001/*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License").  You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at
010 * docs/licenses/cddl.txt
011 * or http://www.opensource.org/licenses/cddl1.php.
012 * See the License for the specific language governing permissions
013 * and limitations under the License.
014 *
015 * When distributing Covered Code, include this CDDL HEADER in each
016 * file and include the License file at
017 * docs/licenses/cddl.txt.  If applicable,
018 * add the following below this CDDL HEADER, with the fields enclosed
019 * by brackets "[]" replaced with your own identifying information:
020 *      Portions Copyright [yyyy] [name of copyright owner]
021 *
022 * CDDL HEADER END
023 *
024 *
025 *      Copyright 2010-2019 Ping Identity Corporation
026 */
027package com.unboundid.directory.sdk.ds.api;
028
029
030
031import java.util.Collections;
032import java.util.List;
033import java.util.Map;
034
035import com.unboundid.directory.sdk.common.internal.ExampleUsageProvider;
036import com.unboundid.directory.sdk.common.internal.Reconfigurable;
037import com.unboundid.directory.sdk.common.internal.UnboundIDExtension;
038import com.unboundid.directory.sdk.common.types.Entry;
039import com.unboundid.directory.sdk.ds.config.PasswordGeneratorConfig;
040import com.unboundid.directory.sdk.ds.internal.DirectoryServerExtension;
041import com.unboundid.directory.sdk.ds.types.DirectoryServerContext;
042import com.unboundid.directory.sdk.proxy.internal.DirectoryProxyServerExtension;
043import com.unboundid.directory.sdk.sync.internal.SynchronizationServerExtension;
044import com.unboundid.ldap.sdk.LDAPException;
045import com.unboundid.ldap.sdk.ResultCode;
046import com.unboundid.util.ByteString;
047import com.unboundid.util.Extensible;
048import com.unboundid.util.ThreadSafety;
049import com.unboundid.util.ThreadSafetyLevel;
050import com.unboundid.util.args.ArgumentException;
051import com.unboundid.util.args.ArgumentParser;
052
053
054
055/**
056 * This class defines an API that must be implemented by extensions which
057 * generate user passwords.  This is primarily used when processing a password
058 * modify extended operation in order to generate a new password for the target
059 * user if the request did not explicitly provide the new password that should
060 * be used.  The generated password will not be subject to the constraints of
061 * any defined password validators.
062 * <BR>
063 * <H2>Configuring Password Generators</H2>
064 * In order to configure a password generator created using this API, use a
065 * command like:
066 * <PRE>
067 *      dsconfig create-password-generator \
068 *           --generator-name "<I>{generator-name}</I>" \
069 *           --type third-party \
070 *           --set enabled:true \
071 *           --set "extension-class:<I>{class-name}</I>" \
072 *           --set "extension-argument:<I>{name=value}</I>"
073 * </PRE>
074 * where "<I>{generator-name}</I>" is the name to use for the password generator
075 * instance, "<I>{class-name}</I>" is the fully-qualified name of the Java class
076 * that extends {@code com.unboundid.directory.sdk.ds.api.PasswordGenerator},
077 * and "<I>{name=value}</I>" represents name-value pairs for any arguments to
078 * provide to the password generator.  If multiple arguments should be provided
079 * to the password generator, then the
080 * "<CODE>--set extension-argument:<I>{name=value}</I></CODE>" option should be
081 * provided multiple times.
082 *
083 * @see  com.unboundid.directory.sdk.ds.scripting.ScriptedPasswordGenerator
084 */
085@Extensible()
086@DirectoryServerExtension()
087@DirectoryProxyServerExtension(appliesToLocalContent=true,
088     appliesToRemoteContent=false)
089@SynchronizationServerExtension(appliesToLocalContent=true,
090     appliesToSynchronizedContent=false)
091@ThreadSafety(level=ThreadSafetyLevel.INTERFACE_THREADSAFE)
092public abstract class PasswordGenerator
093       implements UnboundIDExtension, Reconfigurable<PasswordGeneratorConfig>,
094                  ExampleUsageProvider
095{
096  /**
097   * Creates a new instance of this password generator.  All password generator
098   * implementations must include a default constructor, but any initialization
099   * should generally be done in the {@code initializePasswordGenerator} method.
100   */
101  public PasswordGenerator()
102  {
103    // No implementation is required.
104  }
105
106
107
108  /**
109   * {@inheritDoc}
110   */
111  public abstract String getExtensionName();
112
113
114
115  /**
116   * {@inheritDoc}
117   */
118  public abstract String[] getExtensionDescription();
119
120
121
122  /**
123   * {@inheritDoc}
124   */
125  public void defineConfigArguments(final ArgumentParser parser)
126         throws ArgumentException
127  {
128    // No arguments will be allowed by default.
129  }
130
131
132
133  /**
134   * Initializes this password generator.
135   *
136   * @param  serverContext  A handle to the server context for the server in
137   *                        which this extension is running.
138   * @param  config         The general configuration for this password
139   *                        generator.
140   * @param  parser         The argument parser which has been initialized from
141   *                        the configuration for this password generator.
142   *
143   * @throws  LDAPException  If a problem occurs while initializing this
144   *                         password generator.
145   */
146  public void initializePasswordGenerator(
147                   final DirectoryServerContext serverContext,
148                   final PasswordGeneratorConfig config,
149                   final ArgumentParser parser)
150         throws LDAPException
151  {
152    // No initialization will be performed by default.
153  }
154
155
156
157  /**
158   * {@inheritDoc}
159   */
160  public boolean isConfigurationAcceptable(final PasswordGeneratorConfig config,
161                      final ArgumentParser parser,
162                      final List<String> unacceptableReasons)
163  {
164    // No extended validation will be performed by default.
165    return true;
166  }
167
168
169
170  /**
171   * {@inheritDoc}
172   */
173  public ResultCode applyConfiguration(final PasswordGeneratorConfig config,
174                                       final ArgumentParser parser,
175                                       final List<String> adminActionsRequired,
176                                       final List<String> messages)
177  {
178    // By default, no configuration changes will be applied.  If there are any
179    // arguments, then add an admin action message indicating that the extension
180    // needs to be restarted for any changes to take effect.
181    if (! parser.getNamedArguments().isEmpty())
182    {
183      adminActionsRequired.add(
184           "No configuration change has actually been applied.  The new " +
185                "configuration will not take effect until this password " +
186                "generator is disabled and re-enabled or until the server " +
187                "is restarted.");
188    }
189
190    return ResultCode.SUCCESS;
191  }
192
193
194
195  /**
196   * Performs any cleanup which may be necessary when this password generator is
197   * to be taken out of service.
198   */
199  public void finalizePasswordGenerator()
200  {
201    // No implementation is required.
202  }
203
204
205
206  /**
207   * Performs any processing which may be necessary to generate a user
208   * password.
209   *
210   * @param  userEntry  The entry of the user for whom to generate the password.
211   *
212   * @return  The generated password.
213   *
214   * @throws  LDAPException  If a problem occurs while attempting to generate a
215   *                         password for the user.
216   */
217  public abstract ByteString generatePassword(final Entry userEntry)
218         throws LDAPException;
219
220
221
222  /**
223   * {@inheritDoc}
224   */
225  public Map<List<String>,String> getExamplesArgumentSets()
226  {
227    return Collections.emptyMap();
228  }
229}