001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions Copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2006-2010 Sun Microsystems, Inc. 015 * Portions Copyright 2011-2016 ForgeRock AS. 016 */ 017package org.opends.server.plugins; 018 019import static org.opends.messages.PluginMessages.*; 020import static org.opends.server.config.ConfigConstants.*; 021import static org.opends.server.extensions.ExtensionsConstants.*; 022import static org.opends.server.schema.SchemaConstants.*; 023import static org.opends.server.util.StaticUtils.*; 024 025import java.util.HashMap; 026import java.util.HashSet; 027import java.util.List; 028import java.util.Map; 029import java.util.Set; 030 031import org.forgerock.i18n.LocalizableMessage; 032import org.forgerock.i18n.LocalizedIllegalArgumentException; 033import org.forgerock.i18n.slf4j.LocalizedLogger; 034import org.forgerock.opendj.config.server.ConfigChangeResult; 035import org.forgerock.opendj.config.server.ConfigException; 036import org.forgerock.opendj.ldap.ByteString; 037import org.forgerock.opendj.ldap.DN; 038import org.forgerock.opendj.ldap.ResultCode; 039import org.forgerock.opendj.ldap.schema.AttributeType; 040import org.opends.server.admin.server.ConfigurationChangeListener; 041import org.opends.server.admin.std.meta.PluginCfgDefn; 042import org.opends.server.admin.std.server.PasswordPolicyImportPluginCfg; 043import org.opends.server.admin.std.server.PluginCfg; 044import org.opends.server.api.AuthenticationPolicy; 045import org.opends.server.api.Backend; 046import org.opends.server.api.ImportTaskListener; 047import org.opends.server.api.PasswordStorageScheme; 048import org.opends.server.api.plugin.DirectoryServerPlugin; 049import org.opends.server.api.plugin.PluginResult; 050import org.opends.server.api.plugin.PluginType; 051import org.opends.server.core.DirectoryServer; 052import org.opends.server.core.PasswordPolicy; 053import org.opends.server.core.SubentryPasswordPolicy; 054import org.opends.server.schema.AuthPasswordSyntax; 055import org.opends.server.schema.UserPasswordSyntax; 056import org.opends.server.types.Attribute; 057import org.opends.server.types.AttributeBuilder; 058import org.opends.server.types.DirectoryException; 059import org.opends.server.types.Entry; 060import org.opends.server.types.LDIFImportConfig; 061import org.opends.server.types.SubEntry; 062 063/** 064 * This class implements a Directory Server plugin that performs various 065 * password policy processing during an LDIF import. In particular, it ensures 066 * that all of the password values are properly encoded before they are stored. 067 */ 068public final class PasswordPolicyImportPlugin 069 extends DirectoryServerPlugin<PasswordPolicyImportPluginCfg> 070 implements ConfigurationChangeListener<PasswordPolicyImportPluginCfg>, 071 ImportTaskListener 072{ 073 private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass(); 074 075 /** The attribute type used to specify the password policy for an entry. */ 076 private AttributeType customPolicyAttribute; 077 /** The set of attribute types defined in the schema with the auth password syntax. */ 078 private AttributeType[] authPasswordTypes; 079 /** The set of attribute types defined in the schema with the user password syntax. */ 080 private AttributeType[] userPasswordTypes; 081 /** 082 * The set of password storage schemes to use for the various password 083 * policies defined in the server. 084 */ 085 private Map<DN, PasswordStorageScheme<?>[]> schemesByPolicy; 086 /** The default password storage schemes for auth password attributes. */ 087 private PasswordStorageScheme<?>[] defaultAuthPasswordSchemes; 088 /** The default password storage schemes for user password attributes. */ 089 private PasswordStorageScheme<?>[] defaultUserPasswordSchemes; 090 091 /** 092 * Creates a new instance of this Directory Server plugin. Every plugin must 093 * implement a default constructor (it is the only one that will be used to 094 * create plugins defined in the configuration), and every plugin constructor 095 * must call {@code super()} as its first element. 096 */ 097 public PasswordPolicyImportPlugin() 098 { 099 super(); 100 } 101 102 @Override 103 public final void initializePlugin(Set<PluginType> pluginTypes, 104 PasswordPolicyImportPluginCfg configuration) 105 throws ConfigException 106 { 107 configuration.addPasswordPolicyImportChangeListener(this); 108 109 customPolicyAttribute = DirectoryServer.getAttributeType(OP_ATTR_PWPOLICY_POLICY_DN); 110 111 // Make sure that the plugin has been enabled for the appropriate types. 112 for (PluginType t : pluginTypes) 113 { 114 switch (t) 115 { 116 case LDIF_IMPORT: 117 // This is the only acceptable type. 118 break; 119 120 default: 121 throw new ConfigException(ERR_PLUGIN_PWPIMPORT_INVALID_PLUGIN_TYPE.get(t)); 122 } 123 } 124 125 // Get the set of default password storage schemes for auth password 126 // attributes. 127 PasswordPolicy defaultPolicy = DirectoryServer.getDefaultPasswordPolicy(); 128 Set<DN> authSchemeDNs = 129 configuration.getDefaultAuthPasswordStorageSchemeDNs(); 130 if (authSchemeDNs.isEmpty()) 131 { 132 if (defaultPolicy.isAuthPasswordSyntax()) 133 { 134 List<PasswordStorageScheme<?>> schemeList = 135 defaultPolicy.getDefaultPasswordStorageSchemes(); 136 defaultAuthPasswordSchemes = 137 new PasswordStorageScheme[schemeList.size()]; 138 schemeList.toArray(defaultAuthPasswordSchemes); 139 } 140 else 141 { 142 defaultAuthPasswordSchemes = new PasswordStorageScheme[1]; 143 defaultAuthPasswordSchemes[0] = 144 DirectoryServer.getAuthPasswordStorageScheme( 145 AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1); 146 if (defaultAuthPasswordSchemes[0] == null) 147 { 148 LocalizableMessage message = ERR_PLUGIN_PWIMPORT_NO_DEFAULT_AUTH_SCHEMES.get( 149 AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1); 150 throw new ConfigException(message); 151 } 152 } 153 } 154 else 155 { 156 defaultAuthPasswordSchemes = 157 new PasswordStorageScheme[authSchemeDNs.size()]; 158 int i=0; 159 for (DN schemeDN : authSchemeDNs) 160 { 161 defaultAuthPasswordSchemes[i] = 162 DirectoryServer.getPasswordStorageScheme(schemeDN); 163 if (defaultAuthPasswordSchemes[i] == null) 164 { 165 throw new ConfigException(ERR_PLUGIN_PWIMPORT_NO_SUCH_DEFAULT_AUTH_SCHEME.get(schemeDN)); 166 } 167 else if (! defaultAuthPasswordSchemes[i].supportsAuthPasswordSyntax()) 168 { 169 throw new ConfigException(ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_AUTH_SCHEME.get(schemeDN)); 170 } 171 i++; 172 } 173 } 174 175 // Get the set of default password storage schemes for user password 176 // attributes. 177 Set<DN> userSchemeDNs = 178 configuration.getDefaultUserPasswordStorageSchemeDNs(); 179 if (userSchemeDNs.isEmpty()) 180 { 181 if (! defaultPolicy.isAuthPasswordSyntax()) 182 { 183 List<PasswordStorageScheme<?>> schemeList = 184 defaultPolicy.getDefaultPasswordStorageSchemes(); 185 defaultUserPasswordSchemes = 186 new PasswordStorageScheme[schemeList.size()]; 187 schemeList.toArray(defaultUserPasswordSchemes); 188 } 189 else 190 { 191 defaultUserPasswordSchemes = new PasswordStorageScheme[1]; 192 defaultUserPasswordSchemes[0] = 193 DirectoryServer.getPasswordStorageScheme( 194 toLowerCase(STORAGE_SCHEME_NAME_SALTED_SHA_1)); 195 if (defaultUserPasswordSchemes[0] == null) 196 { 197 LocalizableMessage message = ERR_PLUGIN_PWIMPORT_NO_DEFAULT_USER_SCHEMES.get( 198 STORAGE_SCHEME_NAME_SALTED_SHA_1); 199 throw new ConfigException(message); 200 } 201 } 202 } 203 else 204 { 205 defaultUserPasswordSchemes = 206 new PasswordStorageScheme[userSchemeDNs.size()]; 207 int i=0; 208 for (DN schemeDN : userSchemeDNs) 209 { 210 defaultUserPasswordSchemes[i] = 211 DirectoryServer.getPasswordStorageScheme(schemeDN); 212 if (defaultUserPasswordSchemes[i] == null) 213 { 214 throw new ConfigException(ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_USER_SCHEME.get(schemeDN)); 215 } 216 i++; 217 } 218 } 219 220 processImportBegin(null, null); 221 } 222 223 @Override 224 public void processImportBegin(Backend backend, LDIFImportConfig config) 225 { 226 // Find the set of attribute types with the auth password and user password 227 // syntax defined in the schema. 228 HashSet<AttributeType> authPWTypes = new HashSet<>(); 229 HashSet<AttributeType> userPWTypes = new HashSet<>(); 230 for (AttributeType t : DirectoryServer.getAttributeTypes()) 231 { 232 if (SYNTAX_AUTH_PASSWORD_OID.equals(t.getSyntax().getOID())) 233 { 234 authPWTypes.add(t); 235 } 236 else if (SYNTAX_USER_PASSWORD_OID.equals(t.getSyntax().getOID())) 237 { 238 userPWTypes.add(t); 239 } 240 } 241 242 // Get the set of password policies defined in the server and get the 243 // attribute types associated with them. 244 HashMap<DN,PasswordStorageScheme<?>[]> schemeMap = new HashMap<>(); 245 for (AuthenticationPolicy ap : DirectoryServer.getAuthenticationPolicies()) 246 { 247 if (ap.isPasswordPolicy()) 248 { 249 PasswordPolicy p = (PasswordPolicy) ap; 250 251 List<PasswordStorageScheme<?>> schemeList = p.getDefaultPasswordStorageSchemes(); 252 PasswordStorageScheme<?>[] schemeArray = 253 new PasswordStorageScheme[schemeList.size()]; 254 schemeList.toArray(schemeArray); 255 schemeMap.put(p.getDN(), schemeArray); 256 } 257 } 258 259 AttributeType[] authTypesArray = new AttributeType[authPWTypes.size()]; 260 AttributeType[] userTypesArray = new AttributeType[userPWTypes.size()]; 261 authPWTypes.toArray(authTypesArray); 262 userPWTypes.toArray(userTypesArray); 263 264 schemesByPolicy = schemeMap; 265 authPasswordTypes = authTypesArray; 266 userPasswordTypes = userTypesArray; 267 } 268 269 @Override 270 public void processImportEnd(Backend backend, LDIFImportConfig config, 271 boolean successful) 272 { 273 // No implementation is required. 274 } 275 276 @Override 277 public final PluginResult.ImportLDIF 278 doLDIFImport(LDIFImportConfig importConfig, Entry entry) 279 { 280 // Check if this entry is a password policy subentry 281 // and if so evaluate whether or not its acceptable. 282 if ((entry.isSubentry() || entry.isLDAPSubentry()) && 283 entry.isPasswordPolicySubentry()) 284 { 285 try 286 { 287 new SubentryPasswordPolicy(new SubEntry(entry)); 288 } 289 catch (DirectoryException de) 290 { 291 logger.traceException(de); 292 293 return PluginResult.ImportLDIF.stopEntryProcessing( 294 de.getMessageObject()); 295 } 296 } 297 298 // See if the entry explicitly states the password policy that it should 299 // use. If so, then only use it to perform the encoding. 300 List<Attribute> attrList = entry.getAttribute(customPolicyAttribute); 301 if (!attrList.isEmpty()) 302 { 303 DN policyDN = null; 304 PasswordPolicy policy = null; 305policyLoop: 306 for (Attribute a : attrList) 307 { 308 for (ByteString v : a) 309 { 310 try 311 { 312 policyDN = DN.valueOf(v); 313 AuthenticationPolicy authPolicy = DirectoryServer 314 .getAuthenticationPolicy(policyDN); 315 if (authPolicy == null) 316 { 317 logger.warn(WARN_PLUGIN_PWIMPORT_NO_SUCH_POLICY, entry.getName(), policyDN); 318 } 319 else if (authPolicy.isPasswordPolicy()) 320 { 321 policy = (PasswordPolicy) authPolicy; 322 } 323 324 break policyLoop; 325 } 326 catch (LocalizedIllegalArgumentException e) 327 { 328 logger.warn(WARN_PLUGIN_PWIMPORT_CANNOT_DECODE_POLICY_DN, entry.getName(), e.getMessageObject()); 329 break policyLoop; 330 } 331 } 332 } 333 334 if (policy != null) 335 { 336 PasswordStorageScheme<?>[] schemes = schemesByPolicy.get(policyDN); 337 if (schemes != null) 338 { 339 attrList = entry.getAttribute(policy.getPasswordAttribute()); 340 if (attrList.isEmpty()) 341 { 342 return PluginResult.ImportLDIF.continueEntryProcessing(); 343 } 344 345 for (Attribute a : attrList) 346 { 347 AttributeBuilder builder = new AttributeBuilder(a, true); 348 boolean gotError = false; 349 350 for (ByteString value : a) 351 { 352 if (policy.isAuthPasswordSyntax()) 353 { 354 if (!AuthPasswordSyntax.isEncoded(value)) 355 { 356 try 357 { 358 for (PasswordStorageScheme<?> s : schemes) 359 { 360 builder.add(s.encodeAuthPassword(value)); 361 } 362 } 363 catch (Exception e) 364 { 365 logger.traceException(e); 366 367 logger.error(ERR_PLUGIN_PWPIMPORT_ERROR_ENCODING_PASSWORD, 368 policy.getPasswordAttribute().getNameOrOID(), entry.getName(), 369 stackTraceToSingleLineString(e)); 370 gotError = true; 371 break; 372 } 373 } 374 else 375 { 376 builder.add(value); 377 } 378 } 379 else if (!UserPasswordSyntax.isEncoded(value)) 380 { 381 try 382 { 383 for (PasswordStorageScheme<?> s : schemes) 384 { 385 builder.add(s.encodePasswordWithScheme(value)); 386 } 387 } 388 catch (Exception e) 389 { 390 logger.traceException(e); 391 392 logger.error(ERR_PLUGIN_PWPIMPORT_ERROR_ENCODING_PASSWORD, policy.getPasswordAttribute() 393 .getNameOrOID(), entry.getName(), stackTraceToSingleLineString(e)); 394 gotError = true; 395 break; 396 } 397 } 398 else 399 { 400 builder.add(value); 401 } 402 } 403 404 if (!gotError) 405 { 406 entry.replaceAttribute(builder.toAttribute()); 407 } 408 } 409 410 return PluginResult.ImportLDIF.continueEntryProcessing(); 411 } 412 } 413 } 414 415 // Iterate through the list of auth password attributes. If any of them 416 // are present and their values are not encoded, then encode them with all 417 // appropriate schemes. 418 for (AttributeType t : authPasswordTypes) 419 { 420 for (Attribute a : entry.getAttribute(t)) 421 { 422 AttributeBuilder builder = new AttributeBuilder(a, true); 423 boolean gotError = false; 424 425 for (ByteString value : a) 426 { 427 if (!AuthPasswordSyntax.isEncoded(value)) 428 { 429 try 430 { 431 for (PasswordStorageScheme<?> s : defaultAuthPasswordSchemes) 432 { 433 builder.add(s.encodeAuthPassword(value)); 434 } 435 } 436 catch (Exception e) 437 { 438 logger.traceException(e); 439 logger.error(ERR_PLUGIN_PWPIMPORT_ERROR_ENCODING_PASSWORD, 440 t.getNameOrOID(), entry.getName(), stackTraceToSingleLineString(e)); 441 gotError = true; 442 break; 443 } 444 } 445 else 446 { 447 builder.add(value); 448 } 449 } 450 451 if (!gotError) 452 { 453 entry.replaceAttribute(builder.toAttribute()); 454 } 455 } 456 } 457 458 // Iterate through the list of user password attributes. If any of them 459 // are present and their values are not encoded, then encode them with all 460 // appropriate schemes. 461 for (AttributeType t : userPasswordTypes) 462 { 463 for (Attribute a : entry.getAttribute(t)) 464 { 465 AttributeBuilder builder = new AttributeBuilder(a, true); 466 boolean gotError = false; 467 468 for (ByteString value : a) 469 { 470 if (!UserPasswordSyntax.isEncoded(value)) 471 { 472 try 473 { 474 for (PasswordStorageScheme<?> s : defaultUserPasswordSchemes) 475 { 476 builder.add(s.encodePasswordWithScheme(value)); 477 } 478 } 479 catch (Exception e) 480 { 481 logger.traceException(e); 482 logger.error(ERR_PLUGIN_PWPIMPORT_ERROR_ENCODING_PASSWORD, 483 t.getNameOrOID(), entry.getName(), stackTraceToSingleLineString(e)); 484 gotError = true; 485 break; 486 } 487 } 488 else 489 { 490 builder.add(value); 491 } 492 } 493 494 if (!gotError) 495 { 496 entry.replaceAttribute(builder.toAttribute()); 497 } 498 } 499 } 500 501 return PluginResult.ImportLDIF.continueEntryProcessing(); 502 } 503 504 @Override 505 public boolean isConfigurationAcceptable(PluginCfg configuration, 506 List<LocalizableMessage> unacceptableReasons) 507 { 508 PasswordPolicyImportPluginCfg config = 509 (PasswordPolicyImportPluginCfg) configuration; 510 return isConfigurationChangeAcceptable(config, unacceptableReasons); 511 } 512 513 @Override 514 public boolean isConfigurationChangeAcceptable( 515 PasswordPolicyImportPluginCfg configuration, 516 List<LocalizableMessage> unacceptableReasons) 517 { 518 boolean configAcceptable = true; 519 520 // Ensure that the set of plugin types contains only LDIF import. 521 for (PluginCfgDefn.PluginType pluginType : configuration.getPluginType()) 522 { 523 switch (pluginType) 524 { 525 case LDIFIMPORT: 526 // This is the only acceptable type. 527 break; 528 529 default: 530 unacceptableReasons.add(ERR_PLUGIN_PWPIMPORT_INVALID_PLUGIN_TYPE.get(pluginType)); 531 configAcceptable = false; 532 } 533 } 534 535 // Get the set of default password storage schemes for auth password 536 // attributes. 537 Set<DN> authSchemeDNs = 538 configuration.getDefaultAuthPasswordStorageSchemeDNs(); 539 if (authSchemeDNs.isEmpty()) 540 { 541 PasswordStorageScheme<?>[] defaultAuthSchemes = 542 new PasswordStorageScheme[1]; 543 defaultAuthSchemes[0] = 544 DirectoryServer.getAuthPasswordStorageScheme( 545 AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1); 546 if (defaultAuthSchemes[0] == null) 547 { 548 LocalizableMessage message = ERR_PLUGIN_PWIMPORT_NO_DEFAULT_AUTH_SCHEMES.get( 549 AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1); 550 unacceptableReasons.add(message); 551 configAcceptable = false; 552 } 553 } 554 else 555 { 556 PasswordStorageScheme<?>[] defaultAuthSchemes = 557 new PasswordStorageScheme[authSchemeDNs.size()]; 558 int i=0; 559 for (DN schemeDN : authSchemeDNs) 560 { 561 defaultAuthSchemes[i] = 562 DirectoryServer.getPasswordStorageScheme(schemeDN); 563 if (defaultAuthSchemes[i] == null) 564 { 565 unacceptableReasons.add(ERR_PLUGIN_PWIMPORT_NO_SUCH_DEFAULT_AUTH_SCHEME.get(schemeDN)); 566 configAcceptable = false; 567 } 568 else if (! defaultAuthSchemes[i].supportsAuthPasswordSyntax()) 569 { 570 unacceptableReasons.add(ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_AUTH_SCHEME.get(schemeDN)); 571 configAcceptable = false; 572 } 573 i++; 574 } 575 } 576 577 // Get the set of default password storage schemes for user password 578 // attributes. 579 Set<DN> userSchemeDNs = 580 configuration.getDefaultUserPasswordStorageSchemeDNs(); 581 if (userSchemeDNs.isEmpty()) 582 { 583 PasswordStorageScheme<?>[] defaultUserSchemes = 584 new PasswordStorageScheme[1]; 585 defaultUserSchemes[0] = 586 DirectoryServer.getPasswordStorageScheme( 587 toLowerCase(STORAGE_SCHEME_NAME_SALTED_SHA_1)); 588 if (defaultUserSchemes[0] == null) 589 { 590 LocalizableMessage message = ERR_PLUGIN_PWIMPORT_NO_DEFAULT_USER_SCHEMES.get( 591 STORAGE_SCHEME_NAME_SALTED_SHA_1); 592 unacceptableReasons.add(message); 593 configAcceptable = false; 594 } 595 } 596 else 597 { 598 PasswordStorageScheme<?>[] defaultUserSchemes = 599 new PasswordStorageScheme[userSchemeDNs.size()]; 600 int i=0; 601 for (DN schemeDN : userSchemeDNs) 602 { 603 defaultUserSchemes[i] = 604 DirectoryServer.getPasswordStorageScheme(schemeDN); 605 if (defaultUserSchemes[i] == null) 606 { 607 unacceptableReasons.add(ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_USER_SCHEME.get(schemeDN)); 608 configAcceptable = false; 609 } 610 i++; 611 } 612 } 613 614 return configAcceptable; 615 } 616 617 @Override 618 public ConfigChangeResult applyConfigurationChange( 619 PasswordPolicyImportPluginCfg configuration) 620 { 621 final ConfigChangeResult ccr = new ConfigChangeResult(); 622 623 // Get the set of default password storage schemes for auth password 624 // attributes. 625 PasswordPolicy defaultPolicy = DirectoryServer.getDefaultPasswordPolicy(); 626 PasswordStorageScheme<?>[] defaultAuthSchemes; 627 Set<DN> authSchemeDNs = 628 configuration.getDefaultAuthPasswordStorageSchemeDNs(); 629 if (authSchemeDNs.isEmpty()) 630 { 631 if (defaultPolicy.isAuthPasswordSyntax()) 632 { 633 List<PasswordStorageScheme<?>> schemeList = 634 defaultPolicy.getDefaultPasswordStorageSchemes(); 635 defaultAuthSchemes = 636 new PasswordStorageScheme[schemeList.size()]; 637 schemeList.toArray(defaultAuthSchemes); 638 } 639 else 640 { 641 defaultAuthSchemes = new PasswordStorageScheme[1]; 642 defaultAuthSchemes[0] = 643 DirectoryServer.getAuthPasswordStorageScheme( 644 AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1); 645 if (defaultAuthSchemes[0] == null) 646 { 647 ccr.setResultCode(DirectoryServer.getServerErrorResultCode()); 648 ccr.addMessage(ERR_PLUGIN_PWIMPORT_NO_DEFAULT_AUTH_SCHEMES.get( 649 AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1)); 650 } 651 } 652 } 653 else 654 { 655 defaultAuthSchemes = new PasswordStorageScheme[authSchemeDNs.size()]; 656 int i=0; 657 for (DN schemeDN : authSchemeDNs) 658 { 659 defaultAuthSchemes[i] = 660 DirectoryServer.getPasswordStorageScheme(schemeDN); 661 if (defaultAuthSchemes[i] == null) 662 { 663 ccr.setResultCode(DirectoryServer.getServerErrorResultCode()); 664 ccr.addMessage(ERR_PLUGIN_PWIMPORT_NO_SUCH_DEFAULT_AUTH_SCHEME.get(schemeDN)); 665 } 666 else if (! defaultAuthSchemes[i].supportsAuthPasswordSyntax()) 667 { 668 ccr.setResultCode(DirectoryServer.getServerErrorResultCode()); 669 ccr.addMessage(ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_AUTH_SCHEME.get(schemeDN)); 670 } 671 i++; 672 } 673 } 674 675 // Get the set of default password storage schemes for user password 676 // attributes. 677 PasswordStorageScheme<?>[] defaultUserSchemes; 678 Set<DN> userSchemeDNs = 679 configuration.getDefaultUserPasswordStorageSchemeDNs(); 680 if (userSchemeDNs.isEmpty()) 681 { 682 if (! defaultPolicy.isAuthPasswordSyntax()) 683 { 684 List<PasswordStorageScheme<?>> schemeList = 685 defaultPolicy.getDefaultPasswordStorageSchemes(); 686 defaultUserSchemes = 687 new PasswordStorageScheme[schemeList.size()]; 688 schemeList.toArray(defaultUserSchemes); 689 } 690 else 691 { 692 defaultUserSchemes = new PasswordStorageScheme[1]; 693 defaultUserSchemes[0] = DirectoryServer.getPasswordStorageScheme( 694 toLowerCase(STORAGE_SCHEME_NAME_SALTED_SHA_1)); 695 if (defaultUserSchemes[0] == null) 696 { 697 ccr.setResultCode(DirectoryServer.getServerErrorResultCode()); 698 ccr.addMessage(ERR_PLUGIN_PWIMPORT_NO_DEFAULT_USER_SCHEMES.get( 699 STORAGE_SCHEME_NAME_SALTED_SHA_1)); 700 } 701 } 702 } 703 else 704 { 705 defaultUserSchemes = new PasswordStorageScheme[userSchemeDNs.size()]; 706 int i=0; 707 for (DN schemeDN : userSchemeDNs) 708 { 709 defaultUserSchemes[i] = 710 DirectoryServer.getPasswordStorageScheme(schemeDN); 711 if (defaultUserSchemes[i] == null) 712 { 713 ccr.setResultCode(DirectoryServer.getServerErrorResultCode()); 714 ccr.addMessage(ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_USER_SCHEME.get(schemeDN)); 715 } 716 i++; 717 } 718 } 719 720 if (ccr.getResultCode() == ResultCode.SUCCESS) 721 { 722 defaultAuthPasswordSchemes = defaultAuthSchemes; 723 defaultUserPasswordSchemes = defaultUserSchemes; 724 } 725 726 return ccr; 727 } 728}