PasswordPolicyImportPlugin.java revision 353
0N/A/*
0N/A * CDDL HEADER START
0N/A *
0N/A * The contents of this file are subject to the terms of the
0N/A * Common Development and Distribution License, Version 1.0 only
0N/A * (the "License"). You may not use this file except in compliance
0N/A * with the License.
0N/A *
0N/A * You can obtain a copy of the license at
0N/A * trunk/opends/resource/legal-notices/OpenDS.LICENSE
0N/A * or https://OpenDS.dev.java.net/OpenDS.LICENSE.
0N/A * See the License for the specific language governing permissions
0N/A * and limitations under the License.
0N/A *
0N/A * When distributing Covered Code, include this CDDL HEADER in each
0N/A * file and include the License file at
0N/A * trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
0N/A * add the following below this CDDL HEADER, with the fields enclosed
0N/A * by brackets "[]" replaced with your own identifying * information:
0N/A * Portions Copyright [yyyy] [name of copyright owner]
0N/A *
0N/A * CDDL HEADER END
0N/A *
0N/A *
0N/A * Portions Copyright 2006 Sun Microsystems, Inc.
0N/A */
0N/Apackage org.opends.server.plugins;
0N/A
0N/A
0N/A
0N/Aimport java.util.ArrayList;
0N/Aimport java.util.HashMap;
0N/Aimport java.util.Iterator;
0N/Aimport java.util.LinkedHashSet;
0N/Aimport java.util.List;
0N/Aimport java.util.Set;
0N/Aimport java.util.concurrent.CopyOnWriteArrayList;
0N/A
0N/Aimport org.opends.server.api.PasswordStorageScheme;
0N/Aimport org.opends.server.api.plugin.DirectoryServerPlugin;
0N/Aimport org.opends.server.api.plugin.LDIFPluginResult;
0N/Aimport org.opends.server.api.plugin.PluginType;
0N/Aimport org.opends.server.config.ConfigEntry;
0N/Aimport org.opends.server.config.ConfigException;
0N/Aimport org.opends.server.core.DirectoryServer;
0N/Aimport org.opends.server.core.PasswordPolicy;
0N/Aimport org.opends.server.schema.AuthPasswordSyntax;
0N/Aimport org.opends.server.schema.UserPasswordSyntax;
0N/Aimport org.opends.server.types.Attribute;
0N/Aimport org.opends.server.types.AttributeType;
0N/Aimport org.opends.server.types.AttributeValue;
0N/Aimport org.opends.server.types.ByteString;
0N/Aimport org.opends.server.types.Entry;
0N/Aimport org.opends.server.types.ErrorLogCategory;
0N/Aimport org.opends.server.types.ErrorLogSeverity;
0N/Aimport org.opends.server.types.LDIFImportConfig;
0N/A
0N/Aimport static org.opends.server.loggers.Debug.*;
0N/Aimport static org.opends.server.loggers.Error.*;
0N/Aimport static org.opends.server.messages.MessageHandler.*;
0N/Aimport static org.opends.server.messages.PluginMessages.*;
0N/Aimport static org.opends.server.util.StaticUtils.*;
0N/A
0N/A
0N/A
0N/A/**
0N/A * This class implements a Directory Server plugin that performs various
0N/A * password policy processing during an LDIF import. In particular, it ensures
0N/A * that all of the password values are properly encoded before they are stored.
0N/A */
338N/Apublic final class PasswordPolicyImportPlugin
0N/A extends DirectoryServerPlugin
0N/A{
0N/A /**
0N/A * The fully-qualified name of this class for debugging purposes.
0N/A */
0N/A private static final String CLASS_NAME =
0N/A "org.opends.server.plugins.PasswordPolicyImportPlugin";
0N/A
0N/A
0N/A
0N/A // The sets of password storage schemes for the auth password attributes.
338N/A private final HashMap<AttributeType,PasswordStorageScheme[]>
338N/A authPasswordSchemes;
0N/A
0N/A // The sets of password storage schemes for the user password attributes.
338N/A private final HashMap<AttributeType,PasswordStorageScheme[]>
338N/A userPasswordSchemes;
0N/A
0N/A
0N/A
0N/A /**
0N/A * Creates a new instance of this Directory Server plugin. Every plugin must
0N/A * implement a default constructor (it is the only one that will be used to
0N/A * create plugins defined in the configuration), and every plugin constructor
0N/A * must call <CODE>super()</CODE> as its first element.
0N/A */
0N/A public PasswordPolicyImportPlugin()
0N/A {
0N/A super();
0N/A
0N/A assert debugConstructor(CLASS_NAME);
0N/A
0N/A
338N/A // Get the password policies from the Directory Server configuration. This
338N/A // is done in the constructor to allow the instance variables to be declared
338N/A // "final".
0N/A authPasswordSchemes = new HashMap<AttributeType,PasswordStorageScheme[]>();
0N/A userPasswordSchemes = new HashMap<AttributeType,PasswordStorageScheme[]>();
0N/A for (PasswordPolicy p : DirectoryServer.getPasswordPolicies().values())
0N/A {
0N/A AttributeType t = p.getPasswordAttribute();
0N/A if (p.usesAuthPasswordSyntax())
0N/A {
0N/A PasswordStorageScheme[] schemes = authPasswordSchemes.get(t);
0N/A if (schemes == null)
0N/A {
0N/A CopyOnWriteArrayList<PasswordStorageScheme> defaultSchemes =
0N/A p.getDefaultStorageSchemes();
0N/A schemes = new PasswordStorageScheme[defaultSchemes.size()];
0N/A defaultSchemes.toArray(schemes);
0N/A authPasswordSchemes.put(t, schemes);
0N/A }
0N/A else
0N/A {
0N/A LinkedHashSet<PasswordStorageScheme> newSchemes =
0N/A new LinkedHashSet<PasswordStorageScheme>();
0N/A for (PasswordStorageScheme s : schemes)
0N/A {
0N/A newSchemes.add(s);
0N/A }
0N/A
0N/A for (PasswordStorageScheme s : p.getDefaultStorageSchemes())
0N/A {
0N/A newSchemes.add(s);
0N/A }
0N/A
0N/A schemes = new PasswordStorageScheme[newSchemes.size()];
0N/A newSchemes.toArray(schemes);
0N/A authPasswordSchemes.put(t, schemes);
0N/A }
0N/A }
0N/A else
0N/A {
0N/A PasswordStorageScheme[] schemes = userPasswordSchemes.get(t);
0N/A if (schemes == null)
0N/A {
0N/A CopyOnWriteArrayList<PasswordStorageScheme> defaultSchemes =
0N/A p.getDefaultStorageSchemes();
0N/A schemes = new PasswordStorageScheme[defaultSchemes.size()];
0N/A defaultSchemes.toArray(schemes);
0N/A userPasswordSchemes.put(t, schemes);
0N/A }
0N/A else
0N/A {
0N/A LinkedHashSet<PasswordStorageScheme> newSchemes =
0N/A new LinkedHashSet<PasswordStorageScheme>();
0N/A for (PasswordStorageScheme s : schemes)
0N/A {
0N/A newSchemes.add(s);
0N/A }
0N/A
0N/A for (PasswordStorageScheme s : p.getDefaultStorageSchemes())
0N/A {
0N/A newSchemes.add(s);
0N/A }
0N/A
0N/A schemes = new PasswordStorageScheme[newSchemes.size()];
0N/A newSchemes.toArray(schemes);
0N/A userPasswordSchemes.put(t, schemes);
0N/A }
0N/A }
0N/A }
0N/A }
0N/A
0N/A
0N/A
0N/A /**
338N/A * {@inheritDoc}
0N/A */
338N/A @Override()
353N/A public final void initializePlugin(Set<PluginType> pluginTypes,
353N/A ConfigEntry configEntry)
338N/A throws ConfigException
338N/A {
338N/A assert debugEnter(CLASS_NAME, "initializePlugin",
338N/A String.valueOf(pluginTypes),
338N/A String.valueOf(configEntry));
338N/A
338N/A
338N/A // Make sure that the plugin has been enabled for the appropriate types.
338N/A for (PluginType t : pluginTypes)
338N/A {
338N/A switch (t)
338N/A {
338N/A case LDIF_IMPORT:
338N/A // This is the only acceptable type.
338N/A break;
338N/A
338N/A
338N/A default:
338N/A int msgID = MSGID_PLUGIN_PWPIMPORT_INVALID_PLUGIN_TYPE;
338N/A String message = getMessage(msgID, t.toString());
338N/A throw new ConfigException(msgID, message);
338N/A }
338N/A }
338N/A }
338N/A
338N/A
338N/A
338N/A /**
338N/A * {@inheritDoc}
338N/A */
338N/A @Override()
338N/A public final LDIFPluginResult doLDIFImport(LDIFImportConfig importConfig,
338N/A Entry entry)
0N/A {
0N/A assert debugEnter(CLASS_NAME, "doLDIFImport",
0N/A String.valueOf(importConfig), String.valueOf(entry));
0N/A
0N/A
0N/A // Create a list that we will use to hold new encoded values.
0N/A ArrayList<ByteString> encodedValueList = new ArrayList<ByteString>();
0N/A
0N/A
0N/A // Iterate through the list of auth password attributes. If any of them
0N/A // are present and their values are not encoded, then encode them with all
0N/A // appropriate schemes.
0N/A for (AttributeType t : authPasswordSchemes.keySet())
0N/A {
0N/A List<Attribute> attrList = entry.getAttribute(t);
0N/A if ((attrList == null) || attrList.isEmpty())
0N/A {
0N/A continue;
0N/A }
0N/A
0N/A PasswordStorageScheme[] schemes = authPasswordSchemes.get(t);
0N/A for (Attribute a : attrList)
0N/A {
0N/A encodedValueList.clear();
0N/A
0N/A LinkedHashSet<AttributeValue> values = a.getValues();
0N/A Iterator<AttributeValue> iterator = values.iterator();
0N/A while (iterator.hasNext())
0N/A {
0N/A AttributeValue v = iterator.next();
0N/A ByteString value = v.getValue();
0N/A if (! AuthPasswordSyntax.isEncoded(value))
0N/A {
0N/A try
0N/A {
0N/A for (PasswordStorageScheme s : schemes)
0N/A {
0N/A encodedValueList.add(s.encodeAuthPassword(value));
0N/A }
0N/A
0N/A iterator.remove();
0N/A }
0N/A catch (Exception e)
0N/A {
0N/A assert debugException(CLASS_NAME, "doLDIFImport", e);
0N/A
0N/A int msgID = MSGID_PLUGIN_PWPIMPORT_ERROR_ENCODING_PASSWORD;
0N/A String message = getMessage(msgID, t.getNameOrOID(),
0N/A String.valueOf(entry.getDN()),
0N/A stackTraceToSingleLineString(e));
0N/A logError(ErrorLogCategory.PLUGIN, ErrorLogSeverity.SEVERE_ERROR,
0N/A message, msgID);
0N/A
0N/A encodedValueList.clear();
0N/A break;
0N/A }
0N/A }
0N/A }
0N/A
0N/A for (ByteString s : encodedValueList)
0N/A {
0N/A values.add(new AttributeValue(t, s));
0N/A }
0N/A }
0N/A }
0N/A
0N/A
0N/A // Iterate through the list of user password attributes. If any of them
0N/A // are present and their values are not encoded, then encode them with all
0N/A // appropriate schemes.
0N/A for (AttributeType t : userPasswordSchemes.keySet())
0N/A {
0N/A List<Attribute> attrList = entry.getAttribute(t);
0N/A if ((attrList == null) || attrList.isEmpty())
0N/A {
0N/A continue;
0N/A }
0N/A
0N/A PasswordStorageScheme[] schemes = userPasswordSchemes.get(t);
0N/A for (Attribute a : attrList)
0N/A {
0N/A encodedValueList.clear();
0N/A
0N/A LinkedHashSet<AttributeValue> values = a.getValues();
0N/A Iterator<AttributeValue> iterator = values.iterator();
0N/A while (iterator.hasNext())
0N/A {
0N/A AttributeValue v = iterator.next();
0N/A ByteString value = v.getValue();
0N/A if (! UserPasswordSyntax.isEncoded(value))
0N/A {
0N/A try
0N/A {
0N/A for (PasswordStorageScheme s : schemes)
0N/A {
0N/A encodedValueList.add(s.encodePasswordWithScheme(value));
0N/A }
0N/A
0N/A iterator.remove();
0N/A }
0N/A catch (Exception e)
0N/A {
0N/A assert debugException(CLASS_NAME, "doLDIFImport", e);
0N/A
0N/A int msgID = MSGID_PLUGIN_PWPIMPORT_ERROR_ENCODING_PASSWORD;
0N/A String message = getMessage(msgID, t.getNameOrOID(),
0N/A String.valueOf(entry.getDN()),
0N/A stackTraceToSingleLineString(e));
0N/A logError(ErrorLogCategory.PLUGIN, ErrorLogSeverity.SEVERE_ERROR,
0N/A message, msgID);
0N/A
0N/A encodedValueList.clear();
0N/A break;
0N/A }
0N/A }
0N/A }
0N/A
0N/A for (ByteString s : encodedValueList)
0N/A {
0N/A values.add(new AttributeValue(t, s));
0N/A }
0N/A }
0N/A }
0N/A
0N/A
0N/A return new LDIFPluginResult();
0N/A }
0N/A}
0N/A