directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1183592 - in /directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn: AuthenticationInterceptor.java PasswordHistory.java PasswordUtil.java
Date Sat, 15 Oct 2011 07:43:27 GMT
Author: elecharny
Date: Sat Oct 15 07:43:27 2011
New Revision: 1183592

URL: http://svn.apache.org/viewvc?rev=1183592&view=rev
Log:
Applied Kiran's changes

Modified:
    directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
    directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/PasswordHistory.java
    directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java

Modified: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java?rev=1183592&r1=1183591&r2=1183592&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
(original)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
Sat Oct 15 07:43:27 2011
@@ -608,12 +608,13 @@ public class AuthenticationInterceptor e
             if ( histSize > 0 )
             {
                 Attribute pwdHistoryAt = entry.get( PWD_HISTORY_AT );
+                
                 if ( pwdHistoryAt == null )
                 {
-                	pwdHistoryAt = new DefaultAttribute( AT_PWD_HISTORY );
+                    pwdHistoryAt = new DefaultAttribute( AT_PWD_HISTORY );
                 }
                 
-                Set<PasswordHistory> pwdHistSet = new TreeSet<PasswordHistory>();
+                List<PasswordHistory> pwdHistLst = new ArrayList<PasswordHistory>();
 
                 for ( Value<?> value : pwdHistoryAt  )
                 {
@@ -635,22 +636,26 @@ public class AuthenticationInterceptor e
                             "invalid reuse of password present in password history" );
                     }
 
-                    pwdHistSet.add( pwdh );
+                    pwdHistLst.add( pwdh );
                 }
 
+                if ( pwdHistLst.size() >= histSize )
+                {
+                    // see the javadoc of PasswordHistory
+                    Collections.sort( pwdHistLst );
+                   
+                    // remove the oldest value
+                    PasswordHistory remPwdHist = ( PasswordHistory ) pwdHistLst.toArray()[histSize
- 1];
+                    Attribute tempAt = new DefaultAttribute( AT_PWD_HISTORY );
+                    tempAt.add( remPwdHist.getHistoryValue() );
+                    pwdRemHistMod = new DefaultModification( REMOVE_ATTRIBUTE, tempAt );
+                }
+                
+                pwdHistoryAt.clear();
                 PasswordHistory newPwdHist = new PasswordHistory( pwdChangedTime, newPassword
);
-                pwdHistSet.add( newPwdHist );
-
                 pwdHistoryAt.clear();
                 pwdHistoryAt.add( newPwdHist.getHistoryValue() );
                 pwdAddHistMod = new DefaultModification( ADD_ATTRIBUTE, pwdHistoryAt );
-
-                if ( pwdHistSet.size() > histSize )
-                {
-                    PasswordHistory remPwdHist = ( PasswordHistory ) pwdHistSet.toArray()[histSize
- 1];
-                    pwdHistoryAt.add( remPwdHist.getHistoryValue() );
-                    pwdRemHistMod = new DefaultModification( REMOVE_ATTRIBUTE, pwdHistoryAt
);
-                }
             }
 
             next.modify( modifyContext );
@@ -1057,22 +1062,28 @@ public class AuthenticationInterceptor e
             if ( ( policyConfig.getPwdMaxAge() > 0 ) && ( policyConfig.getPwdGraceAuthNLimit()
> 0 ) )
             {
                 Attribute pwdChangeTimeAttr = userEntry.get( PWD_CHANGED_TIME_AT );
+                
                 if ( pwdChangeTimeAttr != null )
                 {
                     boolean expired = PasswordUtil.isPwdExpired( pwdChangeTimeAttr.getString(),
                         policyConfig.getPwdMaxAge() );
+                    
                     if ( expired )
                     {
                         Attribute pwdGraceUseAttr = userEntry.get( PWD_GRACE_USE_TIME_AT
);
+                        int numGraceAuth = 0;
+                        
                         if ( pwdGraceUseAttr != null )
                         {
-                            pwdRespCtrl.getResponse().setGraceAuthNsRemaining( policyConfig.getPwdGraceAuthNLimit()
-                                - ( pwdGraceUseAttr.size() + 1 ) );
+                            numGraceAuth = policyConfig.getPwdGraceAuthNLimit() - ( pwdGraceUseAttr.size()
+ 1 );
                         }
                         else
                         {
                             pwdGraceUseAttr = new DefaultAttribute( AT_PWD_GRACE_USE_TIME
);
+                            numGraceAuth = policyConfig.getPwdGraceAuthNLimit() - 1;
                         }
+                        
+                        pwdRespCtrl.getResponse().setGraceAuthNsRemaining( numGraceAuth );
 
                         pwdGraceUseAttr.add( DateUtils.getGeneralizedTime() );
                         Modification pwdGraceUseMod = new DefaultModification( ADD_ATTRIBUTE,
pwdGraceUseAttr );
@@ -1094,6 +1105,7 @@ public class AuthenticationInterceptor e
             if ( isPPolicyReqCtrlPresent )
             {
                 int expiryWarnTime = getPwdTimeBeforeExpiry( userEntry, policyConfig );
+                
                 if ( expiryWarnTime > 0 )
                 {
                     pwdRespCtrl.getResponse().setTimeBeforeExpiration( expiryWarnTime );
@@ -1233,8 +1245,9 @@ public class AuthenticationInterceptor e
             return 0;
         }
 
-        Attribute pwdExpireWarningAt = userEntry.get( PWD_EXPIRE_WARNING_AT );
-        if ( pwdExpireWarningAt == null )
+        int warningAge = policyConfig.getPwdExpireWarning();
+        
+        if ( warningAge <= 0 )
         {
             return 0;
         }
@@ -1242,15 +1255,16 @@ public class AuthenticationInterceptor e
         Attribute pwdChangedTimeAt = userEntry.get( PWD_CHANGED_TIME_AT );
         long changedTime = DateUtils.getDate(pwdChangedTimeAt.getString()).getTime();
 
-        int pwdAge = ( int ) ( System.currentTimeMillis() - changedTime ) / 1000;
-
+        long currentTime = DateUtils.getDate( DateUtils.getGeneralizedTime() ).getTime();
+        int pwdAge = ( int ) ( currentTime - changedTime ) / 1000;
+        
         if ( pwdAge > policyConfig.getPwdMaxAge() )
         {
             return 0;
         }
 
-        int warningAge = ( int ) ( DateUtils.getDate( pwdExpireWarningAt.getString() ).getTime()
) / 1000;
-
+        warningAge = policyConfig.getPwdMaxAge() - warningAge;
+        
         if ( pwdAge >= warningAge )
         {
             return policyConfig.getPwdMaxAge() - pwdAge;
@@ -1275,15 +1289,18 @@ public class AuthenticationInterceptor e
         }
 
         Attribute pwdChangedTimeAt = userEntry.get( PWD_CHANGED_TIME_AT );
+        
         if ( pwdChangedTimeAt != null )
         {
-        	long changedTime = DateUtils.getDate( pwdChangedTimeAt.getString() ).getTime();
-        	changedTime += policyConfig.getPwdMinAge() * 1000;
-        	
-        	if ( changedTime > System.currentTimeMillis() )
-        	{
-        		return true;
-        	}
+            long changedTime = DateUtils.getDate( pwdChangedTimeAt.getString() ).getTime();
+            changedTime += policyConfig.getPwdMinAge() * 1000;
+        
+            long currentTime = DateUtils.getDate( DateUtils.getGeneralizedTime() ).getTime();
+            
+            if ( changedTime > currentTime )
+            {
+                return true;
+            }
         }
 
         return false;

Modified: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/PasswordHistory.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/PasswordHistory.java?rev=1183592&r1=1183591&r2=1183592&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/PasswordHistory.java
(original)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/PasswordHistory.java
Sat Oct 15 07:43:27 2011
@@ -23,12 +23,14 @@ package org.apache.directory.server.core
 
 import org.apache.directory.shared.ldap.model.constants.SchemaConstants;
 import org.apache.directory.shared.util.Base64;
-import org.apache.directory.shared.util.DateUtils;
 import org.apache.directory.shared.util.Strings;
 
 
 /**
  * A class to hold the data of historical passwords of a entry.
+ * Note: This class's natural ordering is inconsistent with the equals() method
+ *       hence it is advised not to use this in any implementations of sorted sets
+ *       Instead use Collections.sort() to sort the collection of PasswordHistory objects.
  *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$, $Date$
@@ -131,7 +133,8 @@ public class PasswordHistory implements 
 
         PasswordHistory other = ( PasswordHistory ) o;
 
-        return this.getTime().equals( other.getTime() );
+        return this.getTime().equals( other.getTime() ) &&
+               this.data.equals( other.data );
     }
 
 
@@ -154,11 +157,4 @@ public class PasswordHistory implements 
         return "PasswordHistory [time=" + time + ", syntaxOID=" + syntaxOID + ", length="
+ length + ", data=" + data
             + "]";
     }
-    
-    public static void main( String[] args )
-    {
-        byte[] pwdhBytes = new PasswordHistory( DateUtils.getGeneralizedTime(), "secret".getBytes()
).getHistoryValue();
-        PasswordHistory pwdHistory = new PasswordHistory( Strings.utf8ToString(pwdhBytes)
);
-        System.out.println( pwdHistory );
-    }
 }

Modified: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java?rev=1183592&r1=1183591&r2=1183592&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java
(original)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java
Sat Oct 15 07:43:27 2011
@@ -498,12 +498,12 @@ public class PasswordUtil
         long time = pwdMaxAgeSec * 1000;
         time += pwdChangeDate.getTime();
 
-        Date expiryDate = new Date( time );
-        Date now = new Date();
+        Date expiryDate = DateUtils.getDate( DateUtils.getGeneralizedTime( time ) );
+        Date now = DateUtils.getDate( DateUtils.getGeneralizedTime() );
 
         boolean expired = false;
 
-        if ( expiryDate.equals( now ) || expiryDate.after( now ) )
+        if ( expiryDate.equals( now ) || expiryDate.before( now ) )
         {
             expired = true;
         }
@@ -527,7 +527,7 @@ public class PasswordUtil
 
         interval *= 1000;
 
-        long currentTime = System.currentTimeMillis();
+        long currentTime = DateUtils.getDate( DateUtils.getGeneralizedTime() ).getTime();
         List<Value<?>> valList = new ArrayList<Value<?>>();
 
         for ( Value<?> value : pwdFailTimeAt )



Mime
View raw message