PasswordPolicyImportPlugin.java revision ea1068c292e9b341af6d6b563cd8988a96be20a9
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at legal-notices/CDDLv1_0.txt.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2006-2010 Sun Microsystems, Inc.
* Portions Copyright 2011-2015 ForgeRock AS.
*/
/**
* This class implements a Directory Server plugin that performs various
* password policy processing during an LDIF import. In particular, it ensures
* that all of the password values are properly encoded before they are stored.
*/
public final class PasswordPolicyImportPlugin
implements ConfigurationChangeListener<PasswordPolicyImportPluginCfg>,
{
// The attribute type used to specify the password policy for an entry.
private AttributeType customPolicyAttribute;
// The set of attribute types defined in the schema with the auth password
// syntax.
private AttributeType[] authPasswordTypes;
// The set of attribute types defined in the schema with the user password
// syntax.
private AttributeType[] userPasswordTypes;
// The set of password storage schemes to use for the various password
// policies defined in the server.
// The default password storage schemes for auth password attributes.
private PasswordStorageScheme<?>[] defaultAuthPasswordSchemes;
// The default password storage schemes for user password attributes.
private PasswordStorageScheme<?>[] defaultUserPasswordSchemes;
/**
* Creates a new instance of this Directory Server plugin. Every plugin must
* implement a default constructor (it is the only one that will be used to
* create plugins defined in the configuration), and every plugin constructor
* must call {@code super()} as its first element.
*/
public PasswordPolicyImportPlugin()
{
super();
}
/**
* {@inheritDoc}
*/
throws ConfigException
{
// Make sure that the plugin has been enabled for the appropriate types.
for (PluginType t : pluginTypes)
{
switch (t)
{
case LDIF_IMPORT:
// This is the only acceptable type.
break;
default:
}
}
// Get the set of default password storage schemes for auth password
// attributes.
if (authSchemeDNs.isEmpty())
{
{
}
else
{
{
throw new ConfigException(message);
}
}
}
else
{
int i=0;
{
if (defaultAuthPasswordSchemes[i] == null)
{
}
else if (! defaultAuthPasswordSchemes[i].supportsAuthPasswordSyntax())
{
}
i++;
}
}
// Get the set of default password storage schemes for user password
// attributes.
if (userSchemeDNs.isEmpty())
{
if (! defaultPolicy.isAuthPasswordSyntax())
{
}
else
{
{
throw new ConfigException(message);
}
}
}
else
{
int i=0;
{
if (defaultUserPasswordSchemes[i] == null)
{
}
i++;
}
}
}
/**
* {@inheritDoc}
*/
{
// Find the set of attribute types with the auth password and user password
// syntax defined in the schema.
{
{
authPWTypes.add(t);
}
{
userPWTypes.add(t);
}
}
// Get the set of password policies defined in the server and get the
// attribute types associated with them.
{
if (ap.isPasswordPolicy())
{
PasswordStorageScheme<?>[] schemeArray =
}
}
}
/**
* {@inheritDoc}
*/
boolean successful)
{
// No implementation is required.
}
/**
* {@inheritDoc}
*/
public final PluginResult.ImportLDIF
{
// Check if this entry is a password policy subentry
// and if so evaluate whether or not its acceptable.
{
try
{
}
catch (DirectoryException de)
{
de.getMessageObject());
}
}
// See if the entry explicitly states the password policy that it should
// use. If so, then only use it to perform the encoding.
{
{
for (ByteString v : a)
{
try
{
if (authPolicy == null)
{
}
else if (authPolicy.isPasswordPolicy())
{
}
break policyLoop;
}
catch (DirectoryException de)
{
break policyLoop;
}
}
}
{
{
{
}
{
boolean gotError = false;
for (ByteString value : a)
{
if (policy.isAuthPasswordSyntax())
{
{
try
{
for (PasswordStorageScheme<?> s : schemes)
{
}
}
catch (Exception e)
{
logger.traceException(e);
gotError = true;
break;
}
}
else
{
}
}
else
{
{
try
{
for (PasswordStorageScheme<?> s : schemes)
{
}
}
catch (Exception e)
{
logger.traceException(e);
gotError = true;
break;
}
}
else
{
}
}
}
if (!gotError)
{
}
}
}
}
}
// Iterate through the list of auth password attributes. If any of them
// are present and their values are not encoded, then encode them with all
// appropriate schemes.
for (AttributeType t : authPasswordTypes)
{
{
continue;
}
{
boolean gotError = false;
for (ByteString value : a)
{
{
try
{
for (PasswordStorageScheme<?> s : defaultAuthPasswordSchemes)
{
}
}
catch (Exception e)
{
logger.traceException(e);
gotError = true;
break;
}
}
else
{
}
}
if (!gotError)
{
}
}
}
// Iterate through the list of user password attributes. If any of them
// are present and their values are not encoded, then encode them with all
// appropriate schemes.
for (AttributeType t : userPasswordTypes)
{
{
continue;
}
{
boolean gotError = false;
for (ByteString value : a)
{
{
try
{
for (PasswordStorageScheme<?> s : defaultUserPasswordSchemes)
{
}
}
catch (Exception e)
{
logger.traceException(e);
gotError = true;
break;
}
}
else
{
}
}
if (!gotError)
{
}
}
}
}
/**
* {@inheritDoc}
*/
{
}
/**
* {@inheritDoc}
*/
public boolean isConfigurationChangeAcceptable(
{
boolean configAcceptable = true;
// Ensure that the set of plugin types contains only LDIF import.
{
switch (pluginType)
{
case LDIFIMPORT:
// This is the only acceptable type.
break;
default:
configAcceptable = false;
}
}
// Get the set of default password storage schemes for auth password
// attributes.
if (authSchemeDNs.isEmpty())
{
new PasswordStorageScheme[1];
defaultAuthSchemes[0] =
{
configAcceptable = false;
}
}
else
{
int i=0;
{
defaultAuthSchemes[i] =
if (defaultAuthSchemes[i] == null)
{
configAcceptable = false;
}
else if (! defaultAuthSchemes[i].supportsAuthPasswordSyntax())
{
configAcceptable = false;
}
i++;
}
}
// Get the set of default password storage schemes for user password
// attributes.
if (userSchemeDNs.isEmpty())
{
new PasswordStorageScheme[1];
defaultUserSchemes[0] =
{
configAcceptable = false;
}
}
else
{
int i=0;
{
defaultUserSchemes[i] =
if (defaultUserSchemes[i] == null)
{
configAcceptable = false;
}
i++;
}
}
return configAcceptable;
}
/**
* {@inheritDoc}
*/
{
// Get the set of default password storage schemes for auth password
// attributes.
if (authSchemeDNs.isEmpty())
{
{
}
else
{
defaultAuthSchemes[0] =
{
}
}
}
else
{
int i=0;
{
defaultAuthSchemes[i] =
if (defaultAuthSchemes[i] == null)
{
}
else if (! defaultAuthSchemes[i].supportsAuthPasswordSyntax())
{
}
i++;
}
}
// Get the set of default password storage schemes for user password
// attributes.
if (userSchemeDNs.isEmpty())
{
if (! defaultPolicy.isAuthPasswordSyntax())
{
}
else
{
{
}
}
}
else
{
int i=0;
{
defaultUserSchemes[i] =
if (defaultUserSchemes[i] == null)
{
}
i++;
}
}
{
}
return ccr;
}
}