Example 1 with ADPolicyComplexity
use of password.pwm.config.option.ADPolicyComplexity in project pwm by pwm-project.
the class PasswordRequirementsTag method getPasswordRequirementsStrings.
@SuppressWarnings("checkstyle:MethodLength")
public static List<String> getPasswordRequirementsStrings(final PwmPasswordPolicy pwordPolicy, final Configuration config, final Locale locale, final MacroMachine macroMachine) {
final List<String> returnValues = new ArrayList<>();
final ADPolicyComplexity adPolicyLevel = pwordPolicy.getRuleHelper().getADComplexityLevel();
final PwmPasswordPolicy.RuleHelper ruleHelper = pwordPolicy.getRuleHelper();
if (ruleHelper.readBooleanValue(PwmPasswordRule.CaseSensitive)) {
returnValues.add(getLocalString(Message.Requirement_CaseSensitive, null, locale, config));
} else {
returnValues.add(getLocalString(Message.Requirement_NotCaseSensitive, null, locale, config));
}
{
int value = ruleHelper.readIntValue(PwmPasswordRule.MinimumLength);
if (adPolicyLevel == ADPolicyComplexity.AD2003 || adPolicyLevel == ADPolicyComplexity.AD2008) {
if (value < 6) {
value = 6;
}
}
if (value > 0) {
returnValues.add(getLocalString(Message.Requirement_MinLength, value, locale, config));
}
}
{
final int value = ruleHelper.readIntValue(PwmPasswordRule.MaximumLength);
if (value > 0 && value < 64) {
returnValues.add(getLocalString(Message.Requirement_MaxLength, value, locale, config));
}
}
{
final int value = ruleHelper.readIntValue(PwmPasswordRule.MinimumAlpha);
if (value > 0) {
returnValues.add(getLocalString(Message.Requirement_MinAlpha, value, locale, config));
}
}
{
final int value = ruleHelper.readIntValue(PwmPasswordRule.MaximumAlpha);
if (value > 0) {
returnValues.add(getLocalString(Message.Requirement_MaxAlpha, value, locale, config));
}
}
{
if (!ruleHelper.readBooleanValue(PwmPasswordRule.AllowNumeric)) {
returnValues.add(getLocalString(Message.Requirement_AllowNumeric, null, locale, config));
} else {
final int minValue = ruleHelper.readIntValue(PwmPasswordRule.MinimumNumeric);
if (minValue > 0) {
returnValues.add(getLocalString(Message.Requirement_MinNumeric, minValue, locale, config));
}
final int maxValue = ruleHelper.readIntValue(PwmPasswordRule.MaximumNumeric);
if (maxValue > 0) {
returnValues.add(getLocalString(Message.Requirement_MaxNumeric, maxValue, locale, config));
}
if (!ruleHelper.readBooleanValue(PwmPasswordRule.AllowFirstCharNumeric)) {
returnValues.add(getLocalString(Message.Requirement_FirstNumeric, maxValue, locale, config));
}
if (!ruleHelper.readBooleanValue(PwmPasswordRule.AllowLastCharNumeric)) {
returnValues.add(getLocalString(Message.Requirement_LastNumeric, maxValue, locale, config));
}
}
}
{
if (!ruleHelper.readBooleanValue(PwmPasswordRule.AllowSpecial)) {
returnValues.add(getLocalString(Message.Requirement_AllowSpecial, null, locale, config));
} else {
final int minValue = ruleHelper.readIntValue(PwmPasswordRule.MinimumSpecial);
if (minValue > 0) {
returnValues.add(getLocalString(Message.Requirement_MinSpecial, minValue, locale, config));
}
final int maxValue = ruleHelper.readIntValue(PwmPasswordRule.MaximumSpecial);
if (maxValue > 0) {
returnValues.add(getLocalString(Message.Requirement_MaxSpecial, maxValue, locale, config));
}
if (!ruleHelper.readBooleanValue(PwmPasswordRule.AllowFirstCharSpecial)) {
returnValues.add(getLocalString(Message.Requirement_FirstSpecial, maxValue, locale, config));
}
if (!ruleHelper.readBooleanValue(PwmPasswordRule.AllowLastCharSpecial)) {
returnValues.add(getLocalString(Message.Requirement_LastSpecial, maxValue, locale, config));
}
}
}
{
final int value = pwordPolicy.getRuleHelper().readIntValue(PwmPasswordRule.MaximumRepeat);
if (value > 0) {
returnValues.add(getLocalString(Message.Requirement_MaxRepeat, value, locale, config));
}
}
{
final int value = pwordPolicy.getRuleHelper().readIntValue(PwmPasswordRule.MaximumSequentialRepeat);
if (value > 0) {
returnValues.add(getLocalString(Message.Requirement_MaxSeqRepeat, value, locale, config));
}
}
{
final int value = ruleHelper.readIntValue(PwmPasswordRule.MinimumLowerCase);
if (value > 0) {
returnValues.add(getLocalString(Message.Requirement_MinLower, value, locale, config));
}
}
{
final int value = ruleHelper.readIntValue(PwmPasswordRule.MaximumLowerCase);
if (value > 0) {
returnValues.add(getLocalString(Message.Requirement_MaxLower, value, locale, config));
}
}
{
final int value = ruleHelper.readIntValue(PwmPasswordRule.MinimumUpperCase);
if (value > 0) {
returnValues.add(getLocalString(Message.Requirement_MinUpper, value, locale, config));
}
}
{
final int value = ruleHelper.readIntValue(PwmPasswordRule.MaximumUpperCase);
if (value > 0) {
returnValues.add(getLocalString(Message.Requirement_MaxUpper, value, locale, config));
}
}
{
final int value = ruleHelper.readIntValue(PwmPasswordRule.MinimumUnique);
if (value > 0) {
returnValues.add(getLocalString(Message.Requirement_MinUnique, value, locale, config));
}
}
{
final List<String> setValue = ruleHelper.getDisallowedValues();
if (!setValue.isEmpty()) {
final StringBuilder fieldValue = new StringBuilder();
for (final String loopValue : setValue) {
fieldValue.append(" ");
final String expandedValue = macroMachine.expandMacros(loopValue);
fieldValue.append(StringUtil.escapeHtml(expandedValue));
}
returnValues.add(getLocalString(Message.Requirement_DisAllowedValues, fieldValue.toString(), locale, config));
}
}
{
final List<String> setValue = ruleHelper.getDisallowedAttributes();
if (!setValue.isEmpty() || adPolicyLevel == ADPolicyComplexity.AD2003) {
returnValues.add(getLocalString(Message.Requirement_DisAllowedAttributes, "", locale, config));
}
}
if (ruleHelper.readBooleanValue(PwmPasswordRule.EnableWordlist)) {
returnValues.add(getLocalString(Message.Requirement_WordList, "", locale, config));
}
{
final int value = ruleHelper.readIntValue(PwmPasswordRule.MaximumOldChars);
if (value > 0) {
returnValues.add(getLocalString(Message.Requirement_OldChar, value, locale, config));
}
}
{
final int value = ruleHelper.readIntValue(PwmPasswordRule.MinimumLifetime);
if (value > 0) {
final int secondsPerDay = 60 * 60 * 24;
final String durationStr;
if (value % secondsPerDay == 0) {
final int valueAsDays = value / (60 * 60 * 24);
final Display key = valueAsDays <= 1 ? Display.Display_Day : Display.Display_Days;
durationStr = valueAsDays + " " + LocaleHelper.getLocalizedMessage(locale, key, config);
} else {
final int valueAsHours = value / (60 * 60);
final Display key = valueAsHours <= 1 ? Display.Display_Hour : Display.Display_Hours;
durationStr = valueAsHours + " " + LocaleHelper.getLocalizedMessage(locale, key, config);
}
final String userMsg = Message.getLocalizedMessage(locale, Message.Requirement_MinimumFrequency, config, durationStr);
returnValues.add(userMsg);
}
}
if (adPolicyLevel == ADPolicyComplexity.AD2003) {
returnValues.add(getLocalString(Message.Requirement_ADComplexity, "", locale, config));
} else if (adPolicyLevel == ADPolicyComplexity.AD2008) {
final int maxViolations = ruleHelper.readIntValue(PwmPasswordRule.ADComplexityMaxViolations);
final int minGroups = 5 - maxViolations;
returnValues.add(getLocalString(Message.Requirement_ADComplexity2008, String.valueOf(minGroups), locale, config));
}
if (ruleHelper.readBooleanValue(PwmPasswordRule.UniqueRequired)) {
returnValues.add(getLocalString(Message.Requirement_UniqueRequired, "", locale, config));
}
return returnValues;
}
Also used :
PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy)
ArrayList(java.util.ArrayList)
ArrayList(java.util.ArrayList)
List(java.util.List)
ADPolicyComplexity(password.pwm.config.option.ADPolicyComplexity)
Display(password.pwm.i18n.Display)
Example 2 with ADPolicyComplexity
use of password.pwm.config.option.ADPolicyComplexity in project pwm by pwm-project.
the class PwmPasswordRuleValidator method basicSyntaxRuleChecks.
@SuppressWarnings("checkstyle:MethodLength")
private static List<ErrorInformation> basicSyntaxRuleChecks(final String password, final PwmPasswordPolicy policy, final UserInfo userInfo) throws PwmUnrecoverableException {
final List<ErrorInformation> errorList = new ArrayList<>();
final PwmPasswordPolicy.RuleHelper ruleHelper = policy.getRuleHelper();
final PasswordCharCounter charCounter = new PasswordCharCounter(password);
final int passwordLength = password.length();
// Check minimum length
if (passwordLength < ruleHelper.readIntValue(PwmPasswordRule.MinimumLength)) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_TOO_SHORT));
}
// Check maximum length
{
final int passwordMaximumLength = ruleHelper.readIntValue(PwmPasswordRule.MaximumLength);
if (passwordMaximumLength > 0 && passwordLength > passwordMaximumLength) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_TOO_LONG));
}
}
// check number of numeric characters
{
final int numberOfNumericChars = charCounter.getNumericCharCount();
if (ruleHelper.readBooleanValue(PwmPasswordRule.AllowNumeric)) {
if (numberOfNumericChars < ruleHelper.readIntValue(PwmPasswordRule.MinimumNumeric)) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_NOT_ENOUGH_NUM));
}
final int maxNumeric = ruleHelper.readIntValue(PwmPasswordRule.MaximumNumeric);
if (maxNumeric > 0 && numberOfNumericChars > maxNumeric) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_TOO_MANY_NUMERIC));
}
if (!ruleHelper.readBooleanValue(PwmPasswordRule.AllowFirstCharNumeric) && charCounter.isFirstNumeric()) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_FIRST_IS_NUMERIC));
}
if (!ruleHelper.readBooleanValue(PwmPasswordRule.AllowLastCharNumeric) && charCounter.isLastNumeric()) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_LAST_IS_NUMERIC));
}
} else {
if (numberOfNumericChars > 0) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_TOO_MANY_NUMERIC));
}
}
}
// check number of upper characters
{
final int numberOfUpperChars = charCounter.getUpperCharCount();
if (numberOfUpperChars < ruleHelper.readIntValue(PwmPasswordRule.MinimumUpperCase)) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_NOT_ENOUGH_UPPER));
}
final int maxUpper = ruleHelper.readIntValue(PwmPasswordRule.MaximumUpperCase);
if (maxUpper > 0 && numberOfUpperChars > maxUpper) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_TOO_MANY_UPPER));
}
}
// check number of alpha characters
{
final int numberOfAlphaChars = charCounter.getAlphaCharCount();
if (numberOfAlphaChars < ruleHelper.readIntValue(PwmPasswordRule.MinimumAlpha)) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_NOT_ENOUGH_ALPHA));
}
final int maxAlpha = ruleHelper.readIntValue(PwmPasswordRule.MaximumAlpha);
if (maxAlpha > 0 && numberOfAlphaChars > maxAlpha) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_TOO_MANY_ALPHA));
}
}
// check number of non-alpha characters
{
final int numberOfNonAlphaChars = charCounter.getNonAlphaCharCount();
if (numberOfNonAlphaChars < ruleHelper.readIntValue(PwmPasswordRule.MinimumNonAlpha)) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_NOT_ENOUGH_NONALPHA));
}
final int maxNonAlpha = ruleHelper.readIntValue(PwmPasswordRule.MaximumNonAlpha);
if (maxNonAlpha > 0 && numberOfNonAlphaChars > maxNonAlpha) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_TOO_MANY_NONALPHA));
}
}
// check number of lower characters
{
final int numberOfLowerChars = charCounter.getLowerCharCount();
if (numberOfLowerChars < ruleHelper.readIntValue(PwmPasswordRule.MinimumLowerCase)) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_NOT_ENOUGH_LOWER));
}
final int maxLower = ruleHelper.readIntValue(PwmPasswordRule.MaximumLowerCase);
if (maxLower > 0 && numberOfLowerChars > maxLower) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_TOO_MANY_UPPER));
}
}
// check number of special characters
{
final int numberOfSpecialChars = charCounter.getSpecialCharsCount();
if (ruleHelper.readBooleanValue(PwmPasswordRule.AllowSpecial)) {
if (numberOfSpecialChars < ruleHelper.readIntValue(PwmPasswordRule.MinimumSpecial)) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_NOT_ENOUGH_SPECIAL));
}
final int maxSpecial = ruleHelper.readIntValue(PwmPasswordRule.MaximumSpecial);
if (maxSpecial > 0 && numberOfSpecialChars > maxSpecial) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_TOO_MANY_SPECIAL));
}
if (!ruleHelper.readBooleanValue(PwmPasswordRule.AllowFirstCharSpecial) && charCounter.isFirstSpecial()) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_FIRST_IS_SPECIAL));
}
if (!ruleHelper.readBooleanValue(PwmPasswordRule.AllowLastCharSpecial) && charCounter.isLastSpecial()) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_LAST_IS_SPECIAL));
}
} else {
if (numberOfSpecialChars > 0) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_TOO_MANY_SPECIAL));
}
}
}
// Check maximum character repeats (sequential)
{
final int maxSequentialRepeat = ruleHelper.readIntValue(PwmPasswordRule.MaximumSequentialRepeat);
if (maxSequentialRepeat > 0 && charCounter.getSequentialRepeatedChars() > maxSequentialRepeat) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_TOO_MANY_REPEAT));
}
// Check maximum character repeats (overall)
final int maxRepeat = ruleHelper.readIntValue(PwmPasswordRule.MaximumRepeat);
if (maxRepeat > 0 && charCounter.getRepeatedChars() > maxRepeat) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_TOO_MANY_REPEAT));
}
}
// Check minimum unique character
{
final int minUnique = ruleHelper.readIntValue(PwmPasswordRule.MinimumUnique);
if (minUnique > 0 && charCounter.getUniqueChars() < minUnique) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_NOT_ENOUGH_UNIQUE));
}
}
// check ad-complexity
{
final ADPolicyComplexity complexityLevel = ruleHelper.getADComplexityLevel();
if (complexityLevel == ADPolicyComplexity.AD2003 || complexityLevel == ADPolicyComplexity.AD2008) {
final int maxGroupViolations = ruleHelper.readIntValue(PwmPasswordRule.ADComplexityMaxViolations);
errorList.addAll(checkPasswordForADComplexity(complexityLevel, userInfo, password, charCounter, maxGroupViolations));
}
}
// check consecutive characters
{
final int maximumConsecutive = ruleHelper.readIntValue(PwmPasswordRule.MaximumConsecutive);
if (tooManyConsecutiveChars(password, maximumConsecutive)) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_TOO_MANY_CONSECUTIVE));
}
}
return errorList;
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy)
ArrayList(java.util.ArrayList)
RuleHelper(password.pwm.config.profile.PwmPasswordPolicy.RuleHelper)
ADPolicyComplexity(password.pwm.config.option.ADPolicyComplexity)
Aggregations
ArrayList (java.util.ArrayList)2
ADPolicyComplexity (password.pwm.config.option.ADPolicyComplexity)2
PwmPasswordPolicy (password.pwm.config.profile.PwmPasswordPolicy)2
List (java.util.List)1
RuleHelper (password.pwm.config.profile.PwmPasswordPolicy.RuleHelper)1
ErrorInformation (password.pwm.error.ErrorInformation)1
Display (password.pwm.i18n.Display)1
