1. Developing Plug-Ins for Oracle Unified Directory
  2. Building and Deploying User-defined Password Storage Scheme in Oracle Unified Directory
  3. Implementing User-defined Password Storage Scheme
  4. Important Methods to be Implemented

4.1.1 Important Methods to be Implemented

You need to implement the following important methods:

encodePassword - This method gets invoked when the server needs to encrypt and store the cleartext password. This method must contain the custom implementation code that performs the hashing. While persisting this value, Oracle Unified Directory (OUD) prefixes this encoded value by the name of the custom scheme that is configured in the server.

For example, {custom1}encoded_value, where custom1 is the name of the user-defined password storage scheme in OUD configuration and encoded_value is the value returned by this method.

passwordMatches - This method gets invoked when the server needs to validate the provided cleartext password.

For example, during a ldapbind or ldapcompare operation to validate the credential. This method must contain the custom implementation code that performs this validation and must return true only if the password matches. OUD takes the authentication success or failure decision based on the result of this method invocation.

initializePasswordStorageScheme and handleConfigurationChange - These methods need to be overridden for retrieving user-defined password storage scheme configurations from the server.

A PasswordStorageSchemeConfiguration containing the configurations are provided during invocation of these methods.

The following example shows how to read configurations using oracle.oud.pwdstoragescheme.PasswordStorageSchemeConfiguration. Consider there are two configuration parameters named rounds and saltlength that can be defined in the custom scheme. The custom configuration interface appears as follows:

Example:

publicinterfaceCustomPasswordConfig extendsPasswordStorageSchemeConfiguration {  
   publicintgetRounds() throwsNullPointerException;  
   publicintgetSaltlength() throwsNullPointerException;
}

Inside the user-defined scheme implementation, the above two configuration related overridden methods would read these two parameters as follows:

@Override
public void initializePasswordStorageScheme(
final PasswordStorageSchemeConfiguration configuration)
throws PasswordStorageSchemeException {
try {
  super.initializePasswordStorageScheme(configuration);
  CustomPasswordConfig conf = this.getConfiguration(CustomPasswordConfig.class);
  readConfigParams(conf);
} catch (Exception e) {
    getLogger().logError("Error during CustomUserPasswordHash.initializePasswordStorageScheme "
    + e.getMessage());
    throw new PasswordStorageSchemeException(ResultCode.OPERATIONS_ERROR, e);
  }
}
 
@Override
public void handleConfigurationChange(
final PasswordStorageSchemeConfiguration configuration)
throws PasswordStorageSchemeException {
try {
  super.handleConfigurationChange(configuration);
  CustomPasswordConfig conf = this.getConfiguration(CustomPasswordConfig.class);
  readConfigParams(conf);
} catch (Exception e) {
    getLogger().logError("Error during CustomUserPasswordHash.handleConfigurationChange " + e.getMessage());
    throw new PasswordStorageSchemeException(ResultCode.OPERATIONS_ERROR, e);
  }
}
 
private void readConfigParams(CustomPasswordConfig conf) {
  try {
    this.numSaltBytes = conf.getSaltlength();
  } catch (Exception e) {
    getLogger().logDebug(LEVEL.INFO, "Config parameter saltlength not set");
  }
  try {
    this.numRounds = conf.getRounds();
  } catch (Exception e) {
    getLogger().logDebug(LEVEL.INFO, "Config parameter rounds not set");
  }
}