1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21 package org.apache.directory.server.core.api.authn.ppolicy;
22
23
24 import org.apache.directory.api.ldap.model.constants.SchemaConstants;
25 import org.apache.directory.api.ldap.model.exception.LdapException;
26
27
28
29
30
31
32
33
34 public class PasswordPolicyConfiguration
35 {
36
37
38
39
40 private String pwdAttribute = SchemaConstants.USER_PASSWORD_AT;
41
42
43
44
45
46 private int pwdMinAge = 0;
47
48
49
50
51
52
53 private int pwdMaxAge = 0;
54
55
56
57
58
59 private int pwdInHistory = 0;
60
61
62
63
64 private CheckQualityEnum pwdCheckQuality = CheckQualityEnum.NO_CHECK;
65
66
67
68
69 private int pwdMinLength = 0;
70
71
72
73
74
75 private int pwdMaxLength = 0;
76
77
78
79
80
81
82 private int pwdExpireWarning = 0;
83
84
85
86
87
88 private int pwdGraceAuthNLimit = 0;
89
90
91
92
93
94 private int pwdGraceExpire = 0;
95
96
97
98
99
100
101 private boolean pwdLockout = false;
102
103
104
105
106
107
108 private int pwdLockoutDuration = 300;
109
110
111
112
113
114
115 private int pwdMaxFailure = 0;
116
117
118
119
120
121 private int pwdFailureCountInterval = 0;
122
123
124
125
126
127
128 private boolean pwdMustChange = false;
129
130
131 private boolean pwdAllowUserChange = true;
132
133
134
135
136
137
138 private boolean pwdSafeModify = false;
139
140
141
142
143
144 private int pwdMinDelay = 0;
145
146
147 private int pwdMaxDelay = 0;
148
149
150
151
152
153 private int pwdMaxIdle = 0;
154
155
156 private PasswordValidator pwdValidator = DefaultPasswordValidator.INSTANCE;
157
158
159
160
161
162 public String getPwdAttribute()
163 {
164 return pwdAttribute;
165 }
166
167
168
169
170
171
172 public void setPwdAttribute( String pwdAttribute )
173 {
174 this.pwdAttribute = pwdAttribute;
175 }
176
177
178
179
180
181 public int getPwdMinAge()
182 {
183 return pwdMinAge;
184 }
185
186
187 public void setPwdMinAge( int pwdMinAge )
188 {
189 this.pwdMinAge = pwdMinAge;
190 }
191
192
193 public int getPwdMaxAge()
194 {
195 return pwdMaxAge;
196 }
197
198
199 public void setPwdMaxAge( int pwdMaxAge )
200 {
201 this.pwdMaxAge = pwdMaxAge;
202 }
203
204
205 public int getPwdInHistory()
206 {
207 return pwdInHistory;
208 }
209
210
211 public void setPwdInHistory( int pwdInHistory )
212 {
213 this.pwdInHistory = pwdInHistory;
214 }
215
216
217
218
219
220 public CheckQualityEnum getPwdCheckQuality()
221 {
222 return pwdCheckQuality;
223 }
224
225
226 public void setPwdCheckQuality( CheckQualityEnum pwdCheckQuality )
227 {
228 this.pwdCheckQuality = pwdCheckQuality;
229 }
230
231
232 public int getPwdMinLength()
233 {
234 return pwdMinLength;
235 }
236
237
238 public void setPwdMinLength( int pwdMinLength )
239 {
240 this.pwdMinLength = pwdMinLength;
241 }
242
243
244 public int getPwdMaxLength()
245 {
246 return pwdMaxLength;
247 }
248
249
250 public void setPwdMaxLength( int pwdMaxLength )
251 {
252 this.pwdMaxLength = pwdMaxLength;
253 }
254
255
256 public int getPwdExpireWarning()
257 {
258 return pwdExpireWarning;
259 }
260
261
262 public void setPwdExpireWarning( int pwdExpireWarning )
263 {
264 this.pwdExpireWarning = pwdExpireWarning;
265 }
266
267
268 public int getPwdGraceAuthNLimit()
269 {
270 return pwdGraceAuthNLimit;
271 }
272
273
274 public void setPwdGraceAuthNLimit( int pwdGraceAuthNLimit )
275 {
276 this.pwdGraceAuthNLimit = pwdGraceAuthNLimit;
277 }
278
279
280 public int getPwdGraceExpire()
281 {
282 return pwdGraceExpire;
283 }
284
285
286 public void setPwdGraceExpire( int pwdGraceExpire )
287 {
288 this.pwdGraceExpire = pwdGraceExpire;
289 }
290
291
292 public boolean isPwdLockout()
293 {
294 return pwdLockout;
295 }
296
297
298 public void setPwdLockout( boolean pwdLockout )
299 {
300 this.pwdLockout = pwdLockout;
301 }
302
303
304 public int getPwdLockoutDuration()
305 {
306 return pwdLockoutDuration;
307 }
308
309
310 public void setPwdLockoutDuration( int pwdLockoutDuration )
311 {
312 this.pwdLockoutDuration = pwdLockoutDuration;
313 }
314
315
316 public int getPwdMaxFailure()
317 {
318 return pwdMaxFailure;
319 }
320
321
322 public void setPwdMaxFailure( int pwdMaxFailure )
323 {
324 this.pwdMaxFailure = pwdMaxFailure;
325 }
326
327
328 public int getPwdFailureCountInterval()
329 {
330 return pwdFailureCountInterval;
331 }
332
333
334 public void setPwdFailureCountInterval( int pwdFailureCountInterval )
335 {
336 this.pwdFailureCountInterval = pwdFailureCountInterval;
337 }
338
339
340 public boolean isPwdMustChange()
341 {
342 return pwdMustChange;
343 }
344
345
346 public void setPwdMustChange( boolean pwdMustChange )
347 {
348 this.pwdMustChange = pwdMustChange;
349 }
350
351
352 public boolean isPwdAllowUserChange()
353 {
354 return pwdAllowUserChange;
355 }
356
357
358 public void setPwdAllowUserChange( boolean pwdAllowUserChange )
359 {
360 this.pwdAllowUserChange = pwdAllowUserChange;
361 }
362
363
364 public boolean isPwdSafeModify()
365 {
366 return pwdSafeModify;
367 }
368
369
370 public void setPwdSafeModify( boolean pwdSafeModify )
371 {
372 this.pwdSafeModify = pwdSafeModify;
373 }
374
375
376 public int getPwdMinDelay()
377 {
378 return pwdMinDelay;
379 }
380
381
382 public void setPwdMinDelay( int pwdMinDelay )
383 {
384 this.pwdMinDelay = pwdMinDelay;
385 }
386
387
388 public int getPwdMaxDelay()
389 {
390 return pwdMaxDelay;
391 }
392
393
394 public void setPwdMaxDelay( int pwdMaxDelay )
395 {
396 this.pwdMaxDelay = pwdMaxDelay;
397 }
398
399
400 public int getPwdMaxIdle()
401 {
402 return pwdMaxIdle;
403 }
404
405
406 public void setPwdMaxIdle( int pwdMaxIdle )
407 {
408 this.pwdMaxIdle = pwdMaxIdle;
409 }
410
411
412
413
414
415 public PasswordValidator getPwdValidator()
416 {
417 return pwdValidator;
418 }
419
420
421
422
423
424 public void setPwdValidator( PasswordValidator pwdValidator )
425 {
426 this.pwdValidator = pwdValidator;
427 }
428
429
430
431
432
433
434
435 public void validate() throws LdapException
436 {
437 StringBuilder sb = new StringBuilder();
438
439 int errCount = 0;
440
441 if ( pwdMinAge < 0 )
442 {
443 sb.append( ++errCount ).append( ". password minimum age cannot be negative\n" );
444 }
445
446 if ( pwdMaxAge < 0 )
447 {
448 sb.append( ++errCount ).append( ". password maximum age cannot be negative\n" );
449 }
450
451 if ( ( pwdMaxAge > 0 ) && ( pwdMaxAge < pwdMinAge ) )
452 {
453 sb.append( ++errCount ).append( ". password maximum age should be greater than the minimum age\n" );
454 }
455
456 if ( pwdInHistory < 0 )
457 {
458 sb.append( ++errCount ).append( ". password history count cannot be negative\n" );
459 }
460
461 if ( pwdCheckQuality == CheckQualityEnum.UNKNOW )
462 {
463 sb.append( ++errCount ).append( ". invalid password quality check value, valid values are 0, 1 and 2 \n" );
464 }
465
466 if ( pwdMinLength < 0 )
467 {
468 sb.append( ++errCount ).append( ". password minimum length cannot be negative\n" );
469 }
470
471 if ( pwdMaxLength < 0 )
472 {
473 sb.append( ++errCount ).append( ". password maximum length cannot be negative\n" );
474 }
475
476 if ( ( pwdMaxLength > 0 ) && ( pwdMaxLength < pwdMinLength ) )
477 {
478 sb.append( ++errCount ).append( ". password maximum length should be greater than minimum length\n" );
479 }
480
481 if ( pwdExpireWarning < 0 )
482 {
483 sb.append( ++errCount ).append( ". password expire warning time cannot be negative\n" );
484 }
485
486 if ( pwdGraceAuthNLimit < 0 )
487 {
488 sb.append( ++errCount ).append( ". password grace authentication limits cannot be negative\n" );
489 }
490
491 if ( pwdGraceExpire < 0 )
492 {
493 sb.append( ++errCount ).append( ". password grace expiration time cannot be negative\n" );
494 }
495
496 if ( pwdLockoutDuration < 0 )
497 {
498 sb.append( ++errCount ).append( ". password lockout duration time cannot be negative\n" );
499 }
500
501 if ( pwdMaxFailure < 0 )
502 {
503 sb.append( ++errCount ).append( ". password maximum failure count cannot be negative\n" );
504 }
505
506 if ( pwdFailureCountInterval < 0 )
507 {
508 sb.append( ++errCount ).append( ". password failure count interval time cannot be negative\n" );
509 }
510
511 if ( ( ( pwdMinDelay > 0 ) && ( pwdMaxDelay <= 0 ) )
512 || ( ( pwdMaxDelay > 0 ) && ( pwdMinDelay <= 0 ) ) )
513 {
514 sb
515 .append( ++errCount )
516 .append(
517 ". if password minimum or maximum delay time is specified then the correspomding maximu or minimum delay time should also be specified\n" );
518 }
519 else
520
521 {
522 if ( pwdMinDelay < 0 )
523 {
524 sb.append( ++errCount ).append( ". password minimum delay time cannot be negative\n" );
525 }
526
527 if ( pwdMaxDelay < 0 )
528 {
529 sb.append( ++errCount ).append( ". password maximum delay time cannot be negative\n" );
530 }
531 }
532
533 if ( pwdMaxIdle < 0 )
534 {
535 sb.append( ++errCount ).append( ". password maximum idle time cannot be negative\n" );
536 }
537
538 if ( errCount > 0 )
539 {
540 throw new LdapException( "There are errors in password policy configuration\n" + sb.toString() );
541 }
542 }
543 }