/* (c) 2014 Open Source Geospatial Foundation - all rights reserved
* (c) 2001 - 2013 OpenPlans
* This code is licensed under the GPL 2.0 license, available at the root
* application directory.
*/
package org.geoserver.security.validation;
import java.io.IOException;
import java.util.Arrays;
import org.geoserver.security.GeoServerSecurityManager;
import org.geoserver.security.password.MasterPasswordChangeRequest;
import org.geoserver.security.password.PasswordValidator;
/**
* Validates a master password change request
*
* @author mcr
*
*/
public class MasterPasswordChangeValidator extends AbstractSecurityValidator{
public MasterPasswordChangeValidator(GeoServerSecurityManager securityManager) {
super(securityManager);
}
protected void checkCurrentPassword(MasterPasswordChangeRequest request)
throws MasterPasswordChangeException {
if (isNotEmpty(request.getCurrentPassword())==false) {
throw createSecurityException(MasterPasswordChangeException.CURRENT_PASSWORD_REQUIRED);
}
try {
if(!manager.getKeyStoreProvider().isKeyStorePassword(request.getCurrentPassword())) {
throw createSecurityException(MasterPasswordChangeException.CURRENT_PASSWORD_ERROR);
}
} catch (IOException ex) {
throw new RuntimeException(ex);
}
}
protected void checkConfirmationPassword(MasterPasswordChangeRequest request)
throws MasterPasswordChangeException {
if (isNotEmpty(request.getConfirmPassword())==false) {
throw createSecurityException(MasterPasswordChangeException.CONFIRMATION_PASSWORD_REQUIRED);
}
}
protected void checkNewPassword(MasterPasswordChangeRequest request)
throws MasterPasswordChangeException {
if (isNotEmpty(request.getNewPassword())==false) {
throw createSecurityException(MasterPasswordChangeException.NEW_PASSWORD_REQUIRED);
}
}
protected void checkNewEqualsConfirmation(char[] newPassword, char[] confirmationPassword)
throws MasterPasswordChangeException{
if (!Arrays.equals(newPassword, confirmationPassword)) {
throw createSecurityException(MasterPasswordChangeException.PASSWORD_AND_CONFIRMATION_NOT_EQUAL);
}
}
protected void checkNewEqualsCurrent(char[] newPassword, char[] currentPassword)
throws MasterPasswordChangeException{
if (Arrays.equals(newPassword, currentPassword)) {
throw createSecurityException(MasterPasswordChangeException.NEW_EQUALS_CURRENT);
}
}
/**
* Checks the {@link MasterPasswordChangeRequest} object
*
* @param request
* @throws MasterPasswordChangeException
* @throws PasswordPolicyException
*/
public void validateChangeRequest(MasterPasswordChangeRequest request) throws MasterPasswordChangeException, PasswordPolicyException{
checkCurrentPassword(request);
checkConfirmationPassword(request);
checkNewPassword(request);
checkNewEqualsConfirmation(request.getNewPassword(), request.getConfirmPassword());
validatePasswordAgainstPolicy(request.getNewPassword());
checkNewEqualsCurrent(request.getNewPassword(), request.getCurrentPassword());
}
/**
* Helper method for creating a proper
* {@link MasterPasswordChangeException} object
*/
protected MasterPasswordChangeException createSecurityException (String errorid, Object ...args) {
return new MasterPasswordChangeException(errorid,args);
}
protected void validatePasswordAgainstPolicy(char[] password) throws PasswordPolicyException{
PasswordValidator val=null;
try {
val = manager.loadPasswordValidator(PasswordValidatorImpl.MASTERPASSWORD_NAME);
val.validatePassword(password);
} catch (IOException e) {
throw new RuntimeException(e);
}
}
}