Skip to content
Permalink
Browse files
Added the PasswordExpired control defined in
  • Loading branch information
elecharny committed Jun 25, 2019
1 parent 7827766 commit 00bc38a59ed08558dfd147749b7e8c8ca92592f7
Show file tree
Hide file tree
Showing 11 changed files with 314 additions and 2 deletions.
@@ -355,6 +355,7 @@
ERR_08107_AD_DIR_SYNC_PARENTS_FIRST_DECODING_ERROR( "ERR_08107_AD_DIR_SYNC_PARENTS_FIRST_DECODING_ERROR" ),
ERR_08108_AD_DIR_SYNC_MAX_ATTRIBUTE_COUNT_DECODING_ERROR( "ERR_08107_AD_DIR_SYNC_MAX_ATTRIBUTE_COUNT_DECODING_ERROR" ),
ERR_08109_BAD_CONTROL_VALUE( "ERR_08109_BAD_CONTROL_VALUE" ),
ERR_08110_BAD_PASSWORD_EXPIRED_VALUE( "ERR_08110_BAD_PASSWORD_EXPIRED_VALUE" ),

// extended 8200-8399
ERR_08200_CANCELID_DECODING_FAILED( "ERR_08200_CANCELID_DECODING_FAILED" ),
@@ -199,7 +199,6 @@ ERR_04170_TIMEOUT_OCCURED=TimeOut occurred
ERR_04171_CANNOT_PARSE_MATCHED_DN=Could not parse matchedDn while transforming Codec value to Internal: {0}
ERR_04172_KEYSTORE_INIT_FAILURE=Keystore initialisation failure
ERR_04173_ALGORITHM_NOT_FOUND=Not TrustManagerFactory found for algorithm ''{0}''

ERR_04174_INPUT_FILE_NAME_NULL=LdapClientTrustStoreManager constructor : input file name is null
ERR_04175_TRUST_STORE_FILE_NULL=TrustStoreFile : file not found
ERR_04176_TRUST_MANAGER_NOT_FOUND=LdapClientTrustStoreManager.getTrustManagers : file not found
@@ -346,6 +345,7 @@ ERR_08106_AD_DIR_SYNC_MAX_RETURN_LENGTH_DECODING_ERROR=Error while decoding the
ERR_08107_AD_DIR_SYNC_PARENTS_FIRST_DECODING_ERROR=Error while decoding the AdDirSync parentsFirst value: {0}
ERR_08108_AD_DIR_SYNC_MAX_ATTRIBUTE_COUNT_DECODING_ERROR=Error while decoding the AdDirSync maxAttributeCount value: {0}
ERR_08109_BAD_CONTROL_VALUE=Bad control value: {0}
ERR_08110_BAD_PASSWORD_EXPIRED_VALUE=An error occurred during decoding the response message: found a non zero value {0} for the password expired control value. According to the LDAP reference guide, only values of zero are valid.

# api-ldap-extras-codec extended 8200-8399
ERR_08200_CANCELID_DECODING_FAILED=failed to decode the cancelId, the value should be between 0 and 2^31-1, it is ''{0}''
@@ -27,6 +27,7 @@
import org.apache.directory.api.ldap.extras.controls.ad.AdPolicyHintsImpl;

import org.apache.directory.api.ldap.extras.controls.changeNotifications.ChangeNotificationsImpl;
import org.apache.directory.api.ldap.extras.controls.passwordExpired.PasswordExpiredResponseImpl;
import org.apache.directory.api.ldap.extras.controls.permissiveModify.PermissiveModifyImpl;
import org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicyRequestImpl;
import org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicyResponseImpl;
@@ -70,6 +71,7 @@ protected void useBundleClasses() throws Exception
new AdPolicyHintsImpl().getOid();
new AdShowDeletedImpl().getOid();
new ChangeNotificationsImpl().getOid();
new PasswordExpiredResponseImpl().getTimeBeforeExpiration();
new PasswordPolicyRequestImpl().getOid();
new PasswordPolicyResponseImpl().getGraceAuthNRemaining();
new PermissiveModifyImpl().getOid();
@@ -26,6 +26,7 @@
import javax.inject.Inject;

import org.apache.directory.api.ldap.codec.api.LdapApiService;
import org.apache.directory.api.ldap.extras.controls.passwordExpired.PasswordExpiredResponse;
import org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicyRequest;
import org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicyResponse;
import org.apache.directory.api.ldap.extras.extended.startTls.StartTlsRequest;
@@ -55,6 +56,11 @@ protected String getBundleName()
@Override
protected void useBundleClasses() throws Exception
{
Control peResponse = ldapApiService.getResponseControlFactories()
.get( PasswordExpiredResponse.OID ).newControl();
assertNotNull( peResponse );
assertTrue( peResponse instanceof PasswordExpiredResponse );

Control ppRequest = ldapApiService.getRequestControlFactories()
.get( PasswordPolicyRequest.OID ).newControl();
assertNotNull( ppRequest );
@@ -85,5 +91,4 @@ protected void useBundleClasses() throws Exception
assertNotNull( syncInfoResponse );
assertTrue( syncInfoResponse instanceof SyncInfoValue );
}

}
@@ -71,6 +71,7 @@ public static void setupLdapApiService() throws Exception
+ "org.apache.directory.api.ldap.codec.controls.search.pagedSearch.PagedResultsFactory,"
+ "org.apache.directory.api.ldap.codec.controls.sort.SortResponseFactory,"
+ "org.apache.directory.api.ldap.extras.controls.ad_impl.AdDirSyncResponseFactory,"
+ "org.apache.directory.api.ldap.extras.controls.passwordExpired_impl.PasswordExpiredResponseFactory,"
+ "org.apache.directory.api.ldap.extras.controls.ppolicy_impl.PasswordPolicyResponseFactory,"
+ "org.apache.directory.api.ldap.extras.controls.syncrepl_impl.SyncDoneValueFactory,"
+ "org.apache.directory.api.ldap.extras.controls.syncrepl_impl.SyncStateValueFactory,"
@@ -0,0 +1,52 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.apache.directory.api.ldap.extras.controls.passwordExpired;

import org.apache.directory.api.ldap.model.message.Control;

/**
* The PasswordPolicy expired response control, as defined by
* https://docs.ldap.com/specs/draft-vchu-ldap-pwd-policy-00.txt
*
* <pre>
* controlType: 2.16.840.1.113730.3.4.5,
*
* controlValue: an octet string to indicate the time in seconds until
* the password expires.
*
* criticality: false
* </pre>
*
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$, $Date$
*/
public interface PasswordExpiredResponse extends Control
{
/** This control OID */
String OID = "2.16.840.1.113730.3.4.4";


/**
* Returns the time in seconds before the password expires. Default to 0
*
* @return The time before expiration of the password
*/
int getTimeBeforeExpiration();
}
@@ -0,0 +1,66 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.apache.directory.api.ldap.extras.controls.passwordExpired;

import org.apache.directory.api.ldap.model.message.controls.AbstractControl;

/**
* A PasswordExpiredResponse control implementation.
*
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
*/
public class PasswordExpiredResponseImpl extends AbstractControl implements PasswordExpiredResponse
{
/** time before expiration of the password */
private int timeBeforeExpiration = -1;

/**
* Creates a new instance of a PasswordExpired Control without any
* response data associated with it.
*/
public PasswordExpiredResponseImpl()
{
super( OID );
}


/**
* {@inheritDoc}
*/
@Override
public int getTimeBeforeExpiration()
{
return timeBeforeExpiration;
}

/**
* Return a String representing this PasswordExpiredControl.
*/
@Override
public String toString()
{
StringBuilder sb = new StringBuilder();
sb.append( " Password Expired Response Control\n" );
sb.append( " oid : " ).append( getOid() ).append( '\n' );
sb.append( " critical : " ).append( isCritical() ).append( '\n' );

return sb.toString();
}
}
@@ -114,6 +114,7 @@
<Export-Package>
org.apache.directory.api.ldap.extras.controls.ad_impl;version=${project.version};-noimport:=true,
org.apache.directory.api.ldap.extras.controls.changeNotifications_impl;version=${project.version};-noimport:=true,
org.apache.directory.api.ldap.extras.controls.passwordExpired_impl;version=${project.version};-noimport:=true,
org.apache.directory.api.ldap.extras.controls.permissiveModify_impl;version=${project.version};-noimport:=true,
org.apache.directory.api.ldap.extras.controls.ppolicy_impl;version=${project.version};-noimport:=true,
org.apache.directory.api.ldap.extras.controls.syncrepl_impl;version=${project.version};-noimport:=true,
@@ -144,6 +145,7 @@
org.apache.directory.api.ldap.extras.controls;version=${project.version},
org.apache.directory.api.ldap.extras.controls.ad;version=${project.version},
org.apache.directory.api.ldap.extras.controls.changeNotifications;version=${project.version},
org.apache.directory.api.ldap.extras.controls.passwordExpired_impl;version=${project.version},
org.apache.directory.api.ldap.extras.controls.permissiveModify;version=${project.version},
org.apache.directory.api.ldap.extras.controls.ppolicy;version=${project.version},
org.apache.directory.api.ldap.extras.controls.syncrepl.syncDone;version=${project.version},
@@ -37,6 +37,8 @@
import org.apache.directory.api.ldap.extras.controls.ad_impl.AdShowDeletedFactory;
import org.apache.directory.api.ldap.extras.controls.changeNotifications.ChangeNotifications;
import org.apache.directory.api.ldap.extras.controls.changeNotifications_impl.ChangeNotificationsFactory;
import org.apache.directory.api.ldap.extras.controls.passwordExpired.PasswordExpiredResponse;
import org.apache.directory.api.ldap.extras.controls.passwordExpired_impl.PasswordExpiredResponseFactory;
import org.apache.directory.api.ldap.extras.controls.permissiveModify.PermissiveModify;
import org.apache.directory.api.ldap.extras.controls.permissiveModify_impl.PermissiveModifyFactory;
import org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicyRequest;
@@ -146,6 +148,15 @@ public static void loadExtrasControls( LdapApiService apiService )
LOG.info( I18n.msg( I18n.MSG_06000_REGISTERED_CONTROL_FACTORY, changeNotificationsFactory.getOid() ) );
}

// PasswordExpired response
ControlFactory<PasswordExpiredResponse> passwordExpiredResponseFactory = new PasswordExpiredResponseFactory( apiService );
responseControlFactories.put( passwordExpiredResponseFactory.getOid(), passwordExpiredResponseFactory );

if ( LOG.isInfoEnabled() )
{
LOG.info( I18n.msg( I18n.MSG_06000_REGISTERED_CONTROL_FACTORY, passwordExpiredResponseFactory.getOid() ) );
}

// PasswordPolicy request
ControlFactory<PasswordPolicyRequest> passwordPolicyRequestFactory = new PasswordPolicyRequestFactory( apiService );
requestControlFactories.put( passwordPolicyRequestFactory.getOid(), passwordPolicyRequestFactory );
@@ -0,0 +1,90 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.apache.directory.api.ldap.extras.controls.passwordExpired_impl;

import org.apache.directory.api.asn1.DecoderException;
import org.apache.directory.api.asn1.util.Asn1Buffer;
import org.apache.directory.api.i18n.I18n;
import org.apache.directory.api.ldap.codec.api.AbstractControlFactory;
import org.apache.directory.api.ldap.codec.api.ControlFactory;
import org.apache.directory.api.ldap.codec.api.LdapApiService;
import org.apache.directory.api.ldap.extras.controls.passwordExpired.PasswordExpiredResponse;
import org.apache.directory.api.ldap.extras.controls.passwordExpired.PasswordExpiredResponseImpl;
import org.apache.directory.api.ldap.model.message.Control;
import org.apache.directory.api.util.Strings;

/**
* A {@link ControlFactory} which creates {@link PasswordExpiredResponse} controls.
*
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
*/
public class PasswordExpiredResponseFactory extends AbstractControlFactory<PasswordExpiredResponse>
{
/**
* Creates a new instance of PasswordExpiredResponseFactory.
*
* @param codec The LDAP codec.
*/
public PasswordExpiredResponseFactory( LdapApiService codec )
{
super( codec, PasswordExpiredResponse.OID );
}


/**
* {@inheritDoc}
*/
@Override
public PasswordExpiredResponse newControl()
{
return new PasswordExpiredResponseImpl();
}


/**
* {@inheritDoc}
*/
@Override
public void decodeValue( Control control, byte[] controlBytes ) throws DecoderException
{
try
{
if ( !Strings.utf8ToString( controlBytes ).equals( "0" ) )
{
throw new DecoderException( I18n.err( I18n.ERR_08110_BAD_PASSWORD_EXPIRED_VALUE, Strings.dumpBytes( controlBytes ) ) );
}
}
catch ( RuntimeException re )
{
throw new DecoderException( re.getMessage() );
}
}


/**
* {@inheritDoc}
*/
@Override
public void encodeValue( Asn1Buffer buffer, Control control )
{
// Always '0'
buffer.put( ( byte ) 0x30 );
}
}

0 comments on commit 00bc38a

Please sign in to comment.