com.entrust.toolkit.x509.policies

Class PasswordRuleTester

java.lang.Object

com.entrust.toolkit.x509.policies.PasswordRuleTester

public final class PasswordRuleTester
extends java.lang.Object

PasswordRuleTester checks whether a password conforms to password rules. Password rules represent a particular kind of Attribute found in an attribute certificate or client settings certificate. The Toolkit enforces password rules when Users create or recover their credentials and when they change passwords.

Method Summary

Methods

Modifier and Type	Method and Description
void	assertNotExpired(int currentPasswordTimestamp) Checks if the password has expired according to the password rules, throwing an exception if it has expired.
boolean	checkExpiry(int currentPasswordTimestamp) Checks if the password has expired according to the password rules.
void	checkHistory(SecureStringBuffer password, byte[][] passwordHistoryDigests)
boolean	getCaseIgnore() Returns true if the password is not treated as case-sensitive.
boolean	getDigit() Returns true if the password must contain a number.
boolean	getDisableSLO() getDisableSLO
java.util.Date	getExpirationDate(int currentPasswordTimestamp) Returns the date/time at which the password expires.
int	getExpirationTimeInWeeks() Returns the number weeks the password can be used before it will expire.
int	getLoginTimeoutInMinutes() Returns the time interval after which the Entrust login interface will require the user to re-enter his password, if there has been no keyboard or mouse activity.
boolean	getLower() Returns true if the password must contain a lower case character.
int	getMinimumPasswordLength() Returns the minimum number of characters permitted in the user's password.
boolean	getNonAlpha() Returns true if the password must contain a non-alphanumeric character.
int	getNotReuseLastPasswords() Returns the number of password changes that must take place before the user is permitted to change password to a previous one.
boolean	getOk2repeat() Returns false if the password must not repeat characters.
boolean	getOkBlanks() Returns false if the password is not allowed to contain whitespace.
boolean	getUpper() Returns true if the password must contain an upper case character.
java.lang.String	toString() Shows the password rules as a String
void	validatePassword(SecureStringBuffer password) Validates a given password according to the rules set on the PKI.
void	validatePassword(SecureStringBuffer password, ByteArray[] history) Validates a given password according to the rules set on the PKI, checking the length, character content, and password history.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Method Detail

getExpirationTimeInWeeks

public int getExpirationTimeInWeeks()

Returns the number weeks the password can be used before it will expire.

getNotReuseLastPasswords

public int getNotReuseLastPasswords()

Returns the number of password changes that must take place before the user is permitted to change password to a previous one.

getMinimumPasswordLength

public int getMinimumPasswordLength()

Returns the minimum number of characters permitted in the user's password.

getLoginTimeoutInMinutes

public int getLoginTimeoutInMinutes()

Returns the time interval after which the Entrust login interface will require the user to re-enter his password, if there has been no keyboard or mouse activity.

Returns:

The login timeout in minutes

getDisableSLO

public boolean getDisableSLO()

getDisableSLO

getOk2repeat

public boolean getOk2repeat()

Returns false if the password must not repeat characters. The Toolkit does not enforce this setting; passwords may repeat characters.

getOkBlanks

public boolean getOkBlanks()

Returns false if the password is not allowed to contain whitespace. The Toolkit does not enforce this setting; passwords may contain whitespaces.

getDigit

public boolean getDigit()

Returns true if the password must contain a number.

getLower

public boolean getLower()

Returns true if the password must contain a lower case character.

getUpper

public boolean getUpper()

Returns true if the password must contain an upper case character.

getNonAlpha

public boolean getNonAlpha()

Returns true if the password must contain a non-alphanumeric character.

getCaseIgnore

public boolean getCaseIgnore()

Returns true if the password is not treated as case-sensitive. The Toolkit does not enforce this setting; user passwords are always case-sensitive.

validatePassword

public void validatePassword(SecureStringBuffer password)
                      throws UserBadPasswordException

Validates a given password according to the rules set on the PKI. If the Toolkit client did not obtain a valid client settings certificate, it will enforce the default password rules.

Parameters:

password - The password to be used.

Throws:

UserBadPasswordException - if the password violates the password rules.

validatePassword

public void validatePassword(SecureStringBuffer password,
                    ByteArray[] history)
                      throws UserBadPasswordException

Validates a given password according to the rules set on the PKI, checking the length, character content, and password history. The Toolkit invokes this method when the application requests a password change, and your application should not need to use it.

Parameters:

password - The password to be used.

history - The password history

Throws:

UserBadPasswordException - if the password violates the password rules.

See Also:

User.changePassword(SecureStringBuffer oldPassword, SecureStringBuffer newPassword)

checkHistory

public void checkHistory(SecureStringBuffer password,
                byte[][] passwordHistoryDigests)
                  throws UserBadPasswordException

Throws:

UserBadPasswordException

checkExpiry

public boolean checkExpiry(int currentPasswordTimestamp)

Checks if the password has expired according to the password rules.

The password rules contain a value called 'password expiry in weeks'. This value indicates how long a password can be used for (in weeks) before it must be changed. Using this value and the timestamp of when the password was last changed, it can be determined if the password is expired at the present date/time. If the password rules contain a value of zero for 'password expiry in weeks' then the password never expires.

The current password timestamp represents the date/time the current password was set; this value exists in certain Digital Identity stores. Its date/time format is an integer containing the number seconds since January 1, 1970, 00:00:00 GMT.

Parameters:

currentPasswordTimestamp - the timestamp when the user's current password was set

Returns:

true if the password is expired; false otherwise

assertNotExpired

public void assertNotExpired(int currentPasswordTimestamp)
                      throws UserBadPasswordException

Checks if the password has expired according to the password rules, throwing an exception if it has expired.

The password rules contain a value called 'password expiry in weeks'. This value indicates how long a password can be used for (in weeks) before it must be changed. Using this value and the timestamp of when the password was last changed, it can be determined if the password is expired at the present date/time. If the password rules contain a value of zero for 'password expiry in weeks' then the password never expires.

The current password timestamp represents the date/time the current password was set; this value exists in certain Digital Identity stores. Its date/time format is an integer containing the number seconds since January 1, 1970, 00:00:00 GMT.

Parameters:

currentPasswordTimestamp - the timestamp when the user's current password was set

Throws:

UserBadPasswordException - thrown if the password is expired

Since:

7.0

getExpirationDate

public java.util.Date getExpirationDate(int currentPasswordTimestamp)

Returns the date/time at which the password expires.

The password rules contain a value called 'password expiry in weeks'. This value indicates how long a password can be used for (in weeks) before it must be changed. Using this value and a timestamp of when the password was last changed, it can be determined if the password is expired at the present date/time. If the password rules contain a value of zero for 'password expiry in weeks' then the password never expires and null is returned.

The current password timestamp represents the date/time the current password was set; this value exists in certain Digital Identity stores. Its date/time format is an integer containing the number seconds since January 1, 1970, 00:00:00 GMT.

Parameters:

currentPasswordTimestamp - the timestamp when the user's current password was set

Returns:

the date/time on which the password expires; null if the password never expires

Since:

7.0

toString

public java.lang.String toString()

Shows the password rules as a String

Overrides:

toString in class java.lang.Object