;
058    }
059
060
061    public LdapSecurityConstants getAlgorithm()
062    {
063        return algorithm;
064    }
065
066
067    public byte[] getSalt()
068    {
069        return salt;
070    }
071
072
073    public void setSalt( byte[] salt )
074    {
075        // just to make this class immutable, though we have a setter
076        if ( this.salt != null )
077        {
078            throw new IllegalStateException( "salt will only be allowed to set once" );
079        }
080
081        this.salt = salt;
082    }
083
084
085    @Override
086    public String toString()
087    {
088        return "EncryptionMethod [algorithm=" + algorithm.getName().toUpperCase() + ", salt="
089            + Strings.dumpBytes( salt ) + "]";
090    }
091}