001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions Copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2006-2008 Sun Microsystems, Inc.
015 * Portions Copyright 2014-2016 ForgeRock AS.
016 */
017package org.opends.server.api;
018import org.forgerock.i18n.LocalizableMessage;
019
020
021
022import java.util.List;
023import java.util.Set;
024
025import org.forgerock.opendj.server.config.server.PasswordValidatorCfg;
026import org.forgerock.opendj.config.server.ConfigException;
027import org.opends.server.types.*;
028import org.forgerock.opendj.ldap.ByteString;
029import org.forgerock.i18n.LocalizableMessageBuilder;
030
031
032/**
033 * This class defines the set of methods and structures that must be
034 * implemented by a Directory Server module that may be used to
035 * determine whether a proposed password is acceptable for a user.
036 *
037 * @param  <T>  The type of configuration handled by this password
038 *              validator.
039 */
040@org.opends.server.types.PublicAPI(
041     stability=org.opends.server.types.StabilityLevel.UNCOMMITTED,
042     mayInstantiate=false,
043     mayExtend=true,
044     mayInvoke=false)
045public abstract class PasswordValidator
046       <T extends PasswordValidatorCfg>
047{
048  /**
049   * Initializes this password validator based on the information in
050   * the provided configuration entry.
051   *
052   * @param  configuration  The configuration to use to initialize
053   *                        this password validator.
054   *
055   * @throws  ConfigException  If an unrecoverable problem arises in
056   *                           the process of performing the
057   *                           initialization.
058   *
059   * @throws  InitializationException  If a problem occurs during
060   *                                   initialization that is not
061   *                                   related to the server
062   *                                   configuration.
063   */
064  public abstract void initializePasswordValidator(T configuration)
065         throws ConfigException, InitializationException;
066
067
068
069  /**
070   * Indicates whether the provided configuration is acceptable for
071   * this password validator.  It should be possible to call this
072   * method on an uninitialized password validator instance in order
073   * to determine whether the password validator would be able to use
074   * the provided configuration.
075   * <BR><BR>
076   * Note that implementations which use a subclass of the provided
077   * configuration class will likely need to cast the configuration
078   * to the appropriate subclass type.
079   *
080   * @param  configuration        The password validator configuration
081   *                              for which to make the determination.
082   * @param  unacceptableReasons  A list that may be used to hold the
083   *                              reasons that the provided
084   *                              configuration is not acceptable.
085   *
086   * @return  {@code true} if the provided configuration is acceptable
087   *          for this password validator, or {@code false} if not.
088   */
089  public boolean isConfigurationAcceptable(
090                      PasswordValidatorCfg configuration,
091                      List<LocalizableMessage> unacceptableReasons)
092  {
093    // This default implementation does not perform any special
094    // validation.  It should be overridden by password validator
095    // implementations that wish to perform more detailed validation.
096    return true;
097  }
098
099
100
101  /**
102   * Performs any finalization that might be required when this
103   * password validator is unloaded.  No action is taken in the
104   * default implementation.
105   */
106  public void finalizePasswordValidator()
107  {
108    // No action is required by default.
109  }
110
111
112
113  /**
114   * Indicates whether the provided password is acceptable for use by
115   * the specified user.  If the password is determined to be
116   * unacceptable, then a human-readable explanation should be
117   * appended to the provided buffer.
118   *
119   * @param  newPassword       The proposed clear-text password that
120   *                           should be validated.
121   * @param  currentPasswords  The set of clear-text current passwords
122   *                           for the user (if available).  Note that
123   *                           the current passwords may not always be
124   *                           available, and this may not comprise
125   *                           entire set of passwords currently
126   *                           for the user.
127   * @param  operation         The operation that is being used to set
128   *                           the password.  It may be an add, a
129   *                           modify, or a password modify operation.
130   * @param  userEntry         The entry for the user whose password
131   *                           is being changed.
132   * @param  invalidReason     The buffer to which the human-readable
133   *                           explanation should be appended if it is
134   *                           determined that the password is not
135   *                           acceptable.
136   *
137   * @return  {@code true} if the password is acceptable, or
138   *          {@code false} if not.
139   */
140  public abstract boolean passwordIsAcceptable(ByteString newPassword,
141                               Set<ByteString> currentPasswords,
142                               Operation operation,
143                               Entry userEntry,
144                               LocalizableMessageBuilder invalidReason);
145}
146