001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions Copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2006-2010 Sun Microsystems, Inc. 015 * Portions Copyright 2011-2016 ForgeRock AS. 016 */ 017package org.opends.server.plugins; 018 019import static org.opends.messages.PluginMessages.*; 020import static org.opends.server.config.ConfigConstants.*; 021import static org.opends.server.extensions.ExtensionsConstants.*; 022import static org.opends.server.util.StaticUtils.*; 023 024import java.util.HashMap; 025import java.util.HashSet; 026import java.util.List; 027import java.util.Map; 028import java.util.Set; 029 030import org.forgerock.i18n.LocalizableMessage; 031import org.forgerock.i18n.LocalizedIllegalArgumentException; 032import org.forgerock.i18n.slf4j.LocalizedLogger; 033import org.forgerock.opendj.config.server.ConfigChangeResult; 034import org.forgerock.opendj.config.server.ConfigException; 035import org.forgerock.opendj.config.server.ConfigurationChangeListener; 036import org.forgerock.opendj.ldap.ByteString; 037import org.forgerock.opendj.ldap.DN; 038import org.forgerock.opendj.ldap.ResultCode; 039import org.forgerock.opendj.ldap.schema.AttributeType; 040import org.forgerock.opendj.server.config.meta.PluginCfgDefn; 041import org.forgerock.opendj.server.config.server.PasswordPolicyImportPluginCfg; 042import org.forgerock.opendj.server.config.server.PluginCfg; 043import org.opends.server.api.AuthenticationPolicy; 044import org.opends.server.api.Backend; 045import org.opends.server.api.ImportTaskListener; 046import org.opends.server.api.PasswordStorageScheme; 047import org.opends.server.api.plugin.DirectoryServerPlugin; 048import org.opends.server.api.plugin.PluginResult; 049import org.opends.server.api.plugin.PluginType; 050import org.opends.server.core.DirectoryServer; 051import org.opends.server.core.PasswordPolicy; 052import org.opends.server.core.SubentryPasswordPolicy; 053import org.opends.server.schema.AuthPasswordSyntax; 054import org.opends.server.schema.UserPasswordSyntax; 055import org.opends.server.types.Attribute; 056import org.opends.server.types.AttributeBuilder; 057import org.opends.server.types.DirectoryException; 058import org.opends.server.types.Entry; 059import org.opends.server.types.LDIFImportConfig; 060import org.opends.server.types.SubEntry; 061import org.opends.server.util.SchemaUtils; 062 063/** 064 * This class implements a Directory Server plugin that performs various 065 * password policy processing during an LDIF import. In particular, it ensures 066 * that all of the password values are properly encoded before they are stored. 067 */ 068public final class PasswordPolicyImportPlugin 069 extends DirectoryServerPlugin<PasswordPolicyImportPluginCfg> 070 implements ConfigurationChangeListener<PasswordPolicyImportPluginCfg>, 071 ImportTaskListener 072{ 073 private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass(); 074 075 /** The attribute type used to specify the password policy for an entry. */ 076 private AttributeType customPolicyAttribute; 077 /** The set of attribute types defined in the schema with the auth password syntax. */ 078 private AttributeType[] authPasswordTypes; 079 /** The set of attribute types defined in the schema with the user password syntax. */ 080 private AttributeType[] userPasswordTypes; 081 /** 082 * The set of password storage schemes to use for the various password 083 * policies defined in the server. 084 */ 085 private Map<DN, PasswordStorageScheme<?>[]> schemesByPolicy; 086 /** The default password storage schemes for auth password attributes. */ 087 private PasswordStorageScheme<?>[] defaultAuthPasswordSchemes; 088 /** The default password storage schemes for user password attributes. */ 089 private PasswordStorageScheme<?>[] defaultUserPasswordSchemes; 090 091 /** 092 * Creates a new instance of this Directory Server plugin. Every plugin must 093 * implement a default constructor (it is the only one that will be used to 094 * create plugins defined in the configuration), and every plugin constructor 095 * must call {@code super()} as its first element. 096 */ 097 public PasswordPolicyImportPlugin() 098 { 099 super(); 100 } 101 102 @Override 103 public final void initializePlugin(Set<PluginType> pluginTypes, 104 PasswordPolicyImportPluginCfg configuration) 105 throws ConfigException 106 { 107 configuration.addPasswordPolicyImportChangeListener(this); 108 109 customPolicyAttribute = DirectoryServer.getSchema().getAttributeType(OP_ATTR_PWPOLICY_POLICY_DN); 110 111 // Make sure that the plugin has been enabled for the appropriate types. 112 for (PluginType t : pluginTypes) 113 { 114 switch (t) 115 { 116 case LDIF_IMPORT: 117 // This is the only acceptable type. 118 break; 119 120 default: 121 throw new ConfigException(ERR_PLUGIN_PWPIMPORT_INVALID_PLUGIN_TYPE.get(t)); 122 } 123 } 124 125 // Get the set of default password storage schemes for auth password 126 // attributes. 127 PasswordPolicy defaultPolicy = DirectoryServer.getDefaultPasswordPolicy(); 128 Set<DN> authSchemeDNs = 129 configuration.getDefaultAuthPasswordStorageSchemeDNs(); 130 if (authSchemeDNs.isEmpty()) 131 { 132 if (defaultPolicy.isAuthPasswordSyntax()) 133 { 134 List<PasswordStorageScheme<?>> schemeList = 135 defaultPolicy.getDefaultPasswordStorageSchemes(); 136 defaultAuthPasswordSchemes = 137 new PasswordStorageScheme[schemeList.size()]; 138 schemeList.toArray(defaultAuthPasswordSchemes); 139 } 140 else 141 { 142 defaultAuthPasswordSchemes = new PasswordStorageScheme[1]; 143 defaultAuthPasswordSchemes[0] = 144 DirectoryServer.getAuthPasswordStorageScheme( 145 AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1); 146 if (defaultAuthPasswordSchemes[0] == null) 147 { 148 LocalizableMessage message = ERR_PLUGIN_PWIMPORT_NO_DEFAULT_AUTH_SCHEMES.get( 149 AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1); 150 throw new ConfigException(message); 151 } 152 } 153 } 154 else 155 { 156 defaultAuthPasswordSchemes = 157 new PasswordStorageScheme[authSchemeDNs.size()]; 158 int i=0; 159 for (DN schemeDN : authSchemeDNs) 160 { 161 defaultAuthPasswordSchemes[i] = 162 DirectoryServer.getPasswordStorageScheme(schemeDN); 163 if (defaultAuthPasswordSchemes[i] == null) 164 { 165 throw new ConfigException(ERR_PLUGIN_PWIMPORT_NO_SUCH_DEFAULT_AUTH_SCHEME.get(schemeDN)); 166 } 167 else if (! defaultAuthPasswordSchemes[i].supportsAuthPasswordSyntax()) 168 { 169 throw new ConfigException(ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_AUTH_SCHEME.get(schemeDN)); 170 } 171 i++; 172 } 173 } 174 175 // Get the set of default password storage schemes for user password 176 // attributes. 177 Set<DN> userSchemeDNs = 178 configuration.getDefaultUserPasswordStorageSchemeDNs(); 179 if (userSchemeDNs.isEmpty()) 180 { 181 if (! defaultPolicy.isAuthPasswordSyntax()) 182 { 183 List<PasswordStorageScheme<?>> schemeList = 184 defaultPolicy.getDefaultPasswordStorageSchemes(); 185 defaultUserPasswordSchemes = 186 new PasswordStorageScheme[schemeList.size()]; 187 schemeList.toArray(defaultUserPasswordSchemes); 188 } 189 else 190 { 191 defaultUserPasswordSchemes = new PasswordStorageScheme[1]; 192 defaultUserPasswordSchemes[0] = 193 DirectoryServer.getPasswordStorageScheme( 194 toLowerCase(STORAGE_SCHEME_NAME_SALTED_SHA_1)); 195 if (defaultUserPasswordSchemes[0] == null) 196 { 197 LocalizableMessage message = ERR_PLUGIN_PWIMPORT_NO_DEFAULT_USER_SCHEMES.get( 198 STORAGE_SCHEME_NAME_SALTED_SHA_1); 199 throw new ConfigException(message); 200 } 201 } 202 } 203 else 204 { 205 defaultUserPasswordSchemes = 206 new PasswordStorageScheme[userSchemeDNs.size()]; 207 int i=0; 208 for (DN schemeDN : userSchemeDNs) 209 { 210 defaultUserPasswordSchemes[i] = 211 DirectoryServer.getPasswordStorageScheme(schemeDN); 212 if (defaultUserPasswordSchemes[i] == null) 213 { 214 throw new ConfigException(ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_USER_SCHEME.get(schemeDN)); 215 } 216 i++; 217 } 218 } 219 220 processImportBegin(null, null); 221 } 222 223 @Override 224 public void processImportBegin(Backend<?> backend, LDIFImportConfig config) 225 { 226 // Find the set of attribute types with the auth password and user password 227 // syntax defined in the schema. 228 HashSet<AttributeType> authPWTypes = new HashSet<>(); 229 HashSet<AttributeType> userPWTypes = new HashSet<>(); 230 for (AttributeType t : DirectoryServer.getSchema().getAttributeTypes()) 231 { 232 switch (SchemaUtils.checkPasswordType(t)) 233 { 234 case AUTH_PASSWORD: 235 authPWTypes.add(t); 236 break; 237 238 case USER_PASSWORD: 239 userPWTypes.add(t); 240 break; 241 } 242 } 243 244 // Get the set of password policies defined in the server and get the 245 // attribute types associated with them. 246 HashMap<DN,PasswordStorageScheme<?>[]> schemeMap = new HashMap<>(); 247 for (AuthenticationPolicy ap : DirectoryServer.getAuthenticationPolicies()) 248 { 249 if (ap.isPasswordPolicy()) 250 { 251 PasswordPolicy p = (PasswordPolicy) ap; 252 253 List<PasswordStorageScheme<?>> schemeList = p.getDefaultPasswordStorageSchemes(); 254 PasswordStorageScheme<?>[] schemeArray = 255 new PasswordStorageScheme[schemeList.size()]; 256 schemeList.toArray(schemeArray); 257 schemeMap.put(p.getDN(), schemeArray); 258 } 259 } 260 261 AttributeType[] authTypesArray = new AttributeType[authPWTypes.size()]; 262 AttributeType[] userTypesArray = new AttributeType[userPWTypes.size()]; 263 authPWTypes.toArray(authTypesArray); 264 userPWTypes.toArray(userTypesArray); 265 266 schemesByPolicy = schemeMap; 267 authPasswordTypes = authTypesArray; 268 userPasswordTypes = userTypesArray; 269 } 270 271 @Override 272 public void processImportEnd(Backend<?> backend, LDIFImportConfig config, boolean successful) 273 { 274 // No implementation is required. 275 } 276 277 @Override 278 public final PluginResult.ImportLDIF 279 doLDIFImport(LDIFImportConfig importConfig, Entry entry) 280 { 281 // Check if this entry is a password policy subentry 282 // and if so evaluate whether it is acceptable. 283 if ((entry.isSubentry() || entry.isLDAPSubentry()) && 284 entry.isPasswordPolicySubentry()) 285 { 286 try 287 { 288 new SubentryPasswordPolicy(new SubEntry(entry)); 289 } 290 catch (DirectoryException de) 291 { 292 logger.traceException(de); 293 294 return PluginResult.ImportLDIF.stopEntryProcessing( 295 de.getMessageObject()); 296 } 297 } 298 299 // See if the entry explicitly states the password policy that it should 300 // use. If so, then only use it to perform the encoding. 301 List<Attribute> attrList = entry.getAttribute(customPolicyAttribute); 302 if (!attrList.isEmpty()) 303 { 304 DN policyDN = null; 305 PasswordPolicy policy = null; 306policyLoop: 307 for (Attribute a : attrList) 308 { 309 for (ByteString v : a) 310 { 311 try 312 { 313 policyDN = DN.valueOf(v); 314 AuthenticationPolicy authPolicy = DirectoryServer 315 .getAuthenticationPolicy(policyDN); 316 if (authPolicy == null) 317 { 318 logger.warn(WARN_PLUGIN_PWIMPORT_NO_SUCH_POLICY, entry.getName(), policyDN); 319 } 320 else if (authPolicy.isPasswordPolicy()) 321 { 322 policy = (PasswordPolicy) authPolicy; 323 } 324 325 break policyLoop; 326 } 327 catch (LocalizedIllegalArgumentException e) 328 { 329 logger.warn(WARN_PLUGIN_PWIMPORT_CANNOT_DECODE_POLICY_DN, entry.getName(), e.getMessageObject()); 330 break policyLoop; 331 } 332 } 333 } 334 335 if (policy != null) 336 { 337 PasswordStorageScheme<?>[] schemes = schemesByPolicy.get(policyDN); 338 if (schemes != null) 339 { 340 attrList = entry.getAttribute(policy.getPasswordAttribute()); 341 if (attrList.isEmpty()) 342 { 343 return PluginResult.ImportLDIF.continueEntryProcessing(); 344 } 345 346 for (Attribute a : attrList) 347 { 348 AttributeBuilder builder = new AttributeBuilder(a.getAttributeDescription()); 349 boolean gotError = false; 350 351 for (ByteString value : a) 352 { 353 if (policy.isAuthPasswordSyntax()) 354 { 355 if (!AuthPasswordSyntax.isEncoded(value)) 356 { 357 try 358 { 359 for (PasswordStorageScheme<?> s : schemes) 360 { 361 builder.add(s.encodeAuthPassword(value)); 362 } 363 } 364 catch (Exception e) 365 { 366 logger.traceException(e); 367 368 logger.error(ERR_PLUGIN_PWPIMPORT_ERROR_ENCODING_PASSWORD, 369 policy.getPasswordAttribute().getNameOrOID(), entry.getName(), 370 stackTraceToSingleLineString(e)); 371 gotError = true; 372 break; 373 } 374 } 375 else 376 { 377 builder.add(value); 378 } 379 } 380 else if (!UserPasswordSyntax.isEncoded(value)) 381 { 382 try 383 { 384 for (PasswordStorageScheme<?> s : schemes) 385 { 386 builder.add(s.encodePasswordWithScheme(value)); 387 } 388 } 389 catch (Exception e) 390 { 391 logger.traceException(e); 392 393 logger.error(ERR_PLUGIN_PWPIMPORT_ERROR_ENCODING_PASSWORD, policy.getPasswordAttribute() 394 .getNameOrOID(), entry.getName(), stackTraceToSingleLineString(e)); 395 gotError = true; 396 break; 397 } 398 } 399 else 400 { 401 builder.add(value); 402 } 403 } 404 405 if (!gotError) 406 { 407 entry.replaceAttribute(builder.toAttribute()); 408 } 409 } 410 411 return PluginResult.ImportLDIF.continueEntryProcessing(); 412 } 413 } 414 } 415 416 // Iterate through the list of auth password attributes. If any of them 417 // are present and their values are not encoded, then encode them with all 418 // appropriate schemes. 419 for (AttributeType t : authPasswordTypes) 420 { 421 for (Attribute a : entry.getAttribute(t)) 422 { 423 AttributeBuilder builder = new AttributeBuilder(a.getAttributeDescription()); 424 boolean gotError = false; 425 426 for (ByteString value : a) 427 { 428 if (!AuthPasswordSyntax.isEncoded(value)) 429 { 430 try 431 { 432 for (PasswordStorageScheme<?> s : defaultAuthPasswordSchemes) 433 { 434 builder.add(s.encodeAuthPassword(value)); 435 } 436 } 437 catch (Exception e) 438 { 439 logger.traceException(e); 440 logger.error(ERR_PLUGIN_PWPIMPORT_ERROR_ENCODING_PASSWORD, 441 t.getNameOrOID(), entry.getName(), stackTraceToSingleLineString(e)); 442 gotError = true; 443 break; 444 } 445 } 446 else 447 { 448 builder.add(value); 449 } 450 } 451 452 if (!gotError) 453 { 454 entry.replaceAttribute(builder.toAttribute()); 455 } 456 } 457 } 458 459 // Iterate through the list of user password attributes. If any of them 460 // are present and their values are not encoded, then encode them with all 461 // appropriate schemes. 462 for (AttributeType t : userPasswordTypes) 463 { 464 for (Attribute a : entry.getAttribute(t)) 465 { 466 AttributeBuilder builder = new AttributeBuilder(a.getAttributeDescription()); 467 boolean gotError = false; 468 469 for (ByteString value : a) 470 { 471 if (!UserPasswordSyntax.isEncoded(value)) 472 { 473 try 474 { 475 for (PasswordStorageScheme<?> s : defaultUserPasswordSchemes) 476 { 477 builder.add(s.encodePasswordWithScheme(value)); 478 } 479 } 480 catch (Exception e) 481 { 482 logger.traceException(e); 483 logger.error(ERR_PLUGIN_PWPIMPORT_ERROR_ENCODING_PASSWORD, 484 t.getNameOrOID(), entry.getName(), stackTraceToSingleLineString(e)); 485 gotError = true; 486 break; 487 } 488 } 489 else 490 { 491 builder.add(value); 492 } 493 } 494 495 if (!gotError) 496 { 497 entry.replaceAttribute(builder.toAttribute()); 498 } 499 } 500 } 501 502 return PluginResult.ImportLDIF.continueEntryProcessing(); 503 } 504 505 @Override 506 public boolean isConfigurationAcceptable(PluginCfg configuration, 507 List<LocalizableMessage> unacceptableReasons) 508 { 509 PasswordPolicyImportPluginCfg config = 510 (PasswordPolicyImportPluginCfg) configuration; 511 return isConfigurationChangeAcceptable(config, unacceptableReasons); 512 } 513 514 @Override 515 public boolean isConfigurationChangeAcceptable( 516 PasswordPolicyImportPluginCfg configuration, 517 List<LocalizableMessage> unacceptableReasons) 518 { 519 boolean configAcceptable = true; 520 521 // Ensure that the set of plugin types contains only LDIF import. 522 for (PluginCfgDefn.PluginType pluginType : configuration.getPluginType()) 523 { 524 switch (pluginType) 525 { 526 case LDIFIMPORT: 527 // This is the only acceptable type. 528 break; 529 530 default: 531 unacceptableReasons.add(ERR_PLUGIN_PWPIMPORT_INVALID_PLUGIN_TYPE.get(pluginType)); 532 configAcceptable = false; 533 } 534 } 535 536 // Get the set of default password storage schemes for auth password 537 // attributes. 538 Set<DN> authSchemeDNs = 539 configuration.getDefaultAuthPasswordStorageSchemeDNs(); 540 if (authSchemeDNs.isEmpty()) 541 { 542 PasswordStorageScheme<?>[] defaultAuthSchemes = 543 new PasswordStorageScheme[1]; 544 defaultAuthSchemes[0] = 545 DirectoryServer.getAuthPasswordStorageScheme( 546 AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1); 547 if (defaultAuthSchemes[0] == null) 548 { 549 LocalizableMessage message = ERR_PLUGIN_PWIMPORT_NO_DEFAULT_AUTH_SCHEMES.get( 550 AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1); 551 unacceptableReasons.add(message); 552 configAcceptable = false; 553 } 554 } 555 else 556 { 557 PasswordStorageScheme<?>[] defaultAuthSchemes = 558 new PasswordStorageScheme[authSchemeDNs.size()]; 559 int i=0; 560 for (DN schemeDN : authSchemeDNs) 561 { 562 defaultAuthSchemes[i] = 563 DirectoryServer.getPasswordStorageScheme(schemeDN); 564 if (defaultAuthSchemes[i] == null) 565 { 566 unacceptableReasons.add(ERR_PLUGIN_PWIMPORT_NO_SUCH_DEFAULT_AUTH_SCHEME.get(schemeDN)); 567 configAcceptable = false; 568 } 569 else if (! defaultAuthSchemes[i].supportsAuthPasswordSyntax()) 570 { 571 unacceptableReasons.add(ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_AUTH_SCHEME.get(schemeDN)); 572 configAcceptable = false; 573 } 574 i++; 575 } 576 } 577 578 // Get the set of default password storage schemes for user password 579 // attributes. 580 Set<DN> userSchemeDNs = 581 configuration.getDefaultUserPasswordStorageSchemeDNs(); 582 if (userSchemeDNs.isEmpty()) 583 { 584 PasswordStorageScheme<?>[] defaultUserSchemes = 585 new PasswordStorageScheme[1]; 586 defaultUserSchemes[0] = 587 DirectoryServer.getPasswordStorageScheme( 588 toLowerCase(STORAGE_SCHEME_NAME_SALTED_SHA_1)); 589 if (defaultUserSchemes[0] == null) 590 { 591 LocalizableMessage message = ERR_PLUGIN_PWIMPORT_NO_DEFAULT_USER_SCHEMES.get( 592 STORAGE_SCHEME_NAME_SALTED_SHA_1); 593 unacceptableReasons.add(message); 594 configAcceptable = false; 595 } 596 } 597 else 598 { 599 PasswordStorageScheme<?>[] defaultUserSchemes = 600 new PasswordStorageScheme[userSchemeDNs.size()]; 601 int i=0; 602 for (DN schemeDN : userSchemeDNs) 603 { 604 defaultUserSchemes[i] = 605 DirectoryServer.getPasswordStorageScheme(schemeDN); 606 if (defaultUserSchemes[i] == null) 607 { 608 unacceptableReasons.add(ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_USER_SCHEME.get(schemeDN)); 609 configAcceptable = false; 610 } 611 i++; 612 } 613 } 614 615 return configAcceptable; 616 } 617 618 @Override 619 public ConfigChangeResult applyConfigurationChange( 620 PasswordPolicyImportPluginCfg configuration) 621 { 622 final ConfigChangeResult ccr = new ConfigChangeResult(); 623 624 // Get the set of default password storage schemes for auth password 625 // attributes. 626 PasswordPolicy defaultPolicy = DirectoryServer.getDefaultPasswordPolicy(); 627 PasswordStorageScheme<?>[] defaultAuthSchemes; 628 Set<DN> authSchemeDNs = 629 configuration.getDefaultAuthPasswordStorageSchemeDNs(); 630 if (authSchemeDNs.isEmpty()) 631 { 632 if (defaultPolicy.isAuthPasswordSyntax()) 633 { 634 List<PasswordStorageScheme<?>> schemeList = 635 defaultPolicy.getDefaultPasswordStorageSchemes(); 636 defaultAuthSchemes = 637 new PasswordStorageScheme[schemeList.size()]; 638 schemeList.toArray(defaultAuthSchemes); 639 } 640 else 641 { 642 defaultAuthSchemes = new PasswordStorageScheme[1]; 643 defaultAuthSchemes[0] = 644 DirectoryServer.getAuthPasswordStorageScheme( 645 AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1); 646 if (defaultAuthSchemes[0] == null) 647 { 648 ccr.setResultCode(DirectoryServer.getServerErrorResultCode()); 649 ccr.addMessage(ERR_PLUGIN_PWIMPORT_NO_DEFAULT_AUTH_SCHEMES.get( 650 AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1)); 651 } 652 } 653 } 654 else 655 { 656 defaultAuthSchemes = new PasswordStorageScheme[authSchemeDNs.size()]; 657 int i=0; 658 for (DN schemeDN : authSchemeDNs) 659 { 660 defaultAuthSchemes[i] = 661 DirectoryServer.getPasswordStorageScheme(schemeDN); 662 if (defaultAuthSchemes[i] == null) 663 { 664 ccr.setResultCode(DirectoryServer.getServerErrorResultCode()); 665 ccr.addMessage(ERR_PLUGIN_PWIMPORT_NO_SUCH_DEFAULT_AUTH_SCHEME.get(schemeDN)); 666 } 667 else if (! defaultAuthSchemes[i].supportsAuthPasswordSyntax()) 668 { 669 ccr.setResultCode(DirectoryServer.getServerErrorResultCode()); 670 ccr.addMessage(ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_AUTH_SCHEME.get(schemeDN)); 671 } 672 i++; 673 } 674 } 675 676 // Get the set of default password storage schemes for user password 677 // attributes. 678 PasswordStorageScheme<?>[] defaultUserSchemes; 679 Set<DN> userSchemeDNs = 680 configuration.getDefaultUserPasswordStorageSchemeDNs(); 681 if (userSchemeDNs.isEmpty()) 682 { 683 if (! defaultPolicy.isAuthPasswordSyntax()) 684 { 685 List<PasswordStorageScheme<?>> schemeList = 686 defaultPolicy.getDefaultPasswordStorageSchemes(); 687 defaultUserSchemes = 688 new PasswordStorageScheme[schemeList.size()]; 689 schemeList.toArray(defaultUserSchemes); 690 } 691 else 692 { 693 defaultUserSchemes = new PasswordStorageScheme[1]; 694 defaultUserSchemes[0] = DirectoryServer.getPasswordStorageScheme( 695 toLowerCase(STORAGE_SCHEME_NAME_SALTED_SHA_1)); 696 if (defaultUserSchemes[0] == null) 697 { 698 ccr.setResultCode(DirectoryServer.getServerErrorResultCode()); 699 ccr.addMessage(ERR_PLUGIN_PWIMPORT_NO_DEFAULT_USER_SCHEMES.get( 700 STORAGE_SCHEME_NAME_SALTED_SHA_1)); 701 } 702 } 703 } 704 else 705 { 706 defaultUserSchemes = new PasswordStorageScheme[userSchemeDNs.size()]; 707 int i=0; 708 for (DN schemeDN : userSchemeDNs) 709 { 710 defaultUserSchemes[i] = 711 DirectoryServer.getPasswordStorageScheme(schemeDN); 712 if (defaultUserSchemes[i] == null) 713 { 714 ccr.setResultCode(DirectoryServer.getServerErrorResultCode()); 715 ccr.addMessage(ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_USER_SCHEME.get(schemeDN)); 716 } 717 i++; 718 } 719 } 720 721 if (ccr.getResultCode() == ResultCode.SUCCESS) 722 { 723 defaultAuthPasswordSchemes = defaultAuthSchemes; 724 defaultUserPasswordSchemes = defaultUserSchemes; 725 } 726 727 return ccr; 728 } 729}