001/* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt 010 * or http://forgerock.org/license/CDDLv1.0.html. 011 * See the License for the specific language governing permissions 012 * and limitations under the License. 013 * 014 * When distributing Covered Code, include this CDDL HEADER in each 015 * file and include the License file at legal-notices/CDDLv1_0.txt. 016 * If applicable, add the following below this CDDL HEADER, with the 017 * fields enclosed by brackets "[]" replaced with your own identifying 018 * information: 019 * Portions Copyright [yyyy] [name of copyright owner] 020 * 021 * CDDL HEADER END 022 * 023 * 024 * Copyright 2006-2010 Sun Microsystems, Inc. 025 * Portions Copyright 2011-2015 ForgeRock AS. 026 */ 027package org.opends.server.plugins; 028 029import static org.opends.messages.PluginMessages.*; 030import static org.opends.server.config.ConfigConstants.*; 031import static org.opends.server.extensions.ExtensionsConstants.*; 032import static org.opends.server.schema.SchemaConstants.*; 033import static org.opends.server.util.StaticUtils.*; 034 035import java.util.HashMap; 036import java.util.HashSet; 037import java.util.List; 038import java.util.Set; 039 040import org.forgerock.i18n.LocalizableMessage; 041import org.opends.server.admin.server.ConfigurationChangeListener; 042import org.opends.server.admin.std.meta.PluginCfgDefn; 043import org.opends.server.admin.std.server.PasswordPolicyImportPluginCfg; 044import org.opends.server.admin.std.server.PluginCfg; 045import org.opends.server.api.AuthenticationPolicy; 046import org.opends.server.api.Backend; 047import org.opends.server.api.ImportTaskListener; 048import org.opends.server.api.PasswordStorageScheme; 049import org.opends.server.api.plugin.DirectoryServerPlugin; 050import org.opends.server.api.plugin.PluginResult; 051import org.opends.server.api.plugin.PluginType; 052import org.forgerock.opendj.config.server.ConfigChangeResult; 053import org.forgerock.opendj.config.server.ConfigException; 054import org.opends.server.core.DirectoryServer; 055import org.opends.server.core.PasswordPolicy; 056import org.opends.server.core.SubentryPasswordPolicy; 057import org.forgerock.i18n.slf4j.LocalizedLogger; 058import org.opends.server.schema.AuthPasswordSyntax; 059import org.opends.server.schema.UserPasswordSyntax; 060import org.opends.server.types.*; 061import org.forgerock.opendj.ldap.ResultCode; 062import org.forgerock.opendj.ldap.ByteString; 063 064/** 065 * This class implements a Directory Server plugin that performs various 066 * password policy processing during an LDIF import. In particular, it ensures 067 * that all of the password values are properly encoded before they are stored. 068 */ 069public final class PasswordPolicyImportPlugin 070 extends DirectoryServerPlugin<PasswordPolicyImportPluginCfg> 071 implements ConfigurationChangeListener<PasswordPolicyImportPluginCfg>, 072 ImportTaskListener 073{ 074 private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass(); 075 076 077 078 /** The attribute type used to specify the password policy for an entry. */ 079 private AttributeType customPolicyAttribute; 080 081 /** 082 * The set of attribute types defined in the schema with the auth password 083 * syntax. 084 */ 085 private AttributeType[] authPasswordTypes; 086 087 /** 088 * The set of attribute types defined in the schema with the user password 089 * syntax. 090 */ 091 private AttributeType[] userPasswordTypes; 092 093 /** 094 * The set of password storage schemes to use for the various password 095 * policies defined in the server. 096 */ 097 private HashMap<DN,PasswordStorageScheme<?>[]> schemesByPolicy; 098 099 /** The default password storage schemes for auth password attributes. */ 100 private PasswordStorageScheme<?>[] defaultAuthPasswordSchemes; 101 102 /** The default password storage schemes for user password attributes. */ 103 private PasswordStorageScheme<?>[] defaultUserPasswordSchemes; 104 105 106 107 /** 108 * Creates a new instance of this Directory Server plugin. Every plugin must 109 * implement a default constructor (it is the only one that will be used to 110 * create plugins defined in the configuration), and every plugin constructor 111 * must call {@code super()} as its first element. 112 */ 113 public PasswordPolicyImportPlugin() 114 { 115 super(); 116 } 117 118 119 120 /** {@inheritDoc} */ 121 @Override 122 public final void initializePlugin(Set<PluginType> pluginTypes, 123 PasswordPolicyImportPluginCfg configuration) 124 throws ConfigException 125 { 126 configuration.addPasswordPolicyImportChangeListener(this); 127 128 customPolicyAttribute = 129 DirectoryServer.getAttributeTypeOrDefault(OP_ATTR_PWPOLICY_POLICY_DN); 130 131 132 // Make sure that the plugin has been enabled for the appropriate types. 133 for (PluginType t : pluginTypes) 134 { 135 switch (t) 136 { 137 case LDIF_IMPORT: 138 // This is the only acceptable type. 139 break; 140 141 default: 142 throw new ConfigException(ERR_PLUGIN_PWPIMPORT_INVALID_PLUGIN_TYPE.get(t)); 143 } 144 } 145 146 147 // Get the set of default password storage schemes for auth password 148 // attributes. 149 PasswordPolicy defaultPolicy = DirectoryServer.getDefaultPasswordPolicy(); 150 Set<DN> authSchemeDNs = 151 configuration.getDefaultAuthPasswordStorageSchemeDNs(); 152 if (authSchemeDNs.isEmpty()) 153 { 154 if (defaultPolicy.isAuthPasswordSyntax()) 155 { 156 List<PasswordStorageScheme<?>> schemeList = 157 defaultPolicy.getDefaultPasswordStorageSchemes(); 158 defaultAuthPasswordSchemes = 159 new PasswordStorageScheme[schemeList.size()]; 160 schemeList.toArray(defaultAuthPasswordSchemes); 161 } 162 else 163 { 164 defaultAuthPasswordSchemes = new PasswordStorageScheme[1]; 165 defaultAuthPasswordSchemes[0] = 166 DirectoryServer.getAuthPasswordStorageScheme( 167 AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1); 168 if (defaultAuthPasswordSchemes[0] == null) 169 { 170 LocalizableMessage message = ERR_PLUGIN_PWIMPORT_NO_DEFAULT_AUTH_SCHEMES.get( 171 AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1); 172 throw new ConfigException(message); 173 } 174 } 175 } 176 else 177 { 178 defaultAuthPasswordSchemes = 179 new PasswordStorageScheme[authSchemeDNs.size()]; 180 int i=0; 181 for (DN schemeDN : authSchemeDNs) 182 { 183 defaultAuthPasswordSchemes[i] = 184 DirectoryServer.getPasswordStorageScheme(schemeDN); 185 if (defaultAuthPasswordSchemes[i] == null) 186 { 187 throw new ConfigException(ERR_PLUGIN_PWIMPORT_NO_SUCH_DEFAULT_AUTH_SCHEME.get(schemeDN)); 188 } 189 else if (! defaultAuthPasswordSchemes[i].supportsAuthPasswordSyntax()) 190 { 191 throw new ConfigException(ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_AUTH_SCHEME.get(schemeDN)); 192 } 193 i++; 194 } 195 } 196 197 198 // Get the set of default password storage schemes for user password 199 // attributes. 200 Set<DN> userSchemeDNs = 201 configuration.getDefaultUserPasswordStorageSchemeDNs(); 202 if (userSchemeDNs.isEmpty()) 203 { 204 if (! defaultPolicy.isAuthPasswordSyntax()) 205 { 206 List<PasswordStorageScheme<?>> schemeList = 207 defaultPolicy.getDefaultPasswordStorageSchemes(); 208 defaultUserPasswordSchemes = 209 new PasswordStorageScheme[schemeList.size()]; 210 schemeList.toArray(defaultUserPasswordSchemes); 211 } 212 else 213 { 214 defaultUserPasswordSchemes = new PasswordStorageScheme[1]; 215 defaultUserPasswordSchemes[0] = 216 DirectoryServer.getPasswordStorageScheme( 217 toLowerCase(STORAGE_SCHEME_NAME_SALTED_SHA_1)); 218 if (defaultUserPasswordSchemes[0] == null) 219 { 220 LocalizableMessage message = ERR_PLUGIN_PWIMPORT_NO_DEFAULT_USER_SCHEMES.get( 221 STORAGE_SCHEME_NAME_SALTED_SHA_1); 222 throw new ConfigException(message); 223 } 224 } 225 } 226 else 227 { 228 defaultUserPasswordSchemes = 229 new PasswordStorageScheme[userSchemeDNs.size()]; 230 int i=0; 231 for (DN schemeDN : userSchemeDNs) 232 { 233 defaultUserPasswordSchemes[i] = 234 DirectoryServer.getPasswordStorageScheme(schemeDN); 235 if (defaultUserPasswordSchemes[i] == null) 236 { 237 throw new ConfigException(ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_USER_SCHEME.get(schemeDN)); 238 } 239 i++; 240 } 241 } 242 243 processImportBegin(null, null); 244 } 245 246 247 248 /** {@inheritDoc} */ 249 public void processImportBegin(Backend backend, LDIFImportConfig config) 250 { 251 // Find the set of attribute types with the auth password and user password 252 // syntax defined in the schema. 253 HashSet<AttributeType> authPWTypes = new HashSet<>(); 254 HashSet<AttributeType> userPWTypes = new HashSet<>(); 255 for (AttributeType t : DirectoryServer.getAttributeTypes().values()) 256 { 257 if (t.getSyntax().getOID().equals(SYNTAX_AUTH_PASSWORD_OID)) 258 { 259 authPWTypes.add(t); 260 } 261 else if (t.getSyntax().getOID().equals(SYNTAX_USER_PASSWORD_OID)) 262 { 263 userPWTypes.add(t); 264 } 265 } 266 267 268 // Get the set of password policies defined in the server and get the 269 // attribute types associated with them. 270 HashMap<DN,PasswordStorageScheme<?>[]> schemeMap = new HashMap<>(); 271 for (AuthenticationPolicy ap : DirectoryServer.getAuthenticationPolicies()) 272 { 273 if (ap.isPasswordPolicy()) 274 { 275 PasswordPolicy p = (PasswordPolicy) ap; 276 277 List<PasswordStorageScheme<?>> schemeList = p.getDefaultPasswordStorageSchemes(); 278 PasswordStorageScheme<?>[] schemeArray = 279 new PasswordStorageScheme[schemeList.size()]; 280 schemeList.toArray(schemeArray); 281 schemeMap.put(p.getDN(), schemeArray); 282 } 283 } 284 285 286 AttributeType[] authTypesArray = new AttributeType[authPWTypes.size()]; 287 AttributeType[] userTypesArray = new AttributeType[userPWTypes.size()]; 288 authPWTypes.toArray(authTypesArray); 289 userPWTypes.toArray(userTypesArray); 290 291 schemesByPolicy = schemeMap; 292 authPasswordTypes = authTypesArray; 293 userPasswordTypes = userTypesArray; 294 } 295 296 297 298 /** {@inheritDoc} */ 299 public void processImportEnd(Backend backend, LDIFImportConfig config, 300 boolean successful) 301 { 302 // No implementation is required. 303 } 304 305 306 307 /** {@inheritDoc} */ 308 @Override 309 public final PluginResult.ImportLDIF 310 doLDIFImport(LDIFImportConfig importConfig, Entry entry) 311 { 312 // Check if this entry is a password policy subentry 313 // and if so evaluate whether or not its acceptable. 314 if ((entry.isSubentry() || entry.isLDAPSubentry()) && 315 entry.isPasswordPolicySubentry()) 316 { 317 try 318 { 319 new SubentryPasswordPolicy(new SubEntry(entry)); 320 } 321 catch (DirectoryException de) 322 { 323 logger.traceException(de); 324 325 return PluginResult.ImportLDIF.stopEntryProcessing( 326 de.getMessageObject()); 327 } 328 } 329 330 // See if the entry explicitly states the password policy that it should 331 // use. If so, then only use it to perform the encoding. 332 List<Attribute> attrList = entry.getAttribute(customPolicyAttribute); 333 if (attrList != null) 334 { 335 DN policyDN = null; 336 PasswordPolicy policy = null; 337policyLoop: 338 for (Attribute a : attrList) 339 { 340 for (ByteString v : a) 341 { 342 try 343 { 344 policyDN = DN.decode(v); 345 AuthenticationPolicy authPolicy = DirectoryServer 346 .getAuthenticationPolicy(policyDN); 347 if (authPolicy == null) 348 { 349 logger.warn(WARN_PLUGIN_PWIMPORT_NO_SUCH_POLICY, entry.getName(), policyDN); 350 } 351 else if (authPolicy.isPasswordPolicy()) 352 { 353 policy = (PasswordPolicy) authPolicy; 354 } 355 356 break policyLoop; 357 } 358 catch (DirectoryException de) 359 { 360 logger.warn(WARN_PLUGIN_PWIMPORT_CANNOT_DECODE_POLICY_DN, entry.getName(), de.getMessageObject()); 361 break policyLoop; 362 } 363 } 364 } 365 366 if (policy != null) 367 { 368 PasswordStorageScheme<?>[] schemes = schemesByPolicy.get(policyDN); 369 if (schemes != null) 370 { 371 attrList = entry.getAttribute(policy.getPasswordAttribute()); 372 if (attrList == null) 373 { 374 return PluginResult.ImportLDIF.continueEntryProcessing(); 375 } 376 377 for (Attribute a : attrList) 378 { 379 AttributeBuilder builder = new AttributeBuilder(a, true); 380 boolean gotError = false; 381 382 for (ByteString value : a) 383 { 384 if (policy.isAuthPasswordSyntax()) 385 { 386 if (!AuthPasswordSyntax.isEncoded(value)) 387 { 388 try 389 { 390 for (PasswordStorageScheme<?> s : schemes) 391 { 392 builder.add(s.encodeAuthPassword(value)); 393 } 394 } 395 catch (Exception e) 396 { 397 logger.traceException(e); 398 399 logger.error(ERR_PLUGIN_PWPIMPORT_ERROR_ENCODING_PASSWORD, 400 policy.getPasswordAttribute().getNameOrOID(), entry.getName(), 401 stackTraceToSingleLineString(e)); 402 gotError = true; 403 break; 404 } 405 } 406 else 407 { 408 builder.add(value); 409 } 410 } 411 else 412 { 413 if (!UserPasswordSyntax.isEncoded(value)) 414 { 415 try 416 { 417 for (PasswordStorageScheme<?> s : schemes) 418 { 419 builder.add(s.encodePasswordWithScheme(value)); 420 } 421 } 422 catch (Exception e) 423 { 424 logger.traceException(e); 425 426 logger.error(ERR_PLUGIN_PWPIMPORT_ERROR_ENCODING_PASSWORD, 427 policy.getPasswordAttribute().getNameOrOID(), entry.getName(), 428 stackTraceToSingleLineString(e)); 429 gotError = true; 430 break; 431 } 432 } 433 else 434 { 435 builder.add(value); 436 } 437 } 438 } 439 440 if (!gotError) 441 { 442 entry.replaceAttribute(builder.toAttribute()); 443 } 444 } 445 446 return PluginResult.ImportLDIF.continueEntryProcessing(); 447 } 448 } 449 } 450 451 452 // Iterate through the list of auth password attributes. If any of them 453 // are present and their values are not encoded, then encode them with all 454 // appropriate schemes. 455 for (AttributeType t : authPasswordTypes) 456 { 457 attrList = entry.getAttribute(t); 458 if (attrList == null || attrList.isEmpty()) 459 { 460 continue; 461 } 462 463 for (Attribute a : attrList) 464 { 465 AttributeBuilder builder = new AttributeBuilder(a, true); 466 boolean gotError = false; 467 468 for (ByteString value : a) 469 { 470 if (!AuthPasswordSyntax.isEncoded(value)) 471 { 472 try 473 { 474 for (PasswordStorageScheme<?> s : defaultAuthPasswordSchemes) 475 { 476 builder.add(s.encodeAuthPassword(value)); 477 } 478 } 479 catch (Exception e) 480 { 481 logger.traceException(e); 482 logger.error(ERR_PLUGIN_PWPIMPORT_ERROR_ENCODING_PASSWORD, 483 t.getNameOrOID(), entry.getName(), stackTraceToSingleLineString(e)); 484 gotError = true; 485 break; 486 } 487 } 488 else 489 { 490 builder.add(value); 491 } 492 } 493 494 if (!gotError) 495 { 496 entry.replaceAttribute(builder.toAttribute()); 497 } 498 } 499 } 500 501 502 // Iterate through the list of user password attributes. If any of them 503 // are present and their values are not encoded, then encode them with all 504 // appropriate schemes. 505 for (AttributeType t : userPasswordTypes) 506 { 507 attrList = entry.getAttribute(t); 508 if (attrList == null || attrList.isEmpty()) 509 { 510 continue; 511 } 512 513 for (Attribute a : attrList) 514 { 515 AttributeBuilder builder = new AttributeBuilder(a, true); 516 boolean gotError = false; 517 518 for (ByteString value : a) 519 { 520 if (!UserPasswordSyntax.isEncoded(value)) 521 { 522 try 523 { 524 for (PasswordStorageScheme<?> s : defaultUserPasswordSchemes) 525 { 526 builder.add(s.encodePasswordWithScheme(value)); 527 } 528 } 529 catch (Exception e) 530 { 531 logger.traceException(e); 532 logger.error(ERR_PLUGIN_PWPIMPORT_ERROR_ENCODING_PASSWORD, 533 t.getNameOrOID(), entry.getName(), stackTraceToSingleLineString(e)); 534 gotError = true; 535 break; 536 } 537 } 538 else 539 { 540 builder.add(value); 541 } 542 } 543 544 if (!gotError) 545 { 546 entry.replaceAttribute(builder.toAttribute()); 547 } 548 } 549 } 550 551 552 return PluginResult.ImportLDIF.continueEntryProcessing(); 553 } 554 555 556 557 /** {@inheritDoc} */ 558 @Override 559 public boolean isConfigurationAcceptable(PluginCfg configuration, 560 List<LocalizableMessage> unacceptableReasons) 561 { 562 PasswordPolicyImportPluginCfg config = 563 (PasswordPolicyImportPluginCfg) configuration; 564 return isConfigurationChangeAcceptable(config, unacceptableReasons); 565 } 566 567 568 569 /** {@inheritDoc} */ 570 public boolean isConfigurationChangeAcceptable( 571 PasswordPolicyImportPluginCfg configuration, 572 List<LocalizableMessage> unacceptableReasons) 573 { 574 boolean configAcceptable = true; 575 576 // Ensure that the set of plugin types contains only LDIF import. 577 for (PluginCfgDefn.PluginType pluginType : configuration.getPluginType()) 578 { 579 switch (pluginType) 580 { 581 case LDIFIMPORT: 582 // This is the only acceptable type. 583 break; 584 585 586 default: 587 unacceptableReasons.add(ERR_PLUGIN_PWPIMPORT_INVALID_PLUGIN_TYPE.get(pluginType)); 588 configAcceptable = false; 589 } 590 } 591 592 593 // Get the set of default password storage schemes for auth password 594 // attributes. 595 Set<DN> authSchemeDNs = 596 configuration.getDefaultAuthPasswordStorageSchemeDNs(); 597 if (authSchemeDNs.isEmpty()) 598 { 599 PasswordStorageScheme<?>[] defaultAuthSchemes = 600 new PasswordStorageScheme[1]; 601 defaultAuthSchemes[0] = 602 DirectoryServer.getAuthPasswordStorageScheme( 603 AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1); 604 if (defaultAuthSchemes[0] == null) 605 { 606 LocalizableMessage message = ERR_PLUGIN_PWIMPORT_NO_DEFAULT_AUTH_SCHEMES.get( 607 AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1); 608 unacceptableReasons.add(message); 609 configAcceptable = false; 610 } 611 } 612 else 613 { 614 PasswordStorageScheme<?>[] defaultAuthSchemes = 615 new PasswordStorageScheme[authSchemeDNs.size()]; 616 int i=0; 617 for (DN schemeDN : authSchemeDNs) 618 { 619 defaultAuthSchemes[i] = 620 DirectoryServer.getPasswordStorageScheme(schemeDN); 621 if (defaultAuthSchemes[i] == null) 622 { 623 unacceptableReasons.add(ERR_PLUGIN_PWIMPORT_NO_SUCH_DEFAULT_AUTH_SCHEME.get(schemeDN)); 624 configAcceptable = false; 625 } 626 else if (! defaultAuthSchemes[i].supportsAuthPasswordSyntax()) 627 { 628 unacceptableReasons.add(ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_AUTH_SCHEME.get(schemeDN)); 629 configAcceptable = false; 630 } 631 i++; 632 } 633 } 634 635 636 // Get the set of default password storage schemes for user password 637 // attributes. 638 Set<DN> userSchemeDNs = 639 configuration.getDefaultUserPasswordStorageSchemeDNs(); 640 if (userSchemeDNs.isEmpty()) 641 { 642 PasswordStorageScheme<?>[] defaultUserSchemes = 643 new PasswordStorageScheme[1]; 644 defaultUserSchemes[0] = 645 DirectoryServer.getPasswordStorageScheme( 646 toLowerCase(STORAGE_SCHEME_NAME_SALTED_SHA_1)); 647 if (defaultUserSchemes[0] == null) 648 { 649 LocalizableMessage message = ERR_PLUGIN_PWIMPORT_NO_DEFAULT_USER_SCHEMES.get( 650 STORAGE_SCHEME_NAME_SALTED_SHA_1); 651 unacceptableReasons.add(message); 652 configAcceptable = false; 653 } 654 } 655 else 656 { 657 PasswordStorageScheme<?>[] defaultUserSchemes = 658 new PasswordStorageScheme[userSchemeDNs.size()]; 659 int i=0; 660 for (DN schemeDN : userSchemeDNs) 661 { 662 defaultUserSchemes[i] = 663 DirectoryServer.getPasswordStorageScheme(schemeDN); 664 if (defaultUserSchemes[i] == null) 665 { 666 unacceptableReasons.add(ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_USER_SCHEME.get(schemeDN)); 667 configAcceptable = false; 668 } 669 i++; 670 } 671 } 672 673 674 return configAcceptable; 675 } 676 677 678 679 /** {@inheritDoc} */ 680 public ConfigChangeResult applyConfigurationChange( 681 PasswordPolicyImportPluginCfg configuration) 682 { 683 final ConfigChangeResult ccr = new ConfigChangeResult(); 684 685 // Get the set of default password storage schemes for auth password 686 // attributes. 687 PasswordPolicy defaultPolicy = DirectoryServer.getDefaultPasswordPolicy(); 688 PasswordStorageScheme<?>[] defaultAuthSchemes; 689 Set<DN> authSchemeDNs = 690 configuration.getDefaultAuthPasswordStorageSchemeDNs(); 691 if (authSchemeDNs.isEmpty()) 692 { 693 if (defaultPolicy.isAuthPasswordSyntax()) 694 { 695 List<PasswordStorageScheme<?>> schemeList = 696 defaultPolicy.getDefaultPasswordStorageSchemes(); 697 defaultAuthSchemes = 698 new PasswordStorageScheme[schemeList.size()]; 699 schemeList.toArray(defaultAuthSchemes); 700 } 701 else 702 { 703 defaultAuthSchemes = new PasswordStorageScheme[1]; 704 defaultAuthSchemes[0] = 705 DirectoryServer.getAuthPasswordStorageScheme( 706 AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1); 707 if (defaultAuthSchemes[0] == null) 708 { 709 ccr.setResultCode(DirectoryServer.getServerErrorResultCode()); 710 ccr.addMessage(ERR_PLUGIN_PWIMPORT_NO_DEFAULT_AUTH_SCHEMES.get( 711 AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1)); 712 } 713 } 714 } 715 else 716 { 717 defaultAuthSchemes = new PasswordStorageScheme[authSchemeDNs.size()]; 718 int i=0; 719 for (DN schemeDN : authSchemeDNs) 720 { 721 defaultAuthSchemes[i] = 722 DirectoryServer.getPasswordStorageScheme(schemeDN); 723 if (defaultAuthSchemes[i] == null) 724 { 725 ccr.setResultCode(DirectoryServer.getServerErrorResultCode()); 726 ccr.addMessage(ERR_PLUGIN_PWIMPORT_NO_SUCH_DEFAULT_AUTH_SCHEME.get(schemeDN)); 727 } 728 else if (! defaultAuthSchemes[i].supportsAuthPasswordSyntax()) 729 { 730 ccr.setResultCode(DirectoryServer.getServerErrorResultCode()); 731 ccr.addMessage(ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_AUTH_SCHEME.get(schemeDN)); 732 } 733 i++; 734 } 735 } 736 737 738 // Get the set of default password storage schemes for user password 739 // attributes. 740 PasswordStorageScheme<?>[] defaultUserSchemes; 741 Set<DN> userSchemeDNs = 742 configuration.getDefaultUserPasswordStorageSchemeDNs(); 743 if (userSchemeDNs.isEmpty()) 744 { 745 if (! defaultPolicy.isAuthPasswordSyntax()) 746 { 747 List<PasswordStorageScheme<?>> schemeList = 748 defaultPolicy.getDefaultPasswordStorageSchemes(); 749 defaultUserSchemes = 750 new PasswordStorageScheme[schemeList.size()]; 751 schemeList.toArray(defaultUserSchemes); 752 } 753 else 754 { 755 defaultUserSchemes = new PasswordStorageScheme[1]; 756 defaultUserSchemes[0] = DirectoryServer.getPasswordStorageScheme( 757 toLowerCase(STORAGE_SCHEME_NAME_SALTED_SHA_1)); 758 if (defaultUserSchemes[0] == null) 759 { 760 ccr.setResultCode(DirectoryServer.getServerErrorResultCode()); 761 ccr.addMessage(ERR_PLUGIN_PWIMPORT_NO_DEFAULT_USER_SCHEMES.get( 762 STORAGE_SCHEME_NAME_SALTED_SHA_1)); 763 } 764 } 765 } 766 else 767 { 768 defaultUserSchemes = new PasswordStorageScheme[userSchemeDNs.size()]; 769 int i=0; 770 for (DN schemeDN : userSchemeDNs) 771 { 772 defaultUserSchemes[i] = 773 DirectoryServer.getPasswordStorageScheme(schemeDN); 774 if (defaultUserSchemes[i] == null) 775 { 776 ccr.setResultCode(DirectoryServer.getServerErrorResultCode()); 777 ccr.addMessage(ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_USER_SCHEME.get(schemeDN)); 778 } 779 i++; 780 } 781 } 782 783 if (ccr.getResultCode() == ResultCode.SUCCESS) 784 { 785 defaultAuthPasswordSchemes = defaultAuthSchemes; 786 defaultUserPasswordSchemes = defaultUserSchemes; 787 } 788 789 return ccr; 790 } 791}