unit tests coverage

Coverage report

%line %branch

org.apache.jetspeed.security.spi.impl.DefaultCredentialHandler
0%

0%

1
/*

2
* Licensed to the Apache Software Foundation (ASF) under one or more

3
* contributor license agreements. See the NOTICE file distributed with

4
* this work for additional information regarding copyright ownership.

5
* The ASF licenses this file to You under the Apache License, Version 2.0

6
* (the "License"); you may not use this file except in compliance with

7
* the License. You may obtain a copy of the License at

8
*

9
* http://www.apache.org/licenses/LICENSE-2.0

10
*

11
* Unless required by applicable law or agreed to in writing, software

12
* distributed under the License is distributed on an "AS IS" BASIS,

13
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

14
* See the License for the specific language governing permissions and

15
* limitations under the License.

16
*/

17
package org.apache.jetspeed.security.spi.impl;

18

19
import java.sql.Timestamp;

20
import java.util.ArrayList;

21
import java.util.Collection;

22
import java.util.Date;

23
import java.util.HashSet;

24
import java.util.Iterator;

25
import java.util.Set;

26

27
import org.apache.commons.logging.Log;

28
import org.apache.commons.logging.LogFactory;

29
import org.apache.jetspeed.security.AlgorithmUpgradePasswordEncodingService;

30
import org.apache.jetspeed.security.InvalidNewPasswordException;

31
import org.apache.jetspeed.security.InvalidPasswordException;

32
import org.apache.jetspeed.security.PasswordAlreadyUsedException;

33
import org.apache.jetspeed.security.SecurityException;

34
import org.apache.jetspeed.security.om.InternalCredential;

35
import org.apache.jetspeed.security.om.InternalUserPrincipal;

36
import org.apache.jetspeed.security.om.impl.InternalCredentialImpl;

37
import org.apache.jetspeed.security.spi.CredentialHandler;

38
import org.apache.jetspeed.security.spi.AlgorithmUpgradeCredentialPasswordEncoder;

39
import org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor;

40
import org.apache.jetspeed.security.spi.PasswordCredentialProvider;

41
import org.apache.jetspeed.security.spi.SecurityAccess;

42

43
/**

44
* @see org.apache.jetspeed.security.spi.CredentialHandler

45
* @author <a href="mailto:dlestrat@apache.org">David Le Strat </a>

46
*/

47
public class DefaultCredentialHandler implements CredentialHandler

48
{

49 0
private static final Log log = LogFactory.getLog(DefaultCredentialHandler.class);

50

51
private SecurityAccess securityAccess;

52

53
private PasswordCredentialProvider pcProvider;

54

55
private InternalPasswordCredentialInterceptor ipcInterceptor;

56

57
public DefaultCredentialHandler(SecurityAccess securityAccess, PasswordCredentialProvider pcProvider,

58
InternalPasswordCredentialInterceptor ipcInterceptor)

59 0
{

60 0
this.securityAccess = securityAccess;

61 0
this.pcProvider = pcProvider;

62 0
this.ipcInterceptor = ipcInterceptor;

63 0
}

64

65
/**

66
* @see org.apache.jetspeed.security.spi.CredentialHandler#getPrivateCredentials(java.lang.String)

67
*/

68
public Set getPrivateCredentials(String username)

69
{

70 0
Set credentials = new HashSet();

71 0
InternalUserPrincipal internalUser = securityAccess.getInternalUserPrincipal(username, false);

72 0
if (null != internalUser)

73
{

74 0
InternalCredential credential = getPasswordCredential(internalUser, username );

75 0
if ( credential != null )

76
{

77
try

78
{

79 0
credentials.add(pcProvider.create(username,credential));

80
}

81 0
catch (SecurityException e)

82
{

83 0
if ( log.isErrorEnabled() )

84 0
log.error("Failure creating a PasswordCredential for InternalCredential "+credential, e);

85 0
}

86
}

87
}

88 0
return credentials;

89
}

90

91
/**

92
* @see org.apache.jetspeed.security.spi.CredentialHandler#getPublicCredentials(java.lang.String)

93
*/

94
public Set getPublicCredentials(String username)

95
{

96 0
return new HashSet();

97
}

98

99
private InternalCredential getPasswordCredential(InternalUserPrincipal internalUser, String username)

100
{

101 0
InternalCredential credential = null;

102

103 0
Collection internalCredentials = internalUser.getCredentials();

104 0
if ( internalCredentials != null )

105
{

106 0
Iterator iter = internalCredentials.iterator();

107

108 0
while (iter.hasNext())

109
{

110 0
credential = (InternalCredential) iter.next();

111 0
if (credential.getType() == InternalCredential.PRIVATE )

112
{

113 0
if ((null != credential.getClassname())

114
&& (credential.getClassname().equals(pcProvider.getPasswordCredentialClass().getName())))

115
{

116
try

117
{

118 0
if ( ipcInterceptor != null && ipcInterceptor.afterLoad(pcProvider, username, credential) )

119
{

120
// update InternalUserPrincipal to save post processed data

121 0
securityAccess.setInternalUserPrincipal(internalUser,internalUser.isMappingOnly());

122
}

123 0
break;

124
}

125 0
catch (SecurityException e)

126
{

127 0
if ( log.isErrorEnabled() )

128 0
log.error("Failure loading InternalCredential "+credential, e);

129
}

130
}

131
}

132 0
credential = null;

133
}

134
}

135 0
return credential;

136
}

137

138
/**

139
* @see org.apache.jetspeed.security.spi.CredentialHandler#setPassword(java.lang.String,java.lang.String,java.lang.String)

140
*/

141
public void setPassword(String userName, String oldPassword, String newPassword) throws SecurityException

142
{

143 0
setPassword (userName, oldPassword, newPassword, false);

144 0
}

145

146
/**

147
* @see org.apache.jetspeed.security.spi.CredentialHandler#importPassword(java.lang.String,java.lang.String)

148
*/

149
public void importPassword(String userName, String newPassword) throws SecurityException

150
{

151 0
setPassword (userName, null, newPassword, true);

152 0
}

153

154
/**

155
* @see org.apache.jetspeed.security.spi.CredentialHandler#setPassword(java.lang.String,java.lang.String,java.lang.String, boolean)

156
*/

157
protected void setPassword(String userName, String oldPassword, String newPassword, boolean raw) throws SecurityException

158
{

159 0
InternalUserPrincipal internalUser = securityAccess.getInternalUserPrincipal(userName, false);

160 0
if (null == internalUser)

161
{

162 0
throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST.create(userName));

163
}

164

165 0
Collection credentials = internalUser.getCredentials();

166 0
if (null == credentials)

167
{

168 0
credentials = new ArrayList();

169
}

170

171 0
InternalCredential credential = getPasswordCredential(internalUser, userName );

172

173 0
if (null != oldPassword)

174
{

175 0
if ( credential != null &&

176
credential.getValue() != null &&

177
credential.isEncoded() &&

178
pcProvider.getEncoder() != null )

179
{

180 0
if ( pcProvider.getEncoder() instanceof AlgorithmUpgradeCredentialPasswordEncoder )

181
{

182 0
oldPassword = ((AlgorithmUpgradeCredentialPasswordEncoder)pcProvider.getEncoder()).encode(userName,oldPassword, credential);

183
}

184
else

185
{

186 0
oldPassword = pcProvider.getEncoder().encode(userName,oldPassword);

187
}

188
}

189
}

190

191 0
if (oldPassword != null && (credential == class="keyword">null || credential.getValue() == class="keyword">null || !credential.getValue().equals(oldPassword)))

192
{

193
// supplied PasswordCredential not defined for this user

194 0
throw new InvalidPasswordException();

195
}

196 0
if (!raw) // bypass validation if raw

197
{

198 0
if ( pcProvider.getValidator() != null )

199
{

200
try

201
{

202 0
pcProvider.getValidator().validate(newPassword);

203
}

204 0
catch (InvalidPasswordException ipe)

205
{

206 0
throw new InvalidNewPasswordException();

207 0
}

208
}

209
}

210 0
boolean encoded = false;

211 0
if ( pcProvider.getEncoder() != null )

212
{

213 0
if (!(raw)) // if raw just bypass encoding

214 0
newPassword = pcProvider.getEncoder().encode(userName, newPassword);

215 0
encoded = true;

216
}

217

218 0
boolean create = credential == null;

219

220 0
if ( create )

221
{

222 0
credential = new InternalCredentialImpl(internalUser.getPrincipalId(), class="keyword">newPassword, InternalCredential.PRIVATE,

223
pcProvider.getPasswordCredentialClass().getName());

224 0
credential.setEncoded(encoded);

225 0
credentials.add(credential);

226
}

227 0
else if ( oldPassword == null )

228
{

229
/* TODO: should only be allowed for admin

230
// User *has* an PasswordCredential: setting a new Credential without supplying

231
// its current one is not allowed

232
throw new SecurityException(SecurityException.PASSWORD_REQUIRED);

233
*/

234
}

235 0
else if ( oldPassword.equals(newPassword) )

236
{

237 0
throw new PasswordAlreadyUsedException();

238
}

239

240 0
if ( ipcInterceptor != null )

241
{

242 0
if ( create )

243
{

244 0
ipcInterceptor.beforeCreate(internalUser, credentials, userName, credential, newPassword );

245
}

246
else

247
{

248 0
ipcInterceptor.beforeSetPassword(internalUser, credentials, userName, credential, newPassword, oldPassword != null );

249
}

250
}

251

252 0
if (!create)

253
{

254 0
credential.setValue(newPassword);

255 0
credential.setEncoded(encoded);

256 0
credential.setUpdateRequired(false);

257
}

258

259 0
long time = new Date().getTime();

260

261 0
if ( oldPassword == null )

262
{

263
// non-user (admin) modified the password

264

265 0
if ( encoded && pcProvider.getEncoder() instanceof AlgorithmUpgradePasswordEncodingService )

266
{

267
// set current time in previous auth date, and clear last authentication date

268
// !!! While this might be a bit strange logic, it is *required* for the AlgorithmUpgradePBEPasswordEncodingService

269
// to be able to distinguise password changes from other changes

270 0
credential.setPreviousAuthenticationDate(new Timestamp(class="keyword">new Date().getTime()));

271 0
credential.setLastAuthenticationDate(null);

272
}

273
}

274
else

275
{

276
// authenticated password change (by user itself)

277 0
credential.setPreviousAuthenticationDate(credential.getLastAuthenticationDate());

278 0
credential.setLastAuthenticationDate(new Timestamp(time));

279
}

280

281 0
credential.setModifiedDate(new Timestamp(time));

282 0
internalUser.setModifiedDate(new Timestamp(time));

283 0
internalUser.setCredentials(credentials);

284
// Set the user with the new credentials.

285 0
securityAccess.setInternalUserPrincipal(internalUser, false);

286 0
}

287

288

289
/**

290
* @see org.apache.jetspeed.security.spi.CredentialHandler#setPasswordEnabled(java.lang.String, boolean)

291
*/

292
public void setPasswordEnabled(String userName, boolean enabled) throws SecurityException

293
{

294 0
InternalUserPrincipal internalUser = securityAccess.getInternalUserPrincipal(userName, false);

295 0
if (null != internalUser)

296
{

297 0
InternalCredential credential = getPasswordCredential(internalUser, userName );

298 0
if ( credential != null && !credential.isExpired() && credential.isEnabled() != enabled )

299
{

300 0
long time = new Date().getTime();

301 0
credential.setEnabled(enabled);

302 0
credential.setAuthenticationFailures(0);

303 0
credential.setModifiedDate(new Timestamp(time));

304 0
internalUser.setModifiedDate(new Timestamp(time));

305 0
securityAccess.setInternalUserPrincipal(internalUser, false);

306
}

307 0
}

308
else

309
{

310 0
throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST.create(userName));

311
}

312 0
}

313

314
/**

315
* @see org.apache.jetspeed.security.spi.CredentialHandler#setPasswordUpdateRequired(java.lang.String, boolean)

316
*/

317
public void setPasswordUpdateRequired(String userName, boolean updateRequired) throws SecurityException

318
{

319 0
InternalUserPrincipal internalUser = securityAccess.getInternalUserPrincipal(userName, false);

320 0
if (null != internalUser)

321
{

322 0
InternalCredential credential = getPasswordCredential(internalUser, userName );

323 0
if ( credential != null && !credential.isExpired() && credential.isUpdateRequired() != updateRequired )

324
{

325
// only allow setting updateRequired off if (non-Encoded) password is valid

326 0
if ( !updateRequired && !credential.isEncoded() && pcProvider.getValidator() != null )

327
{

328 0
pcProvider.getValidator().validate(credential.getValue());

329
}

330 0
credential.setUpdateRequired(updateRequired);

331 0
long time = new Date().getTime();

332 0
credential.setModifiedDate(new Timestamp(time));

333
// temporary hack for now to support setting passwordUpdateRequired = false

334
// for users never authenticated yet.

335
// The current InternalPasswordCredentialStateHandlingInterceptor.afterLoad()

336
// logic will only set it (back) to true if both prev and last auth. date is null

337 0
credential.setPreviousAuthenticationDate(new Timestamp(time));

338 0
credential.setModifiedDate(new Timestamp(time));

339 0
internalUser.setModifiedDate(new Timestamp(time));

340 0
securityAccess.setInternalUserPrincipal(internalUser, false);

341
}

342 0
}

343
else

344
{

345 0
throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST.create(userName));

346
}

347 0
}

348

349
/**

350
* @see org.apache.jetspeed.security.spi.CredentialHandler#setPasswordExpiration(java.lang.String, java.sql.Date)

351
*/

352
public void setPasswordExpiration(String userName, java.sql.Date expirationDate) throws SecurityException

353
{

354 0
InternalUserPrincipal internalUser = securityAccess.getInternalUserPrincipal(userName, false);

355 0
if (null != internalUser)

356
{

357 0
InternalCredential credential = getPasswordCredential(internalUser, userName );

358 0
if ( credential != null )

359
{

360 0
long time = new Date().getTime();

361 0
if ( expirationDate != null && new java.sql.Date(time).after(expirationDate))

362
{

363 0
credential.setExpired(true);

364
}

365
else

366
{

367 0
credential.setExpired(false);

368
}

369 0
credential.setExpirationDate(expirationDate);

370

371 0
credential.setModifiedDate(new Timestamp(time));

372 0
internalUser.setModifiedDate(new Timestamp(time));

373 0
securityAccess.setInternalUserPrincipal(internalUser, false);

374
}

375 0
}

376
else

377
{

378 0
throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST.create(userName));

379
}

380 0
}

381

382
/**

383
* @see org.apache.jetspeed.security.spi.CredentialHandler#authenticate(java.lang.String, java.lang.String)

384
*/

385
public boolean authenticate(String userName, String password) throws SecurityException

386
{

387 0
boolean authenticated = false;

388 0
InternalUserPrincipal internalUser = securityAccess.getInternalUserPrincipal(userName, false);

389 0
if (null != internalUser)

390
{

391 0
InternalCredential credential = getPasswordCredential(internalUser, userName );

392 0
if ( credential != null && credential.isEnabled() && !credential.isExpired())

393
{

394 0
String encodedPassword = password;

395 0
if ( pcProvider.getEncoder() != null && credential.isEncoded())

396
{

397 0
if ( pcProvider.getEncoder() instanceof AlgorithmUpgradeCredentialPasswordEncoder )

398
{

399 0
encodedPassword = ((AlgorithmUpgradeCredentialPasswordEncoder)pcProvider.getEncoder()).encode(userName,password, credential);

400
}

401
else

402
{

403 0
encodedPassword = pcProvider.getEncoder().encode(userName,password);

404
}

405
}

406

407 0
authenticated = credential.getValue().equals(encodedPassword);

408 0
boolean update = false;

409

410 0
if ( ipcInterceptor != null )

411
{

412 0
update = ipcInterceptor.afterAuthenticated(internalUser, userName, credential, authenticated);

413 0
if ( update && (!credential.isEnabled() || credential.isExpired()))

414
{

415 0
authenticated = false;

416
}

417
}

418 0
long time = new Date().getTime();

419

420 0
if ( authenticated )

421
{

422 0
credential.setAuthenticationFailures(0);

423

424 0
if ( pcProvider.getEncoder() != null && pcProvider.getEncoder() instanceof AlgorithmUpgradeCredentialPasswordEncoder)

425
{

426 0
((AlgorithmUpgradeCredentialPasswordEncoder)pcProvider.getEncoder()).recodeIfNeeded(userName,password,credential);

427
}

428

429 0
credential.setPreviousAuthenticationDate(credential.getLastAuthenticationDate());

430 0
credential.setLastAuthenticationDate(new Timestamp(time));

431 0
update = true;

432
}

433

434 0
if ( update )

435
{

436 0
credential.setModifiedDate(new Timestamp(time));

437 0
internalUser.setModifiedDate(new Timestamp(time));

438 0
securityAccess.setInternalUserPrincipal(internalUser, false);

439
}

440
}

441 0
}

442
else

443
{

444 0
throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST.create(userName));

445
}

446 0
return authenticated;

447
}

448
}

This report is generated by jcoverage, Maven and Maven JCoverage Plugin.

1		/*
2		* Licensed to the Apache Software Foundation (ASF) under one or more
3		* contributor license agreements. See the NOTICE file distributed with
4		* this work for additional information regarding copyright ownership.
5		* The ASF licenses this file to You under the Apache License, Version 2.0
6		* (the "License"); you may not use this file except in compliance with
7		* the License. You may obtain a copy of the License at
8		*
9		* http://www.apache.org/licenses/LICENSE-2.0
10		*
11		* Unless required by applicable law or agreed to in writing, software
12		* distributed under the License is distributed on an "AS IS" BASIS,
13		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14		* See the License for the specific language governing permissions and
15		* limitations under the License.
16		*/
17		package org.apache.jetspeed.security.spi.impl;
18
19		import java.sql.Timestamp;
20		import java.util.ArrayList;
21		import java.util.Collection;
22		import java.util.Date;
23		import java.util.HashSet;
24		import java.util.Iterator;
25		import java.util.Set;
26
27		import org.apache.commons.logging.Log;
28		import org.apache.commons.logging.LogFactory;
29		import org.apache.jetspeed.security.AlgorithmUpgradePasswordEncodingService;
30		import org.apache.jetspeed.security.InvalidNewPasswordException;
31		import org.apache.jetspeed.security.InvalidPasswordException;
32		import org.apache.jetspeed.security.PasswordAlreadyUsedException;
33		import org.apache.jetspeed.security.SecurityException;
34		import org.apache.jetspeed.security.om.InternalCredential;
35		import org.apache.jetspeed.security.om.InternalUserPrincipal;
36		import org.apache.jetspeed.security.om.impl.InternalCredentialImpl;
37		import org.apache.jetspeed.security.spi.CredentialHandler;
38		import org.apache.jetspeed.security.spi.AlgorithmUpgradeCredentialPasswordEncoder;
39		import org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor;
40		import org.apache.jetspeed.security.spi.PasswordCredentialProvider;
41		import org.apache.jetspeed.security.spi.SecurityAccess;
42
43		/**
44		* @see org.apache.jetspeed.security.spi.CredentialHandler
45		* @author <a href="mailto:dlestrat@apache.org">David Le Strat </a>
46		*/
47		public class DefaultCredentialHandler implements CredentialHandler
48		{
49	0	private static final Log log = LogFactory.getLog(DefaultCredentialHandler.class);
50
51		private SecurityAccess securityAccess;
52
53		private PasswordCredentialProvider pcProvider;
54
55		private InternalPasswordCredentialInterceptor ipcInterceptor;
56
57		public DefaultCredentialHandler(SecurityAccess securityAccess, PasswordCredentialProvider pcProvider,
58		InternalPasswordCredentialInterceptor ipcInterceptor)
59	0	{
60	0	this.securityAccess = securityAccess;
61	0	this.pcProvider = pcProvider;
62	0	this.ipcInterceptor = ipcInterceptor;
63	0	}
64
65		/**
66		* @see org.apache.jetspeed.security.spi.CredentialHandler#getPrivateCredentials(java.lang.String)
67		*/
68		public Set getPrivateCredentials(String username)
69		{
70	0	Set credentials = new HashSet();
71	0	InternalUserPrincipal internalUser = securityAccess.getInternalUserPrincipal(username, false);
72	0	if (null != internalUser)
73		{
74	0	InternalCredential credential = getPasswordCredential(internalUser, username );
75	0	if ( credential != null )
76		{
77		try
78		{
79	0	credentials.add(pcProvider.create(username,credential));
80		}
81	0	catch (SecurityException e)
82		{
83	0	if ( log.isErrorEnabled() )
84	0	log.error("Failure creating a PasswordCredential for InternalCredential "+credential, e);
85	0	}
86		}
87		}
88	0	return credentials;
89		}
90
91		/**
92		* @see org.apache.jetspeed.security.spi.CredentialHandler#getPublicCredentials(java.lang.String)
93		*/
94		public Set getPublicCredentials(String username)
95		{
96	0	return new HashSet();
97		}
98
99		private InternalCredential getPasswordCredential(InternalUserPrincipal internalUser, String username)
100		{
101	0	InternalCredential credential = null;
102
103	0	Collection internalCredentials = internalUser.getCredentials();
104	0	if ( internalCredentials != null )
105		{
106	0	Iterator iter = internalCredentials.iterator();
107
108	0	while (iter.hasNext())
109		{
110	0	credential = (InternalCredential) iter.next();
111	0	if (credential.getType() == InternalCredential.PRIVATE )
112		{
113	0	if ((null != credential.getClassname())
114		&& (credential.getClassname().equals(pcProvider.getPasswordCredentialClass().getName())))
115		{
116		try
117		{
118	0	if ( ipcInterceptor != null && ipcInterceptor.afterLoad(pcProvider, username, credential) )
119		{
120		// update InternalUserPrincipal to save post processed data
121	0	securityAccess.setInternalUserPrincipal(internalUser,internalUser.isMappingOnly());
122		}
123	0	break;
124		}
125	0	catch (SecurityException e)
126		{
127	0	if ( log.isErrorEnabled() )
128	0	log.error("Failure loading InternalCredential "+credential, e);
129		}
130		}
131		}
132	0	credential = null;
133		}
134		}
135	0	return credential;
136		}
137
138		/**
139		* @see org.apache.jetspeed.security.spi.CredentialHandler#setPassword(java.lang.String,java.lang.String,java.lang.String)
140		*/
141		public void setPassword(String userName, String oldPassword, String newPassword) throws SecurityException
142		{
143	0	setPassword (userName, oldPassword, newPassword, false);
144	0	}
145
146		/**
147		* @see org.apache.jetspeed.security.spi.CredentialHandler#importPassword(java.lang.String,java.lang.String)
148		*/
149		public void importPassword(String userName, String newPassword) throws SecurityException
150		{
151	0	setPassword (userName, null, newPassword, true);
152	0	}
153
154		/**
155		* @see org.apache.jetspeed.security.spi.CredentialHandler#setPassword(java.lang.String,java.lang.String,java.lang.String, boolean)
156		*/
157		protected void setPassword(String userName, String oldPassword, String newPassword, boolean raw) throws SecurityException
158		{
159	0	InternalUserPrincipal internalUser = securityAccess.getInternalUserPrincipal(userName, false);
160	0	if (null == internalUser)
161		{
162	0	throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST.create(userName));
163		}
164
165	0	Collection credentials = internalUser.getCredentials();
166	0	if (null == credentials)
167		{
168	0	credentials = new ArrayList();
169		}
170
171	0	InternalCredential credential = getPasswordCredential(internalUser, userName );
172
173	0	if (null != oldPassword)
174		{
175	0	if ( credential != null &&
176		credential.getValue() != null &&
177		credential.isEncoded() &&
178		pcProvider.getEncoder() != null )
179		{
180	0	if ( pcProvider.getEncoder() instanceof AlgorithmUpgradeCredentialPasswordEncoder )
181		{
182	0	oldPassword = ((AlgorithmUpgradeCredentialPasswordEncoder)pcProvider.getEncoder()).encode(userName,oldPassword, credential);
183		}
184		else
185		{
186	0	oldPassword = pcProvider.getEncoder().encode(userName,oldPassword);
187		}
188		}
189		}
190
191	0	if (oldPassword != null && (credential == class="keyword">null \|\| credential.getValue() == class="keyword">null \|\| !credential.getValue().equals(oldPassword)))
192		{
193		// supplied PasswordCredential not defined for this user
194	0	throw new InvalidPasswordException();
195		}
196	0	if (!raw) // bypass validation if raw
197		{
198	0	if ( pcProvider.getValidator() != null )
199		{
200		try
201		{
202	0	pcProvider.getValidator().validate(newPassword);
203		}
204	0	catch (InvalidPasswordException ipe)
205		{
206	0	throw new InvalidNewPasswordException();
207	0	}
208		}
209		}
210	0	boolean encoded = false;
211	0	if ( pcProvider.getEncoder() != null )
212		{
213	0	if (!(raw)) // if raw just bypass encoding
214	0	newPassword = pcProvider.getEncoder().encode(userName, newPassword);
215	0	encoded = true;
216		}
217
218	0	boolean create = credential == null;
219
220	0	if ( create )
221		{
222	0	credential = new InternalCredentialImpl(internalUser.getPrincipalId(), class="keyword">newPassword, InternalCredential.PRIVATE,
223		pcProvider.getPasswordCredentialClass().getName());
224	0	credential.setEncoded(encoded);
225	0	credentials.add(credential);
226		}
227	0	else if ( oldPassword == null )
228		{
229		/* TODO: should only be allowed for admin
230		// User has an PasswordCredential: setting a new Credential without supplying
231		// its current one is not allowed
232		throw new SecurityException(SecurityException.PASSWORD_REQUIRED);
233		*/
234		}
235	0	else if ( oldPassword.equals(newPassword) )
236		{
237	0	throw new PasswordAlreadyUsedException();
238		}
239
240	0	if ( ipcInterceptor != null )
241		{
242	0	if ( create )
243		{
244	0	ipcInterceptor.beforeCreate(internalUser, credentials, userName, credential, newPassword );
245		}
246		else
247		{
248	0	ipcInterceptor.beforeSetPassword(internalUser, credentials, userName, credential, newPassword, oldPassword != null );
249		}
250		}
251
252	0	if (!create)
253		{
254	0	credential.setValue(newPassword);
255	0	credential.setEncoded(encoded);
256	0	credential.setUpdateRequired(false);
257		}
258
259	0	long time = new Date().getTime();
260
261	0	if ( oldPassword == null )
262		{
263		// non-user (admin) modified the password
264
265	0	if ( encoded && pcProvider.getEncoder() instanceof AlgorithmUpgradePasswordEncodingService )
266		{
267		// set current time in previous auth date, and clear last authentication date
268		// !!! While this might be a bit strange logic, it is required for the AlgorithmUpgradePBEPasswordEncodingService
269		// to be able to distinguise password changes from other changes
270	0	credential.setPreviousAuthenticationDate(new Timestamp(class="keyword">new Date().getTime()));
271	0	credential.setLastAuthenticationDate(null);
272		}
273		}
274		else
275		{
276		// authenticated password change (by user itself)
277	0	credential.setPreviousAuthenticationDate(credential.getLastAuthenticationDate());
278	0	credential.setLastAuthenticationDate(new Timestamp(time));
279		}
280
281	0	credential.setModifiedDate(new Timestamp(time));
282	0	internalUser.setModifiedDate(new Timestamp(time));
283	0	internalUser.setCredentials(credentials);
284		// Set the user with the new credentials.
285	0	securityAccess.setInternalUserPrincipal(internalUser, false);
286	0	}
287
288
289		/**
290		* @see org.apache.jetspeed.security.spi.CredentialHandler#setPasswordEnabled(java.lang.String, boolean)
291		*/
292		public void setPasswordEnabled(String userName, boolean enabled) throws SecurityException
293		{
294	0	InternalUserPrincipal internalUser = securityAccess.getInternalUserPrincipal(userName, false);
295	0	if (null != internalUser)
296		{
297	0	InternalCredential credential = getPasswordCredential(internalUser, userName );
298	0	if ( credential != null && !credential.isExpired() && credential.isEnabled() != enabled )
299		{
300	0	long time = new Date().getTime();
301	0	credential.setEnabled(enabled);
302	0	credential.setAuthenticationFailures(0);
303	0	credential.setModifiedDate(new Timestamp(time));
304	0	internalUser.setModifiedDate(new Timestamp(time));
305	0	securityAccess.setInternalUserPrincipal(internalUser, false);
306		}
307	0	}
308		else
309		{
310	0	throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST.create(userName));
311		}
312	0	}
313
314		/**
315		* @see org.apache.jetspeed.security.spi.CredentialHandler#setPasswordUpdateRequired(java.lang.String, boolean)
316		*/
317		public void setPasswordUpdateRequired(String userName, boolean updateRequired) throws SecurityException
318		{
319	0	InternalUserPrincipal internalUser = securityAccess.getInternalUserPrincipal(userName, false);
320	0	if (null != internalUser)
321		{
322	0	InternalCredential credential = getPasswordCredential(internalUser, userName );
323	0	if ( credential != null && !credential.isExpired() && credential.isUpdateRequired() != updateRequired )
324		{
325		// only allow setting updateRequired off if (non-Encoded) password is valid
326	0	if ( !updateRequired && !credential.isEncoded() && pcProvider.getValidator() != null )
327		{
328	0	pcProvider.getValidator().validate(credential.getValue());
329		}
330	0	credential.setUpdateRequired(updateRequired);
331	0	long time = new Date().getTime();
332	0	credential.setModifiedDate(new Timestamp(time));
333		// temporary hack for now to support setting passwordUpdateRequired = false
334		// for users never authenticated yet.
335		// The current InternalPasswordCredentialStateHandlingInterceptor.afterLoad()
336		// logic will only set it (back) to true if both prev and last auth. date is null
337	0	credential.setPreviousAuthenticationDate(new Timestamp(time));
338	0	credential.setModifiedDate(new Timestamp(time));
339	0	internalUser.setModifiedDate(new Timestamp(time));
340	0	securityAccess.setInternalUserPrincipal(internalUser, false);
341		}
342	0	}
343		else
344		{
345	0	throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST.create(userName));
346		}
347	0	}
348
349		/**
350		* @see org.apache.jetspeed.security.spi.CredentialHandler#setPasswordExpiration(java.lang.String, java.sql.Date)
351		*/
352		public void setPasswordExpiration(String userName, java.sql.Date expirationDate) throws SecurityException
353		{
354	0	InternalUserPrincipal internalUser = securityAccess.getInternalUserPrincipal(userName, false);
355	0	if (null != internalUser)
356		{
357	0	InternalCredential credential = getPasswordCredential(internalUser, userName );
358	0	if ( credential != null )
359		{
360	0	long time = new Date().getTime();
361	0	if ( expirationDate != null && new java.sql.Date(time).after(expirationDate))
362		{
363	0	credential.setExpired(true);
364		}
365		else
366		{
367	0	credential.setExpired(false);
368		}
369	0	credential.setExpirationDate(expirationDate);
370
371	0	credential.setModifiedDate(new Timestamp(time));
372	0	internalUser.setModifiedDate(new Timestamp(time));
373	0	securityAccess.setInternalUserPrincipal(internalUser, false);
374		}
375	0	}
376		else
377		{
378	0	throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST.create(userName));
379		}
380	0	}
381
382		/**
383		* @see org.apache.jetspeed.security.spi.CredentialHandler#authenticate(java.lang.String, java.lang.String)
384		*/
385		public boolean authenticate(String userName, String password) throws SecurityException
386		{
387	0	boolean authenticated = false;
388	0	InternalUserPrincipal internalUser = securityAccess.getInternalUserPrincipal(userName, false);
389	0	if (null != internalUser)
390		{
391	0	InternalCredential credential = getPasswordCredential(internalUser, userName );
392	0	if ( credential != null && credential.isEnabled() && !credential.isExpired())
393		{
394	0	String encodedPassword = password;
395	0	if ( pcProvider.getEncoder() != null && credential.isEncoded())
396		{
397	0	if ( pcProvider.getEncoder() instanceof AlgorithmUpgradeCredentialPasswordEncoder )
398		{
399	0	encodedPassword = ((AlgorithmUpgradeCredentialPasswordEncoder)pcProvider.getEncoder()).encode(userName,password, credential);
400		}
401		else
402		{
403	0	encodedPassword = pcProvider.getEncoder().encode(userName,password);
404		}
405		}
406
407	0	authenticated = credential.getValue().equals(encodedPassword);
408	0	boolean update = false;
409
410	0	if ( ipcInterceptor != null )
411		{
412	0	update = ipcInterceptor.afterAuthenticated(internalUser, userName, credential, authenticated);
413	0	if ( update && (!credential.isEnabled() \|\| credential.isExpired()))
414		{
415	0	authenticated = false;
416		}
417		}
418	0	long time = new Date().getTime();
419
420	0	if ( authenticated )
421		{
422	0	credential.setAuthenticationFailures(0);
423
424	0	if ( pcProvider.getEncoder() != null && pcProvider.getEncoder() instanceof AlgorithmUpgradeCredentialPasswordEncoder)
425		{
426	0	((AlgorithmUpgradeCredentialPasswordEncoder)pcProvider.getEncoder()).recodeIfNeeded(userName,password,credential);
427		}
428
429	0	credential.setPreviousAuthenticationDate(credential.getLastAuthenticationDate());
430	0	credential.setLastAuthenticationDate(new Timestamp(time));
431	0	update = true;
432		}
433
434	0	if ( update )
435		{
436	0	credential.setModifiedDate(new Timestamp(time));
437	0	internalUser.setModifiedDate(new Timestamp(time));
438	0	securityAccess.setInternalUserPrincipal(internalUser, false);
439		}
440		}
441	0	}
442		else
443		{
444	0	throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST.create(userName));
445		}
446	0	return authenticated;
447		}
448		}