PasswordPolicyFactory.java revision 998747bfaaa3c6b28bbfaf0e282e6c0ccbf46bc0
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at legal-notices/CDDLv1_0.txt.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2006-2008 Sun Microsystems, Inc.
* Portions Copyright 2011-2015 ForgeRock AS.
*/
/**
* This class is the interface between the password policy configurable
* component and a password policy state object. When a password policy entry is
* added to the configuration, an instance of this class is created and
* registered to manage subsequent modification to that configuration entry,
* including validating any proposed modification and applying an accepted
* modification.
*/
public final class PasswordPolicyFactory implements
{
/**
* Password policy implementation.
*/
private static final class PasswordPolicyImpl extends PasswordPolicy
implements ConfigurationChangeListener<PasswordPolicyCfg>
{
// Current configuration.
private PasswordPolicyCfg configuration;
// Indicates whether the attribute type uses the authPassword syntax.
private boolean authPasswordSyntax;
// The set of account status notification handlers for this password policy.
// The set of password validators that will be used with this
// password policy.
// The set of default password storage schemes for this password
// policy.
// The names of the deprecated password storage schemes for this password
// policy.
// The password generator for use with this password policy.
private PasswordGenerator<?> passwordGenerator;
// The the time by which all users will be required to change their
// passwords.
private long requireChangeByTime;
private final ServerContext serverContext;
/**
* {@inheritDoc}
*/
public void finalizeAuthenticationPolicy()
{
}
/** {@inheritDoc} */
{
try
{
updateConfiguration(configuration, true);
}
catch (ConfigException ce)
{
}
catch (InitializationException ie)
{
}
catch (Exception e)
{
}
return ccr;
}
/**
* {@inheritDoc}
*/
public boolean isConfigurationChangeAcceptable(
{
try
{
updateConfiguration(configuration, false);
}
catch (ConfigException ce)
{
return false;
}
catch (InitializationException ie)
{
return false;
}
catch (Exception e)
{
return false;
}
// If we've gotten here, then it is acceptable.
return true;
}
/**
* Creates a new password policy based on the configuration contained in the
* provided configuration entry. Any parameters not included in the provided
* configuration entry will be assigned server-wide default values.
* @param serverContext TODO
* @param configuration
* The configuration with the information to use to initialize this
* password policy.
*
* @throws ConfigException
* If the provided entry does not contain a valid password policy
* configuration.
* @throws InitializationException
* If an error occurs while initializing the password policy that
* is not related to the server configuration.
*/
{
this.serverContext = serverContext;
updateConfiguration(configuration, true);
}
boolean applyChanges) throws ConfigException,
{
// Get the password attribute. If specified, it must have either the
// user password or auth password syntax.
final boolean authPasswordSyntax;
{
authPasswordSyntax = true;
}
{
authPasswordSyntax = false;
}
else
{
{
}
}
// Get the default storage schemes. They must all reference valid storage
// schemes that support the syntax for the specified password attribute.
new LinkedList<PasswordStorageScheme<?>>();
{
{
}
}
// Get the names of the deprecated storage schemes.
{
if (authPasswordSyntax)
{
if (scheme.supportsAuthPasswordSyntax())
{
}
else
{
}
}
else
{
}
}
// Get the password validators.
{
}
// Get the status notification handlers.
{
}
// Get the password generator.
{
}
// If the expire without warning option is disabled, then there must be a
// warning interval.
{
throw new ConfigException(message);
}
// Get the required change time.
long requireChangeByTime = 0L;
try
{
if (requireChangeBy != null)
{
}
}
catch (Exception e)
{
logger.traceException(e);
throw new InitializationException(message, e);
}
// Get the last login time format. If specified, it must be a valid format
// string.
if (formatString != null)
{
try
{
new SimpleDateFormat(formatString);
}
catch (Exception e)
{
logger.traceException(e);
LocalizableMessage message = ERR_PWPOLICY_INVALID_LAST_LOGIN_TIME_FORMAT.get(configEntryDN, formatString);
throw new ConfigException(message);
}
}
// Get the previous last login time formats. If specified, they must all
// be valid format strings.
if (formatStrings != null)
{
for (String s : formatStrings)
{
try
{
new SimpleDateFormat(s);
}
catch (Exception e)
{
logger.traceException(e);
throw new ConfigException(message);
}
}
}
// If both a maximum password age and a warning interval are provided,
// then
// ensure that the warning interval is less than the maximum age. Further,
// if a minimum age is specified, then the sum of the minimum age and the
// warning interval should be less than the maximum age.
{
{
{
throw new ConfigException(message);
}
}
{
throw new ConfigException(message);
}
}
// If we've got this far then the configuration is good and we can commit
// the changes if required.
if (applyChanges)
{
this.configuration = configuration;
this.authPasswordSyntax = authPasswordSyntax;
this.passwordGenerator = passwordGenerator;
this.passwordValidators = passwordValidators;
}
}
/**
* {@inheritDoc}
*/
public boolean isAuthPasswordSyntax()
{
return authPasswordSyntax;
}
/**
* {@inheritDoc}
*/
{
return defaultStorageSchemes;
}
/**
* {@inheritDoc}
*/
{
return deprecatedStorageSchemes;
}
/**
* {@inheritDoc}
*/
{
return configuration.dn();
}
/**
* {@inheritDoc}
*/
{
for (PasswordStorageScheme<?> s : defaultStorageSchemes)
{
if (authPasswordSyntax)
{
{
return true;
}
}
else
{
{
return true;
}
}
}
return false;
}
/**
* {@inheritDoc}
*/
{
}
/**
* {@inheritDoc}
*/
{
return passwordValidators.values();
}
/**
* {@inheritDoc}
*/
public Collection<AccountStatusNotificationHandler<?>>
{
return notificationHandlers.values();
}
/**
* {@inheritDoc}
*/
public PasswordGenerator<?> getPasswordGenerator()
{
return passwordGenerator;
}
/**
* {@inheritDoc}
*/
public long getRequireChangeByTime()
{
return requireChangeByTime;
}
/**
* Retrieves a string representation of this password policy.
*
* @return A string representation of this password policy.
*/
{
}
/**
* Appends a string representation of this password policy to the provided
* buffer.
*
* @param buffer
* The buffer to which the information should be appended.
*/
{
{
}
else
{
.iterator();
{
}
}
if ((deprecatedStorageSchemes == null)
{
}
else
{
{
}
}
{
}
else
{
{
}
}
if (passwordGenerator == null)
{
}
else
{
}
{
}
else
{
{
}
}
if (requireChangeByTime <= 0)
{
}
else
{
}
{
}
else
{
}
{
}
else
{
}
{
}
else
{
{
}
}
}
/**
* {@inheritDoc}
*/
public boolean isAllowExpiredPasswordChanges()
{
return configuration.isAllowExpiredPasswordChanges();
}
/**
* {@inheritDoc}
*/
public boolean isAllowMultiplePasswordValues()
{
return configuration.isAllowMultiplePasswordValues();
}
/**
* {@inheritDoc}
*/
public boolean isAllowPreEncodedPasswords()
{
return configuration.isAllowPreEncodedPasswords();
}
/**
* {@inheritDoc}
*/
public boolean isAllowUserPasswordChanges()
{
return configuration.isAllowUserPasswordChanges();
}
/**
* {@inheritDoc}
*/
public boolean isExpirePasswordsWithoutWarning()
{
return configuration.isExpirePasswordsWithoutWarning();
}
/**
* {@inheritDoc}
*/
public boolean isForceChangeOnAdd()
{
return configuration.isForceChangeOnAdd();
}
/**
* {@inheritDoc}
*/
public boolean isForceChangeOnReset()
{
return configuration.isForceChangeOnReset();
}
/**
* {@inheritDoc}
*/
public int getGraceLoginCount()
{
return configuration.getGraceLoginCount();
}
/**
* {@inheritDoc}
*/
public long getIdleLockoutInterval()
{
return configuration.getIdleLockoutInterval();
}
/**
* {@inheritDoc}
*/
public AttributeType getLastLoginTimeAttribute()
{
return configuration.getLastLoginTimeAttribute();
}
/**
* {@inheritDoc}
*/
public String getLastLoginTimeFormat()
{
return configuration.getLastLoginTimeFormat();
}
/**
* {@inheritDoc}
*/
public long getLockoutDuration()
{
return configuration.getLockoutDuration();
}
/**
* {@inheritDoc}
*/
public int getLockoutFailureCount()
{
return configuration.getLockoutFailureCount();
}
/**
* {@inheritDoc}
*/
public long getLockoutFailureExpirationInterval()
{
}
/**
* {@inheritDoc}
*/
public long getMaxPasswordAge()
{
return configuration.getMaxPasswordAge();
}
/**
* {@inheritDoc}
*/
public long getMaxPasswordResetAge()
{
return configuration.getMaxPasswordResetAge();
}
/**
* {@inheritDoc}
*/
public long getMinPasswordAge()
{
return configuration.getMinPasswordAge();
}
/**
* {@inheritDoc}
*/
public AttributeType getPasswordAttribute()
{
return configuration.getPasswordAttribute();
}
/**
* {@inheritDoc}
*/
public boolean isPasswordChangeRequiresCurrentPassword()
{
}
/**
* {@inheritDoc}
*/
public long getPasswordExpirationWarningInterval()
{
}
/**
* {@inheritDoc}
*/
public int getPasswordHistoryCount()
{
return configuration.getPasswordHistoryCount();
}
/**
* {@inheritDoc}
*/
public long getPasswordHistoryDuration()
{
return configuration.getPasswordHistoryDuration();
}
/**
* {@inheritDoc}
*/
{
return configuration.getPreviousLastLoginTimeFormat();
}
/**
* {@inheritDoc}
*/
public boolean isRequireSecureAuthentication()
{
return configuration.isRequireSecureAuthentication();
}
/**
* {@inheritDoc}
*/
public boolean isRequireSecurePasswordChanges()
{
return configuration.isRequireSecurePasswordChanges();
}
/**
* {@inheritDoc}
*/
public boolean isSkipValidationForAdministrators()
{
}
/**
* {@inheritDoc}
*/
{
return configuration.getStateUpdateFailurePolicy();
}
}
private ServerContext serverContext;
/**
* Default constructor instantiated from authentication policy config manager.
*/
public PasswordPolicyFactory()
{
// Nothing to do .
}
/**
* Sets the server context.
*
* @param serverContext
* The server context.
*/
this.serverContext = serverContext;
}
/**
* {@inheritDoc}
*/
{
return policy;
}
/**
* {@inheritDoc}
*/
public boolean isConfigurationAcceptable(
final PasswordPolicyCfg configuration,
{
try
{
}
catch (final ConfigException ce)
{
return false;
}
catch (final InitializationException ie)
{
return false;
}
// If we made it here, then the configuration is acceptable.
return true;
}
}