public static PwmPasswordPolicy readPasswordPolicyForUser(
final PwmApplication pwmApplication,
final SessionLabel pwmSession,
final UserIdentity userIdentity,
final ChaiUser theUser,
final Locale locale)
throws PwmUnrecoverableException {
final long startTime = System.currentTimeMillis();
final PasswordPolicySource ppSource =
PasswordPolicySource.valueOf(
pwmApplication.getConfig().readSettingAsString(PwmSetting.PASSWORD_POLICY_SOURCE));
final PwmPasswordPolicy returnPolicy;
switch (ppSource) {
case MERGE:
final PwmPasswordPolicy pwmPolicy =
determineConfiguredPolicyProfileForUser(
pwmApplication, pwmSession, userIdentity, locale);
final PwmPasswordPolicy userPolicy = readLdapPasswordPolicy(pwmApplication, theUser);
LOGGER.trace(
pwmSession,
"read user policy for '"
+ theUser.getEntryDN()
+ "', policy: "
+ userPolicy.toString());
returnPolicy = pwmPolicy.merge(userPolicy);
LOGGER.debug(
pwmSession,
"merged user password policy of '"
+ theUser.getEntryDN()
+ "' with PWM configured policy: "
+ returnPolicy.toString());
break;
case LDAP:
returnPolicy = readLdapPasswordPolicy(pwmApplication, theUser);
LOGGER.debug(
pwmSession,
"discovered assigned password policy for "
+ theUser.getEntryDN()
+ " "
+ returnPolicy.toString());
break;
case PWM:
returnPolicy =
determineConfiguredPolicyProfileForUser(
pwmApplication, pwmSession, userIdentity, locale);
break;
default:
throw new IllegalStateException("unknown policy source defined: " + ppSource.name());
}
LOGGER.trace(
pwmSession,
"readPasswordPolicyForUser completed in "
+ TimeDuration.fromCurrent(startTime).asCompactString());
return returnPolicy;
}
public static PwmPasswordPolicy readLdapPasswordPolicy(
final PwmApplication pwmApplication, final ChaiUser theUser)
throws PwmUnrecoverableException {
try {
final Map<String, String> ruleMap = new HashMap<>();
final ChaiPasswordPolicy chaiPolicy;
try {
chaiPolicy = theUser.getPasswordPolicy();
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
}
if (chaiPolicy != null) {
for (final String key : chaiPolicy.getKeys()) {
ruleMap.put(key, chaiPolicy.getValue(key));
}
if (!"read"
.equals(
pwmApplication
.getConfig()
.readSettingAsString(PwmSetting.PASSWORD_POLICY_CASE_SENSITIVITY))) {
ruleMap.put(
PwmPasswordRule.CaseSensitive.getKey(),
pwmApplication
.getConfig()
.readSettingAsString(PwmSetting.PASSWORD_POLICY_CASE_SENSITIVITY));
}
return PwmPasswordPolicy.createPwmPasswordPolicy(ruleMap, chaiPolicy);
}
} catch (ChaiOperationException e) {
LOGGER.warn(
"error reading password policy for user "
+ theUser.getEntryDN()
+ ", error: "
+ e.getMessage());
}
return PwmPasswordPolicy.defaultPolicy();
}
protected static PwmPasswordPolicy determineConfiguredPolicyProfileForUser(
final PwmApplication pwmApplication,
final SessionLabel pwmSession,
final UserIdentity userIdentity,
final Locale locale)
throws PwmUnrecoverableException {
final List<String> profiles = pwmApplication.getConfig().getPasswordProfileIDs();
if (profiles.isEmpty()) {
throw new PwmUnrecoverableException(
new ErrorInformation(
PwmError.ERROR_NO_PROFILE_ASSIGNED, "no password profiles are configured"));
}
for (final String profile : profiles) {
final PwmPasswordPolicy loopPolicy =
pwmApplication.getConfig().getPasswordPolicy(profile, locale);
final List<UserPermission> userPermissions = loopPolicy.getUserPermissions();
LOGGER.debug(pwmSession, "testing password policy profile '" + profile + "'");
try {
boolean match =
LdapPermissionTester.testUserPermissions(
pwmApplication, pwmSession, userIdentity, userPermissions);
if (match) {
return loopPolicy;
}
} catch (PwmUnrecoverableException e) {
LOGGER.error(
pwmSession,
"unexpected error while testing password policy profile '"
+ profile
+ "', error: "
+ e.getMessage());
}
}
throw new PwmUnrecoverableException(
new ErrorInformation(
PwmError.ERROR_NO_PROFILE_ASSIGNED, "no challenge profile is configured"));
}
@Override
void doCommand() throws Exception {
final PwmApplication pwmApplication = cliEnvironment.getPwmApplication();
final File inputFile =
(File)
cliEnvironment.getOptions().get(CliParameters.REQUIRED_EXISTING_INPUT_FILE.getName());
final BufferedReader reader =
new BufferedReader(
new InputStreamReader(
new FileInputStream(inputFile), PwmConstants.DEFAULT_CHARSET.toString()));
out("importing stored responses from " + inputFile.getAbsolutePath() + "....");
int counter = 0;
String line;
final long startTime = System.currentTimeMillis();
while ((line = reader.readLine()) != null) {
counter++;
final RestChallengesServer.JsonChallengesData inputData;
inputData = JsonUtil.deserialize(line, RestChallengesServer.JsonChallengesData.class);
final UserIdentity userIdentity = UserIdentity.fromDelimitedKey(inputData.username);
final ChaiUser user = pwmApplication.getProxiedChaiUser(userIdentity);
if (user.isValid()) {
out("writing responses to user '" + user.getEntryDN() + "'");
try {
final ChallengeProfile challengeProfile =
pwmApplication
.getCrService()
.readUserChallengeProfile(
null,
userIdentity,
user,
PwmPasswordPolicy.defaultPolicy(),
PwmConstants.DEFAULT_LOCALE);
final ChallengeSet challengeSet = challengeProfile.getChallengeSet();
final String userGuid =
LdapOperationsHelper.readLdapGuidValue(pwmApplication, null, userIdentity, false);
final ResponseInfoBean responseInfoBean =
inputData.toResponseInfoBean(
PwmConstants.DEFAULT_LOCALE, challengeSet.getIdentifier());
pwmApplication.getCrService().writeResponses(user, userGuid, responseInfoBean);
} catch (Exception e) {
out(
"error writing responses to user '"
+ user.getEntryDN()
+ "', error: "
+ e.getMessage());
return;
}
} else {
out("user '" + user.getEntryDN() + "' is not a valid userDN");
return;
}
}
out(
"output complete, "
+ counter
+ " responses imported in "
+ TimeDuration.fromCurrent(startTime).asCompactString());
}