Examples with PostReadResponseControl com.unboundid.ldap.sdk.controls.PostReadResponseControl used on opensource projects

Example 1 with PostReadResponseControl

use of com.unboundid.ldap.sdk.controls.PostReadResponseControl in project ldapsdk by pingidentity.

the class InMemoryRequestHandler method processModifyDNRequest.

/**
 * Attempts to process the provided modify DN request.  The attempt will fail
 * if any of the following conditions is true:
 * <UL>
 *   <LI>There is a problem with any of the request controls.</LI>
 *   <LI>The modify DN request contains a malformed target DN, new RDN, or
 *       new superior DN.</LI>
 *   <LI>The original or new DN is that of the root DSE.</LI>
 *   <LI>The original or new DN is that of the subschema subentry.</LI>
 *   <LI>The new DN of the entry would conflict with the DN of an existing
 *       entry.</LI>
 *   <LI>The new DN of the entry would exist outside the set of defined
 *       base DNs.</LI>
 *   <LI>The new DN of the entry is not a defined base DN and does not exist
 *       immediately below an existing entry.</LI>
 * </UL>
 *
 * @param  messageID  The message ID of the LDAP message containing the modify
 *                    DN request.
 * @param  request    The modify DN request that was included in the LDAP
 *                    message that was received.
 * @param  controls   The set of controls included in the LDAP message.  It
 *                    may be empty if there were no controls, but will not be
 *                    {@code null}.
 *
 * @return  The {@link LDAPMessage} containing the response to send to the
 *          client.  The protocol op in the {@code LDAPMessage} must be an
 *          {@code ModifyDNResponseProtocolOp}.
 */
@Override()
@NotNull()
public LDAPMessage processModifyDNRequest(final int messageID, @NotNull final ModifyDNRequestProtocolOp request, @NotNull final List<Control> controls) {
    synchronized (entryMap) {
        // Sleep before processing, if appropriate.
        sleepBeforeProcessing();
        // Process the provided request controls.
        final Map<String, Control> controlMap;
        try {
            controlMap = RequestControlPreProcessor.processControls(LDAPMessage.PROTOCOL_OP_TYPE_MODIFY_DN_REQUEST, controls);
        } catch (final LDAPException le) {
            Debug.debugException(le);
            return new LDAPMessage(messageID, new ModifyDNResponseProtocolOp(le.getResultCode().intValue(), null, le.getMessage(), null));
        }
        final ArrayList<Control> responseControls = new ArrayList<>(1);
        // If this operation type is not allowed, then reject it.
        final boolean isInternalOp = controlMap.containsKey(OID_INTERNAL_OPERATION_REQUEST_CONTROL);
        if ((!isInternalOp) && (!config.getAllowedOperationTypes().contains(OperationType.MODIFY_DN))) {
            return new LDAPMessage(messageID, new ModifyDNResponseProtocolOp(ResultCode.UNWILLING_TO_PERFORM_INT_VALUE, null, ERR_MEM_HANDLER_MODIFY_DN_NOT_ALLOWED.get(), null));
        }
        // client is authenticated.
        if ((authenticatedDN.isNullDN() && config.getAuthenticationRequiredOperationTypes().contains(OperationType.MODIFY_DN))) {
            return new LDAPMessage(messageID, new ModifyDNResponseProtocolOp(ResultCode.INSUFFICIENT_ACCESS_RIGHTS_INT_VALUE, null, ERR_MEM_HANDLER_MODIFY_DN_REQUIRES_AUTH.get(), null));
        }
        // without actually doing any further processing.
        try {
            final ASN1OctetString txnID = processTransactionRequest(messageID, request, controlMap);
            if (txnID != null) {
                return new LDAPMessage(messageID, new ModifyDNResponseProtocolOp(ResultCode.SUCCESS_INT_VALUE, null, INFO_MEM_HANDLER_OP_IN_TXN.get(txnID.stringValue()), null));
            }
        } catch (final LDAPException le) {
            Debug.debugException(le);
            return new LDAPMessage(messageID, new ModifyDNResponseProtocolOp(le.getResultCode().intValue(), le.getMatchedDN(), le.getDiagnosticMessage(), StaticUtils.toList(le.getReferralURLs())), le.getResponseControls());
        }
        // Get the parsed target DN, new RDN, and new superior DN values.
        final DN dn;
        final Schema schema = schemaRef.get();
        try {
            dn = new DN(request.getDN(), schema);
        } catch (final LDAPException le) {
            Debug.debugException(le);
            return new LDAPMessage(messageID, new ModifyDNResponseProtocolOp(ResultCode.INVALID_DN_SYNTAX_INT_VALUE, null, ERR_MEM_HANDLER_MOD_DN_MALFORMED_DN.get(request.getDN(), le.getMessage()), null));
        }
        final RDN newRDN;
        try {
            newRDN = new RDN(request.getNewRDN(), schema);
        } catch (final LDAPException le) {
            Debug.debugException(le);
            return new LDAPMessage(messageID, new ModifyDNResponseProtocolOp(ResultCode.INVALID_DN_SYNTAX_INT_VALUE, null, ERR_MEM_HANDLER_MOD_DN_MALFORMED_NEW_RDN.get(request.getDN(), request.getNewRDN(), le.getMessage()), null));
        }
        final DN newSuperiorDN;
        final String newSuperiorString = request.getNewSuperiorDN();
        if (newSuperiorString == null) {
            newSuperiorDN = null;
        } else {
            try {
                newSuperiorDN = new DN(newSuperiorString, schema);
            } catch (final LDAPException le) {
                Debug.debugException(le);
                return new LDAPMessage(messageID, new ModifyDNResponseProtocolOp(ResultCode.INVALID_DN_SYNTAX_INT_VALUE, null, ERR_MEM_HANDLER_MOD_DN_MALFORMED_NEW_SUPERIOR.get(request.getDN(), request.getNewSuperiorDN(), le.getMessage()), null));
            }
        }
        // See if the target entry or one of its superiors is a smart referral.
        if (!controlMap.containsKey(ManageDsaITRequestControl.MANAGE_DSA_IT_REQUEST_OID)) {
            final Entry referralEntry = findNearestReferral(dn);
            if (referralEntry != null) {
                return new LDAPMessage(messageID, new ModifyDNResponseProtocolOp(ResultCode.REFERRAL_INT_VALUE, referralEntry.getDN(), INFO_MEM_HANDLER_REFERRAL_ENCOUNTERED.get(), getReferralURLs(dn, referralEntry)));
            }
        }
        // changelog entry.
        if (dn.isNullDN()) {
            return new LDAPMessage(messageID, new ModifyDNResponseProtocolOp(ResultCode.UNWILLING_TO_PERFORM_INT_VALUE, null, ERR_MEM_HANDLER_MOD_DN_ROOT_DSE.get(), null));
        } else if (dn.equals(subschemaSubentryDN)) {
            return new LDAPMessage(messageID, new ModifyDNResponseProtocolOp(ResultCode.UNWILLING_TO_PERFORM_INT_VALUE, null, ERR_MEM_HANDLER_MOD_DN_SOURCE_IS_SCHEMA.get(), null));
        } else if (dn.isDescendantOf(changeLogBaseDN, true)) {
            return new LDAPMessage(messageID, new ModifyDNResponseProtocolOp(ResultCode.UNWILLING_TO_PERFORM_INT_VALUE, null, ERR_MEM_HANDLER_MOD_DN_SOURCE_IS_CHANGELOG.get(), null));
        }
        // Construct the new DN.
        final DN newDN;
        if (newSuperiorDN == null) {
            final DN originalParent = dn.getParent();
            if (originalParent == null) {
                newDN = new DN(newRDN);
            } else {
                newDN = new DN(newRDN, originalParent);
            }
        } else {
            newDN = new DN(newRDN, newSuperiorDN);
        }
        // If the new DN matches the old DN, then fail.
        if (newDN.equals(dn)) {
            return new LDAPMessage(messageID, new ModifyDNResponseProtocolOp(ResultCode.UNWILLING_TO_PERFORM_INT_VALUE, null, ERR_MEM_HANDLER_MOD_DN_NEW_DN_SAME_AS_OLD.get(request.getDN()), null));
        }
        // If the new DN is below a smart referral, then fail.
        if (!controlMap.containsKey(ManageDsaITRequestControl.MANAGE_DSA_IT_REQUEST_OID)) {
            final Entry referralEntry = findNearestReferral(newDN);
            if (referralEntry != null) {
                return new LDAPMessage(messageID, new ModifyDNResponseProtocolOp(ResultCode.UNWILLING_TO_PERFORM_INT_VALUE, referralEntry.getDN(), ERR_MEM_HANDLER_MOD_DN_NEW_DN_BELOW_REFERRAL.get(request.getDN(), referralEntry.getDN().toString(), newDN.toString()), null));
            }
        }
        // If the target entry doesn't exist, then fail.
        final Entry originalEntry = entryMap.get(dn);
        if (originalEntry == null) {
            return new LDAPMessage(messageID, new ModifyDNResponseProtocolOp(ResultCode.NO_SUCH_OBJECT_INT_VALUE, getMatchedDNString(dn), ERR_MEM_HANDLER_MOD_DN_NO_SUCH_ENTRY.get(request.getDN()), null));
        }
        // If the new DN matches the subschema subentry DN, then fail.
        if (newDN.equals(subschemaSubentryDN)) {
            return new LDAPMessage(messageID, new ModifyDNResponseProtocolOp(ResultCode.ENTRY_ALREADY_EXISTS_INT_VALUE, null, ERR_MEM_HANDLER_MOD_DN_TARGET_IS_SCHEMA.get(request.getDN(), newDN.toString()), null));
        }
        // If the new DN is at or below the changelog base DN, then fail.
        if (newDN.isDescendantOf(changeLogBaseDN, true)) {
            return new LDAPMessage(messageID, new ModifyDNResponseProtocolOp(ResultCode.UNWILLING_TO_PERFORM_INT_VALUE, null, ERR_MEM_HANDLER_MOD_DN_TARGET_IS_CHANGELOG.get(request.getDN(), newDN.toString()), null));
        }
        // If the new DN already exists, then fail.
        if (entryMap.containsKey(newDN)) {
            return new LDAPMessage(messageID, new ModifyDNResponseProtocolOp(ResultCode.ENTRY_ALREADY_EXISTS_INT_VALUE, null, ERR_MEM_HANDLER_MOD_DN_TARGET_ALREADY_EXISTS.get(request.getDN(), newDN.toString()), null));
        }
        // fail.
        if (baseDNs.contains(newDN)) {
        // The modify DN can be processed.
        } else {
            final DN newParent = newDN.getParent();
            if ((newParent != null) && entryMap.containsKey(newParent)) {
            // The modify DN can be processed.
            } else {
                return new LDAPMessage(messageID, new ModifyDNResponseProtocolOp(ResultCode.NO_SUCH_OBJECT_INT_VALUE, getMatchedDNString(newDN), ERR_MEM_HANDLER_MOD_DN_PARENT_DOESNT_EXIST.get(request.getDN(), newDN.toString()), null));
            }
        }
        // Create a copy of the entry and update it to reflect the new DN (with
        // attribute value changes).
        final RDN originalRDN = dn.getRDN();
        final Entry updatedEntry = originalEntry.duplicate();
        updatedEntry.setDN(newDN);
        if (request.deleteOldRDN()) {
            final String[] oldRDNNames = originalRDN.getAttributeNames();
            final byte[][] oldRDNValues = originalRDN.getByteArrayAttributeValues();
            for (int i = 0; i < oldRDNNames.length; i++) {
                updatedEntry.removeAttributeValue(oldRDNNames[i], oldRDNValues[i]);
            }
        }
        final String[] newRDNNames = newRDN.getAttributeNames();
        final byte[][] newRDNValues = newRDN.getByteArrayAttributeValues();
        for (int i = 0; i < newRDNNames.length; i++) {
            final MatchingRule matchingRule = MatchingRule.selectEqualityMatchingRule(newRDNNames[i], schema);
            updatedEntry.addAttribute(new Attribute(newRDNNames[i], matchingRule, newRDNValues[i]));
        }
        // If a schema was provided, then make sure the updated entry conforms to
        // the schema.  Also, reject the attempt if any of the new RDN attributes
        // is marked with NO-USER-MODIFICATION.
        final EntryValidator entryValidator = entryValidatorRef.get();
        if (entryValidator != null) {
            final ArrayList<String> invalidReasons = new ArrayList<>(1);
            if (!entryValidator.entryIsValid(updatedEntry, invalidReasons)) {
                return new LDAPMessage(messageID, new ModifyDNResponseProtocolOp(ResultCode.OBJECT_CLASS_VIOLATION_INT_VALUE, null, ERR_MEM_HANDLER_MOD_DN_VIOLATES_SCHEMA.get(request.getDN(), StaticUtils.concatenateStrings(invalidReasons)), null));
            }
            final String[] oldRDNNames = originalRDN.getAttributeNames();
            for (int i = 0; i < oldRDNNames.length; i++) {
                final String name = oldRDNNames[i];
                final AttributeTypeDefinition at = schema.getAttributeType(name);
                if ((!isInternalOp) && (at != null) && at.isNoUserModification()) {
                    final byte[] value = originalRDN.getByteArrayAttributeValues()[i];
                    if (!updatedEntry.hasAttributeValue(name, value)) {
                        return new LDAPMessage(messageID, new ModifyDNResponseProtocolOp(ResultCode.CONSTRAINT_VIOLATION_INT_VALUE, null, ERR_MEM_HANDLER_MOD_DN_NO_USER_MOD.get(request.getDN(), name), null));
                    }
                }
            }
            for (int i = 0; i < newRDNNames.length; i++) {
                final String name = newRDNNames[i];
                final AttributeTypeDefinition at = schema.getAttributeType(name);
                if ((!isInternalOp) && (at != null) && at.isNoUserModification()) {
                    final byte[] value = newRDN.getByteArrayAttributeValues()[i];
                    if (!originalEntry.hasAttributeValue(name, value)) {
                        return new LDAPMessage(messageID, new ModifyDNResponseProtocolOp(ResultCode.CONSTRAINT_VIOLATION_INT_VALUE, null, ERR_MEM_HANDLER_MOD_DN_NO_USER_MOD.get(request.getDN(), name), null));
                    }
                }
            }
        }
        // Perform the appropriate processing for the assertion and proxied
        // authorization controls
        final DN authzDN;
        try {
            handleAssertionRequestControl(controlMap, originalEntry);
            authzDN = handleProxiedAuthControl(controlMap);
        } catch (final LDAPException le) {
            Debug.debugException(le);
            return new LDAPMessage(messageID, new ModifyDNResponseProtocolOp(le.getResultCode().intValue(), null, le.getMessage(), null));
        }
        // attributes.
        if (generateOperationalAttributes) {
            updatedEntry.setAttribute(new Attribute("modifiersName", DistinguishedNameMatchingRule.getInstance(), authzDN.toString()));
            updatedEntry.setAttribute(new Attribute("modifyTimestamp", GeneralizedTimeMatchingRule.getInstance(), StaticUtils.encodeGeneralizedTime(new Date())));
            updatedEntry.setAttribute(new Attribute("entryDN", DistinguishedNameMatchingRule.getInstance(), newDN.toNormalizedString()));
        }
        // Perform the appropriate processing for the pre-read and post-read
        // controls.
        final PreReadResponseControl preReadResponse = handlePreReadControl(controlMap, originalEntry);
        if (preReadResponse != null) {
            responseControls.add(preReadResponse);
        }
        final PostReadResponseControl postReadResponse = handlePostReadControl(controlMap, updatedEntry);
        if (postReadResponse != null) {
            responseControls.add(postReadResponse);
        }
        // Remove the old entry and add the new one.
        entryMap.remove(dn);
        entryMap.put(newDN, new ReadOnlyEntry(updatedEntry));
        indexDelete(originalEntry);
        indexAdd(updatedEntry);
        // If the target entry had any subordinates, then rename them as well.
        final RDN[] oldDNComps = dn.getRDNs();
        final RDN[] newDNComps = newDN.getRDNs();
        final Set<DN> dnSet = new LinkedHashSet<>(entryMap.keySet());
        for (final DN mapEntryDN : dnSet) {
            if (mapEntryDN.isDescendantOf(dn, false)) {
                final Entry o = entryMap.remove(mapEntryDN);
                final Entry e = o.duplicate();
                final RDN[] oldMapEntryComps = mapEntryDN.getRDNs();
                final int compsToSave = oldMapEntryComps.length - oldDNComps.length;
                final RDN[] newMapEntryComps = new RDN[compsToSave + newDNComps.length];
                System.arraycopy(oldMapEntryComps, 0, newMapEntryComps, 0, compsToSave);
                System.arraycopy(newDNComps, 0, newMapEntryComps, compsToSave, newDNComps.length);
                final DN newMapEntryDN = new DN(newMapEntryComps);
                e.setDN(newMapEntryDN);
                if (generateOperationalAttributes) {
                    e.setAttribute(new Attribute("entryDN", DistinguishedNameMatchingRule.getInstance(), newMapEntryDN.toNormalizedString()));
                }
                entryMap.put(newMapEntryDN, new ReadOnlyEntry(e));
                indexDelete(o);
                indexAdd(e);
                handleReferentialIntegrityModifyDN(mapEntryDN, newMapEntryDN);
            }
        }
        addChangeLogEntry(request, authzDN);
        handleReferentialIntegrityModifyDN(dn, newDN);
        return new LDAPMessage(messageID, new ModifyDNResponseProtocolOp(ResultCode.SUCCESS_INT_VALUE, null, null, null), responseControls);
    }
}

Example 2 with PostReadResponseControl

use of com.unboundid.ldap.sdk.controls.PostReadResponseControl in project ldapsdk by pingidentity.

the class InMemoryRequestHandler method processAddRequest.

/**
 * Attempts to add an entry to the in-memory data set.  The attempt will fail
 * if any of the following conditions is true:
 * <UL>
 *   <LI>There is a problem with any of the request controls.</LI>
 *   <LI>The provided entry has a malformed DN.</LI>
 *   <LI>The provided entry has the null DN.</LI>
 *   <LI>The provided entry has a DN that is the same as or subordinate to the
 *       subschema subentry.</LI>
 *   <LI>The provided entry has a DN that is the same as or subordinate to the
 *       changelog base entry.</LI>
 *   <LI>An entry already exists with the same DN as the entry in the provided
 *       request.</LI>
 *   <LI>The entry is outside the set of base DNs for the server.</LI>
 *   <LI>The entry is below one of the defined base DNs but the immediate
 *       parent entry does not exist.</LI>
 *   <LI>If a schema was provided, and the entry is not valid according to the
 *       constraints of that schema.</LI>
 * </UL>
 *
 * @param  messageID  The message ID of the LDAP message containing the add
 *                    request.
 * @param  request    The add request that was included in the LDAP message
 *                    that was received.
 * @param  controls   The set of controls included in the LDAP message.  It
 *                    may be empty if there were no controls, but will not be
 *                    {@code null}.
 *
 * @return  The {@link LDAPMessage} containing the response to send to the
 *          client.  The protocol op in the {@code LDAPMessage} must be an
 *          {@code AddResponseProtocolOp}.
 */
@Override()
@NotNull()
public LDAPMessage processAddRequest(final int messageID, @NotNull final AddRequestProtocolOp request, @NotNull final List<Control> controls) {
    synchronized (entryMap) {
        // Sleep before processing, if appropriate.
        sleepBeforeProcessing();
        // Process the provided request controls.
        final Map<String, Control> controlMap;
        try {
            controlMap = RequestControlPreProcessor.processControls(LDAPMessage.PROTOCOL_OP_TYPE_ADD_REQUEST, controls);
        } catch (final LDAPException le) {
            Debug.debugException(le);
            return new LDAPMessage(messageID, new AddResponseProtocolOp(le.getResultCode().intValue(), null, le.getMessage(), null));
        }
        final ArrayList<Control> responseControls = new ArrayList<>(1);
        // If this operation type is not allowed, then reject it.
        final boolean isInternalOp = controlMap.containsKey(OID_INTERNAL_OPERATION_REQUEST_CONTROL);
        if ((!isInternalOp) && (!config.getAllowedOperationTypes().contains(OperationType.ADD))) {
            return new LDAPMessage(messageID, new AddResponseProtocolOp(ResultCode.UNWILLING_TO_PERFORM_INT_VALUE, null, ERR_MEM_HANDLER_ADD_NOT_ALLOWED.get(), null));
        }
        // client is authenticated.
        if ((authenticatedDN.isNullDN() && config.getAuthenticationRequiredOperationTypes().contains(OperationType.ADD))) {
            return new LDAPMessage(messageID, new AddResponseProtocolOp(ResultCode.INSUFFICIENT_ACCESS_RIGHTS_INT_VALUE, null, ERR_MEM_HANDLER_ADD_REQUIRES_AUTH.get(), null));
        }
        // actually doing any further processing.
        try {
            final ASN1OctetString txnID = processTransactionRequest(messageID, request, controlMap);
            if (txnID != null) {
                return new LDAPMessage(messageID, new AddResponseProtocolOp(ResultCode.SUCCESS_INT_VALUE, null, INFO_MEM_HANDLER_OP_IN_TXN.get(txnID.stringValue()), null));
            }
        } catch (final LDAPException le) {
            Debug.debugException(le);
            return new LDAPMessage(messageID, new AddResponseProtocolOp(le.getResultCode().intValue(), le.getMatchedDN(), le.getDiagnosticMessage(), StaticUtils.toList(le.getReferralURLs())), le.getResponseControls());
        }
        // Get the entry to be added.  If a schema was provided, then make sure
        // the attributes are created with the appropriate matching rules.
        final Entry entry;
        final Schema schema = schemaRef.get();
        if (schema == null) {
            entry = new Entry(request.getDN(), request.getAttributes());
        } else {
            final List<Attribute> providedAttrs = request.getAttributes();
            final List<Attribute> newAttrs = new ArrayList<>(providedAttrs.size());
            for (final Attribute a : providedAttrs) {
                final String baseName = a.getBaseName();
                final MatchingRule matchingRule = MatchingRule.selectEqualityMatchingRule(baseName, schema);
                newAttrs.add(new Attribute(a.getName(), matchingRule, a.getRawValues()));
            }
            entry = new Entry(request.getDN(), schema, newAttrs);
        }
        // Make sure that the DN is valid.
        final DN dn;
        try {
            dn = entry.getParsedDN();
        } catch (final LDAPException le) {
            Debug.debugException(le);
            return new LDAPMessage(messageID, new AddResponseProtocolOp(ResultCode.INVALID_DN_SYNTAX_INT_VALUE, null, ERR_MEM_HANDLER_ADD_MALFORMED_DN.get(request.getDN(), le.getMessage()), null));
        }
        // entry.
        if (dn.isNullDN()) {
            return new LDAPMessage(messageID, new AddResponseProtocolOp(ResultCode.ENTRY_ALREADY_EXISTS_INT_VALUE, null, ERR_MEM_HANDLER_ADD_ROOT_DSE.get(), null));
        } else if (dn.isDescendantOf(subschemaSubentryDN, true)) {
            return new LDAPMessage(messageID, new AddResponseProtocolOp(ResultCode.ENTRY_ALREADY_EXISTS_INT_VALUE, null, ERR_MEM_HANDLER_ADD_SCHEMA.get(subschemaSubentryDN.toString()), null));
        } else if (dn.isDescendantOf(changeLogBaseDN, true)) {
            return new LDAPMessage(messageID, new AddResponseProtocolOp(ResultCode.UNWILLING_TO_PERFORM_INT_VALUE, null, ERR_MEM_HANDLER_ADD_CHANGELOG.get(changeLogBaseDN.toString()), null));
        }
        // See if there is a referral at or above the target entry.
        if (!controlMap.containsKey(ManageDsaITRequestControl.MANAGE_DSA_IT_REQUEST_OID)) {
            final Entry referralEntry = findNearestReferral(dn);
            if (referralEntry != null) {
                return new LDAPMessage(messageID, new AddResponseProtocolOp(ResultCode.REFERRAL_INT_VALUE, referralEntry.getDN(), INFO_MEM_HANDLER_REFERRAL_ENCOUNTERED.get(), getReferralURLs(dn, referralEntry)));
            }
        }
        // See if another entry exists with the same DN.
        if (entryMap.containsKey(dn)) {
            return new LDAPMessage(messageID, new AddResponseProtocolOp(ResultCode.ENTRY_ALREADY_EXISTS_INT_VALUE, null, ERR_MEM_HANDLER_ADD_ALREADY_EXISTS.get(request.getDN()), null));
        }
        // Make sure that all RDN attribute values are present in the entry.
        final RDN rdn = dn.getRDN();
        final String[] rdnAttrNames = rdn.getAttributeNames();
        final byte[][] rdnAttrValues = rdn.getByteArrayAttributeValues();
        for (int i = 0; i < rdnAttrNames.length; i++) {
            final MatchingRule matchingRule = MatchingRule.selectEqualityMatchingRule(rdnAttrNames[i], schema);
            entry.addAttribute(new Attribute(rdnAttrNames[i], matchingRule, rdnAttrValues[i]));
        }
        // Make sure that all superior object classes are present in the entry.
        if (schema != null) {
            final String[] objectClasses = entry.getObjectClassValues();
            if (objectClasses != null) {
                final LinkedHashMap<String, String> ocMap = new LinkedHashMap<>(StaticUtils.computeMapCapacity(objectClasses.length));
                for (final String ocName : objectClasses) {
                    final ObjectClassDefinition oc = schema.getObjectClass(ocName);
                    if (oc == null) {
                        ocMap.put(StaticUtils.toLowerCase(ocName), ocName);
                    } else {
                        ocMap.put(StaticUtils.toLowerCase(oc.getNameOrOID()), ocName);
                        for (final ObjectClassDefinition supClass : oc.getSuperiorClasses(schema, true)) {
                            ocMap.put(StaticUtils.toLowerCase(supClass.getNameOrOID()), supClass.getNameOrOID());
                        }
                    }
                }
                final String[] newObjectClasses = new String[ocMap.size()];
                ocMap.values().toArray(newObjectClasses);
                entry.setAttribute("objectClass", newObjectClasses);
            }
        }
        // If a schema was provided, then make sure the entry complies with it.
        // Also make sure that there are no attributes marked with
        // NO-USER-MODIFICATION.
        final EntryValidator entryValidator = entryValidatorRef.get();
        if (entryValidator != null) {
            final ArrayList<String> invalidReasons = new ArrayList<>(1);
            if (!entryValidator.entryIsValid(entry, invalidReasons)) {
                return new LDAPMessage(messageID, new AddResponseProtocolOp(ResultCode.OBJECT_CLASS_VIOLATION_INT_VALUE, null, ERR_MEM_HANDLER_ADD_VIOLATES_SCHEMA.get(request.getDN(), StaticUtils.concatenateStrings(invalidReasons)), null));
            }
            if ((!isInternalOp) && (schema != null) && (!controlMap.containsKey(IgnoreNoUserModificationRequestControl.IGNORE_NO_USER_MODIFICATION_REQUEST_OID))) {
                for (final Attribute a : entry.getAttributes()) {
                    final AttributeTypeDefinition at = schema.getAttributeType(a.getBaseName());
                    if ((at != null) && at.isNoUserModification()) {
                        return new LDAPMessage(messageID, new AddResponseProtocolOp(ResultCode.CONSTRAINT_VIOLATION_INT_VALUE, null, ERR_MEM_HANDLER_ADD_CONTAINS_NO_USER_MOD.get(request.getDN(), a.getName()), null));
                    }
                }
            }
        }
        // If the entry contains a proxied authorization control, then process it.
        final DN authzDN;
        try {
            authzDN = handleProxiedAuthControl(controlMap);
        } catch (final LDAPException le) {
            Debug.debugException(le);
            return new LDAPMessage(messageID, new AddResponseProtocolOp(le.getResultCode().intValue(), null, le.getMessage(), null));
        }
        // Add a number of operational attributes to the entry.
        if (generateOperationalAttributes) {
            final Date d = new Date();
            if (!entry.hasAttribute("entryDN")) {
                entry.addAttribute(new Attribute("entryDN", DistinguishedNameMatchingRule.getInstance(), dn.toNormalizedString()));
            }
            if (!entry.hasAttribute("entryUUID")) {
                entry.addAttribute(new Attribute("entryUUID", CryptoHelper.getRandomUUID().toString()));
            }
            if (!entry.hasAttribute("subschemaSubentry")) {
                entry.addAttribute(new Attribute("subschemaSubentry", DistinguishedNameMatchingRule.getInstance(), subschemaSubentryDN.toString()));
            }
            if (!entry.hasAttribute("creatorsName")) {
                entry.addAttribute(new Attribute("creatorsName", DistinguishedNameMatchingRule.getInstance(), authzDN.toString()));
            }
            if (!entry.hasAttribute("createTimestamp")) {
                entry.addAttribute(new Attribute("createTimestamp", GeneralizedTimeMatchingRule.getInstance(), StaticUtils.encodeGeneralizedTime(d)));
            }
            if (!entry.hasAttribute("modifiersName")) {
                entry.addAttribute(new Attribute("modifiersName", DistinguishedNameMatchingRule.getInstance(), authzDN.toString()));
            }
            if (!entry.hasAttribute("modifyTimestamp")) {
                entry.addAttribute(new Attribute("modifyTimestamp", GeneralizedTimeMatchingRule.getInstance(), StaticUtils.encodeGeneralizedTime(d)));
            }
        }
        // now.
        try {
            handleAssertionRequestControl(controlMap, entry);
        } catch (final LDAPException le) {
            Debug.debugException(le);
            return new LDAPMessage(messageID, new AddResponseProtocolOp(le.getResultCode().intValue(), null, le.getMessage(), null));
        }
        // values are properly encoded.
        if ((!passwordEncoders.isEmpty()) && (!configuredPasswordAttributes.isEmpty())) {
            final ReadOnlyEntry readOnlyEntry = new ReadOnlyEntry(entry.duplicate());
            for (final String passwordAttribute : configuredPasswordAttributes) {
                for (final Attribute attr : readOnlyEntry.getAttributesWithOptions(passwordAttribute, null)) {
                    final ArrayList<byte[]> newValues = new ArrayList<>(attr.size());
                    for (final ASN1OctetString value : attr.getRawValues()) {
                        try {
                            newValues.add(encodeAddPassword(value, readOnlyEntry, Collections.<Modification>emptyList()).getValue());
                        } catch (final LDAPException le) {
                            Debug.debugException(le);
                            return new LDAPMessage(messageID, new AddResponseProtocolOp(ResultCode.UNWILLING_TO_PERFORM_INT_VALUE, le.getMatchedDN(), le.getMessage(), null));
                        }
                    }
                    final byte[][] newValuesArray = new byte[newValues.size()][];
                    newValues.toArray(newValuesArray);
                    entry.setAttribute(new Attribute(attr.getName(), schema, newValuesArray));
                }
            }
        }
        // If the request includes the post-read request control, then create the
        // appropriate response control.
        final PostReadResponseControl postReadResponse = handlePostReadControl(controlMap, entry);
        if (postReadResponse != null) {
            responseControls.add(postReadResponse);
        }
        // add the entry.
        if (baseDNs.contains(dn)) {
            entryMap.put(dn, new ReadOnlyEntry(entry));
            indexAdd(entry);
            addChangeLogEntry(request, authzDN);
            return new LDAPMessage(messageID, new AddResponseProtocolOp(ResultCode.SUCCESS_INT_VALUE, null, null, null), responseControls);
        }
        // See if the parent entry exists.  If so, then we can add the entry.
        final DN parentDN = dn.getParent();
        if ((parentDN != null) && entryMap.containsKey(parentDN)) {
            entryMap.put(dn, new ReadOnlyEntry(entry));
            indexAdd(entry);
            addChangeLogEntry(request, authzDN);
            return new LDAPMessage(messageID, new AddResponseProtocolOp(ResultCode.SUCCESS_INT_VALUE, null, null, null), responseControls);
        }
        // within any of the configured base DNs.
        for (final DN baseDN : baseDNs) {
            if (dn.isDescendantOf(baseDN, true)) {
                return new LDAPMessage(messageID, new AddResponseProtocolOp(ResultCode.NO_SUCH_OBJECT_INT_VALUE, getMatchedDNString(dn), ERR_MEM_HANDLER_ADD_MISSING_PARENT.get(request.getDN(), dn.getParentString()), null));
            }
        }
        return new LDAPMessage(messageID, new AddResponseProtocolOp(ResultCode.NO_SUCH_OBJECT_INT_VALUE, null, ERR_MEM_HANDLER_ADD_NOT_BELOW_BASE_DN.get(request.getDN()), null));
    }
}

Example 3 with PostReadResponseControl

use of com.unboundid.ldap.sdk.controls.PostReadResponseControl in project ldapsdk by pingidentity.

the class InMemoryDirectoryServerLDAPInterfaceTestCase method testModifyDN.

/**
 * Provides test coverage for the methods that can be used to process modify
 * DN operations.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test()
public void testModifyDN() throws Exception {
    ds.restoreSnapshot(snapshot);
    ds.add("dn: ou=Users,dc=example,dc=com", "objectClass: top", "objectClass: organizationalUnit", "ou: Users");
    // Test the method that takes a DN, new RDN, and deleteOldRDN flag.
    LDAPResult modifyDNResult = ds.modifyDN("uid=test.user,ou=People,dc=example,dc=com", "uid=test.2", true);
    assertNotNull(modifyDNResult);
    assertEquals(modifyDNResult.getResultCode(), ResultCode.SUCCESS);
    // Test the method that takes a DN, new RDN, deleteOldRDN flag and a new
    // superior DN.
    modifyDNResult = ds.modifyDN("uid=test.2,ou=People,dc=example,dc=com", "uid=test.2", false, "ou=Users,dc=example,dc=com");
    assertNotNull(modifyDNResult);
    assertEquals(modifyDNResult.getResultCode(), ResultCode.SUCCESS);
    // Test the method that takes a modify DN request, with controls.
    final ModifyDNRequest modifyDNRequest = new ModifyDNRequest("uid=test.2,ou=Users,dc=example,dc=com", "uid=test.3", true);
    modifyDNRequest.addControl(new PreReadRequestControl("*", "+"));
    modifyDNRequest.addControl(new PostReadRequestControl("*", "+"));
    modifyDNResult = ds.modifyDN(modifyDNRequest);
    assertNotNull(modifyDNResult);
    assertEquals(modifyDNResult.getResultCode(), ResultCode.SUCCESS);
    assertTrue(modifyDNResult.hasResponseControl(PreReadResponseControl.PRE_READ_RESPONSE_OID));
    final PreReadResponseControl preReadResponse = PreReadResponseControl.get(modifyDNResult);
    assertNotNull(preReadResponse);
    assertTrue(preReadResponse.getEntry().hasAttributeValue("uid", "test.2"));
    assertTrue(modifyDNResult.hasResponseControl(PostReadResponseControl.POST_READ_RESPONSE_OID));
    final PostReadResponseControl postReadResponse = PostReadResponseControl.get(modifyDNResult);
    assertNotNull(postReadResponse);
    assertTrue(postReadResponse.getEntry().hasAttributeValue("uid", "test.3"));
    // Test the method that takes a read-only modify DN request.
    final ReadOnlyModifyDNRequest readOnlyModifyDNRequest = new ModifyDNRequest("uid=test.3,ou=Users,dc=example,dc=com", "uid=test.4", true);
    modifyDNResult = ds.modifyDN(readOnlyModifyDNRequest);
    assertNotNull(modifyDNResult);
    assertEquals(modifyDNResult.getResultCode(), ResultCode.SUCCESS);
}

Example 4 with PostReadResponseControl

use of com.unboundid.ldap.sdk.controls.PostReadResponseControl in project ldapsdk by pingidentity.

the class TransactionExtendedOperationHandlerTestCase method testTransactionWithControls.

/**
 * Provides a test case for a completely successful transaction that includes
 * request and response controls for the associated operations.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test()
public void testTransactionWithControls() throws Exception {
    final TestUnsolicitedNotificationHandler unsolicitedNotificationHandler = new TestUnsolicitedNotificationHandler();
    final LDAPConnectionOptions connectionOptions = new LDAPConnectionOptions();
    connectionOptions.setUnsolicitedNotificationHandler(unsolicitedNotificationHandler);
    final InMemoryDirectoryServer ds = getTestDS(true, true);
    final LDAPConnection conn = ds.getConnection(connectionOptions);
    assertEquals(unsolicitedNotificationHandler.getNotificationCount(), 0);
    ds.assertEntryExists("dc=example,dc=com");
    ds.assertEntryExists("ou=People,dc=example,dc=com");
    ds.assertEntryExists("uid=test.user,ou=People,dc=example,dc=com");
    ds.assertEntryMissing("ou=test,dc=example,dc=com");
    ds.assertEntryMissing("uid=test.user,ou=test,dc=example,dc=com");
    final StartTransactionExtendedResult startTxnResult = (StartTransactionExtendedResult) conn.processExtendedOperation(new StartTransactionExtendedRequest());
    assertResultCodeEquals(startTxnResult, ResultCode.SUCCESS);
    final ASN1OctetString txnID = startTxnResult.getTransactionID();
    assertNotNull(txnID);
    final TransactionSpecificationRequestControl txnControl = new TransactionSpecificationRequestControl(txnID);
    ds.assertEntryExists("dc=example,dc=com");
    ds.assertEntryExists("ou=People,dc=example,dc=com");
    ds.assertEntryExists("uid=test.user,ou=People,dc=example,dc=com");
    ds.assertEntryMissing("ou=test,dc=example,dc=com");
    ds.assertEntryMissing("uid=test.user,ou=test,dc=example,dc=com");
    final AddRequest addRequest = new AddRequest("dn: ou=test,dc=example,dc=com", "objectClass: top", "objectClass: organizationalUnit", "ou: test");
    final PostReadRequestControl postReadRequestControl = new PostReadRequestControl("*", "+");
    addRequest.setControls(txnControl, postReadRequestControl);
    assertResultCodeEquals(conn, addRequest, ResultCode.SUCCESS);
    ds.assertEntryExists("dc=example,dc=com");
    ds.assertEntryExists("ou=People,dc=example,dc=com");
    ds.assertEntryExists("uid=test.user,ou=People,dc=example,dc=com");
    ds.assertEntryMissing("ou=test,dc=example,dc=com");
    ds.assertEntryMissing("uid=test.user,ou=test,dc=example,dc=com");
    final ModifyRequest modifyRequest = new ModifyRequest("dn: uid=test.user,ou=People,dc=example,dc=com", "changeType: modify", "replace: description", "description: foo");
    final PreReadRequestControl preReadRequestControl = new PreReadRequestControl("*", "+");
    modifyRequest.setControls(txnControl, preReadRequestControl, postReadRequestControl);
    assertResultCodeEquals(conn, modifyRequest, ResultCode.SUCCESS);
    ds.assertEntryExists("dc=example,dc=com");
    ds.assertEntryExists("ou=People,dc=example,dc=com");
    ds.assertEntryExists("uid=test.user,ou=People,dc=example,dc=com");
    ds.assertEntryMissing("ou=test,dc=example,dc=com");
    ds.assertEntryMissing("uid=test.user,ou=test,dc=example,dc=com");
    final ModifyDNRequest modifyDNRequest = new ModifyDNRequest("uid=test.user,ou=People,dc=example,dc=com", "uid=test.user", false, "ou=test,dc=example,dc=com");
    modifyDNRequest.setControls(txnControl, preReadRequestControl, postReadRequestControl);
    assertResultCodeEquals(conn, modifyDNRequest, ResultCode.SUCCESS);
    ds.assertEntryExists("dc=example,dc=com");
    ds.assertEntryExists("ou=People,dc=example,dc=com");
    ds.assertEntryExists("uid=test.user,ou=People,dc=example,dc=com");
    ds.assertEntryMissing("ou=test,dc=example,dc=com");
    ds.assertEntryMissing("uid=test.user,ou=test,dc=example,dc=com");
    final DeleteRequest deleteRequest = new DeleteRequest("ou=People,dc=example,dc=com");
    deleteRequest.setControls(txnControl, preReadRequestControl);
    assertResultCodeEquals(conn, deleteRequest, ResultCode.SUCCESS);
    ds.assertEntryExists("dc=example,dc=com");
    ds.assertEntryExists("ou=People,dc=example,dc=com");
    ds.assertEntryExists("uid=test.user,ou=People,dc=example,dc=com");
    ds.assertEntryMissing("ou=test,dc=example,dc=com");
    ds.assertEntryMissing("uid=test.user,ou=test,dc=example,dc=com");
    final EndTransactionExtendedResult endTxnResult = (EndTransactionExtendedResult) conn.processExtendedOperation(new EndTransactionExtendedRequest(txnID, true));
    assertResultCodeEquals(endTxnResult, ResultCode.SUCCESS);
    assertTrue(endTxnResult.getFailedOpMessageID() < 0);
    assertNotNull(endTxnResult.getOperationResponseControls());
    assertFalse(endTxnResult.getOperationResponseControls().isEmpty());
    ds.assertEntryExists("dc=example,dc=com");
    ds.assertEntryExists("ou=test,dc=example,dc=com");
    ds.assertEntryExists("uid=test.user,ou=test,dc=example,dc=com");
    ds.assertEntryMissing("ou=People,dc=example,dc=com");
    ds.assertEntryMissing("uid=test.user,ou=People,dc=example,dc=com");
    final Control[] addControls = endTxnResult.getOperationResponseControls(addRequest.getLastMessageID());
    assertNotNull(addControls);
    assertEquals(addControls.length, 1);
    assertTrue(addControls[0] instanceof PostReadResponseControl);
    final Control[] modifyControls = endTxnResult.getOperationResponseControls(modifyRequest.getLastMessageID());
    assertNotNull(modifyControls);
    assertEquals(modifyControls.length, 2);
    assertTrue(modifyControls[0] instanceof PreReadResponseControl);
    assertTrue(modifyControls[1] instanceof PostReadResponseControl);
    final Control[] modifyDNControls = endTxnResult.getOperationResponseControls(modifyDNRequest.getLastMessageID());
    assertNotNull(modifyDNControls);
    assertEquals(modifyDNControls.length, 2);
    assertTrue(modifyDNControls[0] instanceof PreReadResponseControl);
    assertTrue(modifyDNControls[1] instanceof PostReadResponseControl);
    final Control[] deleteControls = endTxnResult.getOperationResponseControls(deleteRequest.getLastMessageID());
    assertNotNull(deleteControls);
    assertEquals(deleteControls.length, 1);
    assertTrue(deleteControls[0] instanceof PreReadResponseControl);
    conn.close();
    assertEquals(unsolicitedNotificationHandler.getNotificationCount(), 0);
}

Example 5 with PostReadResponseControl

use of com.unboundid.ldap.sdk.controls.PostReadResponseControl in project ldapsdk by pingidentity.

the class LDAPConnectionTestCase method testModifyWithPostReadControl.

/**
 * Provides test coverage for the ability to process a modify operation which
 * includes the post-read control.
 * <BR><BR>
 * Access to a Directory Server instance is required for complete processing.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test()
public void testModifyWithPostReadControl() throws Exception {
    if (!isDirectoryInstanceAvailable()) {
        return;
    }
    LDAPConnection c = new LDAPConnection();
    c.connect(getTestHost(), getTestPort(), getTestBindDN(), getTestBindPassword());
    c.add(new LDAPEntry(new Entry(getTestBaseDN(), getBaseEntryAttributes())));
    c.add(new LDAPEntry(new Entry("dn: ou=test," + getTestBaseDN(), "objectClass: top", "objectClass: organizationalUnit", "ou: test")));
    LDAPConstraints constraints = new LDAPConstraints();
    constraints.setServerControls(new LDAPControl(new PostReadRequestControl("description")));
    LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, new LDAPAttribute("description", "foo"));
    c.modify("ou=test," + getTestBaseDN(), mod, constraints);
    LDAPControl[] responseControls = c.getResponseControls();
    assertNotNull(responseControls);
    assertEquals(responseControls.length, 1);
    PostReadResponseControl postReadResponse = new PostReadResponseControl(responseControls[0].getID(), false, new ASN1OctetString(responseControls[0].getValue()));
    Entry e = postReadResponse.getEntry();
    assertNotNull(e);
    assertTrue(e.hasAttributeValue("description", "foo"));
    c.delete("ou=test," + getTestBaseDN());
    c.delete(getTestBaseDN());
    c.disconnect();
}