public static PasswordValidator validator(GenericPasswordPolicy policy, MessageResolver messageResolver) { List<Rule> rules = new ArrayList<>(); //length is always a rule. We do not allow blank password int minLength = Math.max(1, policy.getMinLength()); int maxLength = policy.getMaxLength()>0 ? policy.getMaxLength() : Integer.MAX_VALUE; rules.add(new LengthRule(minLength, maxLength)); if (policy.getRequireUpperCaseCharacter()>0) { rules.add(new CharacterRule(EnglishCharacterData.UpperCase, policy.getRequireUpperCaseCharacter())); } if (policy.getRequireLowerCaseCharacter()>0) { rules.add(new CharacterRule(EnglishCharacterData.LowerCase, policy.getRequireLowerCaseCharacter())); } if (policy.getRequireDigit()>0) { rules.add(new CharacterRule(EnglishCharacterData.Digit, policy.getRequireDigit())); } if (policy.getRequireSpecialCharacter() > 0) { rules.add(new CharacterRule(EnglishCharacterData.Special, policy.getRequireSpecialCharacter())); } return new PasswordValidator(messageResolver, rules); } }
public static PropertiesMessageResolver messageResolver(String messagesResourcePath) { final Properties props = new Properties(); InputStream in = null; try { in = PasswordValidatorUtil.class.getResourceAsStream( messagesResourcePath); props.load(in); return new PropertiesMessageResolver(props); } catch (Exception e) { throw new IllegalStateException( "Error loading default message properties.", e); } finally { try { if (in != null) { in.close(); } } catch (IOException e) { e.printStackTrace(); } } }
@Override public void validate(String clientSecret) throws InvalidClientSecretException { if(clientSecret == null) { throw new InvalidClientSecretException("Client Secret cannot be null."); } ClientSecretPolicy clientSecretPolicy = this.globalDefaultClientSecretPolicy; IdentityZone zone = IdentityZoneHolder.get(); if(zone.getConfig().getClientSecretPolicy().getMinLength() != -1) { clientSecretPolicy = zone.getConfig().getClientSecretPolicy(); } PasswordValidator clientSecretValidator = validator(clientSecretPolicy, messageResolver); RuleResult result = clientSecretValidator.validate(new PasswordData(clientSecret)); if (!result.isValid()) { List<String> errorMessages = new LinkedList<>(); for (String s : clientSecretValidator.getMessages(result)) { errorMessages.add(s); } if (!errorMessages.isEmpty()) { throw new InvalidClientSecretException(errorMessages); } } } }
/** * Checks whether the supplied passwordData has composition. (As suggested by NIST SP-800-63-1) * * @param passwordData to check for composition * * @return true if valid, false otherwise */ private static boolean hasComposition(final PasswordData passwordData) { return COMPOSITION_VALIDATOR.validate(passwordData).isValid(); } }
@Override public RuleResult validate(final PasswordData passwordData) { final String matchingChars = PasswordUtils.getMatchingCharacters( String.valueOf(characterData.getCharacters()), passwordData.getPassword(), numCharacters); if (matchingChars.length() < numCharacters) { return new RuleResult( false, new RuleResultDetail(characterData.getErrorCode(), createRuleResultDetailParameters(matchingChars)), createRuleResultMetadata(passwordData)); } return new RuleResult(true, createRuleResultMetadata(passwordData)); }
@Override public RuleResult validate(PasswordData passwordData) { final RuleResult result = super.validate(passwordData); if ( !result.isValid()) { result.getDetails().clear(); result.getDetails().add(new RuleResultDetail(ERROR_CODE_GOODSTRENGTH, createRuleResultDetailParameters())); } return result; }
/** * Creates the rule result metadata. * * @param password data used for metadata creation * * @return rule result metadata */ protected RuleResultMetadata createRuleResultMetadata(final PasswordData password) { return new RuleResultMetadata( RuleResultMetadata.CountCategory.Whitespace, PasswordUtils.countMatchingCharacters(String.valueOf(whitespaceCharacters), password.getPassword())); }
/** * Creates a new character characteristics rule. * * @param n number of characteristics to enforce, where n > 0 * @param l character rules to set */ public CharacterCharacteristicsRule(final int n, final List<CharacterRule> l) { setNumberOfCharacteristics(n); setRules(l); }
/** * Creates a new rule result. * * @param b result validity * @param rrm metadata associated by the rule with the password */ public RuleResult(final boolean b, final RuleResultMetadata rrm) { setValid(b); setMetadata(rrm); }
/** * Returns the characters that are considered valid for this rule. * * @return valid characters */ public String getValidCharacters() { return characterData.getCharacters(); }
/** * Returns the closed lower bound for this interval. * * @return closed lower bound */ private int getLowerBoundClosed() { return lowerBound.isClosed() ? lowerBound.value : lowerBound.value + 1; }
/** * Creates a new rule result metadata. * * @param category count category. * @param value count value. */ public RuleResultMetadata(final CountCategory category, final int value) { putCount(category, value); }
/** * Creates a new rule result. * * @param b result validity */ public RuleResult(final boolean b) { setValid(b); }
/** * Returns all the characters in the input string that are also in the characters array. * * @param characters that contains characters to match * @param input to search for matches * * @return matching characters or empty string */ public static String getMatchingCharacters(final String characters, final String input) { return getMatchingCharacters(characters, input, Integer.MAX_VALUE); }
/** * Creates a new dictionary substring rule. The dictionary should be ready to use when passed to this constructor. * * @param dict to use for searching */ public DictionarySubstringRule(final Dictionary dict) { setDictionary(dict); }
/** * Creates a new password data. The origin of this data is assumed to be {@link Origin#User} by default. * * @param p password */ public PasswordData(final String p) { setPassword(p); }
@Override public void validate(String password) throws InvalidPasswordException { if (password == null) { password = ""; } IdentityProvider<UaaIdentityProviderDefinition> idp = provisioning.retrieveByOrigin(OriginKeys.UAA, IdentityZoneHolder.get().getId()); if (idp==null) { //should never happen return; } PasswordPolicy policy = globalDefaultPolicy; UaaIdentityProviderDefinition idpDefinition = idp.getConfig(); if (idpDefinition != null && idpDefinition.getPasswordPolicy() != null) { policy = idpDefinition.getPasswordPolicy(); } org.passay.PasswordValidator validator = validator(policy, messageResolver); RuleResult result = validator.validate(new PasswordData(password)); if (!result.isValid()) { List<String> errorMessages = new LinkedList<>(); for (String s : validator.getMessages(result)) { errorMessages.add(s); } if (!errorMessages.isEmpty()) { throw new InvalidPasswordException(errorMessages); } } }
public org.passay.PasswordValidator getPasswordValidator(PasswordPolicy policy) { List<Rule> rules = new ArrayList<>(); //length is always a rule. We do not allow blank password int minLength = Math.max(1, policy.getMinLength()); int maxLength = policy.getMaxLength()>0 ? policy.getMaxLength() : Integer.MAX_VALUE; rules.add(new LengthRule(minLength, maxLength)); if (policy.getRequireUpperCaseCharacter()>0) { rules.add(new CharacterRule(EnglishCharacterData.UpperCase, policy.getRequireUpperCaseCharacter())); } if (policy.getRequireLowerCaseCharacter()>0) { rules.add(new CharacterRule(EnglishCharacterData.LowerCase, policy.getRequireLowerCaseCharacter())); } if (policy.getRequireDigit()>0) { rules.add(new CharacterRule(EnglishCharacterData.Digit, policy.getRequireDigit())); } if (policy.getRequireSpecialCharacter() > 0) { rules.add(new CharacterRule(EnglishCharacterData.Special, policy.getRequireSpecialCharacter())); } return new org.passay.PasswordValidator(rules); } }
/** * Creates the rule result metadata. * * @param password data used for metadata creation * * @return rule result metadata */ protected RuleResultMetadata createRuleResultMetadata(final PasswordData password) { return new RuleResultMetadata( RuleResultMetadata.CountCategory.Allowed, PasswordUtils.countMatchingCharacters(String.valueOf(allowedCharacters), password.getPassword())); }
/** * Creates the rule result metadata. * * @param password data used for metadata creation * * @return rule result metadata */ protected RuleResultMetadata createRuleResultMetadata(final PasswordData password) { return new RuleResultMetadata( RuleResultMetadata.CountCategory.Illegal, PasswordUtils.countMatchingCharacters(String.valueOf(illegalCharacters), password.getPassword())); }