0N/A/*
0N/A * CDDL HEADER START
0N/A *
0N/A * The contents of this file are subject to the terms of the
0N/A * Common Development and Distribution License, Version 1.0 only
0N/A * (the "License"). You may not use this file except in compliance
0N/A * with the License.
0N/A *
0N/A * You can obtain a copy of the license at
0N/A * trunk/opends/resource/legal-notices/OpenDS.LICENSE
0N/A * or https://OpenDS.dev.java.net/OpenDS.LICENSE.
0N/A * See the License for the specific language governing permissions
0N/A * and limitations under the License.
0N/A *
0N/A * When distributing Covered Code, include this CDDL HEADER in each
0N/A * file and include the License file at
0N/A * trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
0N/A * add the following below this CDDL HEADER, with the fields enclosed
873N/A * by brackets "[]" replaced with your own identifying information:
0N/A * Portions Copyright [yyyy] [name of copyright owner]
0N/A *
0N/A * CDDL HEADER END
0N/A *
0N/A *
5136N/A * Copyright 2006-2010 Sun Microsystems, Inc.
5981N/A * Portions copyright 2011-2012 ForgeRock AS.
0N/A */
0N/Apackage org.opends.server.plugins;
3853N/A
0N/A
0N/A
3853N/Aimport static org.opends.messages.PluginMessages.*;
3853N/Aimport static org.opends.server.config.ConfigConstants.*;
3853N/Aimport static org.opends.server.extensions.ExtensionsConstants.*;
3853N/Aimport static org.opends.server.loggers.ErrorLogger.*;
3853N/Aimport static org.opends.server.loggers.debug.DebugLogger.*;
3853N/Aimport static org.opends.server.schema.SchemaConstants.*;
3853N/Aimport static org.opends.server.util.StaticUtils.*;
0N/A
0N/Aimport java.util.ArrayList;
0N/Aimport java.util.HashMap;
1638N/Aimport java.util.HashSet;
0N/Aimport java.util.List;
0N/Aimport java.util.Set;
0N/A
3853N/Aimport org.opends.messages.Message;
1615N/Aimport org.opends.server.admin.server.ConfigurationChangeListener;
1615N/Aimport org.opends.server.admin.std.meta.PluginCfgDefn;
1638N/Aimport org.opends.server.admin.std.server.PasswordPolicyImportPluginCfg;
1787N/Aimport org.opends.server.admin.std.server.PluginCfg;
5488N/Aimport org.opends.server.api.AuthenticationPolicy;
1638N/Aimport org.opends.server.api.Backend;
1638N/Aimport org.opends.server.api.ImportTaskListener;
0N/Aimport org.opends.server.api.PasswordStorageScheme;
0N/Aimport org.opends.server.api.plugin.DirectoryServerPlugin;
3853N/Aimport org.opends.server.api.plugin.PluginResult;
0N/Aimport org.opends.server.api.plugin.PluginType;
0N/Aimport org.opends.server.config.ConfigException;
0N/Aimport org.opends.server.core.DirectoryServer;
0N/Aimport org.opends.server.core.PasswordPolicy;
5488N/Aimport org.opends.server.core.SubentryPasswordPolicy;
1638N/Aimport org.opends.server.loggers.debug.DebugTracer;
0N/Aimport org.opends.server.schema.AuthPasswordSyntax;
0N/Aimport org.opends.server.schema.UserPasswordSyntax;
4134N/Aimport org.opends.server.types.*;
0N/A
0N/A
0N/A/**
0N/A * This class implements a Directory Server plugin that performs various
0N/A * password policy processing during an LDIF import. In particular, it ensures
0N/A * that all of the password values are properly encoded before they are stored.
0N/A */
338N/Apublic final class PasswordPolicyImportPlugin
1638N/A extends DirectoryServerPlugin<PasswordPolicyImportPluginCfg>
1638N/A implements ConfigurationChangeListener<PasswordPolicyImportPluginCfg>,
1638N/A ImportTaskListener
0N/A{
1400N/A /**
1400N/A * The tracer object for the debug logger.
1400N/A */
1400N/A private static final DebugTracer TRACER = getTracer();
1400N/A
1638N/A
1638N/A
1638N/A // The attribute type used to specify the password policy for an entry.
1638N/A private AttributeType customPolicyAttribute;
1638N/A
1638N/A // The set of attribute types defined in the schema with the auth password
1638N/A // syntax.
1638N/A private AttributeType[] authPasswordTypes;
0N/A
1638N/A // The set of attribute types defined in the schema with the user password
1638N/A // syntax.
1638N/A private AttributeType[] userPasswordTypes;
1638N/A
1638N/A // The set of password storage schemes to use for the various password
1638N/A // policies defined in the server.
3853N/A private HashMap<DN,PasswordStorageScheme<?>[]> schemesByPolicy;
1638N/A
1638N/A // The default password storage schemes for auth password attributes.
3853N/A private PasswordStorageScheme<?>[] defaultAuthPasswordSchemes;
1638N/A
1638N/A // The default password storage schemes for user password attributes.
3853N/A private PasswordStorageScheme<?>[] defaultUserPasswordSchemes;
0N/A
0N/A
0N/A
0N/A /**
0N/A * Creates a new instance of this Directory Server plugin. Every plugin must
0N/A * implement a default constructor (it is the only one that will be used to
0N/A * create plugins defined in the configuration), and every plugin constructor
1638N/A * must call {@code super()} as its first element.
0N/A */
0N/A public PasswordPolicyImportPlugin()
0N/A {
0N/A super();
0N/A }
0N/A
0N/A
0N/A
0N/A /**
338N/A * {@inheritDoc}
0N/A */
338N/A @Override()
353N/A public final void initializePlugin(Set<PluginType> pluginTypes,
1638N/A PasswordPolicyImportPluginCfg configuration)
338N/A throws ConfigException
338N/A {
1638N/A configuration.addPasswordPolicyImportChangeListener(this);
1638N/A
1638N/A customPolicyAttribute =
1638N/A DirectoryServer.getAttributeType(OP_ATTR_PWPOLICY_POLICY_DN, true);
1638N/A
1615N/A
338N/A // Make sure that the plugin has been enabled for the appropriate types.
338N/A for (PluginType t : pluginTypes)
338N/A {
338N/A switch (t)
338N/A {
338N/A case LDIF_IMPORT:
338N/A // This is the only acceptable type.
338N/A break;
338N/A
338N/A
338N/A default:
2086N/A Message message =
2086N/A ERR_PLUGIN_PWPIMPORT_INVALID_PLUGIN_TYPE.get(t.toString());
2086N/A throw new ConfigException(message);
338N/A }
338N/A }
1638N/A
1638N/A
1638N/A // Get the set of default password storage schemes for auth password
1638N/A // attributes.
1638N/A PasswordPolicy defaultPolicy = DirectoryServer.getDefaultPasswordPolicy();
2414N/A Set<DN> authSchemeDNs =
2624N/A configuration.getDefaultAuthPasswordStorageSchemeDNs();
2624N/A if (authSchemeDNs.isEmpty())
1638N/A {
5488N/A if (defaultPolicy.isAuthPasswordSyntax())
1638N/A {
5488N/A List<PasswordStorageScheme<?>> schemeList =
5488N/A defaultPolicy.getDefaultPasswordStorageSchemes();
1638N/A defaultAuthPasswordSchemes =
1638N/A new PasswordStorageScheme[schemeList.size()];
1638N/A schemeList.toArray(defaultAuthPasswordSchemes);
1638N/A }
1638N/A else
1638N/A {
1638N/A defaultAuthPasswordSchemes = new PasswordStorageScheme[1];
1638N/A defaultAuthPasswordSchemes[0] =
1638N/A DirectoryServer.getAuthPasswordStorageScheme(
1638N/A AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1);
1638N/A if (defaultAuthPasswordSchemes[0] == null)
1638N/A {
2086N/A Message message = ERR_PLUGIN_PWIMPORT_NO_DEFAULT_AUTH_SCHEMES.get(
2086N/A AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1);
2086N/A throw new ConfigException(message);
1638N/A }
1638N/A }
1638N/A }
1638N/A else
1638N/A {
1638N/A defaultAuthPasswordSchemes =
2414N/A new PasswordStorageScheme[authSchemeDNs.size()];
1638N/A int i=0;
2414N/A for (DN schemeDN : authSchemeDNs)
1638N/A {
1638N/A defaultAuthPasswordSchemes[i] =
2414N/A DirectoryServer.getPasswordStorageScheme(schemeDN);
1638N/A if (defaultAuthPasswordSchemes[i] == null)
1638N/A {
2086N/A Message message =
2414N/A ERR_PLUGIN_PWIMPORT_NO_SUCH_DEFAULT_AUTH_SCHEME.get(
2414N/A String.valueOf(schemeDN));
2414N/A throw new ConfigException(message);
2414N/A }
2414N/A else if (! defaultAuthPasswordSchemes[i].supportsAuthPasswordSyntax())
2414N/A {
2414N/A Message message =
2414N/A ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_AUTH_SCHEME.get(
2414N/A String.valueOf(schemeDN));
2086N/A throw new ConfigException(message);
1638N/A }
1638N/A i++;
1638N/A }
1638N/A }
1638N/A
1638N/A
1638N/A // Get the set of default password storage schemes for user password
1638N/A // attributes.
2414N/A Set<DN> userSchemeDNs =
2624N/A configuration.getDefaultUserPasswordStorageSchemeDNs();
2624N/A if (userSchemeDNs.isEmpty())
1638N/A {
5488N/A if (! defaultPolicy.isAuthPasswordSyntax())
1638N/A {
5488N/A List<PasswordStorageScheme<?>> schemeList =
5488N/A defaultPolicy.getDefaultPasswordStorageSchemes();
1638N/A defaultUserPasswordSchemes =
1638N/A new PasswordStorageScheme[schemeList.size()];
1638N/A schemeList.toArray(defaultUserPasswordSchemes);
1638N/A }
1638N/A else
1638N/A {
1638N/A defaultUserPasswordSchemes = new PasswordStorageScheme[1];
1638N/A defaultUserPasswordSchemes[0] =
1638N/A DirectoryServer.getPasswordStorageScheme(
1638N/A toLowerCase(STORAGE_SCHEME_NAME_SALTED_SHA_1));
1638N/A if (defaultUserPasswordSchemes[0] == null)
1638N/A {
2086N/A Message message = ERR_PLUGIN_PWIMPORT_NO_DEFAULT_USER_SCHEMES.get(
2086N/A STORAGE_SCHEME_NAME_SALTED_SHA_1);
2086N/A throw new ConfigException(message);
1638N/A }
1638N/A }
1638N/A }
1638N/A else
1638N/A {
1638N/A defaultUserPasswordSchemes =
2414N/A new PasswordStorageScheme[userSchemeDNs.size()];
1638N/A int i=0;
2414N/A for (DN schemeDN : userSchemeDNs)
1638N/A {
1638N/A defaultUserPasswordSchemes[i] =
2414N/A DirectoryServer.getPasswordStorageScheme(schemeDN);
1638N/A if (defaultUserPasswordSchemes[i] == null)
1638N/A {
2086N/A Message message =
2414N/A ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_USER_SCHEME.get(
2414N/A String.valueOf(schemeDN));
2086N/A throw new ConfigException(message);
1638N/A }
1638N/A i++;
1638N/A }
1638N/A }
1638N/A
1638N/A processImportBegin(null, null);
1638N/A }
1638N/A
1638N/A
1638N/A
1638N/A /**
1638N/A * {@inheritDoc}
1638N/A */
1638N/A public void processImportBegin(Backend backend, LDIFImportConfig config)
1638N/A {
1638N/A // Find the set of attribute types with the auth password and user password
1638N/A // syntax defined in the schema.
1638N/A HashSet<AttributeType> authPWTypes = new HashSet<AttributeType>();
1638N/A HashSet<AttributeType> userPWTypes = new HashSet<AttributeType>();
1638N/A for (AttributeType t : DirectoryServer.getAttributeTypes().values())
1638N/A {
1638N/A if (t.getSyntaxOID().equals(SYNTAX_AUTH_PASSWORD_OID))
1638N/A {
1638N/A authPWTypes.add(t);
1638N/A }
1638N/A else if (t.getSyntaxOID().equals(SYNTAX_USER_PASSWORD_OID))
1638N/A {
1638N/A userPWTypes.add(t);
1638N/A }
1638N/A }
1638N/A
1638N/A
1638N/A // Get the set of password policies defined in the server and get the
1638N/A // attribute types associated with them.
3853N/A HashMap<DN,PasswordStorageScheme<?>[]> schemeMap =
3853N/A new HashMap<DN,PasswordStorageScheme<?>[]>();
5488N/A for (AuthenticationPolicy ap : DirectoryServer.getAuthenticationPolicies())
1638N/A {
5522N/A if (ap.isPasswordPolicy())
5522N/A {
5522N/A PasswordPolicy p = (PasswordPolicy) ap;
5488N/A
5522N/A List<PasswordStorageScheme<?>> schemeList = p
5522N/A .getDefaultPasswordStorageSchemes();
5522N/A PasswordStorageScheme<?>[] schemeArray =
5522N/A new PasswordStorageScheme[schemeList.size()];
5522N/A schemeList.toArray(schemeArray);
5522N/A schemeMap.put(p.getDN(), schemeArray);
5522N/A }
1638N/A }
1638N/A
1638N/A
1638N/A AttributeType[] authTypesArray = new AttributeType[authPWTypes.size()];
1638N/A AttributeType[] userTypesArray = new AttributeType[userPWTypes.size()];
1638N/A authPWTypes.toArray(authTypesArray);
1638N/A userPWTypes.toArray(userTypesArray);
1638N/A
1638N/A schemesByPolicy = schemeMap;
1638N/A authPasswordTypes = authTypesArray;
1638N/A userPasswordTypes = userTypesArray;
1638N/A }
1638N/A
1638N/A
1638N/A
1638N/A /**
1638N/A * {@inheritDoc}
1638N/A */
1638N/A public void processImportEnd(Backend backend, LDIFImportConfig config,
1638N/A boolean successful)
1638N/A {
1638N/A // No implementation is required.
338N/A }
338N/A
338N/A
338N/A
338N/A /**
338N/A * {@inheritDoc}
338N/A */
338N/A @Override()
3352N/A public final PluginResult.ImportLDIF
3352N/A doLDIFImport(LDIFImportConfig importConfig, Entry entry)
0N/A {
5136N/A // Check if this entry is a password policy subentry
5136N/A // and if so evaluate whether or not its acceptable.
5136N/A if ((entry.isSubentry() || entry.isLDAPSubentry()) &&
5136N/A entry.isPasswordPolicySubentry())
5136N/A {
5136N/A try
5136N/A {
5488N/A new SubentryPasswordPolicy(new SubEntry(entry));
5136N/A }
5136N/A catch (DirectoryException de)
5136N/A {
5136N/A if (debugEnabled())
5136N/A {
5136N/A TRACER.debugCaught(DebugLogLevel.ERROR, de);
5136N/A }
5136N/A
5136N/A return PluginResult.ImportLDIF.stopEntryProcessing(
5136N/A de.getMessageObject());
5136N/A }
5136N/A }
5136N/A
1638N/A // See if the entry explicitly states the password policy that it should
3853N/A // use. If so, then only use it to perform the encoding.
1638N/A List<Attribute> attrList = entry.getAttribute(customPolicyAttribute);
1638N/A if (attrList != null)
1638N/A {
1638N/A DN policyDN = null;
1638N/A PasswordPolicy policy = null;
1638N/ApolicyLoop:
1638N/A for (Attribute a : attrList)
1638N/A {
3853N/A for (AttributeValue v : a)
1638N/A {
1638N/A try
1638N/A {
1638N/A policyDN = DN.decode(v.getValue());
5492N/A AuthenticationPolicy authPolicy = DirectoryServer
5488N/A .getAuthenticationPolicy(policyDN);
5492N/A if (authPolicy == null)
1638N/A {
2086N/A Message message = WARN_PLUGIN_PWIMPORT_NO_SUCH_POLICY.get(
2086N/A String.valueOf(entry.getDN()), String.valueOf(policyDN));
2086N/A logError(message);
1638N/A }
5981N/A else if (authPolicy.isPasswordPolicy())
5492N/A {
5492N/A policy = (PasswordPolicy) authPolicy;
5492N/A }
5492N/A
1638N/A break policyLoop;
1638N/A }
1638N/A catch (DirectoryException de)
1638N/A {
2086N/A Message message = WARN_PLUGIN_PWIMPORT_CANNOT_DECODE_POLICY_DN.get(
2086N/A String.valueOf(entry.getDN()), de.getMessageObject());
2086N/A logError(message);
1638N/A break policyLoop;
1638N/A }
1638N/A }
1638N/A }
1638N/A
1638N/A if (policy != null)
1638N/A {
3853N/A PasswordStorageScheme<?>[] schemes = schemesByPolicy.get(policyDN);
1638N/A if (schemes != null)
1638N/A {
1638N/A attrList = entry.getAttribute(policy.getPasswordAttribute());
1638N/A if (attrList == null)
1638N/A {
3352N/A return PluginResult.ImportLDIF.continueEntryProcessing();
1638N/A }
1638N/A
1638N/A for (Attribute a : attrList)
1638N/A {
3853N/A AttributeBuilder builder = new AttributeBuilder(a, true);
3853N/A boolean gotError = false;
1638N/A
3853N/A for (AttributeValue v : a)
1638N/A {
1638N/A ByteString value = v.getValue();
1638N/A
5488N/A if (policy.isAuthPasswordSyntax())
1638N/A {
3853N/A if (!AuthPasswordSyntax.isEncoded(value))
1638N/A {
1638N/A try
1638N/A {
3853N/A for (PasswordStorageScheme<?> s : schemes)
1638N/A {
3853N/A ByteString nv = s.encodeAuthPassword(value);
4134N/A builder.add(AttributeValues.create(policy
3853N/A .getPasswordAttribute(), nv));
1638N/A }
1638N/A }
1638N/A catch (Exception e)
1638N/A {
1638N/A if (debugEnabled())
1638N/A {
1638N/A TRACER.debugCaught(DebugLogLevel.ERROR, e);
1638N/A }
1638N/A
2086N/A Message message =
3853N/A ERR_PLUGIN_PWPIMPORT_ERROR_ENCODING_PASSWORD
3853N/A .get(policy.getPasswordAttribute().getNameOrOID(),
3853N/A String.valueOf(entry.getDN()),
3853N/A stackTraceToSingleLineString(e));
2086N/A logError(message);
3853N/A gotError = true;
1638N/A break;
1638N/A }
1638N/A }
3853N/A else
3853N/A {
3853N/A builder.add(v);
3853N/A }
1638N/A }
1638N/A else
1638N/A {
3853N/A if (!UserPasswordSyntax.isEncoded(value))
1638N/A {
1638N/A try
1638N/A {
3853N/A for (PasswordStorageScheme<?> s : schemes)
1638N/A {
3853N/A ByteString nv = s.encodePasswordWithScheme(value);
4134N/A builder.add(AttributeValues.create(policy
3853N/A .getPasswordAttribute(), nv));
1638N/A }
1638N/A }
1638N/A catch (Exception e)
1638N/A {
1638N/A if (debugEnabled())
1638N/A {
1638N/A TRACER.debugCaught(DebugLogLevel.ERROR, e);
1638N/A }
1638N/A
2086N/A Message message =
3853N/A ERR_PLUGIN_PWPIMPORT_ERROR_ENCODING_PASSWORD
3853N/A .get(policy.getPasswordAttribute().getNameOrOID(),
3853N/A String.valueOf(entry.getDN()),
3853N/A stackTraceToSingleLineString(e));
2086N/A logError(message);
3853N/A gotError = true;
1638N/A break;
1638N/A }
1638N/A }
3853N/A else
3853N/A {
3853N/A builder.add(v);
3853N/A }
1638N/A }
1638N/A }
1638N/A
3853N/A if (!gotError)
1638N/A {
3853N/A entry.replaceAttribute(builder.toAttribute());
1638N/A }
1638N/A }
1638N/A
3352N/A return PluginResult.ImportLDIF.continueEntryProcessing();
1638N/A }
1638N/A }
1638N/A }
1638N/A
1638N/A
0N/A // Iterate through the list of auth password attributes. If any of them
0N/A // are present and their values are not encoded, then encode them with all
0N/A // appropriate schemes.
1638N/A for (AttributeType t : authPasswordTypes)
0N/A {
1638N/A attrList = entry.getAttribute(t);
0N/A if ((attrList == null) || attrList.isEmpty())
0N/A {
0N/A continue;
0N/A }
0N/A
0N/A for (Attribute a : attrList)
0N/A {
3853N/A AttributeBuilder builder = new AttributeBuilder(a, true);
3853N/A boolean gotError = false;
0N/A
3853N/A for (AttributeValue v : a)
0N/A {
0N/A ByteString value = v.getValue();
3853N/A if (!AuthPasswordSyntax.isEncoded(value))
0N/A {
0N/A try
0N/A {
3853N/A for (PasswordStorageScheme<?> s : defaultAuthPasswordSchemes)
0N/A {
3853N/A ByteString nv = s.encodeAuthPassword(value);
4134N/A builder.add(AttributeValues.create(t, nv));
0N/A }
0N/A }
0N/A catch (Exception e)
0N/A {
868N/A if (debugEnabled())
868N/A {
1400N/A TRACER.debugCaught(DebugLogLevel.ERROR, e);
868N/A }
0N/A
3853N/A Message message = ERR_PLUGIN_PWPIMPORT_ERROR_ENCODING_PASSWORD
3853N/A .get(t.getNameOrOID(), String.valueOf(entry.getDN()),
2086N/A stackTraceToSingleLineString(e));
2086N/A logError(message);
3853N/A gotError = true;
0N/A break;
0N/A }
0N/A }
3853N/A else
3853N/A {
3853N/A builder.add(v);
3853N/A }
0N/A }
0N/A
3853N/A if (!gotError)
0N/A {
3853N/A entry.replaceAttribute(builder.toAttribute());
0N/A }
0N/A }
0N/A }
0N/A
0N/A
0N/A // Iterate through the list of user password attributes. If any of them
0N/A // are present and their values are not encoded, then encode them with all
0N/A // appropriate schemes.
1638N/A for (AttributeType t : userPasswordTypes)
0N/A {
1638N/A attrList = entry.getAttribute(t);
0N/A if ((attrList == null) || attrList.isEmpty())
0N/A {
0N/A continue;
0N/A }
0N/A
0N/A for (Attribute a : attrList)
0N/A {
3853N/A AttributeBuilder builder = new AttributeBuilder(a, true);
3853N/A boolean gotError = false;
0N/A
3853N/A for (AttributeValue v : a)
0N/A {
0N/A ByteString value = v.getValue();
3853N/A if (!UserPasswordSyntax.isEncoded(value))
0N/A {
0N/A try
0N/A {
3853N/A for (PasswordStorageScheme<?> s : defaultUserPasswordSchemes)
0N/A {
3853N/A ByteString nv = s.encodePasswordWithScheme(value);
4134N/A builder.add(AttributeValues.create(t, nv));
0N/A }
0N/A }
0N/A catch (Exception e)
0N/A {
868N/A if (debugEnabled())
868N/A {
1400N/A TRACER.debugCaught(DebugLogLevel.ERROR, e);
868N/A }
0N/A
3853N/A Message message = ERR_PLUGIN_PWPIMPORT_ERROR_ENCODING_PASSWORD
3853N/A .get(t.getNameOrOID(), String.valueOf(entry.getDN()),
2086N/A stackTraceToSingleLineString(e));
2086N/A logError(message);
3853N/A gotError = true;
0N/A break;
0N/A }
0N/A }
3853N/A else
3853N/A {
3853N/A builder.add(v);
3853N/A }
0N/A }
0N/A
3853N/A if (!gotError)
0N/A {
3853N/A entry.replaceAttribute(builder.toAttribute());
0N/A }
0N/A }
0N/A }
0N/A
0N/A
3352N/A return PluginResult.ImportLDIF.continueEntryProcessing();
0N/A }
1615N/A
1615N/A
1615N/A
1615N/A /**
1615N/A * {@inheritDoc}
1615N/A */
1787N/A @Override()
1787N/A public boolean isConfigurationAcceptable(PluginCfg configuration,
2086N/A List<Message> unacceptableReasons)
1787N/A {
1787N/A PasswordPolicyImportPluginCfg config =
1787N/A (PasswordPolicyImportPluginCfg) configuration;
1787N/A return isConfigurationChangeAcceptable(config, unacceptableReasons);
1787N/A }
1787N/A
1787N/A
1787N/A
1787N/A /**
1787N/A * {@inheritDoc}
1787N/A */
1638N/A public boolean isConfigurationChangeAcceptable(
1638N/A PasswordPolicyImportPluginCfg configuration,
2086N/A List<Message> unacceptableReasons)
1615N/A {
1615N/A boolean configAcceptable = true;
1615N/A
1615N/A // Ensure that the set of plugin types contains only LDIF import.
1615N/A for (PluginCfgDefn.PluginType pluginType : configuration.getPluginType())
1615N/A {
1615N/A switch (pluginType)
1615N/A {
1615N/A case LDIFIMPORT:
1615N/A // This is the only acceptable type.
1615N/A break;
1615N/A
1615N/A
1615N/A default:
2086N/A Message message = ERR_PLUGIN_PWPIMPORT_INVALID_PLUGIN_TYPE.get(
2086N/A pluginType.toString());
1615N/A unacceptableReasons.add(message);
1615N/A configAcceptable = false;
1615N/A }
1615N/A }
1615N/A
1638N/A
1638N/A // Get the set of default password storage schemes for auth password
1638N/A // attributes.
2414N/A Set<DN> authSchemeDNs =
2624N/A configuration.getDefaultAuthPasswordStorageSchemeDNs();
2624N/A if (authSchemeDNs.isEmpty())
1638N/A {
3853N/A PasswordStorageScheme<?>[] defaultAuthSchemes =
3853N/A new PasswordStorageScheme[1];
1638N/A defaultAuthSchemes[0] =
1638N/A DirectoryServer.getAuthPasswordStorageScheme(
1638N/A AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1);
1638N/A if (defaultAuthSchemes[0] == null)
1638N/A {
2086N/A Message message = ERR_PLUGIN_PWIMPORT_NO_DEFAULT_AUTH_SCHEMES.get(
2086N/A AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1);
1638N/A unacceptableReasons.add(message);
1638N/A configAcceptable = false;
1638N/A }
1638N/A }
1638N/A else
1638N/A {
3853N/A PasswordStorageScheme<?>[] defaultAuthSchemes =
2414N/A new PasswordStorageScheme[authSchemeDNs.size()];
1638N/A int i=0;
2414N/A for (DN schemeDN : authSchemeDNs)
1638N/A {
1638N/A defaultAuthSchemes[i] =
2414N/A DirectoryServer.getPasswordStorageScheme(schemeDN);
1638N/A if (defaultAuthSchemes[i] == null)
1638N/A {
2414N/A Message message =
2414N/A ERR_PLUGIN_PWIMPORT_NO_SUCH_DEFAULT_AUTH_SCHEME.get(
2414N/A String.valueOf(schemeDN));
2414N/A unacceptableReasons.add(message);
2414N/A configAcceptable = false;
2414N/A }
2414N/A else if (! defaultAuthSchemes[i].supportsAuthPasswordSyntax())
2414N/A {
2414N/A Message message =
2414N/A ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_AUTH_SCHEME.get(
2414N/A String.valueOf(schemeDN));
1638N/A unacceptableReasons.add(message);
1638N/A configAcceptable = false;
1638N/A }
1638N/A i++;
1638N/A }
1638N/A }
1638N/A
1638N/A
1638N/A // Get the set of default password storage schemes for user password
1638N/A // attributes.
2414N/A Set<DN> userSchemeDNs =
2624N/A configuration.getDefaultUserPasswordStorageSchemeDNs();
2624N/A if (userSchemeDNs.isEmpty())
1638N/A {
3853N/A PasswordStorageScheme<?>[] defaultUserSchemes =
3853N/A new PasswordStorageScheme[1];
1638N/A defaultUserSchemes[0] =
1638N/A DirectoryServer.getPasswordStorageScheme(
1638N/A toLowerCase(STORAGE_SCHEME_NAME_SALTED_SHA_1));
1638N/A if (defaultUserSchemes[0] == null)
1638N/A {
2086N/A Message message = ERR_PLUGIN_PWIMPORT_NO_DEFAULT_USER_SCHEMES.get(
2086N/A STORAGE_SCHEME_NAME_SALTED_SHA_1);
1638N/A unacceptableReasons.add(message);
1638N/A configAcceptable = false;
1638N/A }
1638N/A }
1638N/A else
1638N/A {
3853N/A PasswordStorageScheme<?>[] defaultUserSchemes =
2414N/A new PasswordStorageScheme[userSchemeDNs.size()];
1638N/A int i=0;
2414N/A for (DN schemeDN : userSchemeDNs)
1638N/A {
1638N/A defaultUserSchemes[i] =
2414N/A DirectoryServer.getPasswordStorageScheme(schemeDN);
1638N/A if (defaultUserSchemes[i] == null)
1638N/A {
2086N/A Message message = ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_USER_SCHEME.get(
2414N/A String.valueOf(schemeDN));
1638N/A unacceptableReasons.add(message);
1638N/A configAcceptable = false;
1638N/A }
1638N/A i++;
1638N/A }
1638N/A }
1638N/A
1638N/A
1615N/A return configAcceptable;
1615N/A }
1615N/A
1615N/A
1615N/A
1615N/A /**
1615N/A * {@inheritDoc}
1615N/A */
1638N/A public ConfigChangeResult applyConfigurationChange(
1638N/A PasswordPolicyImportPluginCfg configuration)
1615N/A {
1638N/A ResultCode resultCode = ResultCode.SUCCESS;
1638N/A boolean adminActionRequired = false;
2086N/A ArrayList<Message> messages = new ArrayList<Message>();
1638N/A
1638N/A
1638N/A // Get the set of default password storage schemes for auth password
1638N/A // attributes.
1638N/A PasswordPolicy defaultPolicy = DirectoryServer.getDefaultPasswordPolicy();
3853N/A PasswordStorageScheme<?>[] defaultAuthSchemes;
2414N/A Set<DN> authSchemeDNs =
2624N/A configuration.getDefaultAuthPasswordStorageSchemeDNs();
2624N/A if (authSchemeDNs.isEmpty())
1638N/A {
5488N/A if (defaultPolicy.isAuthPasswordSyntax())
1638N/A {
5488N/A List<PasswordStorageScheme<?>> schemeList =
5488N/A defaultPolicy.getDefaultPasswordStorageSchemes();
1638N/A defaultAuthSchemes =
1638N/A new PasswordStorageScheme[schemeList.size()];
1638N/A schemeList.toArray(defaultAuthSchemes);
1638N/A }
1638N/A else
1638N/A {
1638N/A defaultAuthSchemes = new PasswordStorageScheme[1];
1638N/A defaultAuthSchemes[0] =
1638N/A DirectoryServer.getAuthPasswordStorageScheme(
1638N/A AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1);
1638N/A if (defaultAuthSchemes[0] == null)
1638N/A {
1638N/A resultCode = DirectoryServer.getServerErrorResultCode();
1638N/A
2086N/A messages.add(ERR_PLUGIN_PWIMPORT_NO_DEFAULT_AUTH_SCHEMES.get(
2086N/A AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1));
1638N/A }
1638N/A }
1638N/A }
1638N/A else
1638N/A {
2414N/A defaultAuthSchemes = new PasswordStorageScheme[authSchemeDNs.size()];
1638N/A int i=0;
2414N/A for (DN schemeDN : authSchemeDNs)
1638N/A {
1638N/A defaultAuthSchemes[i] =
2414N/A DirectoryServer.getPasswordStorageScheme(schemeDN);
1638N/A if (defaultAuthSchemes[i] == null)
1638N/A {
1638N/A resultCode = DirectoryServer.getServerErrorResultCode();
1638N/A
2414N/A messages.add(
2414N/A ERR_PLUGIN_PWIMPORT_NO_SUCH_DEFAULT_AUTH_SCHEME.get(
2414N/A String.valueOf(schemeDN)));
2414N/A }
2414N/A else if (! defaultAuthSchemes[i].supportsAuthPasswordSyntax())
2414N/A {
2414N/A resultCode = DirectoryServer.getServerErrorResultCode();
2414N/A
2414N/A messages.add(
2414N/A ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_AUTH_SCHEME.get(
2414N/A String.valueOf(schemeDN)));
1638N/A }
1638N/A i++;
1638N/A }
1638N/A }
1638N/A
1638N/A
1638N/A // Get the set of default password storage schemes for user password
1638N/A // attributes.
3853N/A PasswordStorageScheme<?>[] defaultUserSchemes;
2414N/A Set<DN> userSchemeDNs =
2624N/A configuration.getDefaultUserPasswordStorageSchemeDNs();
2624N/A if (userSchemeDNs.isEmpty())
1638N/A {
5488N/A if (! defaultPolicy.isAuthPasswordSyntax())
1638N/A {
5488N/A List<PasswordStorageScheme<?>> schemeList =
5488N/A defaultPolicy.getDefaultPasswordStorageSchemes();
1638N/A defaultUserSchemes =
1638N/A new PasswordStorageScheme[schemeList.size()];
1638N/A schemeList.toArray(defaultUserSchemes);
1638N/A }
1638N/A else
1638N/A {
1638N/A defaultUserSchemes = new PasswordStorageScheme[1];
1638N/A defaultUserSchemes[0] = DirectoryServer.getPasswordStorageScheme(
1638N/A toLowerCase(STORAGE_SCHEME_NAME_SALTED_SHA_1));
1638N/A if (defaultUserSchemes[0] == null)
1638N/A {
1638N/A resultCode = DirectoryServer.getServerErrorResultCode();
1638N/A
2086N/A messages.add(ERR_PLUGIN_PWIMPORT_NO_DEFAULT_USER_SCHEMES.get(
2086N/A STORAGE_SCHEME_NAME_SALTED_SHA_1));
1638N/A }
1638N/A }
1638N/A }
1638N/A else
1638N/A {
2414N/A defaultUserSchemes = new PasswordStorageScheme[userSchemeDNs.size()];
1638N/A int i=0;
2414N/A for (DN schemeDN : userSchemeDNs)
1638N/A {
1638N/A defaultUserSchemes[i] =
2414N/A DirectoryServer.getPasswordStorageScheme(schemeDN);
1638N/A if (defaultUserSchemes[i] == null)
1638N/A {
1638N/A resultCode = DirectoryServer.getServerErrorResultCode();
1638N/A
2086N/A messages.add(ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_USER_SCHEME.get(
2414N/A String.valueOf(schemeDN)));
1638N/A }
1638N/A i++;
1638N/A }
1638N/A }
1638N/A
1787N/A if (resultCode == ResultCode.SUCCESS)
1787N/A {
1787N/A defaultAuthPasswordSchemes = defaultAuthSchemes;
1787N/A defaultUserPasswordSchemes = defaultUserSchemes;
1787N/A }
1787N/A
1638N/A return new ConfigChangeResult(resultCode, adminActionRequired, messages);
1615N/A }
0N/A}
0N/A