001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions Copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2006-2010 Sun Microsystems, Inc.
015 * Portions Copyright 2011-2016 ForgeRock AS.
016 */
017package org.opends.server.plugins;
018
019import static org.opends.messages.PluginMessages.*;
020import static org.opends.server.config.ConfigConstants.*;
021import static org.opends.server.extensions.ExtensionsConstants.*;
022import static org.opends.server.util.StaticUtils.*;
023
024import java.util.HashMap;
025import java.util.HashSet;
026import java.util.List;
027import java.util.Map;
028import java.util.Set;
029
030import org.forgerock.i18n.LocalizableMessage;
031import org.forgerock.i18n.LocalizedIllegalArgumentException;
032import org.forgerock.i18n.slf4j.LocalizedLogger;
033import org.forgerock.opendj.config.server.ConfigChangeResult;
034import org.forgerock.opendj.config.server.ConfigException;
035import org.forgerock.opendj.config.server.ConfigurationChangeListener;
036import org.forgerock.opendj.ldap.ByteString;
037import org.forgerock.opendj.ldap.DN;
038import org.forgerock.opendj.ldap.ResultCode;
039import org.forgerock.opendj.ldap.schema.AttributeType;
040import org.forgerock.opendj.server.config.meta.PluginCfgDefn;
041import org.forgerock.opendj.server.config.server.PasswordPolicyImportPluginCfg;
042import org.forgerock.opendj.server.config.server.PluginCfg;
043import org.opends.server.api.AuthenticationPolicy;
044import org.opends.server.api.Backend;
045import org.opends.server.api.ImportTaskListener;
046import org.opends.server.api.PasswordStorageScheme;
047import org.opends.server.api.plugin.DirectoryServerPlugin;
048import org.opends.server.api.plugin.PluginResult;
049import org.opends.server.api.plugin.PluginType;
050import org.opends.server.core.DirectoryServer;
051import org.opends.server.core.PasswordPolicy;
052import org.opends.server.core.SubentryPasswordPolicy;
053import org.opends.server.schema.AuthPasswordSyntax;
054import org.opends.server.schema.UserPasswordSyntax;
055import org.opends.server.types.Attribute;
056import org.opends.server.types.AttributeBuilder;
057import org.opends.server.types.DirectoryException;
058import org.opends.server.types.Entry;
059import org.opends.server.types.LDIFImportConfig;
060import org.opends.server.types.SubEntry;
061import org.opends.server.util.SchemaUtils;
062
063/**
064 * This class implements a Directory Server plugin that performs various
065 * password policy processing during an LDIF import.  In particular, it ensures
066 * that all of the password values are properly encoded before they are stored.
067 */
068public final class PasswordPolicyImportPlugin
069       extends DirectoryServerPlugin<PasswordPolicyImportPluginCfg>
070       implements ConfigurationChangeListener<PasswordPolicyImportPluginCfg>,
071                  ImportTaskListener
072{
073  private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
074
075  /** The attribute type used to specify the password policy for an entry. */
076  private AttributeType customPolicyAttribute;
077  /** The set of attribute types defined in the schema with the auth password syntax. */
078  private AttributeType[] authPasswordTypes;
079  /** The set of attribute types defined in the schema with the user password syntax. */
080  private AttributeType[] userPasswordTypes;
081  /**
082   * The set of password storage schemes to use for the various password
083   * policies defined in the server.
084   */
085  private Map<DN, PasswordStorageScheme<?>[]> schemesByPolicy;
086  /** The default password storage schemes for auth password attributes. */
087  private PasswordStorageScheme<?>[] defaultAuthPasswordSchemes;
088  /** The default password storage schemes for user password attributes. */
089  private PasswordStorageScheme<?>[] defaultUserPasswordSchemes;
090
091  /**
092   * Creates a new instance of this Directory Server plugin.  Every plugin must
093   * implement a default constructor (it is the only one that will be used to
094   * create plugins defined in the configuration), and every plugin constructor
095   * must call {@code super()} as its first element.
096   */
097  public PasswordPolicyImportPlugin()
098  {
099    super();
100  }
101
102  @Override
103  public final void initializePlugin(Set<PluginType> pluginTypes,
104                         PasswordPolicyImportPluginCfg configuration)
105         throws ConfigException
106  {
107    configuration.addPasswordPolicyImportChangeListener(this);
108
109    customPolicyAttribute = DirectoryServer.getSchema().getAttributeType(OP_ATTR_PWPOLICY_POLICY_DN);
110
111    // Make sure that the plugin has been enabled for the appropriate types.
112    for (PluginType t : pluginTypes)
113    {
114      switch (t)
115      {
116        case LDIF_IMPORT:
117          // This is the only acceptable type.
118          break;
119
120        default:
121          throw new ConfigException(ERR_PLUGIN_PWPIMPORT_INVALID_PLUGIN_TYPE.get(t));
122      }
123    }
124
125    // Get the set of default password storage schemes for auth password
126    // attributes.
127    PasswordPolicy defaultPolicy = DirectoryServer.getDefaultPasswordPolicy();
128    Set<DN> authSchemeDNs =
129         configuration.getDefaultAuthPasswordStorageSchemeDNs();
130    if (authSchemeDNs.isEmpty())
131    {
132      if (defaultPolicy.isAuthPasswordSyntax())
133      {
134        List<PasswordStorageScheme<?>> schemeList =
135             defaultPolicy.getDefaultPasswordStorageSchemes();
136        defaultAuthPasswordSchemes =
137             new PasswordStorageScheme[schemeList.size()];
138        schemeList.toArray(defaultAuthPasswordSchemes);
139      }
140      else
141      {
142        defaultAuthPasswordSchemes = new PasswordStorageScheme[1];
143        defaultAuthPasswordSchemes[0] =
144             DirectoryServer.getAuthPasswordStorageScheme(
145                  AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1);
146        if (defaultAuthPasswordSchemes[0] == null)
147        {
148          LocalizableMessage message = ERR_PLUGIN_PWIMPORT_NO_DEFAULT_AUTH_SCHEMES.get(
149              AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1);
150          throw new ConfigException(message);
151        }
152      }
153    }
154    else
155    {
156      defaultAuthPasswordSchemes =
157           new PasswordStorageScheme[authSchemeDNs.size()];
158      int i=0;
159      for (DN schemeDN : authSchemeDNs)
160      {
161        defaultAuthPasswordSchemes[i] =
162             DirectoryServer.getPasswordStorageScheme(schemeDN);
163        if (defaultAuthPasswordSchemes[i] == null)
164        {
165          throw new ConfigException(ERR_PLUGIN_PWIMPORT_NO_SUCH_DEFAULT_AUTH_SCHEME.get(schemeDN));
166        }
167        else if (! defaultAuthPasswordSchemes[i].supportsAuthPasswordSyntax())
168        {
169          throw new ConfigException(ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_AUTH_SCHEME.get(schemeDN));
170        }
171        i++;
172      }
173    }
174
175    // Get the set of default password storage schemes for user password
176    // attributes.
177    Set<DN> userSchemeDNs =
178         configuration.getDefaultUserPasswordStorageSchemeDNs();
179    if (userSchemeDNs.isEmpty())
180    {
181      if (! defaultPolicy.isAuthPasswordSyntax())
182      {
183        List<PasswordStorageScheme<?>> schemeList =
184             defaultPolicy.getDefaultPasswordStorageSchemes();
185        defaultUserPasswordSchemes =
186             new PasswordStorageScheme[schemeList.size()];
187        schemeList.toArray(defaultUserPasswordSchemes);
188      }
189      else
190      {
191        defaultUserPasswordSchemes = new PasswordStorageScheme[1];
192        defaultUserPasswordSchemes[0] =
193             DirectoryServer.getPasswordStorageScheme(
194                  toLowerCase(STORAGE_SCHEME_NAME_SALTED_SHA_1));
195        if (defaultUserPasswordSchemes[0] == null)
196        {
197          LocalizableMessage message = ERR_PLUGIN_PWIMPORT_NO_DEFAULT_USER_SCHEMES.get(
198              STORAGE_SCHEME_NAME_SALTED_SHA_1);
199          throw new ConfigException(message);
200        }
201      }
202    }
203    else
204    {
205      defaultUserPasswordSchemes =
206           new PasswordStorageScheme[userSchemeDNs.size()];
207      int i=0;
208      for (DN schemeDN : userSchemeDNs)
209      {
210        defaultUserPasswordSchemes[i] =
211             DirectoryServer.getPasswordStorageScheme(schemeDN);
212        if (defaultUserPasswordSchemes[i] == null)
213        {
214          throw new ConfigException(ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_USER_SCHEME.get(schemeDN));
215        }
216        i++;
217      }
218    }
219
220    processImportBegin(null, null);
221  }
222
223  @Override
224  public void processImportBegin(Backend<?> backend, LDIFImportConfig config)
225  {
226    // Find the set of attribute types with the auth password and user password
227    // syntax defined in the schema.
228    HashSet<AttributeType> authPWTypes = new HashSet<>();
229    HashSet<AttributeType> userPWTypes = new HashSet<>();
230    for (AttributeType t : DirectoryServer.getSchema().getAttributeTypes())
231    {
232      switch (SchemaUtils.checkPasswordType(t))
233      {
234      case AUTH_PASSWORD:
235        authPWTypes.add(t);
236        break;
237
238      case USER_PASSWORD:
239        userPWTypes.add(t);
240        break;
241      }
242    }
243
244    // Get the set of password policies defined in the server and get the
245    // attribute types associated with them.
246    HashMap<DN,PasswordStorageScheme<?>[]> schemeMap = new HashMap<>();
247    for (AuthenticationPolicy ap : DirectoryServer.getAuthenticationPolicies())
248    {
249      if (ap.isPasswordPolicy())
250      {
251        PasswordPolicy p = (PasswordPolicy) ap;
252
253        List<PasswordStorageScheme<?>> schemeList = p.getDefaultPasswordStorageSchemes();
254        PasswordStorageScheme<?>[] schemeArray =
255          new PasswordStorageScheme[schemeList.size()];
256        schemeList.toArray(schemeArray);
257        schemeMap.put(p.getDN(), schemeArray);
258      }
259    }
260
261    AttributeType[] authTypesArray = new AttributeType[authPWTypes.size()];
262    AttributeType[] userTypesArray = new AttributeType[userPWTypes.size()];
263    authPWTypes.toArray(authTypesArray);
264    userPWTypes.toArray(userTypesArray);
265
266    schemesByPolicy   = schemeMap;
267    authPasswordTypes = authTypesArray;
268    userPasswordTypes = userTypesArray;
269  }
270
271  @Override
272  public void processImportEnd(Backend<?> backend, LDIFImportConfig config, boolean successful)
273  {
274    // No implementation is required.
275  }
276
277  @Override
278  public final PluginResult.ImportLDIF
279               doLDIFImport(LDIFImportConfig importConfig, Entry entry)
280  {
281    // Check if this entry is a password policy subentry
282    // and if so evaluate whether it is acceptable.
283    if ((entry.isSubentry() || entry.isLDAPSubentry()) &&
284            entry.isPasswordPolicySubentry())
285    {
286      try
287      {
288        new SubentryPasswordPolicy(new SubEntry(entry));
289      }
290      catch (DirectoryException de)
291      {
292        logger.traceException(de);
293
294        return PluginResult.ImportLDIF.stopEntryProcessing(
295                de.getMessageObject());
296      }
297    }
298
299    // See if the entry explicitly states the password policy that it should
300    // use.  If so, then only use it to perform the encoding.
301    List<Attribute> attrList = entry.getAttribute(customPolicyAttribute);
302    if (!attrList.isEmpty())
303    {
304      DN policyDN = null;
305      PasswordPolicy policy = null;
306policyLoop:
307      for (Attribute a : attrList)
308      {
309        for (ByteString v : a)
310        {
311          try
312          {
313            policyDN = DN.valueOf(v);
314            AuthenticationPolicy authPolicy = DirectoryServer
315                .getAuthenticationPolicy(policyDN);
316            if (authPolicy == null)
317            {
318              logger.warn(WARN_PLUGIN_PWIMPORT_NO_SUCH_POLICY, entry.getName(), policyDN);
319            }
320            else if (authPolicy.isPasswordPolicy())
321            {
322              policy = (PasswordPolicy) authPolicy;
323            }
324
325            break policyLoop;
326          }
327          catch (LocalizedIllegalArgumentException e)
328          {
329            logger.warn(WARN_PLUGIN_PWIMPORT_CANNOT_DECODE_POLICY_DN, entry.getName(), e.getMessageObject());
330            break policyLoop;
331          }
332        }
333      }
334
335      if (policy != null)
336      {
337        PasswordStorageScheme<?>[] schemes = schemesByPolicy.get(policyDN);
338        if (schemes != null)
339        {
340          attrList = entry.getAttribute(policy.getPasswordAttribute());
341          if (attrList.isEmpty())
342          {
343            return PluginResult.ImportLDIF.continueEntryProcessing();
344          }
345
346          for (Attribute a : attrList)
347          {
348            AttributeBuilder builder = new AttributeBuilder(a.getAttributeDescription());
349            boolean gotError = false;
350
351            for (ByteString value : a)
352            {
353              if (policy.isAuthPasswordSyntax())
354              {
355                if (!AuthPasswordSyntax.isEncoded(value))
356                {
357                  try
358                  {
359                    for (PasswordStorageScheme<?> s : schemes)
360                    {
361                      builder.add(s.encodeAuthPassword(value));
362                    }
363                  }
364                  catch (Exception e)
365                  {
366                    logger.traceException(e);
367
368                    logger.error(ERR_PLUGIN_PWPIMPORT_ERROR_ENCODING_PASSWORD,
369                        policy.getPasswordAttribute().getNameOrOID(), entry.getName(),
370                        stackTraceToSingleLineString(e));
371                    gotError = true;
372                    break;
373                  }
374                }
375                else
376                {
377                  builder.add(value);
378                }
379              }
380              else if (!UserPasswordSyntax.isEncoded(value))
381              {
382                try
383                {
384                  for (PasswordStorageScheme<?> s : schemes)
385                  {
386                    builder.add(s.encodePasswordWithScheme(value));
387                  }
388                }
389                catch (Exception e)
390                {
391                  logger.traceException(e);
392
393                  logger.error(ERR_PLUGIN_PWPIMPORT_ERROR_ENCODING_PASSWORD, policy.getPasswordAttribute()
394                      .getNameOrOID(), entry.getName(), stackTraceToSingleLineString(e));
395                  gotError = true;
396                  break;
397                }
398              }
399              else
400              {
401                builder.add(value);
402              }
403            }
404
405            if (!gotError)
406            {
407              entry.replaceAttribute(builder.toAttribute());
408            }
409          }
410
411          return PluginResult.ImportLDIF.continueEntryProcessing();
412        }
413      }
414    }
415
416    // Iterate through the list of auth password attributes.  If any of them
417    // are present and their values are not encoded, then encode them with all
418    // appropriate schemes.
419    for (AttributeType t : authPasswordTypes)
420    {
421      for (Attribute a : entry.getAttribute(t))
422      {
423        AttributeBuilder builder = new AttributeBuilder(a.getAttributeDescription());
424        boolean gotError = false;
425
426        for (ByteString value : a)
427        {
428          if (!AuthPasswordSyntax.isEncoded(value))
429          {
430            try
431            {
432              for (PasswordStorageScheme<?> s : defaultAuthPasswordSchemes)
433              {
434                builder.add(s.encodeAuthPassword(value));
435              }
436            }
437            catch (Exception e)
438            {
439              logger.traceException(e);
440              logger.error(ERR_PLUGIN_PWPIMPORT_ERROR_ENCODING_PASSWORD,
441                  t.getNameOrOID(), entry.getName(), stackTraceToSingleLineString(e));
442              gotError = true;
443              break;
444            }
445          }
446          else
447          {
448            builder.add(value);
449          }
450        }
451
452        if (!gotError)
453        {
454          entry.replaceAttribute(builder.toAttribute());
455        }
456      }
457    }
458
459    // Iterate through the list of user password attributes.  If any of them
460    // are present and their values are not encoded, then encode them with all
461    // appropriate schemes.
462    for (AttributeType t : userPasswordTypes)
463    {
464      for (Attribute a : entry.getAttribute(t))
465      {
466        AttributeBuilder builder = new AttributeBuilder(a.getAttributeDescription());
467        boolean gotError = false;
468
469        for (ByteString value : a)
470        {
471          if (!UserPasswordSyntax.isEncoded(value))
472          {
473            try
474            {
475              for (PasswordStorageScheme<?> s : defaultUserPasswordSchemes)
476              {
477                builder.add(s.encodePasswordWithScheme(value));
478              }
479            }
480            catch (Exception e)
481            {
482              logger.traceException(e);
483              logger.error(ERR_PLUGIN_PWPIMPORT_ERROR_ENCODING_PASSWORD,
484                  t.getNameOrOID(), entry.getName(), stackTraceToSingleLineString(e));
485              gotError = true;
486              break;
487            }
488          }
489          else
490          {
491            builder.add(value);
492          }
493        }
494
495        if (!gotError)
496        {
497          entry.replaceAttribute(builder.toAttribute());
498        }
499      }
500    }
501
502    return PluginResult.ImportLDIF.continueEntryProcessing();
503  }
504
505  @Override
506  public boolean isConfigurationAcceptable(PluginCfg configuration,
507                                           List<LocalizableMessage> unacceptableReasons)
508  {
509    PasswordPolicyImportPluginCfg config =
510         (PasswordPolicyImportPluginCfg) configuration;
511    return isConfigurationChangeAcceptable(config, unacceptableReasons);
512  }
513
514  @Override
515  public boolean isConfigurationChangeAcceptable(
516                      PasswordPolicyImportPluginCfg configuration,
517                      List<LocalizableMessage> unacceptableReasons)
518  {
519    boolean configAcceptable = true;
520
521    // Ensure that the set of plugin types contains only LDIF import.
522    for (PluginCfgDefn.PluginType pluginType : configuration.getPluginType())
523    {
524      switch (pluginType)
525      {
526        case LDIFIMPORT:
527          // This is the only acceptable type.
528          break;
529
530        default:
531          unacceptableReasons.add(ERR_PLUGIN_PWPIMPORT_INVALID_PLUGIN_TYPE.get(pluginType));
532          configAcceptable = false;
533      }
534    }
535
536    // Get the set of default password storage schemes for auth password
537    // attributes.
538    Set<DN> authSchemeDNs =
539         configuration.getDefaultAuthPasswordStorageSchemeDNs();
540    if (authSchemeDNs.isEmpty())
541    {
542      PasswordStorageScheme<?>[] defaultAuthSchemes =
543        new PasswordStorageScheme[1];
544      defaultAuthSchemes[0] =
545           DirectoryServer.getAuthPasswordStorageScheme(
546                AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1);
547      if (defaultAuthSchemes[0] == null)
548      {
549        LocalizableMessage message = ERR_PLUGIN_PWIMPORT_NO_DEFAULT_AUTH_SCHEMES.get(
550                AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1);
551        unacceptableReasons.add(message);
552        configAcceptable = false;
553      }
554    }
555    else
556    {
557      PasswordStorageScheme<?>[] defaultAuthSchemes =
558           new PasswordStorageScheme[authSchemeDNs.size()];
559      int i=0;
560      for (DN schemeDN : authSchemeDNs)
561      {
562        defaultAuthSchemes[i] =
563             DirectoryServer.getPasswordStorageScheme(schemeDN);
564        if (defaultAuthSchemes[i] == null)
565        {
566          unacceptableReasons.add(ERR_PLUGIN_PWIMPORT_NO_SUCH_DEFAULT_AUTH_SCHEME.get(schemeDN));
567          configAcceptable = false;
568        }
569        else if (! defaultAuthSchemes[i].supportsAuthPasswordSyntax())
570        {
571          unacceptableReasons.add(ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_AUTH_SCHEME.get(schemeDN));
572          configAcceptable = false;
573        }
574        i++;
575      }
576    }
577
578    // Get the set of default password storage schemes for user password
579    // attributes.
580    Set<DN> userSchemeDNs =
581         configuration.getDefaultUserPasswordStorageSchemeDNs();
582    if (userSchemeDNs.isEmpty())
583    {
584      PasswordStorageScheme<?>[] defaultUserSchemes =
585        new PasswordStorageScheme[1];
586      defaultUserSchemes[0] =
587           DirectoryServer.getPasswordStorageScheme(
588                toLowerCase(STORAGE_SCHEME_NAME_SALTED_SHA_1));
589      if (defaultUserSchemes[0] == null)
590      {
591        LocalizableMessage message = ERR_PLUGIN_PWIMPORT_NO_DEFAULT_USER_SCHEMES.get(
592                STORAGE_SCHEME_NAME_SALTED_SHA_1);
593        unacceptableReasons.add(message);
594        configAcceptable = false;
595      }
596    }
597    else
598    {
599      PasswordStorageScheme<?>[] defaultUserSchemes =
600           new PasswordStorageScheme[userSchemeDNs.size()];
601      int i=0;
602      for (DN schemeDN : userSchemeDNs)
603      {
604        defaultUserSchemes[i] =
605             DirectoryServer.getPasswordStorageScheme(schemeDN);
606        if (defaultUserSchemes[i] == null)
607        {
608          unacceptableReasons.add(ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_USER_SCHEME.get(schemeDN));
609          configAcceptable = false;
610        }
611        i++;
612      }
613    }
614
615    return configAcceptable;
616  }
617
618  @Override
619  public ConfigChangeResult applyConfigurationChange(
620                                 PasswordPolicyImportPluginCfg configuration)
621  {
622    final ConfigChangeResult ccr = new ConfigChangeResult();
623
624    // Get the set of default password storage schemes for auth password
625    // attributes.
626    PasswordPolicy defaultPolicy = DirectoryServer.getDefaultPasswordPolicy();
627    PasswordStorageScheme<?>[] defaultAuthSchemes;
628    Set<DN> authSchemeDNs =
629         configuration.getDefaultAuthPasswordStorageSchemeDNs();
630    if (authSchemeDNs.isEmpty())
631    {
632      if (defaultPolicy.isAuthPasswordSyntax())
633      {
634        List<PasswordStorageScheme<?>> schemeList =
635             defaultPolicy.getDefaultPasswordStorageSchemes();
636        defaultAuthSchemes =
637             new PasswordStorageScheme[schemeList.size()];
638        schemeList.toArray(defaultAuthSchemes);
639      }
640      else
641      {
642        defaultAuthSchemes = new PasswordStorageScheme[1];
643        defaultAuthSchemes[0] =
644             DirectoryServer.getAuthPasswordStorageScheme(
645                  AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1);
646        if (defaultAuthSchemes[0] == null)
647        {
648          ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
649          ccr.addMessage(ERR_PLUGIN_PWIMPORT_NO_DEFAULT_AUTH_SCHEMES.get(
650                  AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1));
651        }
652      }
653    }
654    else
655    {
656      defaultAuthSchemes = new PasswordStorageScheme[authSchemeDNs.size()];
657      int i=0;
658      for (DN schemeDN : authSchemeDNs)
659      {
660        defaultAuthSchemes[i] =
661             DirectoryServer.getPasswordStorageScheme(schemeDN);
662        if (defaultAuthSchemes[i] == null)
663        {
664          ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
665          ccr.addMessage(ERR_PLUGIN_PWIMPORT_NO_SUCH_DEFAULT_AUTH_SCHEME.get(schemeDN));
666        }
667        else if (! defaultAuthSchemes[i].supportsAuthPasswordSyntax())
668        {
669          ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
670          ccr.addMessage(ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_AUTH_SCHEME.get(schemeDN));
671        }
672        i++;
673      }
674    }
675
676    // Get the set of default password storage schemes for user password
677    // attributes.
678    PasswordStorageScheme<?>[] defaultUserSchemes;
679    Set<DN> userSchemeDNs =
680         configuration.getDefaultUserPasswordStorageSchemeDNs();
681    if (userSchemeDNs.isEmpty())
682    {
683      if (! defaultPolicy.isAuthPasswordSyntax())
684      {
685        List<PasswordStorageScheme<?>> schemeList =
686             defaultPolicy.getDefaultPasswordStorageSchemes();
687        defaultUserSchemes =
688             new PasswordStorageScheme[schemeList.size()];
689        schemeList.toArray(defaultUserSchemes);
690      }
691      else
692      {
693        defaultUserSchemes = new PasswordStorageScheme[1];
694        defaultUserSchemes[0] = DirectoryServer.getPasswordStorageScheme(
695                  toLowerCase(STORAGE_SCHEME_NAME_SALTED_SHA_1));
696        if (defaultUserSchemes[0] == null)
697        {
698          ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
699          ccr.addMessage(ERR_PLUGIN_PWIMPORT_NO_DEFAULT_USER_SCHEMES.get(
700                  STORAGE_SCHEME_NAME_SALTED_SHA_1));
701        }
702      }
703    }
704    else
705    {
706      defaultUserSchemes = new PasswordStorageScheme[userSchemeDNs.size()];
707      int i=0;
708      for (DN schemeDN : userSchemeDNs)
709      {
710        defaultUserSchemes[i] =
711             DirectoryServer.getPasswordStorageScheme(schemeDN);
712        if (defaultUserSchemes[i] == null)
713        {
714          ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
715          ccr.addMessage(ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_USER_SCHEME.get(schemeDN));
716        }
717        i++;
718      }
719    }
720
721    if (ccr.getResultCode() == ResultCode.SUCCESS)
722    {
723      defaultAuthPasswordSchemes = defaultAuthSchemes;
724      defaultUserPasswordSchemes = defaultUserSchemes;
725    }
726
727    return ccr;
728  }
729}