1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.syncope.fit.core.reference;
20
21 import org.apache.syncope.common.lib.policy.PasswordRuleConf;
22 import org.apache.syncope.core.persistence.api.entity.user.LinkedAccount;
23 import org.apache.syncope.core.persistence.api.entity.user.User;
24 import org.apache.syncope.core.provisioning.api.rules.PasswordRule;
25 import org.apache.syncope.core.provisioning.api.rules.PasswordRuleConfClass;
26 import org.apache.syncope.core.spring.policy.PasswordPolicyException;
27 import org.apache.syncope.core.spring.security.Encryptor;
28 import org.slf4j.Logger;
29 import org.slf4j.LoggerFactory;
30 import org.springframework.transaction.annotation.Transactional;
31
32 @PasswordRuleConfClass(TestPasswordRuleConf.class)
33 public class TestPasswordRule implements PasswordRule {
34
35 protected static final Logger LOG = LoggerFactory.getLogger(TestPasswordRule.class);
36
37 private static final Encryptor ENCRYPTOR = Encryptor.getInstance();
38
39 private TestPasswordRuleConf conf;
40
41 @Override
42 public TestPasswordRuleConf getConf() {
43 return conf;
44 }
45
46 @Override
47 public void setConf(final PasswordRuleConf conf) {
48 if (conf instanceof TestPasswordRuleConf) {
49 this.conf = TestPasswordRuleConf.class.cast(conf);
50 } else {
51 throw new IllegalArgumentException(
52 PasswordRuleConf.class.getName() + " expected, got " + conf.getClass().getName());
53 }
54 }
55
56 @Override
57 public void enforce(final String username, final String clearPassword) {
58 if (clearPassword != null && !clearPassword.endsWith(conf.getMustEndWith())) {
59 throw new PasswordPolicyException("Password not ending with " + conf.getMustEndWith());
60 }
61 }
62
63 @Transactional(readOnly = true)
64 @Override
65 public void enforce(final User user, final String clearPassword) {
66 if (clearPassword != null && !clearPassword.endsWith(conf.getMustEndWith())) {
67 throw new PasswordPolicyException("Password not ending with " + conf.getMustEndWith());
68 }
69 }
70
71 @Transactional(readOnly = true)
72 @Override
73 public void enforce(final LinkedAccount account) {
74 if (account.getPassword() != null) {
75 String clear = null;
76 if (account.canDecodeSecrets()) {
77 try {
78 clear = ENCRYPTOR.decode(account.getPassword(), account.getCipherAlgorithm());
79 } catch (Exception e) {
80 LOG.error("Could not decode password for {}", account, e);
81 }
82 }
83
84 if (clear != null && !clear.endsWith(conf.getMustEndWith())) {
85 throw new PasswordPolicyException("Password not ending with " + conf.getMustEndWith());
86 }
87 }
88 }
89 }