external-software/github_OpenIdentityPlatform_OpenDJ.git

Update the password policy code so that the sum of the minimum password age...

neil_a_wilson

31.31.2007 b990db627254175637ba86dfc09c94319eaa5325

 opendj-sdk/opends/src/server/org/opends/server/core/PasswordPolicy.java

@@ -844,6 +844,30 @@
      String message = getMessage(msgID, String.valueOf(configEntryDN));
      throw new ConfigException(msgID, message);
    }

    // If both a maximum password age and a warning interval are provided, then
    // ensure that the warning interval is less than the maximum age.  Further,
    // if a minimum age is specified, then the sum of the minimum age and the
    // warning interval should be less than the maximum age.
    if (maximumPasswordAge > 0)
    {
      int warnInterval = Math.max(0, warningInterval);
      if (minimumPasswordAge > 0)
      {
        if ((warnInterval + minimumPasswordAge) >= maximumPasswordAge)
        {
          msgID = MSGID_PWPOLICY_MIN_AGE_PLUS_WARNING_GREATER_THAN_MAX_AGE;
          String message = getMessage(msgID, String.valueOf(configEntryDN));
          throw new ConfigException(msgID, message);
        }
      }
      else if (warnInterval >= maximumPasswordAge)
      {
        msgID = MSGID_PWPOLICY_WARNING_INTERVAL_LARGER_THAN_MAX_AGE;
        String message = getMessage(msgID, String.valueOf(configEntryDN));
        throw new ConfigException(msgID, message);
      }
    }
  }



 opendj-sdk/opends/src/server/org/opends/server/messages/CoreMessages.java

@@ -6329,6 +6329,29 @@


  /**
   * The message ID for the message that will be used if the maximum password
   * age is enabled, but the warning interval is longer than the maximum age.
   * This takes a single argument, which is the DN of the password policy
   * configuration entry.
   */
  public static final int MSGID_PWPOLICY_WARNING_INTERVAL_LARGER_THAN_MAX_AGE =
       CATEGORY_MASK_CORE | SEVERITY_MASK_SEVERE_ERROR | 633;



  /**
   * The message ID for the message that will be used if the maximum password
   * age is enabled, but the sum of the warning interval and the minimum age is
   * greater than the maximum age.  This takes a single argument, which is the
   * DN of the password policy configuration entry.
   */
  public static final int
       MSGID_PWPOLICY_MIN_AGE_PLUS_WARNING_GREATER_THAN_MAX_AGE =
            CATEGORY_MASK_CORE | SEVERITY_MASK_SEVERE_ERROR | 634;



  /**
   * Associates a set of generic messages with the message IDs defined
   * in this class.
   */
@@ -7897,6 +7920,18 @@
                    "contain any values for attribute " +
                    ATTR_PWPOLICY_DEFAULT_SCHEME + ", which specifies " +
                    "the set of default password storage schemes");
    registerMessage(MSGID_PWPOLICY_WARNING_INTERVAL_LARGER_THAN_MAX_AGE,
                    "The password policy configuration entry \"%s\" is " +
                    "invalid because if a maximum password age is " +
                    "configured, then the password expiration warning " +
                    "interval must be shorter than the maximum password age");
    registerMessage(MSGID_PWPOLICY_MIN_AGE_PLUS_WARNING_GREATER_THAN_MAX_AGE,
                    "The password policy configuration entry \"%s\" is " +
                    "invalid because if both a minimum password age and a " +
                    "maximum password age are configured, then the sum of " +
                    "the minimum password age and the password expiration " +
                    "warning interval must be shorter than the maximum " +
                    "password age");
    registerMessage(MSGID_PWPOLICY_DESCRIPTION_PW_ATTR,
                    "Specifies the attribute type used to hold user " +
                    "passwords.  This attribute type must be defined in the " +

 opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/core/PasswordPolicyTestCase.java

@@ -5111,6 +5111,79 @@


  /**
   * Tests to ensure that the server will reject an attempt to set the password
   * expiration warning interval to a value larger than the maximum password
   * age.
   *
   * @throws  Exception  If an unexpected problem occurs.
   */
  @Test()
  public void testWarningIntervalGreaterThanMaxAge()
         throws Exception
  {
    String path = TestCaseUtils.createTempFile(
      "dn: cn=Default Password Policy,cn=Password Policies,cn=config",
      "changetype: modify",
      "replace: ds-cfg-maximum-password-age",
      "ds-cfg-maximum-password-age: 5 days",
      "-",
      "replace: ds-cfg-password-expiration-warning-interval",
      "ds-cfg-password-expiration-warning-interval: 10 days");

    String[] args =
    {
      "-h", "127.0.0.1",
      "-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
      "-D", "cn=Directory Manager",
      "-w", "password",
      "-f", path
    };

    assertFalse(LDAPModify.mainModify(args, false, System.out, System.err) ==
                0);
  }



  /**
   * Tests to ensure that the server will reject an attempt to set the sum of
   * the password expiration warning interval and the minimum password age to a
   * value larger than the maximum password age.
   *
   * @throws  Exception  If an unexpected problem occurs.
   */
  @Test()
  public void testMinAgePlusWarningIntervalGreaterThanMaxAge()
         throws Exception
  {
    String path = TestCaseUtils.createTempFile(
      "dn: cn=Default Password Policy,cn=Password Policies,cn=config",
      "changetype: modify",
      "replace: ds-cfg-maximum-password-age",
      "ds-cfg-maximum-password-age: 5 days",
      "-",
      "replace: ds-cfg-minimum-password-age",
      "ds-cfg-minimum-password-age: 3 days",
      "-",
      "replace: ds-cfg-password-expiration-warning-interval",
      "ds-cfg-password-expiration-warning-interval: 3 days");

    String[] args =
    {
      "-h", "127.0.0.1",
      "-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
      "-D", "cn=Directory Manager",
      "-w", "password",
      "-f", path
    };

    assertFalse(LDAPModify.mainModify(args, false, System.out, System.err) ==
                0);
  }



  /**
   * Tests the <CODE>toString</CODE> methods with the default password policy.
   */
  @Test()

			@@ -844,6 +844,30 @@
			String message = getMessage(msgID, String.valueOf(configEntryDN));
			throw new ConfigException(msgID, message);
			}

			// If both a maximum password age and a warning interval are provided, then
			// ensure that the warning interval is less than the maximum age. Further,
			// if a minimum age is specified, then the sum of the minimum age and the
			// warning interval should be less than the maximum age.
			if (maximumPasswordAge > 0)
			{
			int warnInterval = Math.max(0, warningInterval);
			if (minimumPasswordAge > 0)
			{
			if ((warnInterval + minimumPasswordAge) >= maximumPasswordAge)
			{
			msgID = MSGID_PWPOLICY_MIN_AGE_PLUS_WARNING_GREATER_THAN_MAX_AGE;
			String message = getMessage(msgID, String.valueOf(configEntryDN));
			throw new ConfigException(msgID, message);
			}
			}
			else if (warnInterval >= maximumPasswordAge)
			{
			msgID = MSGID_PWPOLICY_WARNING_INTERVAL_LARGER_THAN_MAX_AGE;
			String message = getMessage(msgID, String.valueOf(configEntryDN));
			throw new ConfigException(msgID, message);
			}
			}
			}

			@@ -6329,6 +6329,29 @@


			/**
			* The message ID for the message that will be used if the maximum password
			* age is enabled, but the warning interval is longer than the maximum age.
			* This takes a single argument, which is the DN of the password policy
			* configuration entry.
			*/
			public static final int MSGID_PWPOLICY_WARNING_INTERVAL_LARGER_THAN_MAX_AGE =
			CATEGORY_MASK_CORE \| SEVERITY_MASK_SEVERE_ERROR \| 633;



			/**
			* The message ID for the message that will be used if the maximum password
			* age is enabled, but the sum of the warning interval and the minimum age is
			* greater than the maximum age. This takes a single argument, which is the
			* DN of the password policy configuration entry.
			*/
			public static final int
			MSGID_PWPOLICY_MIN_AGE_PLUS_WARNING_GREATER_THAN_MAX_AGE =
			CATEGORY_MASK_CORE \| SEVERITY_MASK_SEVERE_ERROR \| 634;



			/**
			* Associates a set of generic messages with the message IDs defined
			* in this class.
			*/
			@@ -7897,6 +7920,18 @@
			"contain any values for attribute " +
			ATTR_PWPOLICY_DEFAULT_SCHEME + ", which specifies " +
			"the set of default password storage schemes");
			registerMessage(MSGID_PWPOLICY_WARNING_INTERVAL_LARGER_THAN_MAX_AGE,
			"The password policy configuration entry \"%s\" is " +
			"invalid because if a maximum password age is " +
			"configured, then the password expiration warning " +
			"interval must be shorter than the maximum password age");
			registerMessage(MSGID_PWPOLICY_MIN_AGE_PLUS_WARNING_GREATER_THAN_MAX_AGE,
			"The password policy configuration entry \"%s\" is " +
			"invalid because if both a minimum password age and a " +
			"maximum password age are configured, then the sum of " +
			"the minimum password age and the password expiration " +
			"warning interval must be shorter than the maximum " +
			"password age");
			registerMessage(MSGID_PWPOLICY_DESCRIPTION_PW_ATTR,
			"Specifies the attribute type used to hold user " +
			"passwords. This attribute type must be defined in the " +

			@@ -5111,6 +5111,79 @@


			/**
			* Tests to ensure that the server will reject an attempt to set the password
			* expiration warning interval to a value larger than the maximum password
			* age.
			*
			* @throws Exception If an unexpected problem occurs.
			*/
			@Test()
			public void testWarningIntervalGreaterThanMaxAge()
			throws Exception
			{
			String path = TestCaseUtils.createTempFile(
			"dn: cn=Default Password Policy,cn=Password Policies,cn=config",
			"changetype: modify",
			"replace: ds-cfg-maximum-password-age",
			"ds-cfg-maximum-password-age: 5 days",
			"-",
			"replace: ds-cfg-password-expiration-warning-interval",
			"ds-cfg-password-expiration-warning-interval: 10 days");

			String[] args =
			{
			"-h", "127.0.0.1",
			"-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
			"-D", "cn=Directory Manager",
			"-w", "password",
			"-f", path
			};

			assertFalse(LDAPModify.mainModify(args, false, System.out, System.err) ==
			0);
			}



			/**
			* Tests to ensure that the server will reject an attempt to set the sum of
			* the password expiration warning interval and the minimum password age to a
			* value larger than the maximum password age.
			*
			* @throws Exception If an unexpected problem occurs.
			*/
			@Test()
			public void testMinAgePlusWarningIntervalGreaterThanMaxAge()
			throws Exception
			{
			String path = TestCaseUtils.createTempFile(
			"dn: cn=Default Password Policy,cn=Password Policies,cn=config",
			"changetype: modify",
			"replace: ds-cfg-maximum-password-age",
			"ds-cfg-maximum-password-age: 5 days",
			"-",
			"replace: ds-cfg-minimum-password-age",
			"ds-cfg-minimum-password-age: 3 days",
			"-",
			"replace: ds-cfg-password-expiration-warning-interval",
			"ds-cfg-password-expiration-warning-interval: 3 days");

			String[] args =
			{
			"-h", "127.0.0.1",
			"-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
			"-D", "cn=Directory Manager",
			"-w", "password",
			"-f", path
			};

			assertFalse(LDAPModify.mainModify(args, false, System.out, System.err) ==
			0);
			}



			/**
			* Tests the <CODE>toString</CODE> methods with the default password policy.
			*/
			@Test()