001 /*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License"). You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at
010 * trunk/opends/resource/legal-notices/OpenDS.LICENSE
011 * or https://OpenDS.dev.java.net/OpenDS.LICENSE.
012 * See the License for the specific language governing permissions
013 * and limitations under the License.
014 *
015 * When distributing Covered Code, include this CDDL HEADER in each
016 * file and include the License file at
017 * trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
018 * add the following below this CDDL HEADER, with the fields enclosed
019 * by brackets "[]" replaced with your own identifying information:
020 * Portions Copyright [yyyy] [name of copyright owner]
021 *
022 * CDDL HEADER END
023 *
024 *
025 * Copyright 2006-2008 Sun Microsystems, Inc.
026 */
027 package org.opends.server.plugins;
028 import org.opends.messages.Message;
029
030
031
032 import java.util.ArrayList;
033 import java.util.HashMap;
034 import java.util.HashSet;
035 import java.util.Iterator;
036 import java.util.LinkedHashSet;
037 import java.util.List;
038 import java.util.Set;
039 import java.util.concurrent.CopyOnWriteArrayList;
040
041 import org.opends.server.admin.server.ConfigurationChangeListener;
042 import org.opends.server.admin.std.meta.PluginCfgDefn;
043 import org.opends.server.admin.std.server.PasswordPolicyImportPluginCfg;
044 import org.opends.server.admin.std.server.PluginCfg;
045 import org.opends.server.api.Backend;
046 import org.opends.server.api.ImportTaskListener;
047 import org.opends.server.api.PasswordStorageScheme;
048 import org.opends.server.api.plugin.DirectoryServerPlugin;
049 import org.opends.server.api.plugin.PluginType;
050 import org.opends.server.api.plugin.PluginResult;
051 import org.opends.server.config.ConfigException;
052 import org.opends.server.core.DirectoryServer;
053 import org.opends.server.core.PasswordPolicy;
054 import org.opends.server.loggers.debug.DebugTracer;
055 import org.opends.server.schema.AuthPasswordSyntax;
056 import org.opends.server.schema.UserPasswordSyntax;
057 import org.opends.server.types.Attribute;
058 import org.opends.server.types.AttributeType;
059 import org.opends.server.types.AttributeValue;
060 import org.opends.server.types.ByteString;
061 import org.opends.server.types.ConfigChangeResult;
062 import org.opends.server.types.DebugLogLevel;
063 import org.opends.server.types.DirectoryException;
064 import org.opends.server.types.DN;
065 import org.opends.server.types.Entry;
066 import org.opends.server.types.LDIFImportConfig;
067 import org.opends.server.types.ResultCode;
068
069 import static org.opends.server.config.ConfigConstants.*;
070 import static org.opends.server.extensions.ExtensionsConstants.*;
071 import static org.opends.server.loggers.debug.DebugLogger.*;
072 import static org.opends.messages.PluginMessages.*;
073 import static org.opends.server.loggers.ErrorLogger.*;
074 import static org.opends.server.schema.SchemaConstants.*;
075 import static org.opends.server.util.StaticUtils.*;
076
077
078
079 /**
080 * This class implements a Directory Server plugin that performs various
081 * password policy processing during an LDIF import. In particular, it ensures
082 * that all of the password values are properly encoded before they are stored.
083 */
084 public final class PasswordPolicyImportPlugin
085 extends DirectoryServerPlugin<PasswordPolicyImportPluginCfg>
086 implements ConfigurationChangeListener<PasswordPolicyImportPluginCfg>,
087 ImportTaskListener
088 {
089 /**
090 * The tracer object for the debug logger.
091 */
092 private static final DebugTracer TRACER = getTracer();
093
094
095
096 // The attribute type used to specify the password policy for an entry.
097 private AttributeType customPolicyAttribute;
098
099 // The set of attribute types defined in the schema with the auth password
100 // syntax.
101 private AttributeType[] authPasswordTypes;
102
103 // The set of attribute types defined in the schema with the user password
104 // syntax.
105 private AttributeType[] userPasswordTypes;
106
107 // The set of password storage schemes to use for the various password
108 // policies defined in the server.
109 private HashMap<DN,PasswordStorageScheme[]> schemesByPolicy;
110
111 // The default password storage schemes for auth password attributes.
112 private PasswordStorageScheme[] defaultAuthPasswordSchemes;
113
114 // The default password storage schemes for user password attributes.
115 private PasswordStorageScheme[] defaultUserPasswordSchemes;
116
117
118
119 /**
120 * Creates a new instance of this Directory Server plugin. Every plugin must
121 * implement a default constructor (it is the only one that will be used to
122 * create plugins defined in the configuration), and every plugin constructor
123 * must call {@code super()} as its first element.
124 */
125 public PasswordPolicyImportPlugin()
126 {
127 super();
128 }
129
130
131
132 /**
133 * {@inheritDoc}
134 */
135 @Override()
136 public final void initializePlugin(Set<PluginType> pluginTypes,
137 PasswordPolicyImportPluginCfg configuration)
138 throws ConfigException
139 {
140 configuration.addPasswordPolicyImportChangeListener(this);
141
142 customPolicyAttribute =
143 DirectoryServer.getAttributeType(OP_ATTR_PWPOLICY_POLICY_DN, true);
144
145
146 // Make sure that the plugin has been enabled for the appropriate types.
147 for (PluginType t : pluginTypes)
148 {
149 switch (t)
150 {
151 case LDIF_IMPORT:
152 // This is the only acceptable type.
153 break;
154
155
156 default:
157 Message message =
158 ERR_PLUGIN_PWPIMPORT_INVALID_PLUGIN_TYPE.get(t.toString());
159 throw new ConfigException(message);
160 }
161 }
162
163
164 // Get the set of default password storage schemes for auth password
165 // attributes.
166 PasswordPolicy defaultPolicy = DirectoryServer.getDefaultPasswordPolicy();
167 Set<DN> authSchemeDNs =
168 configuration.getDefaultAuthPasswordStorageSchemeDNs();
169 if (authSchemeDNs.isEmpty())
170 {
171 if (defaultPolicy.usesAuthPasswordSyntax())
172 {
173 CopyOnWriteArrayList<PasswordStorageScheme> schemeList =
174 defaultPolicy.getDefaultStorageSchemes();
175 defaultAuthPasswordSchemes =
176 new PasswordStorageScheme[schemeList.size()];
177 schemeList.toArray(defaultAuthPasswordSchemes);
178 }
179 else
180 {
181 defaultAuthPasswordSchemes = new PasswordStorageScheme[1];
182 defaultAuthPasswordSchemes[0] =
183 DirectoryServer.getAuthPasswordStorageScheme(
184 AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1);
185 if (defaultAuthPasswordSchemes[0] == null)
186 {
187 Message message = ERR_PLUGIN_PWIMPORT_NO_DEFAULT_AUTH_SCHEMES.get(
188 AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1);
189 throw new ConfigException(message);
190 }
191 }
192 }
193 else
194 {
195 defaultAuthPasswordSchemes =
196 new PasswordStorageScheme[authSchemeDNs.size()];
197 int i=0;
198 for (DN schemeDN : authSchemeDNs)
199 {
200 defaultAuthPasswordSchemes[i] =
201 DirectoryServer.getPasswordStorageScheme(schemeDN);
202 if (defaultAuthPasswordSchemes[i] == null)
203 {
204 Message message =
205 ERR_PLUGIN_PWIMPORT_NO_SUCH_DEFAULT_AUTH_SCHEME.get(
206 String.valueOf(schemeDN));
207 throw new ConfigException(message);
208 }
209 else if (! defaultAuthPasswordSchemes[i].supportsAuthPasswordSyntax())
210 {
211 Message message =
212 ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_AUTH_SCHEME.get(
213 String.valueOf(schemeDN));
214 throw new ConfigException(message);
215 }
216 i++;
217 }
218 }
219
220
221 // Get the set of default password storage schemes for user password
222 // attributes.
223 Set<DN> userSchemeDNs =
224 configuration.getDefaultUserPasswordStorageSchemeDNs();
225 if (userSchemeDNs.isEmpty())
226 {
227 if (! defaultPolicy.usesAuthPasswordSyntax())
228 {
229 CopyOnWriteArrayList<PasswordStorageScheme> schemeList =
230 defaultPolicy.getDefaultStorageSchemes();
231 defaultUserPasswordSchemes =
232 new PasswordStorageScheme[schemeList.size()];
233 schemeList.toArray(defaultUserPasswordSchemes);
234 }
235 else
236 {
237 defaultUserPasswordSchemes = new PasswordStorageScheme[1];
238 defaultUserPasswordSchemes[0] =
239 DirectoryServer.getPasswordStorageScheme(
240 toLowerCase(STORAGE_SCHEME_NAME_SALTED_SHA_1));
241 if (defaultUserPasswordSchemes[0] == null)
242 {
243 Message message = ERR_PLUGIN_PWIMPORT_NO_DEFAULT_USER_SCHEMES.get(
244 STORAGE_SCHEME_NAME_SALTED_SHA_1);
245 throw new ConfigException(message);
246 }
247 }
248 }
249 else
250 {
251 defaultUserPasswordSchemes =
252 new PasswordStorageScheme[userSchemeDNs.size()];
253 int i=0;
254 for (DN schemeDN : userSchemeDNs)
255 {
256 defaultUserPasswordSchemes[i] =
257 DirectoryServer.getPasswordStorageScheme(schemeDN);
258 if (defaultUserPasswordSchemes[i] == null)
259 {
260 Message message =
261 ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_USER_SCHEME.get(
262 String.valueOf(schemeDN));
263 throw new ConfigException(message);
264 }
265 i++;
266 }
267 }
268
269 processImportBegin(null, null);
270 }
271
272
273
274 /**
275 * {@inheritDoc}
276 */
277 public void processImportBegin(Backend backend, LDIFImportConfig config)
278 {
279 // Find the set of attribute types with the auth password and user password
280 // syntax defined in the schema.
281 HashSet<AttributeType> authPWTypes = new HashSet<AttributeType>();
282 HashSet<AttributeType> userPWTypes = new HashSet<AttributeType>();
283 for (AttributeType t : DirectoryServer.getAttributeTypes().values())
284 {
285 if (t.getSyntaxOID().equals(SYNTAX_AUTH_PASSWORD_OID))
286 {
287 authPWTypes.add(t);
288 }
289 else if (t.getSyntaxOID().equals(SYNTAX_USER_PASSWORD_OID))
290 {
291 userPWTypes.add(t);
292 }
293 }
294
295
296 // Get the set of password policies defined in the server and get the
297 // attribute types associated with them.
298 HashMap<DN,PasswordStorageScheme[]> schemeMap =
299 new HashMap<DN,PasswordStorageScheme[]>();
300 for (PasswordPolicy p : DirectoryServer.getPasswordPolicies())
301 {
302 CopyOnWriteArrayList<PasswordStorageScheme> schemeList =
303 p.getDefaultStorageSchemes();
304 PasswordStorageScheme[] schemeArray =
305 new PasswordStorageScheme[schemeList.size()];
306 schemeList.toArray(schemeArray);
307 schemeMap.put(p.getConfigEntryDN(), schemeArray);
308 }
309
310
311 AttributeType[] authTypesArray = new AttributeType[authPWTypes.size()];
312 AttributeType[] userTypesArray = new AttributeType[userPWTypes.size()];
313 authPWTypes.toArray(authTypesArray);
314 userPWTypes.toArray(userTypesArray);
315
316 schemesByPolicy = schemeMap;
317 authPasswordTypes = authTypesArray;
318 userPasswordTypes = userTypesArray;
319 }
320
321
322
323 /**
324 * {@inheritDoc}
325 */
326 public void processImportEnd(Backend backend, LDIFImportConfig config,
327 boolean successful)
328 {
329 // No implementation is required.
330 }
331
332
333
334 /**
335 * {@inheritDoc}
336 */
337 @Override()
338 public final PluginResult.ImportLDIF
339 doLDIFImport(LDIFImportConfig importConfig, Entry entry)
340 {
341 // Create a list that we will use to hold new encoded values.
342 ArrayList<ByteString> encodedValueList = new ArrayList<ByteString>();
343
344
345 // See if the entry explicitly states the password policy that it should
346 // use. If so, then only use it to perform the encoding.
347 List<Attribute> attrList = entry.getAttribute(customPolicyAttribute);
348 if (attrList != null)
349 {
350 DN policyDN = null;
351 PasswordPolicy policy = null;
352 policyLoop:
353 for (Attribute a : attrList)
354 {
355 for (AttributeValue v : a.getValues())
356 {
357 try
358 {
359 policyDN = DN.decode(v.getValue());
360 policy = DirectoryServer.getPasswordPolicy(policyDN);
361 if (policy == null)
362 {
363 Message message = WARN_PLUGIN_PWIMPORT_NO_SUCH_POLICY.get(
364 String.valueOf(entry.getDN()), String.valueOf(policyDN));
365 logError(message);
366 }
367 break policyLoop;
368 }
369 catch (DirectoryException de)
370 {
371 Message message = WARN_PLUGIN_PWIMPORT_CANNOT_DECODE_POLICY_DN.get(
372 String.valueOf(entry.getDN()), de.getMessageObject());
373 logError(message);
374 break policyLoop;
375 }
376 }
377 }
378
379 if (policy != null)
380 {
381 PasswordStorageScheme[] schemes = schemesByPolicy.get(policyDN);
382 if (schemes != null)
383 {
384 attrList = entry.getAttribute(policy.getPasswordAttribute());
385 if (attrList == null)
386 {
387 return PluginResult.ImportLDIF.continueEntryProcessing();
388 }
389
390 for (Attribute a : attrList)
391 {
392 encodedValueList.clear();
393
394 LinkedHashSet<AttributeValue> values = a.getValues();
395 Iterator<AttributeValue> iterator = values.iterator();
396 while (iterator.hasNext())
397 {
398 AttributeValue v = iterator.next();
399 ByteString value = v.getValue();
400
401 if (policy.usesAuthPasswordSyntax())
402 {
403 if (! AuthPasswordSyntax.isEncoded(value))
404 {
405 try
406 {
407 for (PasswordStorageScheme s : schemes)
408 {
409 encodedValueList.add(s.encodeAuthPassword(value));
410 }
411
412 iterator.remove();
413 }
414 catch (Exception e)
415 {
416 if (debugEnabled())
417 {
418 TRACER.debugCaught(DebugLogLevel.ERROR, e);
419 }
420
421 Message message =
422 ERR_PLUGIN_PWPIMPORT_ERROR_ENCODING_PASSWORD.
423 get(policy.getPasswordAttribute().getNameOrOID(),
424 String.valueOf(entry.getDN()),
425 stackTraceToSingleLineString(e));
426 logError(message);
427
428 encodedValueList.clear();
429 break;
430 }
431 }
432 }
433 else
434 {
435 if (! UserPasswordSyntax.isEncoded(value))
436 {
437 try
438 {
439 for (PasswordStorageScheme s : schemes)
440 {
441 encodedValueList.add(s.encodePasswordWithScheme(value));
442 }
443
444 iterator.remove();
445 }
446 catch (Exception e)
447 {
448 if (debugEnabled())
449 {
450 TRACER.debugCaught(DebugLogLevel.ERROR, e);
451 }
452
453 Message message =
454 ERR_PLUGIN_PWPIMPORT_ERROR_ENCODING_PASSWORD.
455 get(policy.getPasswordAttribute().getNameOrOID(),
456 String.valueOf(entry.getDN()),
457 stackTraceToSingleLineString(e));
458 logError(message);
459
460 encodedValueList.clear();
461 break;
462 }
463 }
464 }
465 }
466
467 for (ByteString s : encodedValueList)
468 {
469 values.add(new AttributeValue(policy.getPasswordAttribute(), s));
470 }
471 }
472
473 return PluginResult.ImportLDIF.continueEntryProcessing();
474 }
475 }
476 }
477
478
479 // Iterate through the list of auth password attributes. If any of them
480 // are present and their values are not encoded, then encode them with all
481 // appropriate schemes.
482 for (AttributeType t : authPasswordTypes)
483 {
484 attrList = entry.getAttribute(t);
485 if ((attrList == null) || attrList.isEmpty())
486 {
487 continue;
488 }
489
490 for (Attribute a : attrList)
491 {
492 encodedValueList.clear();
493
494 LinkedHashSet<AttributeValue> values = a.getValues();
495 Iterator<AttributeValue> iterator = values.iterator();
496 while (iterator.hasNext())
497 {
498 AttributeValue v = iterator.next();
499 ByteString value = v.getValue();
500 if (! AuthPasswordSyntax.isEncoded(value))
501 {
502 try
503 {
504 for (PasswordStorageScheme s : defaultAuthPasswordSchemes)
505 {
506 encodedValueList.add(s.encodeAuthPassword(value));
507 }
508
509 iterator.remove();
510 }
511 catch (Exception e)
512 {
513 if (debugEnabled())
514 {
515 TRACER.debugCaught(DebugLogLevel.ERROR, e);
516 }
517
518 Message message = ERR_PLUGIN_PWPIMPORT_ERROR_ENCODING_PASSWORD.
519 get(t.getNameOrOID(), String.valueOf(entry.getDN()),
520 stackTraceToSingleLineString(e));
521 logError(message);
522
523 encodedValueList.clear();
524 break;
525 }
526 }
527 }
528
529 for (ByteString s : encodedValueList)
530 {
531 values.add(new AttributeValue(t, s));
532 }
533 }
534 }
535
536
537 // Iterate through the list of user password attributes. If any of them
538 // are present and their values are not encoded, then encode them with all
539 // appropriate schemes.
540 for (AttributeType t : userPasswordTypes)
541 {
542 attrList = entry.getAttribute(t);
543 if ((attrList == null) || attrList.isEmpty())
544 {
545 continue;
546 }
547
548 for (Attribute a : attrList)
549 {
550 encodedValueList.clear();
551
552 LinkedHashSet<AttributeValue> values = a.getValues();
553 Iterator<AttributeValue> iterator = values.iterator();
554 while (iterator.hasNext())
555 {
556 AttributeValue v = iterator.next();
557 ByteString value = v.getValue();
558 if (! UserPasswordSyntax.isEncoded(value))
559 {
560 try
561 {
562 for (PasswordStorageScheme s : defaultUserPasswordSchemes)
563 {
564 encodedValueList.add(s.encodePasswordWithScheme(value));
565 }
566
567 iterator.remove();
568 }
569 catch (Exception e)
570 {
571 if (debugEnabled())
572 {
573 TRACER.debugCaught(DebugLogLevel.ERROR, e);
574 }
575
576 Message message = ERR_PLUGIN_PWPIMPORT_ERROR_ENCODING_PASSWORD.
577 get(t.getNameOrOID(), String.valueOf(entry.getDN()),
578 stackTraceToSingleLineString(e));
579 logError(message);
580
581 encodedValueList.clear();
582 break;
583 }
584 }
585 }
586
587 for (ByteString s : encodedValueList)
588 {
589 values.add(new AttributeValue(t, s));
590 }
591 }
592 }
593
594
595 return PluginResult.ImportLDIF.continueEntryProcessing();
596 }
597
598
599
600 /**
601 * {@inheritDoc}
602 */
603 @Override()
604 public boolean isConfigurationAcceptable(PluginCfg configuration,
605 List<Message> unacceptableReasons)
606 {
607 PasswordPolicyImportPluginCfg config =
608 (PasswordPolicyImportPluginCfg) configuration;
609 return isConfigurationChangeAcceptable(config, unacceptableReasons);
610 }
611
612
613
614 /**
615 * {@inheritDoc}
616 */
617 public boolean isConfigurationChangeAcceptable(
618 PasswordPolicyImportPluginCfg configuration,
619 List<Message> unacceptableReasons)
620 {
621 boolean configAcceptable = true;
622
623 // Ensure that the set of plugin types contains only LDIF import.
624 for (PluginCfgDefn.PluginType pluginType : configuration.getPluginType())
625 {
626 switch (pluginType)
627 {
628 case LDIFIMPORT:
629 // This is the only acceptable type.
630 break;
631
632
633 default:
634 Message message = ERR_PLUGIN_PWPIMPORT_INVALID_PLUGIN_TYPE.get(
635 pluginType.toString());
636 unacceptableReasons.add(message);
637 configAcceptable = false;
638 }
639 }
640
641
642 // Get the set of default password storage schemes for auth password
643 // attributes.
644 Set<DN> authSchemeDNs =
645 configuration.getDefaultAuthPasswordStorageSchemeDNs();
646 if (authSchemeDNs.isEmpty())
647 {
648 PasswordStorageScheme[] defaultAuthSchemes = new PasswordStorageScheme[1];
649 defaultAuthSchemes[0] =
650 DirectoryServer.getAuthPasswordStorageScheme(
651 AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1);
652 if (defaultAuthSchemes[0] == null)
653 {
654 Message message = ERR_PLUGIN_PWIMPORT_NO_DEFAULT_AUTH_SCHEMES.get(
655 AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1);
656 unacceptableReasons.add(message);
657 configAcceptable = false;
658 }
659 }
660 else
661 {
662 PasswordStorageScheme[] defaultAuthSchemes =
663 new PasswordStorageScheme[authSchemeDNs.size()];
664 int i=0;
665 for (DN schemeDN : authSchemeDNs)
666 {
667 defaultAuthSchemes[i] =
668 DirectoryServer.getPasswordStorageScheme(schemeDN);
669 if (defaultAuthSchemes[i] == null)
670 {
671 Message message =
672 ERR_PLUGIN_PWIMPORT_NO_SUCH_DEFAULT_AUTH_SCHEME.get(
673 String.valueOf(schemeDN));
674 unacceptableReasons.add(message);
675 configAcceptable = false;
676 }
677 else if (! defaultAuthSchemes[i].supportsAuthPasswordSyntax())
678 {
679 Message message =
680 ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_AUTH_SCHEME.get(
681 String.valueOf(schemeDN));
682 unacceptableReasons.add(message);
683 configAcceptable = false;
684 }
685 i++;
686 }
687 }
688
689
690 // Get the set of default password storage schemes for user password
691 // attributes.
692 Set<DN> userSchemeDNs =
693 configuration.getDefaultUserPasswordStorageSchemeDNs();
694 if (userSchemeDNs.isEmpty())
695 {
696 PasswordStorageScheme[] defaultUserSchemes = new PasswordStorageScheme[1];
697 defaultUserSchemes[0] =
698 DirectoryServer.getPasswordStorageScheme(
699 toLowerCase(STORAGE_SCHEME_NAME_SALTED_SHA_1));
700 if (defaultUserSchemes[0] == null)
701 {
702 Message message = ERR_PLUGIN_PWIMPORT_NO_DEFAULT_USER_SCHEMES.get(
703 STORAGE_SCHEME_NAME_SALTED_SHA_1);
704 unacceptableReasons.add(message);
705 configAcceptable = false;
706 }
707 }
708 else
709 {
710 PasswordStorageScheme[] defaultUserSchemes =
711 new PasswordStorageScheme[userSchemeDNs.size()];
712 int i=0;
713 for (DN schemeDN : userSchemeDNs)
714 {
715 defaultUserSchemes[i] =
716 DirectoryServer.getPasswordStorageScheme(schemeDN);
717 if (defaultUserSchemes[i] == null)
718 {
719 Message message = ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_USER_SCHEME.get(
720 String.valueOf(schemeDN));
721 unacceptableReasons.add(message);
722 configAcceptable = false;
723 }
724 i++;
725 }
726 }
727
728
729 return configAcceptable;
730 }
731
732
733
734 /**
735 * {@inheritDoc}
736 */
737 public ConfigChangeResult applyConfigurationChange(
738 PasswordPolicyImportPluginCfg configuration)
739 {
740 ResultCode resultCode = ResultCode.SUCCESS;
741 boolean adminActionRequired = false;
742 ArrayList<Message> messages = new ArrayList<Message>();
743
744
745 // Get the set of default password storage schemes for auth password
746 // attributes.
747 PasswordPolicy defaultPolicy = DirectoryServer.getDefaultPasswordPolicy();
748 PasswordStorageScheme[] defaultAuthSchemes;
749 Set<DN> authSchemeDNs =
750 configuration.getDefaultAuthPasswordStorageSchemeDNs();
751 if (authSchemeDNs.isEmpty())
752 {
753 if (defaultPolicy.usesAuthPasswordSyntax())
754 {
755 CopyOnWriteArrayList<PasswordStorageScheme> schemeList =
756 defaultPolicy.getDefaultStorageSchemes();
757 defaultAuthSchemes =
758 new PasswordStorageScheme[schemeList.size()];
759 schemeList.toArray(defaultAuthSchemes);
760 }
761 else
762 {
763 defaultAuthSchemes = new PasswordStorageScheme[1];
764 defaultAuthSchemes[0] =
765 DirectoryServer.getAuthPasswordStorageScheme(
766 AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1);
767 if (defaultAuthSchemes[0] == null)
768 {
769 resultCode = DirectoryServer.getServerErrorResultCode();
770
771 messages.add(ERR_PLUGIN_PWIMPORT_NO_DEFAULT_AUTH_SCHEMES.get(
772 AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1));
773 }
774 }
775 }
776 else
777 {
778 defaultAuthSchemes = new PasswordStorageScheme[authSchemeDNs.size()];
779 int i=0;
780 for (DN schemeDN : authSchemeDNs)
781 {
782 defaultAuthSchemes[i] =
783 DirectoryServer.getPasswordStorageScheme(schemeDN);
784 if (defaultAuthSchemes[i] == null)
785 {
786 resultCode = DirectoryServer.getServerErrorResultCode();
787
788 messages.add(
789 ERR_PLUGIN_PWIMPORT_NO_SUCH_DEFAULT_AUTH_SCHEME.get(
790 String.valueOf(schemeDN)));
791 }
792 else if (! defaultAuthSchemes[i].supportsAuthPasswordSyntax())
793 {
794 resultCode = DirectoryServer.getServerErrorResultCode();
795
796 messages.add(
797 ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_AUTH_SCHEME.get(
798 String.valueOf(schemeDN)));
799 }
800 i++;
801 }
802 }
803
804
805 // Get the set of default password storage schemes for user password
806 // attributes.
807 PasswordStorageScheme[] defaultUserSchemes;
808 Set<DN> userSchemeDNs =
809 configuration.getDefaultUserPasswordStorageSchemeDNs();
810 if (userSchemeDNs.isEmpty())
811 {
812 if (! defaultPolicy.usesAuthPasswordSyntax())
813 {
814 CopyOnWriteArrayList<PasswordStorageScheme> schemeList =
815 defaultPolicy.getDefaultStorageSchemes();
816 defaultUserSchemes =
817 new PasswordStorageScheme[schemeList.size()];
818 schemeList.toArray(defaultUserSchemes);
819 }
820 else
821 {
822 defaultUserSchemes = new PasswordStorageScheme[1];
823 defaultUserSchemes[0] = DirectoryServer.getPasswordStorageScheme(
824 toLowerCase(STORAGE_SCHEME_NAME_SALTED_SHA_1));
825 if (defaultUserSchemes[0] == null)
826 {
827 resultCode = DirectoryServer.getServerErrorResultCode();
828
829 messages.add(ERR_PLUGIN_PWIMPORT_NO_DEFAULT_USER_SCHEMES.get(
830 STORAGE_SCHEME_NAME_SALTED_SHA_1));
831 }
832 }
833 }
834 else
835 {
836 defaultUserSchemes = new PasswordStorageScheme[userSchemeDNs.size()];
837 int i=0;
838 for (DN schemeDN : userSchemeDNs)
839 {
840 defaultUserSchemes[i] =
841 DirectoryServer.getPasswordStorageScheme(schemeDN);
842 if (defaultUserSchemes[i] == null)
843 {
844 resultCode = DirectoryServer.getServerErrorResultCode();
845
846 messages.add(ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_USER_SCHEME.get(
847 String.valueOf(schemeDN)));
848 }
849 i++;
850 }
851 }
852
853 if (resultCode == ResultCode.SUCCESS)
854 {
855 defaultAuthPasswordSchemes = defaultAuthSchemes;
856 defaultUserPasswordSchemes = defaultUserSchemes;
857 }
858
859 return new ConfigChangeResult(resultCode, adminActionRequired, messages);
860 }
861 }
862