Add validations for password expiry rules

components/org.wso2.carbon.identity.api.server.identity.governance/org.wso2.carbon.identity.api.server.identity.governance.common/src/main/java/org/wso2/carbon/identity/api/server/identity/governance/common/GovernanceConstants.java

@@ -69,7 +69,9 @@ public enum ErrorMessage {
         ERROR_CODE_UNSUPPORTED_PROPERTY_NAME("50012", "Unsupported property is requested.",
                 "The property %s is not supported by this API."),
         ERROR_CODE_INVALID_CONNECTOR_CONFIGURATION("50013", "Connector update failed.",
-                "Unable to update the identity governance connector. %s");
+                "Unable to update the identity governance connector %s."),
+        ERROR_CODE_INVALID_PASSWORD_EXPIRY_RULE("50014", "Connector update failed.",
+                "Password expiry rule: %s is invalid.");
 
         private final String code;
         private final String message;

components/org.wso2.carbon.identity.api.server.identity.governance/org.wso2.carbon.identity.api.server.identity.governance.v1/pom.xml

@@ -155,6 +155,11 @@
             <artifactId>org.wso2.carbon.identity.governance</artifactId>
             <scope>provided</scope>
         </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.identity.governance</groupId>
+            <artifactId>org.wso2.carbon.identity.password.expiry</artifactId>
+            <scope>provided</scope>
+        </dependency>
         <dependency>
             <groupId>org.wso2.carbon.identity.server.api</groupId>
             <artifactId>org.wso2.carbon.identity.api.server.common</artifactId>

components/org.wso2.carbon.identity.api.server.identity.governance/org.wso2.carbon.identity.api.server.identity.governance.v1/src/main/java/org/wso2/carbon/identity/api/server/identity/governance/v1/core/ServerIdentityGovernanceService.java

@@ -19,6 +19,7 @@
 package org.wso2.carbon.identity.api.server.identity.governance.v1.core;
 
 import org.apache.commons.lang.ArrayUtils;
+import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
@@ -43,6 +44,7 @@
 import org.wso2.carbon.identity.governance.IdentityGovernanceService;
 import org.wso2.carbon.identity.governance.bean.ConnectorConfig;
 import org.wso2.carbon.identity.governance.exceptions.general.IdentityGovernanceClientException;
+import org.wso2.carbon.identity.password.expiry.models.PasswordExpiryRule;
 
 import java.net.URI;
 import java.nio.charset.StandardCharsets;
@@ -59,6 +61,7 @@
 import static org.wso2.carbon.identity.api.server.identity.governance.common.GovernanceConstants.ErrorMessage.ERROR_CODE_PAGINATION_NOT_IMPLEMENTED;
 import static org.wso2.carbon.identity.api.server.identity.governance.common.GovernanceConstants.ErrorMessage.ERROR_CODE_SORTING_NOT_IMPLEMENTED;
 import static org.wso2.carbon.identity.api.server.identity.governance.common.GovernanceConstants.IDENTITY_GOVERNANCE_PATH_COMPONENT;
+import static org.wso2.carbon.identity.password.expiry.constants.PasswordPolicyConstants.PASSWORD_EXPIRY_RULES_PREFIX;
 
 /**
  * Call internal osgi services to perform identity governance related operations.
@@ -296,6 +299,13 @@ public void updateGovernanceConnectorProperty(String categoryId, String connecto
             Map<String, String> configurationDetails = new HashMap<>();
             for (PropertyReq propertyReqDTO : governanceConnector.getProperties()) {
                 configurationDetails.put(propertyReqDTO.getName(), propertyReqDTO.getValue());
+                if (StringUtils.startsWith(propertyReqDTO.getName(), PASSWORD_EXPIRY_RULES_PREFIX) &&
+                        StringUtils.isNotBlank(propertyReqDTO.getValue()) &&
+                        !isValidPasswordExpiryRule(propertyReqDTO.getValue())) {
+                    throw handleBadRequestError(
+                            GovernanceConstants.ErrorMessage.ERROR_CODE_INVALID_PASSWORD_EXPIRY_RULE,
+                            propertyReqDTO.getValue());
+                }
             }
             identityGovernanceService.updateConfiguration(tenantDomain, configurationDetails);
         } catch (IdentityGovernanceClientException e) {
@@ -344,6 +354,13 @@ public void updateGovernanceConnectorProperties(String categoryId,
 
                 // Add properties of the connector to be updated to the configurationDetails hashmap.
                 for (PropertyReq propertyReqDTO : connectorReq.getProperties()) {
+                    if (StringUtils.startsWith(propertyReqDTO.getName(), PASSWORD_EXPIRY_RULES_PREFIX) &&
+                            StringUtils.isNotBlank(propertyReqDTO.getValue()) &&
+                            !isValidPasswordExpiryRule(propertyReqDTO.getValue())) {
+                        throw handleBadRequestError(
+                                GovernanceConstants.ErrorMessage.ERROR_CODE_INVALID_PASSWORD_EXPIRY_RULE,
+                                propertyReqDTO.getValue());
+                    }
                     configurationDetails.put(propertyReqDTO.getName(), propertyReqDTO.getValue());
                 }
             }
@@ -512,4 +529,19 @@ private APIError handleNotFoundError(String resourceId,
         return new APIError(status, errorResponse);
     }
 
+    /**
+     * Validate the password expiry rule.
+     *
+     * @param rule Password expiry rule.
+     * @throws APIError if the rule is invalid.
+     */
+    private boolean isValidPasswordExpiryRule(String rule) throws APIError {
+
+        try {
+            new PasswordExpiryRule(rule);
+            return true;
+        } catch (IllegalArgumentException e) {
+            return false;
+        }
+    }
 }

pom.xml

@@ -802,7 +802,7 @@
         <version.org.wso2.orbit.javax.xml.bind>2.3.1.wso2v1</version.org.wso2.orbit.javax.xml.bind>
         <maven.buildnumber.plugin.version>1.4</maven.buildnumber.plugin.version>
         <org.apache.felix.annotations.version>1.2.4</org.apache.felix.annotations.version>
-        <identity.governance.version>1.9.17</identity.governance.version>
+        <identity.governance.version>1.10.6</identity.governance.version>
         <carbon.identity.framework.version>7.3.72</carbon.identity.framework.version>
         <maven.findbugsplugin.version>3.0.5</maven.findbugsplugin.version>
         <findsecbugs-plugin.version>1.12.0</findsecbugs-plugin.version>