/*
|
* CDDL HEADER START
|
*
|
* The contents of this file are subject to the terms of the
|
* Common Development and Distribution License, Version 1.0 only
|
* (the "License"). You may not use this file except in compliance
|
* with the License.
|
*
|
* You can obtain a copy of the license at
|
* trunk/opends/resource/legal-notices/OpenDS.LICENSE
|
* or https://OpenDS.dev.java.net/OpenDS.LICENSE.
|
* See the License for the specific language governing permissions
|
* and limitations under the License.
|
*
|
* When distributing Covered Code, include this CDDL HEADER in each
|
* file and include the License file at
|
* trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
|
* add the following below this CDDL HEADER, with the fields enclosed
|
* by brackets "[]" replaced with your own identifying information:
|
* Portions Copyright [yyyy] [name of copyright owner]
|
*
|
* CDDL HEADER END
|
*
|
*
|
* Portions Copyright 2006-2007 Sun Microsystems, Inc.
|
*/
|
package org.opends.server.core;
|
|
|
|
import java.util.ArrayList;
|
import java.util.Iterator;
|
import java.util.LinkedList;
|
import java.util.List;
|
import java.util.concurrent.ConcurrentHashMap;
|
|
import org.opends.server.api.ConfigAddListener;
|
import org.opends.server.api.ConfigChangeListener;
|
import org.opends.server.api.ConfigDeleteListener;
|
import org.opends.server.api.ConfigHandler;
|
import org.opends.server.api.ConfigurableComponent;
|
import org.opends.server.api.PasswordStorageScheme;
|
import org.opends.server.config.BooleanConfigAttribute;
|
import org.opends.server.config.ConfigEntry;
|
import org.opends.server.config.ConfigException;
|
import org.opends.server.config.StringConfigAttribute;
|
import org.opends.server.types.ConfigChangeResult;
|
import org.opends.server.types.DN;
|
import org.opends.server.types.ErrorLogCategory;
|
import org.opends.server.types.ErrorLogSeverity;
|
import org.opends.server.types.InitializationException;
|
import org.opends.server.types.ResultCode;
|
|
import static org.opends.server.config.ConfigConstants.*;
|
import static org.opends.server.loggers.debug.DebugLogger.debugCought;
|
import static org.opends.server.loggers.debug.DebugLogger.debugEnabled;
|
import org.opends.server.types.DebugLogLevel;
|
import static org.opends.server.loggers.Error.*;
|
import static org.opends.server.messages.ConfigMessages.*;
|
import static org.opends.server.messages.MessageHandler.*;
|
import static org.opends.server.util.ServerConstants.*;
|
import static org.opends.server.util.StaticUtils.*;
|
|
|
|
/**
|
* This class defines a utility that will be used to manage the set of password
|
* storage schemes defined in the Directory Server. It will initialize the
|
* storage schemes when the server starts, and then will manage any additions,
|
* removals, or modifications to any schemes while the server is running.
|
*/
|
public class PasswordStorageSchemeConfigManager
|
implements ConfigChangeListener, ConfigAddListener, ConfigDeleteListener
|
{
|
|
|
|
// A mapping between the DNs of the config entries and the associated password
|
// storage schemes.
|
private ConcurrentHashMap<DN,PasswordStorageScheme> storageSchemes;
|
|
// The configuration handler for the Directory Server.
|
private ConfigHandler configHandler;
|
|
|
|
/**
|
* Creates a new instance of this password storage scheme config manager.
|
*/
|
public PasswordStorageSchemeConfigManager()
|
{
|
configHandler = DirectoryServer.getConfigHandler();
|
storageSchemes = new ConcurrentHashMap<DN,PasswordStorageScheme>();
|
}
|
|
|
|
/**
|
* Initializes all password storage schemes currently defined in the Directory
|
* Server configuration. This should only be called at Directory Server
|
* startup.
|
*
|
* @throws ConfigException If a configuration problem causes the password
|
* storage scheme initialization process to fail.
|
*
|
* @throws InitializationException If a problem occurs while initializing
|
* the password storage scheme that is not
|
* related to the server configuration.
|
*/
|
public void initializePasswordStorageSchemes()
|
throws ConfigException, InitializationException
|
{
|
// First, get the configuration base entry.
|
ConfigEntry baseEntry;
|
try
|
{
|
DN schemeBase = DN.decode(DN_PWSCHEME_CONFIG_BASE);
|
baseEntry = configHandler.getConfigEntry(schemeBase);
|
}
|
catch (Exception e)
|
{
|
if (debugEnabled())
|
{
|
debugCought(DebugLogLevel.ERROR, e);
|
}
|
|
int msgID = MSGID_CONFIG_PWSCHEME_CANNOT_GET_BASE;
|
String message = getMessage(msgID, String.valueOf(e));
|
throw new ConfigException(msgID, message, e);
|
}
|
|
if (baseEntry == null)
|
{
|
// The password storage scheme base entry does not exist. This is not
|
// acceptable, so throw an exception.
|
int msgID = MSGID_CONFIG_PWSCHEME_BASE_DOES_NOT_EXIST;
|
String message = getMessage(msgID);
|
throw new ConfigException(msgID, message);
|
}
|
|
|
// Register add and delete listeners with the storage scheme base entry. We
|
// don't care about modifications to it.
|
baseEntry.registerAddListener(this);
|
baseEntry.registerDeleteListener(this);
|
|
|
// See if the base entry has any children. If not, then we don't need to do
|
// anything else.
|
if (! baseEntry.hasChildren())
|
{
|
return;
|
}
|
|
|
// Iterate through the child entries and process them as password storage
|
// scheme configuration entries.
|
for (ConfigEntry childEntry : baseEntry.getChildren().values())
|
{
|
childEntry.registerChangeListener(this);
|
|
StringBuilder unacceptableReason = new StringBuilder();
|
if (! configAddIsAcceptable(childEntry, unacceptableReason))
|
{
|
logError(ErrorLogCategory.CONFIGURATION, ErrorLogSeverity.SEVERE_ERROR,
|
MSGID_CONFIG_PWSCHEME_ENTRY_UNACCEPTABLE,
|
childEntry.getDN().toString(), unacceptableReason.toString());
|
continue;
|
}
|
|
try
|
{
|
ConfigChangeResult result = applyConfigurationAdd(childEntry);
|
if (result.getResultCode() != ResultCode.SUCCESS)
|
{
|
StringBuilder buffer = new StringBuilder();
|
|
List<String> resultMessages = result.getMessages();
|
if ((resultMessages == null) || (resultMessages.isEmpty()))
|
{
|
buffer.append(getMessage(MSGID_CONFIG_UNKNOWN_UNACCEPTABLE_REASON));
|
}
|
else
|
{
|
Iterator<String> iterator = resultMessages.iterator();
|
|
buffer.append(iterator.next());
|
while (iterator.hasNext())
|
{
|
buffer.append(EOL);
|
buffer.append(iterator.next());
|
}
|
}
|
|
logError(ErrorLogCategory.CONFIGURATION,
|
ErrorLogSeverity.SEVERE_ERROR,
|
MSGID_CONFIG_PWSCHEME_CANNOT_CREATE_SCHEME,
|
childEntry.getDN().toString(), buffer.toString());
|
}
|
}
|
catch (Exception e)
|
{
|
logError(ErrorLogCategory.CONFIGURATION, ErrorLogSeverity.SEVERE_ERROR,
|
MSGID_CONFIG_PWSCHEME_CANNOT_CREATE_SCHEME,
|
childEntry.getDN().toString(), String.valueOf(e));
|
}
|
}
|
}
|
|
|
|
/**
|
* Indicates whether the configuration entry that will result from a proposed
|
* modification is acceptable to this change listener.
|
*
|
* @param configEntry The configuration entry that will result from
|
* the requested update.
|
* @param unacceptableReason A buffer to which this method can append a
|
* human-readable message explaining why the
|
* proposed change is not acceptable.
|
*
|
* @return <CODE>true</CODE> if the proposed entry contains an acceptable
|
* configuration, or <CODE>false</CODE> if it does not.
|
*/
|
public boolean configChangeIsAcceptable(ConfigEntry configEntry,
|
StringBuilder unacceptableReason)
|
{
|
// Make sure that the entry has an appropriate objectclass for a password
|
// storage scheme.
|
if (! configEntry.hasObjectClass(OC_PASSWORD_STORAGE_SCHEME))
|
{
|
int msgID = MSGID_CONFIG_PWSCHEME_INVALID_OBJECTCLASS;
|
String message = getMessage(msgID, configEntry.getDN().toString());
|
unacceptableReason.append(message);
|
return false;
|
}
|
|
|
// Make sure that the entry specifies the storage scheme class name.
|
StringConfigAttribute classNameAttr;
|
try
|
{
|
StringConfigAttribute classStub =
|
new StringConfigAttribute(ATTR_PWSCHEME_CLASS,
|
getMessage(MSGID_CONFIG_PWSCHEME_DESCRIPTION_CLASS_NAME),
|
true, false, true);
|
classNameAttr = (StringConfigAttribute)
|
configEntry.getConfigAttribute(classStub);
|
|
if (classNameAttr == null)
|
{
|
int msgID = MSGID_CONFIG_PWSCHEME_NO_CLASS_NAME;
|
String message = getMessage(msgID, configEntry.getDN().toString());
|
unacceptableReason.append(message);
|
return false;
|
}
|
}
|
catch (Exception e)
|
{
|
if (debugEnabled())
|
{
|
debugCought(DebugLogLevel.ERROR, e);
|
}
|
|
int msgID = MSGID_CONFIG_PWSCHEME_INVALID_CLASS_NAME;
|
String message = getMessage(msgID, configEntry.getDN().toString(),
|
String.valueOf(e));
|
unacceptableReason.append(message);
|
return false;
|
}
|
|
Class schemeClass;
|
try
|
{
|
// FIXME -- Should this be done with a custom class loader?
|
schemeClass = Class.forName(classNameAttr.pendingValue());
|
}
|
catch (Exception e)
|
{
|
if (debugEnabled())
|
{
|
debugCought(DebugLogLevel.ERROR, e);
|
}
|
|
int msgID = MSGID_CONFIG_PWSCHEME_INVALID_CLASS_NAME;
|
String message = getMessage(msgID, configEntry.getDN().toString(),
|
String.valueOf(e));
|
unacceptableReason.append(message);
|
return false;
|
}
|
|
try
|
{
|
PasswordStorageScheme scheme =
|
(PasswordStorageScheme) schemeClass.newInstance();
|
}
|
catch(Exception e)
|
{
|
if (debugEnabled())
|
{
|
debugCought(DebugLogLevel.ERROR, e);
|
}
|
|
int msgID = MSGID_CONFIG_PWSCHEME_INVALID_CLASS;
|
String message = getMessage(msgID, schemeClass.getName(),
|
String.valueOf(configEntry.getDN()),
|
String.valueOf(e));
|
unacceptableReason.append(message);
|
return false;
|
}
|
|
|
// See if this password storage scheme should be enabled.
|
BooleanConfigAttribute enabledAttr;
|
try
|
{
|
BooleanConfigAttribute enabledStub =
|
new BooleanConfigAttribute(ATTR_PWSCHEME_ENABLED,
|
getMessage(MSGID_CONFIG_PWSCHEME_DESCRIPTION_ENABLED),
|
false);
|
enabledAttr = (BooleanConfigAttribute)
|
configEntry.getConfigAttribute(enabledStub);
|
|
if (enabledAttr == null)
|
{
|
int msgID = MSGID_CONFIG_PWSCHEME_NO_ENABLED_ATTR;
|
String message = getMessage(msgID, configEntry.getDN().toString());
|
unacceptableReason.append(message);
|
return false;
|
}
|
}
|
catch (Exception e)
|
{
|
if (debugEnabled())
|
{
|
debugCought(DebugLogLevel.ERROR, e);
|
}
|
|
int msgID = MSGID_CONFIG_PWSCHEME_INVALID_ENABLED_VALUE;
|
String message = getMessage(msgID, configEntry.getDN().toString(),
|
String.valueOf(e));
|
unacceptableReason.append(message);
|
return false;
|
}
|
|
|
// If we've gotten here then the password storage scheme entry appears to be
|
// acceptable.
|
return true;
|
}
|
|
|
|
/**
|
* Attempts to apply a new configuration to this Directory Server component
|
* based on the provided changed entry.
|
*
|
* @param configEntry The configuration entry that containing the updated
|
* configuration for this component.
|
*
|
* @return Information about the result of processing the configuration
|
* change.
|
*/
|
public ConfigChangeResult applyConfigurationChange(ConfigEntry configEntry)
|
{
|
DN configEntryDN = configEntry.getDN();
|
ResultCode resultCode = ResultCode.SUCCESS;
|
boolean adminActionRequired = false;
|
ArrayList<String> messages = new ArrayList<String>();
|
|
|
// Make sure that the entry has an appropriate objectclass for a password
|
// storage scheme.
|
if (! configEntry.hasObjectClass(OC_PASSWORD_STORAGE_SCHEME))
|
{
|
int msgID = MSGID_CONFIG_PWSCHEME_INVALID_OBJECTCLASS;
|
messages.add(getMessage(msgID, String.valueOf(configEntryDN)));
|
resultCode = ResultCode.UNWILLING_TO_PERFORM;
|
return new ConfigChangeResult(resultCode, adminActionRequired, messages);
|
}
|
|
|
// Get the corresponding password storage scheme if it is active.
|
PasswordStorageScheme scheme = storageSchemes.get(configEntryDN);
|
|
|
// See if this scheme should be enabled or disabled.
|
boolean needsEnabled = false;
|
BooleanConfigAttribute enabledAttr;
|
try
|
{
|
BooleanConfigAttribute enabledStub =
|
new BooleanConfigAttribute(ATTR_PWSCHEME_ENABLED,
|
getMessage(MSGID_CONFIG_PWSCHEME_DESCRIPTION_ENABLED),
|
false);
|
enabledAttr = (BooleanConfigAttribute)
|
configEntry.getConfigAttribute(enabledStub);
|
|
if (enabledAttr == null)
|
{
|
int msgID = MSGID_CONFIG_PWSCHEME_NO_ENABLED_ATTR;
|
messages.add(getMessage(msgID, String.valueOf(configEntryDN)));
|
resultCode = ResultCode.UNWILLING_TO_PERFORM;
|
return new ConfigChangeResult(resultCode, adminActionRequired,
|
messages);
|
}
|
|
if (enabledAttr.activeValue())
|
{
|
if (scheme == null)
|
{
|
needsEnabled = true;
|
}
|
else
|
{
|
// The scheme is already active, so no action is required.
|
}
|
}
|
else
|
{
|
if (scheme == null)
|
{
|
// The scheme is already disabled, so no action is required and we
|
// can short-circuit out of this processing.
|
return new ConfigChangeResult(resultCode, adminActionRequired,
|
messages);
|
}
|
else
|
{
|
// The scheme is active, so it needs to be disabled. Do this and
|
// return that we were successful.
|
storageSchemes.remove(configEntryDN);
|
scheme.finalizePasswordStorageScheme();
|
|
String lowerName = toLowerCase(scheme.getStorageSchemeName());
|
DirectoryServer.deregisterPasswordStorageScheme(lowerName);
|
|
return new ConfigChangeResult(resultCode, adminActionRequired,
|
messages);
|
}
|
}
|
}
|
catch (Exception e)
|
{
|
if (debugEnabled())
|
{
|
debugCought(DebugLogLevel.ERROR, e);
|
}
|
|
int msgID = MSGID_CONFIG_PWSCHEME_INVALID_ENABLED_VALUE;
|
messages.add(getMessage(msgID, String.valueOf(configEntryDN),
|
String.valueOf(e)));
|
resultCode = DirectoryServer.getServerErrorResultCode();
|
return new ConfigChangeResult(resultCode, adminActionRequired, messages);
|
}
|
|
|
// Make sure that the entry specifies the storage scheme class name. If it
|
// has changed, then we will not try to dynamically apply it.
|
String className;
|
try
|
{
|
StringConfigAttribute classStub =
|
new StringConfigAttribute(ATTR_PWSCHEME_CLASS,
|
getMessage(MSGID_CONFIG_PWSCHEME_DESCRIPTION_CLASS_NAME),
|
true, false, true);
|
StringConfigAttribute classNameAttr =
|
(StringConfigAttribute) configEntry.getConfigAttribute(classStub);
|
|
if (classNameAttr == null)
|
{
|
int msgID = MSGID_CONFIG_PWSCHEME_NO_CLASS_NAME;
|
messages.add(getMessage(msgID, String.valueOf(configEntryDN)));
|
resultCode = ResultCode.OBJECTCLASS_VIOLATION;
|
return new ConfigChangeResult(resultCode, adminActionRequired,
|
messages);
|
}
|
|
className = classNameAttr.pendingValue();
|
}
|
catch (Exception e)
|
{
|
if (debugEnabled())
|
{
|
debugCought(DebugLogLevel.ERROR, e);
|
}
|
|
int msgID = MSGID_CONFIG_PWSCHEME_INVALID_CLASS_NAME;
|
messages.add(getMessage(msgID, String.valueOf(configEntryDN),
|
String.valueOf(e)));
|
resultCode = DirectoryServer.getServerErrorResultCode();
|
return new ConfigChangeResult(resultCode, adminActionRequired, messages);
|
}
|
|
|
boolean classChanged = false;
|
String oldClassName = null;
|
if (scheme != null)
|
{
|
oldClassName = scheme.getClass().getName();
|
classChanged = (! className.equals(oldClassName));
|
}
|
|
|
if (classChanged)
|
{
|
// This will not be applied dynamically. Add a message to the response
|
// and indicate that admin action is required.
|
adminActionRequired = true;
|
messages.add(getMessage(MSGID_CONFIG_PWSCHEME_CLASS_ACTION_REQUIRED,
|
String.valueOf(oldClassName),
|
String.valueOf(className),
|
String.valueOf(configEntryDN)));
|
return new ConfigChangeResult(resultCode, adminActionRequired, messages);
|
}
|
|
|
if (needsEnabled)
|
{
|
try
|
{
|
// FIXME -- Should this be done with a dynamic class loader?
|
Class schemeClass = Class.forName(className);
|
scheme = (PasswordStorageScheme) schemeClass.newInstance();
|
}
|
catch (Exception e)
|
{
|
if (debugEnabled())
|
{
|
debugCought(DebugLogLevel.ERROR, e);
|
}
|
|
int msgID = MSGID_CONFIG_PWSCHEME_INVALID_CLASS;
|
messages.add(getMessage(msgID, className,
|
String.valueOf(configEntryDN),
|
String.valueOf(e)));
|
resultCode = DirectoryServer.getServerErrorResultCode();
|
return new ConfigChangeResult(resultCode, adminActionRequired,
|
messages);
|
}
|
|
try
|
{
|
scheme.initializePasswordStorageScheme(configEntry);
|
}
|
catch (Exception e)
|
{
|
if (debugEnabled())
|
{
|
debugCought(DebugLogLevel.ERROR, e);
|
}
|
|
int msgID = MSGID_CONFIG_PWSCHEME_INITIALIZATION_FAILED;
|
messages.add(getMessage(msgID, className,
|
String.valueOf(configEntryDN),
|
String.valueOf(e)));
|
resultCode = DirectoryServer.getServerErrorResultCode();
|
return new ConfigChangeResult(resultCode, adminActionRequired,
|
messages);
|
}
|
|
|
storageSchemes.put(configEntryDN, scheme);
|
DirectoryServer.registerPasswordStorageScheme(scheme);
|
return new ConfigChangeResult(resultCode, adminActionRequired, messages);
|
}
|
|
|
// If we've gotten here, then there haven't been any changes to anything
|
// that we care about.
|
return new ConfigChangeResult(resultCode, adminActionRequired, messages);
|
}
|
|
|
|
/**
|
* Indicates whether the configuration entry that will result from a proposed
|
* add is acceptable to this add listener.
|
*
|
* @param configEntry The configuration entry that will result from
|
* the requested add.
|
* @param unacceptableReason A buffer to which this method can append a
|
* human-readable message explaining why the
|
* proposed entry is not acceptable.
|
*
|
* @return <CODE>true</CODE> if the proposed entry contains an acceptable
|
* configuration, or <CODE>false</CODE> if it does not.
|
*/
|
public boolean configAddIsAcceptable(ConfigEntry configEntry,
|
StringBuilder unacceptableReason)
|
{
|
// Make sure that no entry already exists with the specified DN.
|
DN configEntryDN = configEntry.getDN();
|
if (storageSchemes.containsKey(configEntryDN))
|
{
|
int msgID = MSGID_CONFIG_PWSCHEME_EXISTS;
|
String message = getMessage(msgID, String.valueOf(configEntryDN));
|
unacceptableReason.append(message);
|
return false;
|
}
|
|
|
// Make sure that the entry has an appropriate objectclass for a password
|
// storage scheme.
|
if (! configEntry.hasObjectClass(OC_PASSWORD_STORAGE_SCHEME))
|
{
|
int msgID = MSGID_CONFIG_PWSCHEME_INVALID_OBJECTCLASS;
|
String message = getMessage(msgID, configEntry.getDN().toString());
|
unacceptableReason.append(message);
|
return false;
|
}
|
|
|
// Make sure that the entry specifies the password storage scheme class.
|
StringConfigAttribute classNameAttr;
|
try
|
{
|
StringConfigAttribute classStub =
|
new StringConfigAttribute(ATTR_PWSCHEME_CLASS,
|
getMessage(MSGID_CONFIG_PWSCHEME_DESCRIPTION_CLASS_NAME),
|
true, false, true);
|
classNameAttr = (StringConfigAttribute)
|
configEntry.getConfigAttribute(classStub);
|
|
if (classNameAttr == null)
|
{
|
int msgID = MSGID_CONFIG_PWSCHEME_NO_CLASS_NAME;
|
String message = getMessage(msgID, configEntry.getDN().toString());
|
unacceptableReason.append(message);
|
return false;
|
}
|
}
|
catch (Exception e)
|
{
|
if (debugEnabled())
|
{
|
debugCought(DebugLogLevel.ERROR, e);
|
}
|
|
int msgID = MSGID_CONFIG_PWSCHEME_INVALID_CLASS_NAME;
|
String message = getMessage(msgID, configEntry.getDN().toString(),
|
String.valueOf(e));
|
unacceptableReason.append(message);
|
return false;
|
}
|
|
Class schemeClass;
|
try
|
{
|
// FIXME -- Should this be done with a custom class loader?
|
schemeClass = Class.forName(classNameAttr.pendingValue());
|
}
|
catch (Exception e)
|
{
|
if (debugEnabled())
|
{
|
debugCought(DebugLogLevel.ERROR, e);
|
}
|
|
int msgID = MSGID_CONFIG_PWSCHEME_INVALID_CLASS_NAME;
|
String message = getMessage(msgID, configEntry.getDN().toString(),
|
String.valueOf(e));
|
unacceptableReason.append(message);
|
return false;
|
}
|
|
PasswordStorageScheme storageScheme;
|
try
|
{
|
storageScheme = (PasswordStorageScheme) schemeClass.newInstance();
|
}
|
catch (Exception e)
|
{
|
if (debugEnabled())
|
{
|
debugCought(DebugLogLevel.ERROR, e);
|
}
|
|
int msgID = MSGID_CONFIG_PWSCHEME_INVALID_CLASS;
|
String message = getMessage(msgID, schemeClass.getName(),
|
String.valueOf(configEntryDN),
|
String.valueOf(e));
|
unacceptableReason.append(message);
|
return false;
|
}
|
|
|
// If the storage scheme is a configurable component, then make sure that
|
// its configuration is valid.
|
if (storageScheme instanceof ConfigurableComponent)
|
{
|
ConfigurableComponent cc = (ConfigurableComponent) storageScheme;
|
LinkedList<String> errorMessages = new LinkedList<String>();
|
if (! cc.hasAcceptableConfiguration(configEntry, errorMessages))
|
{
|
if (errorMessages.isEmpty())
|
{
|
int msgID = MSGID_CONFIG_PWSCHEME_UNACCEPTABLE_CONFIG;
|
unacceptableReason.append(getMessage(msgID,
|
String.valueOf(configEntryDN)));
|
}
|
else
|
{
|
Iterator<String> iterator = errorMessages.iterator();
|
unacceptableReason.append(iterator.next());
|
while (iterator.hasNext())
|
{
|
unacceptableReason.append(" ");
|
unacceptableReason.append(iterator.next());
|
}
|
}
|
|
return false;
|
}
|
}
|
|
|
// See if this storage scheme should be enabled.
|
BooleanConfigAttribute enabledAttr;
|
try
|
{
|
BooleanConfigAttribute enabledStub =
|
new BooleanConfigAttribute(ATTR_PWSCHEME_ENABLED,
|
getMessage(MSGID_CONFIG_PWSCHEME_DESCRIPTION_ENABLED),
|
false);
|
enabledAttr = (BooleanConfigAttribute)
|
configEntry.getConfigAttribute(enabledStub);
|
|
if (enabledAttr == null)
|
{
|
int msgID = MSGID_CONFIG_PWSCHEME_NO_ENABLED_ATTR;
|
String message = getMessage(msgID, configEntry.getDN().toString());
|
unacceptableReason.append(message);
|
return false;
|
}
|
}
|
catch (Exception e)
|
{
|
if (debugEnabled())
|
{
|
debugCought(DebugLogLevel.ERROR, e);
|
}
|
|
int msgID = MSGID_CONFIG_PWSCHEME_INVALID_ENABLED_VALUE;
|
String message = getMessage(msgID, configEntry.getDN().toString(),
|
String.valueOf(e));
|
unacceptableReason.append(message);
|
return false;
|
}
|
|
|
// If we've gotten here then the storage scheme entry appears to be
|
// acceptable.
|
return true;
|
}
|
|
|
|
/**
|
* Attempts to apply a new configuration based on the provided added entry.
|
*
|
* @param configEntry The new configuration entry that contains the
|
* configuration to apply.
|
*
|
* @return Information about the result of processing the configuration
|
* change.
|
*/
|
public ConfigChangeResult applyConfigurationAdd(ConfigEntry configEntry)
|
{
|
DN configEntryDN = configEntry.getDN();
|
ResultCode resultCode = ResultCode.SUCCESS;
|
boolean adminActionRequired = false;
|
ArrayList<String> messages = new ArrayList<String>();
|
|
|
// Make sure that the entry has an appropriate objectclass for a password
|
// storage scheme.
|
if (! configEntry.hasObjectClass(OC_PASSWORD_STORAGE_SCHEME))
|
{
|
int msgID = MSGID_CONFIG_PWSCHEME_INVALID_OBJECTCLASS;
|
messages.add(getMessage(msgID, String.valueOf(configEntryDN)));
|
resultCode = ResultCode.UNWILLING_TO_PERFORM;
|
return new ConfigChangeResult(resultCode, adminActionRequired, messages);
|
}
|
|
|
// See if this storage scheme should be enabled or disabled.
|
BooleanConfigAttribute enabledAttr;
|
try
|
{
|
BooleanConfigAttribute enabledStub =
|
new BooleanConfigAttribute(ATTR_PWSCHEME_ENABLED,
|
getMessage(MSGID_CONFIG_PWSCHEME_DESCRIPTION_ENABLED),
|
false);
|
enabledAttr = (BooleanConfigAttribute)
|
configEntry.getConfigAttribute(enabledStub);
|
|
if (enabledAttr == null)
|
{
|
// The attribute doesn't exist, so it will be disabled by default.
|
int msgID = MSGID_CONFIG_PWSCHEME_NO_ENABLED_ATTR;
|
messages.add(getMessage(msgID, String.valueOf(configEntryDN)));
|
resultCode = ResultCode.SUCCESS;
|
return new ConfigChangeResult(resultCode, adminActionRequired,
|
messages);
|
}
|
else if (! enabledAttr.activeValue())
|
{
|
// It is explicitly configured as disabled, so we don't need to do
|
// anything.
|
return new ConfigChangeResult(resultCode, adminActionRequired,
|
messages);
|
}
|
}
|
catch (Exception e)
|
{
|
if (debugEnabled())
|
{
|
debugCought(DebugLogLevel.ERROR, e);
|
}
|
|
int msgID = MSGID_CONFIG_PWSCHEME_INVALID_ENABLED_VALUE;
|
messages.add(getMessage(msgID, String.valueOf(configEntryDN),
|
String.valueOf(e)));
|
resultCode = DirectoryServer.getServerErrorResultCode();
|
return new ConfigChangeResult(resultCode, adminActionRequired, messages);
|
}
|
|
|
// Make sure that the entry specifies the storage scheme class name.
|
String className;
|
try
|
{
|
StringConfigAttribute classStub =
|
new StringConfigAttribute(ATTR_PWSCHEME_CLASS,
|
getMessage(MSGID_CONFIG_PWSCHEME_DESCRIPTION_CLASS_NAME),
|
true, false, true);
|
StringConfigAttribute classNameAttr =
|
(StringConfigAttribute) configEntry.getConfigAttribute(classStub);
|
|
if (classNameAttr == null)
|
{
|
int msgID = MSGID_CONFIG_PWSCHEME_NO_CLASS_NAME;
|
messages.add(getMessage(msgID, String.valueOf(configEntryDN)));
|
resultCode = ResultCode.OBJECTCLASS_VIOLATION;
|
return new ConfigChangeResult(resultCode, adminActionRequired,
|
messages);
|
}
|
|
className = classNameAttr.pendingValue();
|
}
|
catch (Exception e)
|
{
|
if (debugEnabled())
|
{
|
debugCought(DebugLogLevel.ERROR, e);
|
}
|
|
int msgID = MSGID_CONFIG_PWSCHEME_INVALID_CLASS_NAME;
|
messages.add(getMessage(msgID, String.valueOf(configEntryDN),
|
String.valueOf(e)));
|
resultCode = DirectoryServer.getServerErrorResultCode();
|
return new ConfigChangeResult(resultCode, adminActionRequired, messages);
|
}
|
|
|
// Load and initialize the storage scheme class, and register it with the
|
// Directory Server.
|
PasswordStorageScheme storageScheme;
|
try
|
{
|
// FIXME -- Should this be done with a dynamic class loader?
|
Class schemeClass = Class.forName(className);
|
storageScheme = (PasswordStorageScheme) schemeClass.newInstance();
|
}
|
catch (Exception e)
|
{
|
if (debugEnabled())
|
{
|
debugCought(DebugLogLevel.ERROR, e);
|
}
|
|
int msgID = MSGID_CONFIG_PWSCHEME_INVALID_CLASS;
|
messages.add(getMessage(msgID, className, String.valueOf(configEntryDN),
|
String.valueOf(e)));
|
resultCode = DirectoryServer.getServerErrorResultCode();
|
return new ConfigChangeResult(resultCode, adminActionRequired, messages);
|
}
|
|
try
|
{
|
storageScheme.initializePasswordStorageScheme(configEntry);
|
}
|
catch (Exception e)
|
{
|
if (debugEnabled())
|
{
|
debugCought(DebugLogLevel.ERROR, e);
|
}
|
|
int msgID = MSGID_CONFIG_PWSCHEME_INITIALIZATION_FAILED;
|
messages.add(getMessage(msgID, className, String.valueOf(configEntryDN),
|
String.valueOf(e)));
|
resultCode = DirectoryServer.getServerErrorResultCode();
|
return new ConfigChangeResult(resultCode, adminActionRequired, messages);
|
}
|
|
|
storageSchemes.put(configEntryDN, storageScheme);
|
DirectoryServer.registerPasswordStorageScheme(storageScheme);
|
return new ConfigChangeResult(resultCode, adminActionRequired, messages);
|
}
|
|
|
|
/**
|
* Indicates whether it is acceptable to remove the provided configuration
|
* entry.
|
*
|
* @param configEntry The configuration entry that will be removed
|
* from the configuration.
|
* @param unacceptableReason A buffer to which this method can append a
|
* human-readable message explaining why the
|
* proposed delete is not acceptable.
|
*
|
* @return <CODE>true</CODE> if the proposed entry may be removed from the
|
* configuration, or <CODE>false</CODE> if not.
|
*/
|
public boolean configDeleteIsAcceptable(ConfigEntry configEntry,
|
StringBuilder unacceptableReason)
|
{
|
// A delete should always be acceptable, so just return true.
|
return true;
|
}
|
|
|
|
/**
|
* Attempts to apply a new configuration based on the provided deleted entry.
|
*
|
* @param configEntry The new configuration entry that has been deleted.
|
*
|
* @return Information about the result of processing the configuration
|
* change.
|
*/
|
public ConfigChangeResult applyConfigurationDelete(ConfigEntry configEntry)
|
{
|
DN configEntryDN = configEntry.getDN();
|
ResultCode resultCode = ResultCode.SUCCESS;
|
boolean adminActionRequired = false;
|
|
|
// See if the entry is registered as a password storage scheme. If so,
|
// deregister it and stop the storage scheme.
|
PasswordStorageScheme storageScheme = storageSchemes.remove(configEntryDN);
|
if (storageScheme != null)
|
{
|
String lowerName = toLowerCase(storageScheme.getStorageSchemeName());
|
DirectoryServer.deregisterPasswordStorageScheme(lowerName);
|
|
storageScheme.finalizePasswordStorageScheme();
|
}
|
|
|
return new ConfigChangeResult(resultCode, adminActionRequired);
|
}
|
}
|
