Example 11 with PwmPasswordPolicy
use of password.pwm.config.profile.PwmPasswordPolicy in project pwm by pwm-project.
the class RandomPasswordGenerator method createRandomPassword.
/**
* Creates a new password that satisfies the password rules. All rules are checked for. If for some
* reason the RANDOM algorithm can not generate a valid password, null will be returned.
* <p/>
* If there is an identifiable reason the password can not be created (such as mis-configured rules) then
* an {@link com.novell.ldapchai.exception.ImpossiblePasswordPolicyException} will be thrown.
*
* @param sessionLabel A valid pwmSession
* @param randomGeneratorConfig Policy to be used during generation
* @param pwmApplication Used to read configuration, seedmanager and other services.
* @return A randomly generated password value that meets the requirements of this {@code PasswordPolicy}
* @throws com.novell.ldapchai.exception.ImpossiblePasswordPolicyException If there is no way to create a password using the configured rules and
* default seed phrase
*/
public static PasswordData createRandomPassword(final SessionLabel sessionLabel, final RandomGeneratorConfig randomGeneratorConfig, final PwmApplication pwmApplication) throws PwmUnrecoverableException {
final Instant startTimeMS = Instant.now();
randomGeneratorConfig.validateSettings(pwmApplication);
final RandomGeneratorConfig effectiveConfig;
{
if (randomGeneratorConfig.getSeedlistPhrases() == null || randomGeneratorConfig.getSeedlistPhrases().isEmpty()) {
Set<String> seeds = DEFAULT_SEED_PHRASES;
final SeedlistManager seedlistManager = pwmApplication.getSeedlistManager();
if (seedlistManager != null && seedlistManager.status() == PwmService.STATUS.OPEN && seedlistManager.size() > 0) {
seeds = new HashSet<>();
int safetyCounter = 0;
while (seeds.size() < 10 && safetyCounter < 100) {
safetyCounter++;
final String randomWord = seedlistManager.randomSeed();
if (randomWord != null) {
seeds.add(randomWord);
}
}
}
effectiveConfig = randomGeneratorConfig.toBuilder().seedlistPhrases(seeds).build();
} else {
effectiveConfig = randomGeneratorConfig;
}
}
final SeedMachine seedMachine = new SeedMachine(normalizeSeeds(effectiveConfig.getSeedlistPhrases()));
int tryCount = 0;
final StringBuilder password = new StringBuilder();
// determine the password policy to use for random generation
final PwmPasswordPolicy randomGenPolicy;
{
final Map<String, String> newPolicyMap = new HashMap<>();
newPolicyMap.putAll(effectiveConfig.getPasswordPolicy().getPolicyMap());
final String max = newPolicyMap.put(PwmPasswordRule.MaximumLength.getKey(), String.valueOf(effectiveConfig.getMaximumLength()));
if (effectiveConfig.getMinimumLength() > effectiveConfig.getPasswordPolicy().getRuleHelper().readIntValue(PwmPasswordRule.MinimumLength)) {
newPolicyMap.put(PwmPasswordRule.MinimumLength.getKey(), String.valueOf(effectiveConfig.getMinimumLength()));
}
if (effectiveConfig.getMaximumLength() < effectiveConfig.getPasswordPolicy().getRuleHelper().readIntValue(PwmPasswordRule.MaximumLength)) {
newPolicyMap.put(PwmPasswordRule.MaximumLength.getKey(), String.valueOf(effectiveConfig.getMaximumLength()));
}
if (effectiveConfig.getMinimumStrength() > effectiveConfig.getPasswordPolicy().getRuleHelper().readIntValue(PwmPasswordRule.MinimumStrength)) {
newPolicyMap.put(PwmPasswordRule.MinimumStrength.getKey(), String.valueOf(effectiveConfig.getMinimumStrength()));
}
randomGenPolicy = PwmPasswordPolicy.createPwmPasswordPolicy(newPolicyMap);
}
// initial creation
password.append(generateNewPassword(seedMachine, effectiveConfig.getMinimumLength()));
// read a rule validator
final PwmPasswordRuleValidator pwmPasswordRuleValidator = new PwmPasswordRuleValidator(pwmApplication, randomGenPolicy);
// modify until it passes all the rules
final int maxTryCount = Integer.parseInt(pwmApplication.getConfig().readAppProperty(AppProperty.PASSWORD_RANDOMGEN_MAX_ATTEMPTS));
final int jitterCount = Integer.parseInt(pwmApplication.getConfig().readAppProperty(AppProperty.PASSWORD_RANDOMGEN_JITTER_COUNT));
boolean validPassword = false;
while (!validPassword && tryCount < maxTryCount) {
tryCount++;
validPassword = true;
if (tryCount % jitterCount == 0) {
password.delete(0, password.length());
password.append(generateNewPassword(seedMachine, effectiveConfig.getMinimumLength()));
}
final List<ErrorInformation> errors = pwmPasswordRuleValidator.internalPwmPolicyValidator(password.toString(), null, null, PwmPasswordRuleValidator.Flag.FailFast);
if (errors != null && !errors.isEmpty()) {
validPassword = false;
modifyPasswordBasedOnErrors(password, errors, seedMachine);
} else if (checkPasswordAgainstDisallowedHttpValues(pwmApplication.getConfig(), password.toString())) {
validPassword = false;
password.delete(0, password.length());
password.append(generateNewPassword(seedMachine, effectiveConfig.getMinimumLength()));
}
}
// report outcome
{
final TimeDuration td = TimeDuration.fromCurrent(startTimeMS);
if (validPassword) {
LOGGER.trace(sessionLabel, "finished random password generation in " + td.asCompactString() + " after " + tryCount + " tries.");
} else {
final List<ErrorInformation> errors = pwmPasswordRuleValidator.internalPwmPolicyValidator(password.toString(), null, null);
final int judgeLevel = PasswordUtility.judgePasswordStrength(pwmApplication.getConfig(), password.toString());
final StringBuilder sb = new StringBuilder();
sb.append("failed random password generation after ").append(td.asCompactString()).append(" after ").append(tryCount).append(" tries. ");
sb.append("(errors=").append(errors.size()).append(", judgeLevel=").append(judgeLevel);
LOGGER.error(sessionLabel, sb.toString());
}
}
StatisticsManager.incrementStat(pwmApplication, Statistic.GENERATED_PASSWORDS);
final String logText = "real-time random password generator called" + " (" + TimeDuration.compactFromCurrent(startTimeMS) + ")";
LOGGER.trace(sessionLabel, logText);
return new PasswordData(password.toString());
}
Also used :
SeedlistManager(password.pwm.svc.wordlist.SeedlistManager)
HashSet(java.util.HashSet)
Set(java.util.Set)
Instant(java.time.Instant)
ErrorInformation(password.pwm.error.ErrorInformation)
PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy)
TimeDuration(password.pwm.util.java.TimeDuration)
ArrayList(java.util.ArrayList)
List(java.util.List)
HashMap(java.util.HashMap)
Map(java.util.Map)
HashSet(java.util.HashSet)
Example 12 with PwmPasswordPolicy
use of password.pwm.config.profile.PwmPasswordPolicy in project pwm by pwm-project.
the class PasswordRequirementsTag method doEndTag.
public int doEndTag() throws javax.servlet.jsp.JspTagException {
try {
final PwmRequest pwmRequest = PwmRequest.forRequest((HttpServletRequest) pageContext.getRequest(), (HttpServletResponse) pageContext.getResponse());
final PwmSession pwmSession = pwmRequest.getPwmSession();
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final Configuration config = pwmApplication.getConfig();
final Locale locale = pwmSession.getSessionStateBean().getLocale();
pwmSession.getSessionManager().getMacroMachine(pwmApplication);
final PwmPasswordPolicy passwordPolicy;
if (getForm() != null && getForm().equalsIgnoreCase("newuser")) {
final NewUserProfile newUserProfile = NewUserServlet.getNewUserProfile(pwmRequest);
passwordPolicy = newUserProfile.getNewUserPasswordPolicy(pwmApplication, locale);
} else {
passwordPolicy = pwmSession.getUserInfo().getPasswordPolicy();
}
final String configuredRuleText = passwordPolicy.getRuleText();
if (configuredRuleText != null && configuredRuleText.length() > 0) {
pageContext.getOut().write(configuredRuleText);
} else {
final MacroMachine macroMachine = pwmSession.getSessionManager().getMacroMachine(pwmApplication);
final String pre = prepend != null && prepend.length() > 0 ? prepend : "";
final String sep = separator != null && separator.length() > 0 ? separator : "<br/>";
final List<String> requirementsList = getPasswordRequirementsStrings(passwordPolicy, config, locale, macroMachine);
final StringBuilder requirementsText = new StringBuilder();
for (final String requirementStatement : requirementsList) {
requirementsText.append(pre);
requirementsText.append(requirementStatement);
requirementsText.append(sep);
}
pageContext.getOut().write(requirementsText.toString());
}
} catch (IOException | PwmException e) {
LOGGER.error("unexpected error during password requirements generation: " + e.getMessage(), e);
throw new JspTagException(e.getMessage());
}
return EVAL_PAGE;
}
Also used :
Locale(java.util.Locale)
PwmApplication(password.pwm.PwmApplication)
PwmRequest(password.pwm.http.PwmRequest)
Configuration(password.pwm.config.Configuration)
IOException(java.io.IOException)
NewUserProfile(password.pwm.config.profile.NewUserProfile)
PwmException(password.pwm.error.PwmException)
PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy)
MacroMachine(password.pwm.util.macro.MacroMachine)
PwmSession(password.pwm.http.PwmSession)
JspTagException(javax.servlet.jsp.JspTagException)
Example 13 with PwmPasswordPolicy
use of password.pwm.config.profile.PwmPasswordPolicy in project pwm by pwm-project.
the class PasswordRequirementsTag method getPasswordRequirementsStrings.
@SuppressWarnings("checkstyle:MethodLength")
public static List<String> getPasswordRequirementsStrings(final PwmPasswordPolicy pwordPolicy, final Configuration config, final Locale locale, final MacroMachine macroMachine) {
final List<String> returnValues = new ArrayList<>();
final ADPolicyComplexity adPolicyLevel = pwordPolicy.getRuleHelper().getADComplexityLevel();
final PwmPasswordPolicy.RuleHelper ruleHelper = pwordPolicy.getRuleHelper();
if (ruleHelper.readBooleanValue(PwmPasswordRule.CaseSensitive)) {
returnValues.add(getLocalString(Message.Requirement_CaseSensitive, null, locale, config));
} else {
returnValues.add(getLocalString(Message.Requirement_NotCaseSensitive, null, locale, config));
}
{
int value = ruleHelper.readIntValue(PwmPasswordRule.MinimumLength);
if (adPolicyLevel == ADPolicyComplexity.AD2003 || adPolicyLevel == ADPolicyComplexity.AD2008) {
if (value < 6) {
value = 6;
}
}
if (value > 0) {
returnValues.add(getLocalString(Message.Requirement_MinLength, value, locale, config));
}
}
{
final int value = ruleHelper.readIntValue(PwmPasswordRule.MaximumLength);
if (value > 0 && value < 64) {
returnValues.add(getLocalString(Message.Requirement_MaxLength, value, locale, config));
}
}
{
final int value = ruleHelper.readIntValue(PwmPasswordRule.MinimumAlpha);
if (value > 0) {
returnValues.add(getLocalString(Message.Requirement_MinAlpha, value, locale, config));
}
}
{
final int value = ruleHelper.readIntValue(PwmPasswordRule.MaximumAlpha);
if (value > 0) {
returnValues.add(getLocalString(Message.Requirement_MaxAlpha, value, locale, config));
}
}
{
if (!ruleHelper.readBooleanValue(PwmPasswordRule.AllowNumeric)) {
returnValues.add(getLocalString(Message.Requirement_AllowNumeric, null, locale, config));
} else {
final int minValue = ruleHelper.readIntValue(PwmPasswordRule.MinimumNumeric);
if (minValue > 0) {
returnValues.add(getLocalString(Message.Requirement_MinNumeric, minValue, locale, config));
}
final int maxValue = ruleHelper.readIntValue(PwmPasswordRule.MaximumNumeric);
if (maxValue > 0) {
returnValues.add(getLocalString(Message.Requirement_MaxNumeric, maxValue, locale, config));
}
if (!ruleHelper.readBooleanValue(PwmPasswordRule.AllowFirstCharNumeric)) {
returnValues.add(getLocalString(Message.Requirement_FirstNumeric, maxValue, locale, config));
}
if (!ruleHelper.readBooleanValue(PwmPasswordRule.AllowLastCharNumeric)) {
returnValues.add(getLocalString(Message.Requirement_LastNumeric, maxValue, locale, config));
}
}
}
{
if (!ruleHelper.readBooleanValue(PwmPasswordRule.AllowSpecial)) {
returnValues.add(getLocalString(Message.Requirement_AllowSpecial, null, locale, config));
} else {
final int minValue = ruleHelper.readIntValue(PwmPasswordRule.MinimumSpecial);
if (minValue > 0) {
returnValues.add(getLocalString(Message.Requirement_MinSpecial, minValue, locale, config));
}
final int maxValue = ruleHelper.readIntValue(PwmPasswordRule.MaximumSpecial);
if (maxValue > 0) {
returnValues.add(getLocalString(Message.Requirement_MaxSpecial, maxValue, locale, config));
}
if (!ruleHelper.readBooleanValue(PwmPasswordRule.AllowFirstCharSpecial)) {
returnValues.add(getLocalString(Message.Requirement_FirstSpecial, maxValue, locale, config));
}
if (!ruleHelper.readBooleanValue(PwmPasswordRule.AllowLastCharSpecial)) {
returnValues.add(getLocalString(Message.Requirement_LastSpecial, maxValue, locale, config));
}
}
}
{
final int value = pwordPolicy.getRuleHelper().readIntValue(PwmPasswordRule.MaximumRepeat);
if (value > 0) {
returnValues.add(getLocalString(Message.Requirement_MaxRepeat, value, locale, config));
}
}
{
final int value = pwordPolicy.getRuleHelper().readIntValue(PwmPasswordRule.MaximumSequentialRepeat);
if (value > 0) {
returnValues.add(getLocalString(Message.Requirement_MaxSeqRepeat, value, locale, config));
}
}
{
final int value = ruleHelper.readIntValue(PwmPasswordRule.MinimumLowerCase);
if (value > 0) {
returnValues.add(getLocalString(Message.Requirement_MinLower, value, locale, config));
}
}
{
final int value = ruleHelper.readIntValue(PwmPasswordRule.MaximumLowerCase);
if (value > 0) {
returnValues.add(getLocalString(Message.Requirement_MaxLower, value, locale, config));
}
}
{
final int value = ruleHelper.readIntValue(PwmPasswordRule.MinimumUpperCase);
if (value > 0) {
returnValues.add(getLocalString(Message.Requirement_MinUpper, value, locale, config));
}
}
{
final int value = ruleHelper.readIntValue(PwmPasswordRule.MaximumUpperCase);
if (value > 0) {
returnValues.add(getLocalString(Message.Requirement_MaxUpper, value, locale, config));
}
}
{
final int value = ruleHelper.readIntValue(PwmPasswordRule.MinimumUnique);
if (value > 0) {
returnValues.add(getLocalString(Message.Requirement_MinUnique, value, locale, config));
}
}
{
final List<String> setValue = ruleHelper.getDisallowedValues();
if (!setValue.isEmpty()) {
final StringBuilder fieldValue = new StringBuilder();
for (final String loopValue : setValue) {
fieldValue.append(" ");
final String expandedValue = macroMachine.expandMacros(loopValue);
fieldValue.append(StringUtil.escapeHtml(expandedValue));
}
returnValues.add(getLocalString(Message.Requirement_DisAllowedValues, fieldValue.toString(), locale, config));
}
}
{
final List<String> setValue = ruleHelper.getDisallowedAttributes();
if (!setValue.isEmpty() || adPolicyLevel == ADPolicyComplexity.AD2003) {
returnValues.add(getLocalString(Message.Requirement_DisAllowedAttributes, "", locale, config));
}
}
if (ruleHelper.readBooleanValue(PwmPasswordRule.EnableWordlist)) {
returnValues.add(getLocalString(Message.Requirement_WordList, "", locale, config));
}
{
final int value = ruleHelper.readIntValue(PwmPasswordRule.MaximumOldChars);
if (value > 0) {
returnValues.add(getLocalString(Message.Requirement_OldChar, value, locale, config));
}
}
{
final int value = ruleHelper.readIntValue(PwmPasswordRule.MinimumLifetime);
if (value > 0) {
final int secondsPerDay = 60 * 60 * 24;
final String durationStr;
if (value % secondsPerDay == 0) {
final int valueAsDays = value / (60 * 60 * 24);
final Display key = valueAsDays <= 1 ? Display.Display_Day : Display.Display_Days;
durationStr = valueAsDays + " " + LocaleHelper.getLocalizedMessage(locale, key, config);
} else {
final int valueAsHours = value / (60 * 60);
final Display key = valueAsHours <= 1 ? Display.Display_Hour : Display.Display_Hours;
durationStr = valueAsHours + " " + LocaleHelper.getLocalizedMessage(locale, key, config);
}
final String userMsg = Message.getLocalizedMessage(locale, Message.Requirement_MinimumFrequency, config, durationStr);
returnValues.add(userMsg);
}
}
if (adPolicyLevel == ADPolicyComplexity.AD2003) {
returnValues.add(getLocalString(Message.Requirement_ADComplexity, "", locale, config));
} else if (adPolicyLevel == ADPolicyComplexity.AD2008) {
final int maxViolations = ruleHelper.readIntValue(PwmPasswordRule.ADComplexityMaxViolations);
final int minGroups = 5 - maxViolations;
returnValues.add(getLocalString(Message.Requirement_ADComplexity2008, String.valueOf(minGroups), locale, config));
}
if (ruleHelper.readBooleanValue(PwmPasswordRule.UniqueRequired)) {
returnValues.add(getLocalString(Message.Requirement_UniqueRequired, "", locale, config));
}
return returnValues;
}
Also used :
PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy)
ArrayList(java.util.ArrayList)
ArrayList(java.util.ArrayList)
List(java.util.List)
ADPolicyComplexity(password.pwm.config.option.ADPolicyComplexity)
Display(password.pwm.i18n.Display)
Example 14 with PwmPasswordPolicy
use of password.pwm.config.profile.PwmPasswordPolicy in project pwm by pwm-project.
the class UserInfoReader method getChallengeProfile.
@Override
public ChallengeProfile getChallengeProfile() throws PwmUnrecoverableException {
final PwmPasswordPolicy pwmPasswordPolicy = selfCachedReference.getPasswordPolicy();
final CrService crService = pwmApplication.getCrService();
return crService.readUserChallengeProfile(sessionLabel, getUserIdentity(), chaiUser, pwmPasswordPolicy, locale);
}
Also used :
PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy)
CrService(password.pwm.util.operations.CrService)
Example 15 with PwmPasswordPolicy
use of password.pwm.config.profile.PwmPasswordPolicy in project pwm by pwm-project.
the class PwmPasswordRuleValidator method basicSyntaxRuleChecks.
@SuppressWarnings("checkstyle:MethodLength")
private static List<ErrorInformation> basicSyntaxRuleChecks(final String password, final PwmPasswordPolicy policy, final UserInfo userInfo) throws PwmUnrecoverableException {
final List<ErrorInformation> errorList = new ArrayList<>();
final PwmPasswordPolicy.RuleHelper ruleHelper = policy.getRuleHelper();
final PasswordCharCounter charCounter = new PasswordCharCounter(password);
final int passwordLength = password.length();
// Check minimum length
if (passwordLength < ruleHelper.readIntValue(PwmPasswordRule.MinimumLength)) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_TOO_SHORT));
}
// Check maximum length
{
final int passwordMaximumLength = ruleHelper.readIntValue(PwmPasswordRule.MaximumLength);
if (passwordMaximumLength > 0 && passwordLength > passwordMaximumLength) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_TOO_LONG));
}
}
// check number of numeric characters
{
final int numberOfNumericChars = charCounter.getNumericCharCount();
if (ruleHelper.readBooleanValue(PwmPasswordRule.AllowNumeric)) {
if (numberOfNumericChars < ruleHelper.readIntValue(PwmPasswordRule.MinimumNumeric)) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_NOT_ENOUGH_NUM));
}
final int maxNumeric = ruleHelper.readIntValue(PwmPasswordRule.MaximumNumeric);
if (maxNumeric > 0 && numberOfNumericChars > maxNumeric) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_TOO_MANY_NUMERIC));
}
if (!ruleHelper.readBooleanValue(PwmPasswordRule.AllowFirstCharNumeric) && charCounter.isFirstNumeric()) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_FIRST_IS_NUMERIC));
}
if (!ruleHelper.readBooleanValue(PwmPasswordRule.AllowLastCharNumeric) && charCounter.isLastNumeric()) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_LAST_IS_NUMERIC));
}
} else {
if (numberOfNumericChars > 0) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_TOO_MANY_NUMERIC));
}
}
}
// check number of upper characters
{
final int numberOfUpperChars = charCounter.getUpperCharCount();
if (numberOfUpperChars < ruleHelper.readIntValue(PwmPasswordRule.MinimumUpperCase)) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_NOT_ENOUGH_UPPER));
}
final int maxUpper = ruleHelper.readIntValue(PwmPasswordRule.MaximumUpperCase);
if (maxUpper > 0 && numberOfUpperChars > maxUpper) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_TOO_MANY_UPPER));
}
}
// check number of alpha characters
{
final int numberOfAlphaChars = charCounter.getAlphaCharCount();
if (numberOfAlphaChars < ruleHelper.readIntValue(PwmPasswordRule.MinimumAlpha)) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_NOT_ENOUGH_ALPHA));
}
final int maxAlpha = ruleHelper.readIntValue(PwmPasswordRule.MaximumAlpha);
if (maxAlpha > 0 && numberOfAlphaChars > maxAlpha) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_TOO_MANY_ALPHA));
}
}
// check number of non-alpha characters
{
final int numberOfNonAlphaChars = charCounter.getNonAlphaCharCount();
if (numberOfNonAlphaChars < ruleHelper.readIntValue(PwmPasswordRule.MinimumNonAlpha)) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_NOT_ENOUGH_NONALPHA));
}
final int maxNonAlpha = ruleHelper.readIntValue(PwmPasswordRule.MaximumNonAlpha);
if (maxNonAlpha > 0 && numberOfNonAlphaChars > maxNonAlpha) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_TOO_MANY_NONALPHA));
}
}
// check number of lower characters
{
final int numberOfLowerChars = charCounter.getLowerCharCount();
if (numberOfLowerChars < ruleHelper.readIntValue(PwmPasswordRule.MinimumLowerCase)) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_NOT_ENOUGH_LOWER));
}
final int maxLower = ruleHelper.readIntValue(PwmPasswordRule.MaximumLowerCase);
if (maxLower > 0 && numberOfLowerChars > maxLower) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_TOO_MANY_UPPER));
}
}
// check number of special characters
{
final int numberOfSpecialChars = charCounter.getSpecialCharsCount();
if (ruleHelper.readBooleanValue(PwmPasswordRule.AllowSpecial)) {
if (numberOfSpecialChars < ruleHelper.readIntValue(PwmPasswordRule.MinimumSpecial)) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_NOT_ENOUGH_SPECIAL));
}
final int maxSpecial = ruleHelper.readIntValue(PwmPasswordRule.MaximumSpecial);
if (maxSpecial > 0 && numberOfSpecialChars > maxSpecial) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_TOO_MANY_SPECIAL));
}
if (!ruleHelper.readBooleanValue(PwmPasswordRule.AllowFirstCharSpecial) && charCounter.isFirstSpecial()) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_FIRST_IS_SPECIAL));
}
if (!ruleHelper.readBooleanValue(PwmPasswordRule.AllowLastCharSpecial) && charCounter.isLastSpecial()) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_LAST_IS_SPECIAL));
}
} else {
if (numberOfSpecialChars > 0) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_TOO_MANY_SPECIAL));
}
}
}
// Check maximum character repeats (sequential)
{
final int maxSequentialRepeat = ruleHelper.readIntValue(PwmPasswordRule.MaximumSequentialRepeat);
if (maxSequentialRepeat > 0 && charCounter.getSequentialRepeatedChars() > maxSequentialRepeat) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_TOO_MANY_REPEAT));
}
// Check maximum character repeats (overall)
final int maxRepeat = ruleHelper.readIntValue(PwmPasswordRule.MaximumRepeat);
if (maxRepeat > 0 && charCounter.getRepeatedChars() > maxRepeat) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_TOO_MANY_REPEAT));
}
}
// Check minimum unique character
{
final int minUnique = ruleHelper.readIntValue(PwmPasswordRule.MinimumUnique);
if (minUnique > 0 && charCounter.getUniqueChars() < minUnique) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_NOT_ENOUGH_UNIQUE));
}
}
// check ad-complexity
{
final ADPolicyComplexity complexityLevel = ruleHelper.getADComplexityLevel();
if (complexityLevel == ADPolicyComplexity.AD2003 || complexityLevel == ADPolicyComplexity.AD2008) {
final int maxGroupViolations = ruleHelper.readIntValue(PwmPasswordRule.ADComplexityMaxViolations);
errorList.addAll(checkPasswordForADComplexity(complexityLevel, userInfo, password, charCounter, maxGroupViolations));
}
}
// check consecutive characters
{
final int maximumConsecutive = ruleHelper.readIntValue(PwmPasswordRule.MaximumConsecutive);
if (tooManyConsecutiveChars(password, maximumConsecutive)) {
errorList.add(new ErrorInformation(PwmError.PASSWORD_TOO_MANY_CONSECUTIVE));
}
}
return errorList;
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy)
ArrayList(java.util.ArrayList)
RuleHelper(password.pwm.config.profile.PwmPasswordPolicy.RuleHelper)
ADPolicyComplexity(password.pwm.config.option.ADPolicyComplexity)
Aggregations
PwmPasswordPolicy (password.pwm.config.profile.PwmPasswordPolicy)21
ErrorInformation (password.pwm.error.ErrorInformation)10
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)8
ChaiUser (com.novell.ldapchai.ChaiUser)7
PasswordData (password.pwm.util.PasswordData)7
Instant (java.time.Instant)6
ArrayList (java.util.ArrayList)6
ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)5
List (java.util.List)5
Locale (java.util.Locale)5
UserIdentity (password.pwm.bean.UserIdentity)5
ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)4
ChaiProvider (com.novell.ldapchai.provider.ChaiProvider)4
UserInfo (password.pwm.ldap.UserInfo)4
PwmApplication (password.pwm.PwmApplication)3
Configuration (password.pwm.config.Configuration)3
PwmException (password.pwm.error.PwmException)3
PwmOperationalException (password.pwm.error.PwmOperationalException)3
PwmSession (password.pwm.http.PwmSession)3
MacroMachine (password.pwm.util.macro.MacroMachine)3
