/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at
* trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
* add the following below this CDDL HEADER, with the fields enclosed
* by brackets "[]" replaced with your own identifying information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2008 Sun Microsystems, Inc.
* Portions Copyright 2011 profiq, s.r.o.
*/
/**
* This class provides an OpenDS password validator that may be used to ensure
* that proposed passwords are not contained in a specified dictionary.
*/
public class DictionaryPasswordValidator
{
/**
* The tracer object for the debug logger.
*/
// The current configuration for this password validator.
// The current dictionary that we should use when performing the validation.
/**
* Creates a new instance of this dictionary password validator.
*/
public DictionaryPasswordValidator()
{
super();
// No implementation is required here. All initialization should be
// performed in the initializePasswordValidator() method.
}
/**
* {@inheritDoc}
*/
@Override()
public void initializePasswordValidator(
{
}
/**
* {@inheritDoc}
*/
@Override()
public void finalizePasswordValidator()
{
}
/**
* {@inheritDoc}
*/
@Override()
{
// Get a handle to the current configuration.
// Check to see if the provided password is in the dictionary in the order
// that it was provided.
if (! config.isCaseSensitiveValidation())
{
}
// Check to see if we should verify the whole password or the substrings.
// Either way, we initialise the minSubstringLength to the length of
// the password which is the default behaviour ('check-substrings: false')
if (config.isCheckSubstrings())
{
// We apply the minimal substring length only if the provided value
// is smaller then the actual password length
{
}
}
// Verify if the dictionary contains the word(s) in the password
{
return false;
}
// If the reverse password checking is enabled, then verify if the
// reverse value of the password is in the dictionary.
if (config.isTestReversedPassword())
{
if (isDictionaryBased(
{
return false;
}
}
// If we've gotten here, then the password is acceptable.
return true;
}
/**
* Loads the configured dictionary and returns it as a hash set.
*
* @param configuration the configuration for this password validator.
*
* @return The hash set containing the loaded dictionary data.
*
* @throws ConfigException If the configured dictionary file does not exist.
*
* @throws InitializationException If a problem occurs while attempting to
* read from the dictionary file.
*/
{
// Get the path to the dictionary file and make sure it exists.
if (! dictionaryFile.exists())
{
throw new ConfigException(message);
}
// Read the contents of file into the dictionary as per the configuration.
try
{
{
if (! configuration.isCaseSensitiveValidation())
{
}
}
}
catch (Exception e)
{
if (debugEnabled())
{
}
throw new InitializationException(message);
}
finally
{
{
try
{
} catch (Exception e) {}
}
}
return dictionary;
}
/**
* {@inheritDoc}
*/
@Override()
{
}
/**
* {@inheritDoc}
*/
public boolean isConfigurationChangeAcceptable(
{
// Make sure that we can load the dictionary. If so, then we'll accept the
// new configuration.
try
{
}
catch (ConfigException ce)
{
return false;
}
catch (InitializationException ie)
{
return false;
}
catch (Exception e)
{
return false;
}
return true;
}
/**
* {@inheritDoc}
*/
{
boolean adminActionRequired = false;
// Make sure we can load the dictionary. If we can, then activate the new
// configuration.
try
{
}
catch (Exception e)
{
}
}
int minSubstringLength)
{
for (int i = 0; i < passwordLength; i++)
{
for (int j = i + minSubstringLength; j <= passwordLength; j++)
{
{
return true;
}
}
}
return false;
}
}