001    /*
002     * CDDL HEADER START
003     *
004     * The contents of this file are subject to the terms of the
005     * Common Development and Distribution License, Version 1.0 only
006     * (the "License").  You may not use this file except in compliance
007     * with the License.
008     *
009     * You can obtain a copy of the license at
010     * trunk/opends/resource/legal-notices/OpenDS.LICENSE
011     * or https://OpenDS.dev.java.net/OpenDS.LICENSE.
012     * See the License for the specific language governing permissions
013     * and limitations under the License.
014     *
015     * When distributing Covered Code, include this CDDL HEADER in each
016     * file and include the License file at
017     * trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
018     * add the following below this CDDL HEADER, with the fields enclosed
019     * by brackets "[]" replaced with your own identifying information:
020     *      Portions Copyright [yyyy] [name of copyright owner]
021     *
022     * CDDL HEADER END
023     *
024     *
025     *      Copyright 2006-2008 Sun Microsystems, Inc.
026     */
027    package org.opends.server.api;
028    import org.opends.messages.Message;
029    
030    
031    
032    import java.util.List;
033    import java.util.Set;
034    
035    import org.opends.server.admin.std.server.PasswordValidatorCfg;
036    import org.opends.server.config.ConfigException;
037    import org.opends.server.types.ByteString;
038    import org.opends.server.types.Entry;
039    import org.opends.server.types.InitializationException;
040    import org.opends.server.types.Operation;
041    
042    import org.opends.messages.MessageBuilder;
043    
044    
045    /**
046     * This class defines the set of methods and structures that must be
047     * implemented by a Directory Server module that may be used to
048     * determine whether a proposed password is acceptable for a user.
049     *
050     * @param  <T>  The type of configuration handled by this password
051     *              validator.
052     */
053    @org.opends.server.types.PublicAPI(
054         stability=org.opends.server.types.StabilityLevel.UNCOMMITTED,
055         mayInstantiate=false,
056         mayExtend=true,
057         mayInvoke=false)
058    public abstract class PasswordValidator
059           <T extends PasswordValidatorCfg>
060    {
061      /**
062       * Initializes this password validator based on the information in
063       * the provided configuration entry.
064       *
065       * @param  configuration  The configuration to use to initialize
066       *                        this password validator.
067       *
068       * @throws  ConfigException  If an unrecoverable problem arises in
069       *                           the process of performing the
070       *                           initialization.
071       *
072       * @throws  InitializationException  If a problem occurs during
073       *                                   initialization that is not
074       *                                   related to the server
075       *                                   configuration.
076       */
077      public abstract void initializePasswordValidator(T configuration)
078             throws ConfigException, InitializationException;
079    
080    
081    
082      /**
083       * Indicates whether the provided configuration is acceptable for
084       * this password validator.  It should be possible to call this
085       * method on an uninitialized password validator instance in order
086       * to determine whether the password validator would be able to use
087       * the provided configuration.
088       * <BR><BR>
089       * Note that implementations which use a subclass of the provided
090       * configuration class will likely need to cast the configuration
091       * to the appropriate subclass type.
092       *
093       * @param  configuration        The password validator configuration
094       *                              for which to make the determination.
095       * @param  unacceptableReasons  A list that may be used to hold the
096       *                              reasons that the provided
097       *                              configuration is not acceptable.
098       *
099       * @return  {@code true} if the provided configuration is acceptable
100       *          for this password validator, or {@code false} if not.
101       */
102      public boolean isConfigurationAcceptable(
103                          PasswordValidatorCfg configuration,
104                          List<Message> unacceptableReasons)
105      {
106        // This default implementation does not perform any special
107        // validation.  It should be overridden by password validator
108        // implementations that wish to perform more detailed validation.
109        return true;
110      }
111    
112    
113    
114      /**
115       * Performs any finalization that might be required when this
116       * password validator is unloaded.  No action is taken in the
117       * default implementation.
118       */
119      public void finalizePasswordValidator()
120      {
121        // No action is required by default.
122      }
123    
124    
125    
126      /**
127       * Indicates whether the provided password is acceptable for use by
128       * the specified user.  If the password is determined to be
129       * unacceptable, then a human-readable explanation should be
130       * appended to the provided buffer.
131       *
132       * @param  newPassword       The proposed clear-text password that
133       *                           should be validated.
134       * @param  currentPasswords  The set of clear-text current passwords
135       *                           for the user (if available).  Note that
136       *                           the current passwords may not always be
137       *                           available, and this may not comprise
138       *                           entire set of passwords currently
139       *                           for the user.
140       * @param  operation         The operation that is being used to set
141       *                           the password.  It may be an add, a
142       *                           modify, or a password modify operation.
143       * @param  userEntry         The entry for the user whose password
144       *                           is being changed.
145       * @param  invalidReason     The buffer to which the human-readable
146       *                           explanation should be appended if it is
147       *                           determined that the password is not
148       *                           acceptable.
149       *
150       * @return  {@code true} if the password is acceptable, or
151       *          {@code false} if not.
152       */
153      public abstract boolean passwordIsAcceptable(ByteString newPassword,
154                                   Set<ByteString> currentPasswords,
155                                   Operation operation,
156                                   Entry userEntry,
157                                   MessageBuilder invalidReason);
158    }
159