issue #701 - address bugs and limitations of random pw generator, improve performance and rule compatability

Author: jrivard

server/src/main/java/password/pwm/AppProperty.java

@@ -290,7 +290,6 @@ public enum AppProperty
     PASSWORD_RANDOMGEN_MAX_LENGTH                   ( "password.randomGenerator.maxLength" ),
     PASSWORD_RANDOMGEN_MIN_LENGTH                   ( "password.randomGenerator.minLength" ),
     PASSWORD_RANDOMGEN_DEFAULT_STRENGTH             ( "password.randomGenerator.defaultStrength" ),
-    PASSWORD_RANDOMGEN_JITTER_COUNT                 ( "password.randomGenerator.jitter.count" ),
 
     /* Strength thresholds, introduced by the addition of the zxcvbn strength meter library (since it has 5 levels) */
     PASSWORD_STRENGTH_THRESHOLD_VERY_STRONG         ( "password.strength.threshold.veryStrong" ),

server/src/main/java/password/pwm/health/LDAPHealthChecker.java

@@ -66,7 +66,6 @@
 import password.pwm.util.logging.PwmLogger;
 import password.pwm.util.macro.MacroRequest;
 import password.pwm.util.password.PasswordUtility;
-import password.pwm.util.password.RandomPasswordGenerator;
 import password.pwm.ws.server.rest.bean.PublicHealthData;
 
 import java.net.InetAddress;
@@ -357,7 +356,7 @@ public List<HealthRecord> doLdapTestUserCheck(
                     }
                     if ( doPasswordChange )
                     {
-                        final PasswordData newPassword = RandomPasswordGenerator.createRandomPassword( null, passwordPolicy, pwmDomain );
+                        final PasswordData newPassword = PasswordUtility.generateRandom( sessionLabel, passwordPolicy, pwmDomain );
                         try
                         {
                             theUser.setPassword( newPassword.getStringValue() );

server/src/main/java/password/pwm/http/servlet/GuestRegistrationServlet.java

@@ -48,22 +48,21 @@
 import password.pwm.http.bean.GuestRegistrationBean;
 import password.pwm.i18n.Message;
 import password.pwm.ldap.LdapOperationsHelper;
-import password.pwm.user.UserInfo;
 import password.pwm.ldap.UserInfoFactory;
 import password.pwm.ldap.search.SearchConfiguration;
 import password.pwm.ldap.search.UserSearchService;
 import password.pwm.svc.stats.Statistic;
 import password.pwm.svc.stats.StatisticsClient;
+import password.pwm.user.UserInfo;
 import password.pwm.util.FormMap;
 import password.pwm.util.PasswordData;
 import password.pwm.util.form.FormUtility;
-import password.pwm.util.java.PwmUtil;
 import password.pwm.util.java.PwmDateFormat;
+import password.pwm.util.java.PwmUtil;
 import password.pwm.util.logging.PwmLogger;
 import password.pwm.util.macro.MacroRequest;
 import password.pwm.util.operations.ActionExecutor;
 import password.pwm.util.password.PasswordUtility;
-import password.pwm.util.password.RandomPasswordGenerator;
 
 import javax.servlet.ServletException;
 import javax.servlet.annotation.WebServlet;
@@ -478,7 +477,7 @@ public ProcessStatus handleCreateRequest(
                     userIdentity,
                     theUser );
 
-            final PasswordData newPassword = RandomPasswordGenerator.createRandomPassword( pwmRequest.getLabel(), passwordPolicy, pwmDomain );
+            final PasswordData newPassword = PasswordUtility.generateRandom( pwmRequest.getLabel(), passwordPolicy, pwmDomain );
             theUser.setPassword( newPassword.getStringValue() );
 
 

server/src/main/java/password/pwm/http/servlet/changepw/ChangePasswordServlet.java

@@ -64,7 +64,6 @@
 import password.pwm.util.macro.MacroRequest;
 import password.pwm.util.password.PasswordUtility;
 import password.pwm.util.password.PwmPasswordRuleValidator;
-import password.pwm.util.password.RandomPasswordGenerator;
 import password.pwm.ws.server.RestResultBean;
 import password.pwm.ws.server.rest.RestCheckPasswordServer;
 import password.pwm.ws.server.rest.RestRandomPasswordServer;
@@ -458,7 +457,7 @@ public ProcessStatus processCheckPasswordAction( final PwmRequest pwmRequest )
     @ActionHandler( action = "randomPassword" )
     public ProcessStatus processRandomPasswordAction( final PwmRequest pwmRequest ) throws IOException, PwmUnrecoverableException, ChaiUnavailableException
     {
-        final PasswordData passwordData = RandomPasswordGenerator.createRandomPassword(
+        final PasswordData passwordData = PasswordUtility.generateRandom(
                 pwmRequest.getLabel(),
                 pwmRequest.getPwmSession().getUserInfo().getPasswordPolicy(),
                 pwmRequest.getPwmDomain() );

server/src/main/java/password/pwm/http/servlet/configeditor/ConfigEditorServlet.java

@@ -62,12 +62,12 @@
 import password.pwm.http.servlet.AbstractPwmServlet;
 import password.pwm.http.servlet.ControlledPwmServlet;
 import password.pwm.http.servlet.PwmServletDefinition;
+import password.pwm.http.servlet.admin.system.ConfigManagerServlet;
 import password.pwm.http.servlet.configeditor.data.NavTreeDataMaker;
 import password.pwm.http.servlet.configeditor.data.NavTreeItem;
 import password.pwm.http.servlet.configeditor.data.NavTreeSettings;
 import password.pwm.http.servlet.configeditor.data.SettingData;
 import password.pwm.http.servlet.configeditor.data.SettingDataMaker;
-import password.pwm.http.servlet.admin.system.ConfigManagerServlet;
 import password.pwm.i18n.Config;
 import password.pwm.i18n.Message;
 import password.pwm.i18n.PwmLocaleBundle;
@@ -85,8 +85,8 @@
 import password.pwm.util.json.JsonFactory;
 import password.pwm.util.logging.PwmLogger;
 import password.pwm.util.macro.MacroRequest;
+import password.pwm.util.password.PasswordUtility;
 import password.pwm.util.password.RandomGeneratorConfig;
-import password.pwm.util.password.RandomPasswordGenerator;
 import password.pwm.ws.server.RestResultBean;
 import password.pwm.ws.server.rest.RestRandomPasswordServer;
 import password.pwm.ws.server.rest.bean.PublicHealthData;
@@ -934,7 +934,10 @@ public ProcessStatus restRandomPassword( final PwmRequest pwmRequest )
     {
         final RestRandomPasswordServer.JsonInput jsonInput = pwmRequest.readBodyAsJsonObject( RestRandomPasswordServer.JsonInput.class );
         final RandomGeneratorConfig randomConfig = RestRandomPasswordServer.jsonInputToRandomConfig( jsonInput, pwmRequest.getPwmDomain(), PwmPasswordPolicy.defaultPolicy() );
-        final PasswordData randomPassword = RandomPasswordGenerator.createRandomPassword( pwmRequest.getLabel(), randomConfig, pwmRequest.getPwmDomain() );
+        final PasswordData randomPassword = PasswordUtility.generateRandom(
+                pwmRequest.getLabel(),
+                randomConfig,
+                pwmRequest.getPwmDomain() );
         final RestRandomPasswordServer.JsonOutput outputMap = new RestRandomPasswordServer.JsonOutput();
         outputMap.setPassword( randomPassword.getStringValue() );
 

server/src/main/java/password/pwm/http/servlet/forgottenpw/ForgottenPasswordUtil.java

@@ -76,7 +76,6 @@
 import password.pwm.util.logging.PwmLogger;
 import password.pwm.util.macro.MacroRequest;
 import password.pwm.util.password.PasswordUtility;
-import password.pwm.util.password.RandomPasswordGenerator;
 
 import javax.servlet.ServletException;
 import java.io.IOException;
@@ -465,11 +464,10 @@ static void doActionSendNewPassword( final PwmRequest pwmRequest )
                     + theUser.getEntryDN() );
 
             // create new password
-            final PasswordData newPassword = RandomPasswordGenerator.createRandomPassword(
+            final PasswordData newPassword = PasswordUtility.generateRandom(
                     pwmRequest.getLabel(),
                     userInfo.getPasswordPolicy(),
-                    pwmDomain
-            );
+                    pwmDomain );
             LOGGER.trace( pwmRequest, () -> "generated random password value based on password policy for "
                     + userIdentity.toDisplayString() );
 

server/src/main/java/password/pwm/http/servlet/helpdesk/HelpdeskServlet.java

@@ -92,7 +92,6 @@
 import password.pwm.util.operations.ActionExecutor;
 import password.pwm.util.password.PasswordUtility;
 import password.pwm.util.password.RandomGeneratorConfig;
-import password.pwm.util.password.RandomPasswordGenerator;
 import password.pwm.ws.server.RestResultBean;
 import password.pwm.ws.server.rest.RestCheckPasswordServer;
 import password.pwm.ws.server.rest.RestRandomPasswordServer;
@@ -1276,7 +1275,7 @@ public ProcessStatus processSetPasswordAction( final PwmRequest pwmRequest ) thr
                     pwmRequest.getLabel(),
                     userIdentity,
                     chaiUser );
-            newPassword = RandomPasswordGenerator.createRandomPassword(
+            newPassword = PasswordUtility.generateRandom(
                     pwmRequest.getLabel(),
                     passwordPolicy,
                     pwmRequest.getPwmDomain()
@@ -1336,7 +1335,7 @@ public ProcessStatus processRandomPasswordAction( final PwmRequest pwmRequest )
         );
 
         final RandomGeneratorConfig randomConfig = RandomGeneratorConfig.make( pwmRequest.getPwmDomain(), userInfo.getPasswordPolicy() );
-        final PasswordData randomPassword = RandomPasswordGenerator.createRandomPassword( pwmRequest.getLabel(), randomConfig, pwmRequest.getPwmDomain() );
+        final PasswordData randomPassword = PasswordUtility.generateRandom( pwmRequest.getLabel(), randomConfig, pwmRequest.getPwmDomain() );
         final RestRandomPasswordServer.JsonOutput jsonOutput = new RestRandomPasswordServer.JsonOutput();
         jsonOutput.setPassword( randomPassword.getStringValue() );
 

server/src/main/java/password/pwm/http/servlet/newuser/NewUserUtils.java

@@ -55,8 +55,6 @@
 import password.pwm.http.PwmSession;
 import password.pwm.http.bean.NewUserBean;
 import password.pwm.http.servlet.forgottenpw.RemoteVerificationMethod;
-import password.pwm.user.UserInfo;
-import password.pwm.user.UserInfoBean;
 import password.pwm.ldap.auth.PwmAuthenticationSource;
 import password.pwm.ldap.auth.SessionAuthenticator;
 import password.pwm.ldap.search.SearchConfiguration;
@@ -67,20 +65,21 @@
 import password.pwm.svc.stats.StatisticsClient;
 import password.pwm.svc.token.TokenType;
 import password.pwm.svc.token.TokenUtil;
+import password.pwm.user.UserInfo;
+import password.pwm.user.UserInfoBean;
 import password.pwm.util.PasswordData;
 import password.pwm.util.form.FormUtility;
 import password.pwm.util.java.CollectionUtil;
 import password.pwm.util.java.PwmUtil;
-import password.pwm.util.json.JsonFactory;
 import password.pwm.util.java.StringUtil;
 import password.pwm.util.java.TimeDuration;
+import password.pwm.util.json.JsonFactory;
 import password.pwm.util.logging.PwmLogger;
 import password.pwm.util.macro.MacroReplacer;
 import password.pwm.util.macro.MacroRequest;
 import password.pwm.util.operations.ActionExecutor;
 import password.pwm.util.password.PasswordUtility;
 import password.pwm.util.password.RandomGeneratorConfig;
-import password.pwm.util.password.RandomPasswordGenerator;
 import password.pwm.ws.client.rest.form.FormDataRequestBean;
 import password.pwm.ws.client.rest.form.FormDataResponseBean;
 import password.pwm.ws.client.rest.form.RestFormDataClient;
@@ -161,7 +160,7 @@ static void createUser(
         else
         {
             final PwmPasswordPolicy pwmPasswordPolicy = newUserProfile.getNewUserPasswordPolicy( pwmRequest.getPwmRequestContext() );
-            userPassword = RandomPasswordGenerator.createRandomPassword( pwmRequest.getLabel(), pwmPasswordPolicy, pwmRequest.getPwmDomain() );
+            userPassword = PasswordUtility.generateRandom( pwmRequest.getLabel(), pwmPasswordPolicy, pwmRequest.getPwmDomain() );
         }
 
         // set up the user creation attributes
@@ -216,7 +215,7 @@ static void createUser(
                 final RandomGeneratorConfig randomGeneratorConfig = RandomGeneratorConfig.make( pwmRequest.getPwmDomain(),
                          newUserProfile.getNewUserPasswordPolicy( pwmRequest.getPwmRequestContext() ) );
 
-                temporaryPassword = RandomPasswordGenerator.createRandomPassword( pwmRequest.getLabel(), randomGeneratorConfig, pwmDomain );
+                temporaryPassword = PasswordUtility.generateRandom( pwmRequest.getLabel(), randomGeneratorConfig, pwmDomain );
             }
             final ChaiUser proxiedUser = chaiProvider.getEntryFactory().newChaiUser( newUserDN );
             try

server/src/main/java/password/pwm/ldap/LdapDebugDataGenerator.java

@@ -66,7 +66,10 @@ public static List<LdapDebugInfo> makeLdapDebugInfos(
 
             try
             {
-                final ChaiConfiguration profileChaiConf = LdapOperationsHelper.createChaiConfiguration( domainConfig, ldapProfile );
+                final DomainConfig nonObfuscatedDomainConf = pwmDomain.getConfig();
+                final ChaiConfiguration profileChaiConf = LdapOperationsHelper.createChaiConfiguration(
+                        nonObfuscatedDomainConf,
+                        ldapProfile );
                 final Collection<ChaiConfiguration> chaiConfigurations = ChaiUtility.splitConfigurationPerReplica( profileChaiConf, null );
 
                 for ( final ChaiConfiguration chaiConfiguration : chaiConfigurations )
@@ -120,6 +123,7 @@ private static LdapDebugDataGenerator.LdapDebugServerInfo makeLdapDebugServerInf
         final LdapDebugServerInfo.LdapDebugServerInfoBuilder builder = LdapDebugServerInfo.builder();
 
         builder.ldapServerlUrl( chaiConfiguration.getSetting( ChaiSetting.BIND_URLS ) );
+        builder.vendorName( chaiProvider.getDirectoryVendor().name() );
         final ChaiProvider loopProvider = chaiProvider.getProviderFactory().newProvider( chaiConfiguration );
 
         {
@@ -188,6 +192,7 @@ public static class LdapDebugInfo
     public static class LdapDebugServerInfo
     {
         private String ldapServerlUrl;
+        private String vendorName;
         private String testUserDN;
         private Map<String, List<String>> testUserAttributes;
         private String proxyDN;

server/src/main/java/password/pwm/ldap/auth/LDAPAuthenticationRequest.java

@@ -60,7 +60,6 @@
 import password.pwm.util.logging.PwmLogger;
 import password.pwm.util.password.PasswordUtility;
 import password.pwm.util.password.RandomGeneratorConfig;
-import password.pwm.util.password.RandomPasswordGenerator;
 
 import java.time.Instant;
 import java.util.Collections;
@@ -485,7 +484,7 @@ private Optional<PasswordData> setTempUserPassword(
             // create random password for user
             final RandomGeneratorConfig randomGeneratorConfig = RandomGeneratorConfig.make( pwmDomain, passwordPolicy );
 
-            final PasswordData currentPass = RandomPasswordGenerator.createRandomPassword( sessionLabel, randomGeneratorConfig, pwmDomain );
+            final PasswordData currentPass = PasswordUtility.generateRandom( sessionLabel, randomGeneratorConfig, pwmDomain );
 
             try
             {