use of com.unboundid.ldap.sdk.unboundidds.controls.GetAuthorizationEntryResponseControl in project ldapsdk by pingidentity.
the class ResultUtils method addGetAuthorizationEntryResponseControl.
/**
* Adds a multi-line string representation of the provided control, which is
* expected to be a get authorization entry response control, to the given
* list.
*
* @param lines The list to which the lines should be added.
* @param c The control to be formatted.
* @param prefix The prefix to use for each line.
* @param maxWidth The maximum length of each line in characters, including
* the comment prefix and indent.
*/
private static void addGetAuthorizationEntryResponseControl(@NotNull final List<String> lines, @NotNull final Control c, @NotNull final String prefix, final int maxWidth) {
final GetAuthorizationEntryResponseControl decoded;
try {
decoded = new GetAuthorizationEntryResponseControl(c.getOID(), c.isCritical(), c.getValue());
} catch (final Exception e) {
Debug.debugException(e);
addGenericResponseControl(lines, c, prefix, maxWidth);
return;
}
wrap(lines, INFO_RESULT_UTILS_GET_AUTHZ_ENTRY_HEADER.get(), prefix, maxWidth);
final String indentPrefix = prefix + " ";
wrap(lines, INFO_RESULT_UTILS_RESPONSE_CONTROL_OID.get(c.getOID()), indentPrefix, maxWidth);
wrap(lines, INFO_RESULT_UTILS_GET_AUTHZ_ENTRY_IS_AUTHENTICATED.get(decoded.isAuthenticated()), indentPrefix, maxWidth);
if (!decoded.isAuthenticated()) {
return;
}
wrap(lines, INFO_RESULT_UTILS_GET_AUTHZ_ENTRY_IDS_MATCH.get(decoded.identitiesMatch()), indentPrefix, maxWidth);
final String authNID = decoded.getAuthNID();
if (authNID != null) {
wrap(lines, INFO_RESULT_UTILS_GET_AUTHZ_ENTRY_AUTHN_ID.get(authNID), indentPrefix, maxWidth);
}
final Entry authNEntry = decoded.getAuthNEntry();
if (authNEntry != null) {
wrap(lines, INFO_RESULT_UTILS_GET_AUTHZ_ENTRY_AUTHN_ENTRY_HEADER.get(), indentPrefix, maxWidth);
addLDIF(lines, authNEntry, true, indentPrefix + " ", maxWidth);
}
if (decoded.identitiesMatch()) {
return;
}
final String authZID = decoded.getAuthZID();
if (authZID != null) {
wrap(lines, INFO_RESULT_UTILS_GET_AUTHZ_ENTRY_AUTHZ_ID.get(authZID), indentPrefix, maxWidth);
}
final Entry authZEntry = decoded.getAuthZEntry();
if (authZEntry != null) {
wrap(lines, INFO_RESULT_UTILS_GET_AUTHZ_ENTRY_AUTHZ_ENTRY_HEADER.get(), indentPrefix, maxWidth);
addLDIF(lines, authZEntry, true, indentPrefix + " ", maxWidth);
}
}
use of com.unboundid.ldap.sdk.unboundidds.controls.GetAuthorizationEntryResponseControl in project ldapsdk by pingidentity.
the class ResultUtilsTestCase method getFormatResponseControlData.
/**
* Retrieves a set of data for testing the {@code formatResponseControl}
* method.
*
* @return The test data.
*
* @throws Exception If an unexpected problem occurs.
*/
@DataProvider(name = "formatResponseControlData")
public Iterator<Object[]> getFormatResponseControlData() throws Exception {
final LinkedList<Object[]> resultList = new LinkedList<Object[]>();
// A generic response control with no value.
resultList.add(new Object[] { new Control("1.2.3.4"), Arrays.asList("# Response Control:", "# OID: 1.2.3.4", "# Is Critical: false") });
// A generic response control with a value.
resultList.add(new Object[] { new Control("1.2.3.4", true, new ASN1OctetString("control value")), Arrays.asList("# Response Control:", "# OID: 1.2.3.4", "# Is Critical: true", "# Raw Value:", "# 63 6f 6e 74 72 6f 6c 20 76 61 6c 75 " + "65 control value") });
// A valid authorization identity response control.
resultList.add(new Object[] { new AuthorizationIdentityResponseControl("u:test.user"), Arrays.asList("# Authorization Identity Response Control:", "# OID: " + AuthorizationIdentityResponseControl.AUTHORIZATION_IDENTITY_RESPONSE_OID, "# Authorization ID: u:test.user") });
// An invalid authorization identity response control.
resultList.add(new Object[] { new Control(AuthorizationIdentityResponseControl.AUTHORIZATION_IDENTITY_RESPONSE_OID), Arrays.asList("# Response Control:", "# OID: " + AuthorizationIdentityResponseControl.AUTHORIZATION_IDENTITY_RESPONSE_OID, "# Is Critical: false") });
// A valid content synchronization done response control.
resultList.add(new Object[] { new ContentSyncDoneControl(new ASN1OctetString("cookie"), true), Arrays.asList("# Content Synchronization Done Response Control:", "# OID: " + ContentSyncDoneControl.SYNC_DONE_OID, "# Refresh Deletes: true", "# Cookie Data:", "# 63 6f 6f 6b 69 " + "65 cookie") });
// An invalid content synchronization done response control.
resultList.add(new Object[] { new Control(ContentSyncDoneControl.SYNC_DONE_OID), Arrays.asList("# Response Control:", "# OID: " + ContentSyncDoneControl.SYNC_DONE_OID, "# Is Critical: false") });
// A valid content synchronization state response control.
final UUID uuid = CryptoHelper.getRandomUUID();
resultList.add(new Object[] { new ContentSyncStateControl(ContentSyncState.MODIFY, uuid, new ASN1OctetString("cookie")), Arrays.asList("# Content Synchronization State Response Control:", "# OID: " + ContentSyncStateControl.SYNC_STATE_OID, "# Entry UUID: " + uuid.toString(), "# Synchronization State: MODIFY", "# Cookie Data:", "# 63 6f 6f 6b 69 " + "65 cookie") });
// An invalid content synchronization state response control.
resultList.add(new Object[] { new Control(ContentSyncStateControl.SYNC_STATE_OID), Arrays.asList("# Response Control:", "# OID: " + ContentSyncStateControl.SYNC_STATE_OID, "# Is Critical: false") });
// A valid entry change notification control.
resultList.add(new Object[] { new EntryChangeNotificationControl(PersistentSearchChangeType.MODIFY_DN, "ou=People,dc=example,dc=com", 123456789L), Arrays.asList("# Entry Change Notification Control:", "# OID: " + EntryChangeNotificationControl.ENTRY_CHANGE_NOTIFICATION_OID, "# Change Type: moddn", "# Change Number: 123456789", "# Previous DN: ou=People,dc=example,dc=com") });
// An invalid entry change notification control.
resultList.add(new Object[] { new Control(EntryChangeNotificationControl.ENTRY_CHANGE_NOTIFICATION_OID), Arrays.asList("# Response Control:", "# OID: " + EntryChangeNotificationControl.ENTRY_CHANGE_NOTIFICATION_OID, "# Is Critical: false") });
// A valid password expired control.
resultList.add(new Object[] { new PasswordExpiredControl(), Arrays.asList("# Password Expired Response Control:", "# OID: " + PasswordExpiredControl.PASSWORD_EXPIRED_OID) });
// An invalid password expired control.
resultList.add(new Object[] { new Control(PasswordExpiredControl.PASSWORD_EXPIRED_OID, false, new ASN1OctetString("control value")), Arrays.asList("# Response Control:", "# OID: " + PasswordExpiredControl.PASSWORD_EXPIRED_OID, "# Is Critical: false", "# Raw Value:", "# 63 6f 6e 74 72 6f 6c 20 76 61 6c 75 " + "65 control value") });
// A valid password expiring control.
resultList.add(new Object[] { new PasswordExpiringControl(12345), Arrays.asList("# Password Expiring Response Control:", "# OID: " + PasswordExpiringControl.PASSWORD_EXPIRING_OID, "# Seconds Until Expiration: 12345") });
// An invalid password expiring control.
resultList.add(new Object[] { new Control(PasswordExpiringControl.PASSWORD_EXPIRING_OID), Arrays.asList("# Response Control:", "# OID: " + PasswordExpiringControl.PASSWORD_EXPIRING_OID, "# Is Critical: false") });
// A valid post-read response control.
resultList.add(new Object[] { new PostReadResponseControl(new ReadOnlyEntry("dn: dc=example,dc=com", "objectClass: top", "objectClass: domain", "dc: example")), Arrays.asList("# Post-Read Response Control:", "# OID: " + PostReadResponseControl.POST_READ_RESPONSE_OID, "# Post-Read Entry:", "# dn: dc=example,dc=com", "# objectClass: top", "# objectClass: domain", "# dc: example") });
// An invalid post-read response control.
resultList.add(new Object[] { new Control(PostReadResponseControl.POST_READ_RESPONSE_OID), Arrays.asList("# Response Control:", "# OID: " + PostReadResponseControl.POST_READ_RESPONSE_OID, "# Is Critical: false") });
// A valid pre-read response control.
resultList.add(new Object[] { new PreReadResponseControl(new ReadOnlyEntry("dn: dc=example,dc=com", "objectClass: top", "objectClass: domain", "dc: example")), Arrays.asList("# Pre-Read Response Control:", "# OID: " + PreReadResponseControl.PRE_READ_RESPONSE_OID, "# Pre-Read Entry:", "# dn: dc=example,dc=com", "# objectClass: top", "# objectClass: domain", "# dc: example") });
// An invalid pre-read response control.
resultList.add(new Object[] { new Control(PreReadResponseControl.PRE_READ_RESPONSE_OID), Arrays.asList("# Response Control:", "# OID: " + PreReadResponseControl.PRE_READ_RESPONSE_OID, "# Is Critical: false") });
// A valid server-side sort response control.
resultList.add(new Object[] { new ServerSideSortResponseControl(ResultCode.INVALID_ATTRIBUTE_SYNTAX, "objectClass", false), Arrays.asList("# Server-Side Sort Response Control:", "# OID: " + ServerSideSortResponseControl.SERVER_SIDE_SORT_RESPONSE_OID, "# Result Code: 21 (invalid attribute syntax)", "# Attribute Name: objectClass") });
// An invalid server-side sort response control.
resultList.add(new Object[] { new Control(ServerSideSortResponseControl.SERVER_SIDE_SORT_RESPONSE_OID), Arrays.asList("# Response Control:", "# OID: " + ServerSideSortResponseControl.SERVER_SIDE_SORT_RESPONSE_OID, "# Is Critical: false") });
// A valid simple paged results response control.
resultList.add(new Object[] { new SimplePagedResultsControl(12345, new ASN1OctetString("cookie")), Arrays.asList("# Simple Paged Results Response Control:", "# OID: " + SimplePagedResultsControl.PAGED_RESULTS_OID, "# Estimated Total Result Set Size: 12345", "# Cookie Data:", "# 63 6f 6f 6b 69 " + "65 cookie") });
// An invalid simple paged results response control.
resultList.add(new Object[] { new Control(SimplePagedResultsControl.PAGED_RESULTS_OID), Arrays.asList("# Response Control:", "# OID: " + SimplePagedResultsControl.PAGED_RESULTS_OID, "# Is Critical: false") });
// A valid virtual list view response control.
resultList.add(new Object[] { new VirtualListViewResponseControl(12345, 67890, ResultCode.SUCCESS, new ASN1OctetString("cookie")), Arrays.asList("# Virtual List View Response Control:", "# OID: " + VirtualListViewResponseControl.VIRTUAL_LIST_VIEW_RESPONSE_OID, "# Result Code: 0 (success)", "# Estimated Content Count: 67890", "# Target Position: 12345", "# Context ID:", "# 63 6f 6f 6b 69 " + "65 cookie") });
// An invalid virtual list view response control.
resultList.add(new Object[] { new Control(VirtualListViewResponseControl.VIRTUAL_LIST_VIEW_RESPONSE_OID), Arrays.asList("# Response Control:", "# OID: " + VirtualListViewResponseControl.VIRTUAL_LIST_VIEW_RESPONSE_OID, "# Is Critical: false") });
// A valid account usable response control that indicates the account is
// usable.
resultList.add(new Object[] { new AccountUsableResponseControl(12345), Arrays.asList("# Account Usable Response Control:", "# OID: " + AccountUsableResponseControl.ACCOUNT_USABLE_RESPONSE_OID, "# Account Is Usable: true", "# Password Is Expired: false", "# Must Change Password: false", "# Account Is Inactive: false", "# Seconds Until Password Expiration: 12345") });
// A valid account usable response control that indicates the account is not
// usable.
resultList.add(new Object[] { new AccountUsableResponseControl(true, true, true, 12345, 67890), Arrays.asList("# Account Usable Response Control:", "# OID: " + AccountUsableResponseControl.ACCOUNT_USABLE_RESPONSE_OID, "# Account Is Usable: false", "# Unusable Reasons:", "# The account has been locked or deactivated.", "# The password must be changed before any " + "other operations will be allowed.", "# The password is expired.", "# 12345 grace logins are available.", "# The account will be automatically unlocked " + "in 67890 seconds.", "# Password Is Expired: true", "# Must Change Password: true", "# Account Is Inactive: true", "# Remaining Grace Logins: 12345", "# Seconds Until Account Unlock: 67890") });
// An invalid account usable response control.
resultList.add(new Object[] { new Control(AccountUsableResponseControl.ACCOUNT_USABLE_RESPONSE_OID), Arrays.asList("# Response Control:", "# OID: " + AccountUsableResponseControl.ACCOUNT_USABLE_RESPONSE_OID, "# Is Critical: false") });
// A valid assured replication response control that indicates the account
// is usable.
resultList.add(new Object[] { new AssuredReplicationResponseControl(AssuredReplicationLocalLevel.PROCESSED_ALL_SERVERS, true, "local message", AssuredReplicationRemoteLevel.RECEIVED_ANY_REMOTE_LOCATION, false, "remote message", "csn", Arrays.asList(new AssuredReplicationServerResult(AssuredReplicationServerResultCode.COMPLETE, (short) 12345, (short) 12346), new AssuredReplicationServerResult(AssuredReplicationServerResultCode.TIMEOUT, (short) 12347, (short) 12348))), Arrays.asList("# Assured Replication Response Control:", "# OID: " + AssuredReplicationResponseControl.ASSURED_REPLICATION_RESPONSE_OID, "# Change Sequence Number: csn", "# Local Assurance Level: PROCESSED_ALL_SERVERS", "# Local Assurance Satisfied: true", "# Local Assurance Message: local message", "# Remote Assurance Level: " + "RECEIVED_ANY_REMOTE_LOCATION", "# Remote Assurance Satisfied: false", "# Remote Assurance Message: remote message", "# Server Result:", "# Server Result Code: COMPLETE", "# Replication Server ID: 12345", "# Replica ID: 12346", "# Server Result:", "# Server Result Code: TIMEOUT", "# Replication Server ID: 12347", "# Replica ID: 12348") });
// An invalid assured replication response control.
resultList.add(new Object[] { new Control(AssuredReplicationResponseControl.ASSURED_REPLICATION_RESPONSE_OID), Arrays.asList("# Response Control:", "# OID: " + AssuredReplicationResponseControl.ASSURED_REPLICATION_RESPONSE_OID, "# Is Critical: false") });
// A valid generate password response control without a password expiration
// time.
resultList.add(new Object[] { new GeneratePasswordResponseControl("generated-password", false, (Long) null), Arrays.asList("# Generate Password Response Control:", "# OID: " + GeneratePasswordResponseControl.GENERATE_PASSWORD_RESPONSE_OID, "# Generated Password: generated-password", "# Must Change Password: false") });
// A valid generate password response control with a password expiration
// time.
resultList.add(new Object[] { new GeneratePasswordResponseControl("generated-password", true, 86400L), Arrays.asList("# Generate Password Response Control:", "# OID: " + GeneratePasswordResponseControl.GENERATE_PASSWORD_RESPONSE_OID, "# Generated Password: generated-password", "# Must Change Password: true", "# Seconds Until Expiration: 86400") });
// An invalid generate password response control.
resultList.add(new Object[] { new Control(GeneratePasswordResponseControl.GENERATE_PASSWORD_RESPONSE_OID), Arrays.asList("# Response Control:", "# OID: " + GeneratePasswordResponseControl.GENERATE_PASSWORD_RESPONSE_OID, "# Is Critical: false") });
// A valid get authorization entry response control for an unauthenticated
// connection.
resultList.add(new Object[] { new GetAuthorizationEntryResponseControl(false, true, "dn:", null, null, null), Arrays.asList("# Get Authorization Entry Response Control:", "# OID: " + GetAuthorizationEntryResponseControl.GET_AUTHORIZATION_ENTRY_RESPONSE_OID, "# Is Authenticated: false") });
// A valid get authorization entry response control for an authenticated
// connection in which the authentication and authorization identities
// match.
resultList.add(new Object[] { new GetAuthorizationEntryResponseControl(true, true, "u:test.user", new ReadOnlyEntry("dn: uid=test.user,ou=People,dc=example,dc=com", "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: test.user", "givenName: Test", "sn: User", "cn: Test User"), null, null), Arrays.asList("# Get Authorization Entry Response Control:", "# OID: " + GetAuthorizationEntryResponseControl.GET_AUTHORIZATION_ENTRY_RESPONSE_OID, "# Is Authenticated: true", "# Authentication and Authorization Identities " + "Match: true", "# Authentication Identity ID: u:test.user", "# Authentication Identity Entry:", "# dn: uid=test.user,ou=People,dc=example," + "dc=com", "# objectClass: top", "# objectClass: person", "# objectClass: organizationalPerson", "# objectClass: inetOrgPerson", "# uid: test.user", "# givenName: Test", "# sn: User", "# cn: Test User") });
// A valid get authorization entry response control for an authenticated
// connection in which the authentication and authorization identities
// differ.
resultList.add(new Object[] { new GetAuthorizationEntryResponseControl(true, false, "u:test.user", new ReadOnlyEntry("dn: uid=test.user,ou=People,dc=example,dc=com", "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: test.user", "givenName: Test", "sn: User", "cn: Test User"), "u:another.user", new ReadOnlyEntry("dn: uid=another.user,ou=People,dc=example,dc=com", "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: another.user", "givenName: Another", "sn: User", "cn: Another User")), Arrays.asList("# Get Authorization Entry Response Control:", "# OID: " + GetAuthorizationEntryResponseControl.GET_AUTHORIZATION_ENTRY_RESPONSE_OID, "# Is Authenticated: true", "# Authentication and Authorization Identities " + "Match: false", "# Authentication Identity ID: u:test.user", "# Authentication Identity Entry:", "# dn: uid=test.user,ou=People,dc=example," + "dc=com", "# objectClass: top", "# objectClass: person", "# objectClass: organizationalPerson", "# objectClass: inetOrgPerson", "# uid: test.user", "# givenName: Test", "# sn: User", "# cn: Test User", "# Authorization Identity ID: u:another.user", "# Authorization Identity Entry:", "# dn: uid=another.user,ou=People,dc=example," + "dc=com", "# objectClass: top", "# objectClass: person", "# objectClass: organizationalPerson", "# objectClass: inetOrgPerson", "# uid: another.user", "# givenName: Another", "# sn: User", "# cn: Another User") });
// An invalid get authorization identity response control.
resultList.add(new Object[] { new Control(GetAuthorizationEntryResponseControl.GET_AUTHORIZATION_ENTRY_RESPONSE_OID), Arrays.asList("# Response Control:", "# OID: " + GetAuthorizationEntryResponseControl.GET_AUTHORIZATION_ENTRY_RESPONSE_OID, "# Is Critical: false") });
// A valid get backend set ID response control with a single backend set ID.
resultList.add(new Object[] { new GetBackendSetIDResponseControl("rpID", "bsID"), Arrays.asList("# Get Backend Set ID Response Control:", "# OID: " + GetBackendSetIDResponseControl.GET_BACKEND_SET_ID_RESPONSE_OID, "# Entry-Balancing Request Processor ID: rpID", "# Backend Set ID: bsID") });
// A valid get backend set ID response control with multiple backend set
// IDs.
resultList.add(new Object[] { new GetBackendSetIDResponseControl("rpID", Arrays.asList("bs1", "bs2")), Arrays.asList("# Get Backend Set ID Response Control:", "# OID: " + GetBackendSetIDResponseControl.GET_BACKEND_SET_ID_RESPONSE_OID, "# Entry-Balancing Request Processor ID: rpID", "# Backend Set ID: bs1", "# Backend Set ID: bs2") });
// An invalid get backend set ID response control.
resultList.add(new Object[] { new Control(GetBackendSetIDResponseControl.GET_BACKEND_SET_ID_RESPONSE_OID), Arrays.asList("# Response Control:", "# OID: " + GetBackendSetIDResponseControl.GET_BACKEND_SET_ID_RESPONSE_OID, "# Is Critical: false") });
// A valid get password policy state issues response control without any
// issues.
resultList.add(new Object[] { new GetPasswordPolicyStateIssuesResponseControl(null, null, null), Arrays.asList("# Get Password Policy State Issues Response Control:", "# OID: " + GetPasswordPolicyStateIssuesResponseControl.GET_PASSWORD_POLICY_STATE_ISSUES_RESPONSE_OID) });
// A valid get password policy state issues response control with multiple
// notices, warnings, and errors, and an authentication failure reason
resultList.add(new Object[] { new GetPasswordPolicyStateIssuesResponseControl(Arrays.asList(new PasswordPolicyStateAccountUsabilityNotice(PasswordPolicyStateAccountUsabilityNotice.NOTICE_TYPE_IN_MINIMUM_PASSWORD_AGE, PasswordPolicyStateAccountUsabilityNotice.NOTICE_NAME_IN_MINIMUM_PASSWORD_AGE, "You can't change your password yet"), new PasswordPolicyStateAccountUsabilityNotice(PasswordPolicyStateAccountUsabilityNotice.NOTICE_TYPE_OUTSTANDING_RETIRED_PASSWORD, PasswordPolicyStateAccountUsabilityNotice.NOTICE_NAME_OUTSTANDING_RETIRED_PASSWORD, "You have a valid retired password")), Arrays.asList(new PasswordPolicyStateAccountUsabilityWarning(PasswordPolicyStateAccountUsabilityWarning.WARNING_TYPE_ACCOUNT_EXPIRING, PasswordPolicyStateAccountUsabilityWarning.WARNING_NAME_ACCOUNT_EXPIRING, "Your account will expire soon"), new PasswordPolicyStateAccountUsabilityWarning(PasswordPolicyStateAccountUsabilityWarning.WARNING_TYPE_PASSWORD_EXPIRING, PasswordPolicyStateAccountUsabilityWarning.WARNING_NAME_PASSWORD_EXPIRING, "Your password will expire soon")), Arrays.asList(new PasswordPolicyStateAccountUsabilityError(PasswordPolicyStateAccountUsabilityError.ERROR_TYPE_ACCOUNT_DISABLED, PasswordPolicyStateAccountUsabilityError.ERROR_NAME_ACCOUNT_DISABLED, "Your account is disabled"), new PasswordPolicyStateAccountUsabilityError(PasswordPolicyStateAccountUsabilityError.ERROR_TYPE_ACCOUNT_EXPIRED, PasswordPolicyStateAccountUsabilityError.ERROR_NAME_ACCOUNT_EXPIRED, "Your account is expired")), new AuthenticationFailureReason(AuthenticationFailureReason.FAILURE_TYPE_ACCOUNT_NOT_USABLE, AuthenticationFailureReason.FAILURE_NAME_ACCOUNT_NOT_USABLE, "Your account is not usable")), Arrays.asList("# Get Password Policy State Issues Response Control:", "# OID: " + GetPasswordPolicyStateIssuesResponseControl.GET_PASSWORD_POLICY_STATE_ISSUES_RESPONSE_OID, "# Authentication Failure Reason:", "# Failure Type: account-not-usable", "# Failure Message: Your account is not usable", "# Account Usability Error:", "# Error Name: account-disabled", "# Error Message: Your account is disabled", "# Account Usability Error:", "# Error Name: account-expired", "# Error Message: Your account is expired", "# Account Usability Warning:", "# Warning Name: account-expiring", "# Warning Message: Your account will expire " + "soon", "# Account Usability Warning:", "# Warning Name: password-expiring", "# Warning Message: Your password will " + "expire soon", "# Account Usability Notice:", "# Notice Name: in-minimum-password-age", "# Notice Message: You can't change your " + "password yet", "# Account Usability Notice:", "# Notice Name: outstanding-retired-password", "# Notice Message: You have a valid retired " + "password") });
// An invalid get password policy state issues response control.
resultList.add(new Object[] { new Control(GetPasswordPolicyStateIssuesResponseControl.GET_PASSWORD_POLICY_STATE_ISSUES_RESPONSE_OID), Arrays.asList("# Response Control:", "# OID: " + GetPasswordPolicyStateIssuesResponseControl.GET_PASSWORD_POLICY_STATE_ISSUES_RESPONSE_OID, "# Is Critical: false") });
// A valid get recent login history response control without any successful
// or failed attempts.
resultList.add(new Object[] { new GetRecentLoginHistoryResponseControl(new RecentLoginHistory(null, null)), Arrays.asList("# Get Recent Login History Response Control:", "# OID: " + GetRecentLoginHistoryResponseControl.GET_RECENT_LOGIN_HISTORY_RESPONSE_OID, "# No Successful Attempts", "# No Failed Attempts") });
// A valid get recent login history response control with both successful
// and failed attempts.
final long currentTime = System.currentTimeMillis();
final TreeSet<RecentLoginHistoryAttempt> successes = new TreeSet<>();
successes.add(new RecentLoginHistoryAttempt(true, currentTime, "simple", "1.2.3.4", null, 0L));
final TreeSet<RecentLoginHistoryAttempt> failures = new TreeSet<>();
failures.add(new RecentLoginHistoryAttempt(false, (currentTime - 5_000L), "simple", "1.2.3.4", "invalid-credentials", 1L));
RecentLoginHistory recentLoginHistory = new RecentLoginHistory(successes, failures);
resultList.add(new Object[] { new GetRecentLoginHistoryResponseControl(recentLoginHistory), Arrays.asList("# Get Recent Login History Response Control:", "# OID: " + GetRecentLoginHistoryResponseControl.GET_RECENT_LOGIN_HISTORY_RESPONSE_OID, "# Successful Attempt:", "# Timestamp: " + StaticUtils.encodeRFC3339Time(currentTime), "# Authentication Method: simple", "# Client IP Address: 1.2.3.4", "# Additional Attempt Count: 0", "# Failed Attempt:", "# Timestamp: " + StaticUtils.encodeRFC3339Time(currentTime - 5_000L), "# Authentication Method: simple", "# Client IP Address: 1.2.3.4", "# Failure Reason: invalid-credentials", "# Additional Attempt Count: 1") });
// An invalid recent login history response control.
resultList.add(new Object[] { new Control(GetRecentLoginHistoryResponseControl.GET_RECENT_LOGIN_HISTORY_RESPONSE_OID), Arrays.asList("# Response Control:", "# OID: " + GetRecentLoginHistoryResponseControl.GET_RECENT_LOGIN_HISTORY_RESPONSE_OID, "# Is Critical: false") });
// A valid get server ID response control.
resultList.add(new Object[] { new GetServerIDResponseControl("serverID"), Arrays.asList("# Get Server ID Response Control:", "# OID: " + GetServerIDResponseControl.GET_SERVER_ID_RESPONSE_OID, "# Server ID: serverID") });
// An invalid get server ID response control.
resultList.add(new Object[] { new Control(GetServerIDResponseControl.GET_SERVER_ID_RESPONSE_OID), Arrays.asList("# Response Control:", "# OID: " + GetServerIDResponseControl.GET_SERVER_ID_RESPONSE_OID, "# Is Critical: false") });
// A valid get user resource limits response control with a minimal set of
// fields and unlimited values where possible.
resultList.add(new Object[] { new GetUserResourceLimitsResponseControl(0L, 0L, 0L, 0L, null, null), Arrays.asList("# Get User Resource Limits Response Control:", "# OID: " + GetUserResourceLimitsResponseControl.GET_USER_RESOURCE_LIMITS_RESPONSE_OID, "# Size Limit: Unlimited", "# Time Limit: Unlimited", "# Idle Time Limit: Unlimited", "# Lookthrough Limit: Unlimited") });
// A valid get user resource limits response control with all fields and
// definite limits.
resultList.add(new Object[] { new GetUserResourceLimitsResponseControl(12345L, 67890L, 98765L, 54321L, "uid=equivalent.user,ou=People,dc=example,dc=com", "CCP", Arrays.asList("cn=Group 1,ou=Groups,dc=example,dc=com", "cn=Group 2,ou=Groups,dc=example,dc=com"), Arrays.asList("bypass-read-acl", "config-read"), Arrays.asList(new Attribute("other-attr-1", "value1"), new Attribute("other-attr-2", "value2"))), Arrays.asList("# Get User Resource Limits Response Control:", "# OID: " + GetUserResourceLimitsResponseControl.GET_USER_RESOURCE_LIMITS_RESPONSE_OID, "# Size Limit: 12345", "# Time Limit: 67890 seconds", "# Idle Time Limit: 98765 seconds", "# Lookthrough Limit: 54321", "# Equivalent Authorization User DN: " + "uid=equivalent.user,ou=People,dc=example,dc=com", "# Client Connection Policy Name: CCP", "# Group DNs:", "# cn=Group 1,ou=Groups,dc=example,dc=com", "# cn=Group 2,ou=Groups,dc=example,dc=com", "# Privileges:", "# bypass-read-acl", "# config-read", "# Other Attributes:", "# other-attr-1: value1", "# other-attr-2: value2") });
// An invalid get user resource limits response control.
resultList.add(new Object[] { new Control(GetUserResourceLimitsResponseControl.GET_USER_RESOURCE_LIMITS_RESPONSE_OID), Arrays.asList("# Response Control:", "# OID: " + GetUserResourceLimitsResponseControl.GET_USER_RESOURCE_LIMITS_RESPONSE_OID, "# Is Critical: false") });
// A valid intermediate client response control.
resultList.add(new Object[] { new IntermediateClientResponseControl(new IntermediateClientResponseValue(new IntermediateClientResponseValue(null, "upstream.server.address", false, "upstreamServerName", "upstreamSessionID", "upstreamResponseID"), "intermediate.server.address", true, "intermediateServerName", "intermediateSessionID", "intermediateResponseID")), Arrays.asList("# Intermediate Client Response Control:", "# OID: " + IntermediateClientResponseControl.INTERMEDIATE_CLIENT_RESPONSE_OID, "# Upstream Server Address: " + "intermediate.server.address", "# Upstream Server Secure: true", "# Server Name: intermediateServerName", "# Server Session ID: intermediateSessionID", "# Server Response ID: intermediateResponseID", "# Upstream Response:", "# Upstream Server Address: " + "upstream.server.address", "# Upstream Server Secure: false", "# Server Name: upstreamServerName", "# Server Session ID: upstreamSessionID", "# Server Response ID: upstreamResponseID") });
// An invalid intermediate client response control.
resultList.add(new Object[] { new Control(IntermediateClientResponseControl.INTERMEDIATE_CLIENT_RESPONSE_OID), Arrays.asList("# Response Control:", "# OID: " + IntermediateClientResponseControl.INTERMEDIATE_CLIENT_RESPONSE_OID, "# Is Critical: false") });
// A valid join result control.
resultList.add(new Object[] { new JoinResultControl(ResultCode.SUCCESS, "diag", "dc=example,dc=com", Arrays.asList("ldap://ds1.example.com:389/dc=example,dc=com", "ldap://ds2.example.com:389/dc=example,dc=com"), Arrays.asList(new JoinedEntry(new ReadOnlyEntry("dn: ou=joined 1,dc=example,dc=com", "objectClass: top", "objectClass: organizationalUnit", "ou: joined 1"), Arrays.asList(new JoinedEntry(new ReadOnlyEntry("dn: ou=joined 1a,dc=example,dc=com", "objectClass: top", "objectClass: organizationalUnit", "ou: joined 1a"), null), new JoinedEntry(new ReadOnlyEntry("dn: ou=joined 1b,dc=example,dc=com", "objectClass: top", "objectClass: organizationalUnit", "ou: joined 1b"), null))), new JoinedEntry(new ReadOnlyEntry("dn: ou=joined 2,dc=example,dc=com", "objectClass: top", "objectClass: organizationalUnit", "ou: joined 2"), Arrays.asList(new JoinedEntry(new ReadOnlyEntry("dn: ou=joined 2a,dc=example,dc=com", "objectClass: top", "objectClass: organizationalUnit", "ou: joined 2a"), null), new JoinedEntry(new ReadOnlyEntry("dn: ou=joined 2b,dc=example,dc=com", "objectClass: top", "objectClass: organizationalUnit", "ou: joined 2b"), null))))), Arrays.asList("# Join Result Control:", "# OID: " + JoinResultControl.JOIN_RESULT_OID, "# Join Result Code: 0 (success)", "# Join Diagnostic Message: diag", "# Join Matched DN: dc=example,dc=com", "# Join Referral URL: " + "ldap://ds1.example.com:389/dc=example,dc=com", "# Join Referral URL: " + "ldap://ds2.example.com:389/dc=example,dc=com", "# Joined With Entry:", "# dn: ou=joined 1,dc=example,dc=com", "# objectClass: top", "# objectClass: organizationalUnit", "# ou: joined 1", "# Joined With Entry:", "# dn: ou=joined 1a,dc=example,dc=com", "# objectClass: top", "# objectClass: organizationalUnit", "# ou: joined 1a", "# Joined With Entry:", "# dn: ou=joined 1b,dc=example,dc=com", "# objectClass: top", "# objectClass: organizationalUnit", "# ou: joined 1b", "# Joined With Entry:", "# dn: ou=joined 2,dc=example,dc=com", "# objectClass: top", "# objectClass: organizationalUnit", "# ou: joined 2", "# Joined With Entry:", "# dn: ou=joined 2a,dc=example,dc=com", "# objectClass: top", "# objectClass: organizationalUnit", "# ou: joined 2a", "# Joined With Entry:", "# dn: ou=joined 2b,dc=example,dc=com", "# objectClass: top", "# objectClass: organizationalUnit", "# ou: joined 2b") });
// An invalid join result control.
resultList.add(new Object[] { new Control(JoinResultControl.JOIN_RESULT_OID), Arrays.asList("# Response Control:", "# OID: " + JoinResultControl.JOIN_RESULT_OID, "# Is Critical: false") });
// A valid matching entry count response control for an examined count.
resultList.add(new Object[] { MatchingEntryCountResponseControl.createExactCountResponse(12345, true, true, true, false, true, Filter.createEqualityFilter("objectClass", "person"), Arrays.asList("debug message 1", "debug message 2")), Arrays.asList("# Matching Entry Count Response Control:", "# OID: " + MatchingEntryCountResponseControl.MATCHING_ENTRY_COUNT_RESPONSE_OID, "# Count Type: Examined", "# Count Value: 12345", "# Search Is Indexed: true", "# Short Circuited: true", "# Fully Indexed: false", "# Candidates Are in Scope: true", "# Remaining Filter: (objectClass=person)", "# Debug Info:", "# debug message 1", "# debug message 2") });
// A valid matching entry count response control for an unexamined count.
resultList.add(new Object[] { MatchingEntryCountResponseControl.createExactCountResponse(67890, false, true, Arrays.asList("debug message 1", "debug message 2")), Arrays.asList("# Matching Entry Count Response Control:", "# OID: " + MatchingEntryCountResponseControl.MATCHING_ENTRY_COUNT_RESPONSE_OID, "# Count Type: Unexamined", "# Count Value: 67890", "# Search Is Indexed: true", "# Debug Info:", "# debug message 1", "# debug message 2") });
// A valid matching entry count response control for an upper bound count.
resultList.add(new Object[] { MatchingEntryCountResponseControl.createUpperBoundResponse(98765, false, Arrays.asList("debug message 1", "debug message 2")), Arrays.asList("# Matching Entry Count Response Control:", "# OID: " + MatchingEntryCountResponseControl.MATCHING_ENTRY_COUNT_RESPONSE_OID, "# Count Type: Upper Bound", "# Count Value: 98765", "# Search Is Indexed: false", "# Debug Info:", "# debug message 1", "# debug message 2") });
// A valid matching entry count response control for an unknown count.
resultList.add(new Object[] { MatchingEntryCountResponseControl.createUnknownCountResponse(Arrays.asList("debug message 1", "debug message 2")), Arrays.asList("# Matching Entry Count Response Control:", "# OID: " + MatchingEntryCountResponseControl.MATCHING_ENTRY_COUNT_RESPONSE_OID, "# Count Type: Unknown", "# Search Is Indexed: false", "# Debug Info:", "# debug message 1", "# debug message 2") });
// An invalid matching entry count response control.
resultList.add(new Object[] { new Control(MatchingEntryCountResponseControl.MATCHING_ENTRY_COUNT_RESPONSE_OID), Arrays.asList("# Response Control:", "# OID: " + MatchingEntryCountResponseControl.MATCHING_ENTRY_COUNT_RESPONSE_OID, "# Is Critical: false") });
// A valid password policy response control for a password that is about to
// expire.
resultList.add(new Object[] { new PasswordPolicyResponseControl(PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION, 12345, null), Arrays.asList("# Password Policy Response Control:", "# OID: " + PasswordPolicyResponseControl.PASSWORD_POLICY_RESPONSE_OID, "# Error Type: None", "# Warning Type: time before expiration", "# Warning Value: 12345") });
// A valid password policy response control for an account that is locked.
resultList.add(new Object[] { new PasswordPolicyResponseControl(null, -1, PasswordPolicyErrorType.ACCOUNT_LOCKED), Arrays.asList("# Password Policy Response Control:", "# OID: " + PasswordPolicyResponseControl.PASSWORD_POLICY_RESPONSE_OID, "# Error Type: account locked", "# Warning Type: None") });
// An invalid password policy response control.
resultList.add(new Object[] { new Control(PasswordPolicyResponseControl.PASSWORD_POLICY_RESPONSE_OID), Arrays.asList("# Response Control:", "# OID: " + PasswordPolicyResponseControl.PASSWORD_POLICY_RESPONSE_OID, "# Is Critical: false") });
// A valid password validation details response control for a validation
// details response.
final LinkedHashMap<String, String> r1Map = new LinkedHashMap<String, String>(2);
r1Map.put("prop1a", "value1a");
r1Map.put("prop1b", "value1b");
final LinkedHashMap<String, String> r2Map = new LinkedHashMap<String, String>(2);
r2Map.put("prop2a", "value2a");
r2Map.put("prop2b", "value2b");
resultList.add(new Object[] { new PasswordValidationDetailsResponseControl(PasswordValidationDetailsResponseType.VALIDATION_DETAILS, Arrays.asList(new PasswordQualityRequirementValidationResult(new PasswordQualityRequirement("Requirement 1", "first-requirement", r1Map), true, "Requirement 1 was satisfied"), new PasswordQualityRequirementValidationResult(new PasswordQualityRequirement("Requirement 2", "second-requirement", r2Map), false, "Requirement 2 was not satisfied")), false, true, 12345), Arrays.asList("# Password Validation Details Response Control:", "# OID: " + PasswordValidationDetailsResponseControl.PASSWORD_VALIDATION_DETAILS_RESPONSE_OID, "# Result Type: Validation Result", "# Password Quality Requirement Validation " + "Result:", "# Password Quality Requirement " + "Description: Requirement 1", "# Client-Side Validation Type: " + "first-requirement", "# Client-Side Validation Property: " + "prop1a=value1a", "# Client-Side Validation Property: " + "prop1b=value1b", "# Requirement Satisfied: true", "# Additional Validation Info: " + "Requirement 1 was satisfied", "# Password Quality Requirement Validation " + "Result:", "# Password Quality Requirement " + "Description: Requirement 2", "# Client-Side Validation Type: " + "second-requirement", "# Client-Side Validation Property: " + "prop2a=value2a", "# Client-Side Validation Property: " + "prop2b=value2b", "# Requirement Satisfied: false", "# Additional Validation Info: " + "Requirement 2 was not satisfied", "# Missing Current Password: false", "# Must Change Password: true", "# Seconds Until Expiration: 12345") });
// A valid password validation details response control for a "no password
// provided" response.
resultList.add(new Object[] { new PasswordValidationDetailsResponseControl(PasswordValidationDetailsResponseType.NO_PASSWORD_PROVIDED, null, true, false, null), Arrays.asList("# Password Validation Details Response Control:", "# OID: " + PasswordValidationDetailsResponseControl.PASSWORD_VALIDATION_DETAILS_RESPONSE_OID, "# Result Type: No Password Provided", "# Missing Current Password: true", "# Must Change Password: false") });
// A valid password validation details response control for a "multiple
// passwords provided" response.
resultList.add(new Object[] { new PasswordValidationDetailsResponseControl(PasswordValidationDetailsResponseType.MULTIPLE_PASSWORDS_PROVIDED, null, true, false, null), Arrays.asList("# Password Validation Details Response Control:", "# OID: " + PasswordValidationDetailsResponseControl.PASSWORD_VALIDATION_DETAILS_RESPONSE_OID, "# Result Type: Multiple Passwords Provided", "# Missing Current Password: true", "# Must Change Password: false") });
// A valid password validation details response control for a "no validation
// attempted" response.
resultList.add(new Object[] { new PasswordValidationDetailsResponseControl(PasswordValidationDetailsResponseType.NO_VALIDATION_ATTEMPTED, null, true, false, null), Arrays.asList("# Password Validation Details Response Control:", "# OID: " + PasswordValidationDetailsResponseControl.PASSWORD_VALIDATION_DETAILS_RESPONSE_OID, "# Result Type: No Validation Attempted", "# Missing Current Password: true", "# Must Change Password: false") });
// An invalid password validation details response control.
resultList.add(new Object[] { new Control(PasswordValidationDetailsResponseControl.PASSWORD_VALIDATION_DETAILS_RESPONSE_OID), Arrays.asList("# Response Control:", "# OID: " + PasswordValidationDetailsResponseControl.PASSWORD_VALIDATION_DETAILS_RESPONSE_OID, "# Is Critical: false") });
// A valid soft delete response control.
resultList.add(new Object[] { new SoftDeleteResponseControl("ou=test+entryUUID=" + uuid.toString() + ",dc=example,dc=com"), Arrays.asList("# Soft Delete Response Control:", "# OID: " + SoftDeleteResponseControl.SOFT_DELETE_RESPONSE_OID, "# Soft-Deleted Entry DN: ou=test+entryUUID=" + uuid.toString() + ",dc=example,dc=com") });
// An invalid soft delete response control.
resultList.add(new Object[] { new Control(SoftDeleteResponseControl.SOFT_DELETE_RESPONSE_OID), Arrays.asList("# Response Control:", "# OID: " + SoftDeleteResponseControl.SOFT_DELETE_RESPONSE_OID, "# Is Critical: false") });
// A valid transaction settings response control.
resultList.add(new Object[] { new TransactionSettingsResponseControl(12345, true), Arrays.asList("# Transaction Settings Response Control:", "# OID: " + TransactionSettingsResponseControl.TRANSACTION_SETTINGS_RESPONSE_OID, "# Number of Lock Conflicts: 12345", "# Backend Lock Acquired: true") });
// An invalid transaction settings response control.
resultList.add(new Object[] { new Control(TransactionSettingsResponseControl.TRANSACTION_SETTINGS_RESPONSE_OID), Arrays.asList("# Response Control:", "# OID: " + TransactionSettingsResponseControl.TRANSACTION_SETTINGS_RESPONSE_OID, "# Is Critical: false") });
// A valid uniqueness response control in which all of the tests passed.
resultList.add(new Object[] { new UniquenessResponseControl("all-passed", true, true, null), Arrays.asList("# Uniqueness Response Control:", "# OID: " + UniquenessResponseControl.UNIQUENESS_RESPONSE_OID, "# Uniqueness ID: all-passed", "# Pre-Commit Validation Status: Passed", "# Post-Commit Validation Status: Passed") });
// A valid uniqueness response control in which the pre-commit attempt
// failed.
resultList.add(new Object[] { new UniquenessResponseControl("pre-commit-failed", false, null, "The pre-commit attempt failed"), Arrays.asList("# Uniqueness Response Control:", "# OID: " + UniquenessResponseControl.UNIQUENESS_RESPONSE_OID, "# Uniqueness ID: pre-commit-failed", "# Pre-Commit Validation Status: Failed", "# Post-Commit Validation Status: Not Attempted", "# Message: The pre-commit attempt failed") });
// A valid uniqueness response control in which the pre-commit attempt
// passed but the post-commit attempt failed.
resultList.add(new Object[] { new UniquenessResponseControl("post-commit-failed", true, false, "The post-commit attempt failed"), Arrays.asList("# Uniqueness Response Control:", "# OID: " + UniquenessResponseControl.UNIQUENESS_RESPONSE_OID, "# Uniqueness ID: post-commit-failed", "# Pre-Commit Validation Status: Passed", "# Post-Commit Validation Status: Failed", "# Message: The post-commit attempt failed") });
// A valid uniqueness response control in which no validation was attempted.
resultList.add(new Object[] { new UniquenessResponseControl("not-attempted", null, null, "No validation was attempted"), Arrays.asList("# Uniqueness Response Control:", "# OID: " + UniquenessResponseControl.UNIQUENESS_RESPONSE_OID, "# Uniqueness ID: not-attempted", "# Pre-Commit Validation Status: Not Attempted", "# Post-Commit Validation Status: Not Attempted", "# Message: No validation was attempted") });
// An invalid uniqueness response control.
resultList.add(new Object[] { new Control(UniquenessResponseControl.UNIQUENESS_RESPONSE_OID), Arrays.asList("# Response Control:", "# OID: " + UniquenessResponseControl.UNIQUENESS_RESPONSE_OID, "# Is Critical: false") });
return resultList.iterator();
}
use of com.unboundid.ldap.sdk.unboundidds.controls.GetAuthorizationEntryResponseControl in project ssam by pingidentity.
the class LDAPAuthenticationProvider method authenticate.
/**
* {@inheritDoc}
*/
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String searchBindFilter = settings.getSearchBindFilter();
User userDetails = null;
BindRequest request = null;
// Get the username and password, making sure they're not empty
String username = authentication.getName();
String password = (String) authentication.getCredentials();
if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
throw new BadCredentialsException("Username and password must be provided");
}
// If a filter is available, perform 'Search and Bind'
if (StringUtils.isNotEmpty(searchBindFilter)) {
Entry entry;
String filter = searchBindFilter.replace("$0", username);
try {
entry = pool.searchForEntry(settings.getBaseDN(), SearchScope.SUB, Filter.create(filter));
if (entry == null) {
throw new BadCredentialsException("Invalid credentials for user: " + username);
}
} catch (LDAPSearchException e) {
throw new BadCredentialsException("An exception occurred while searching" + " for user: " + username, e);
} catch (LDAPException e) {
throw new BadCredentialsException("The filter string cannot be decoded " + "as a valid search filter for user: " + username, e);
}
// Obtain the bind DN and try to bind, retaining the identity of the
// pooled connection
request = new SimpleBindRequest(entry.getDN(), password, new RetainIdentityRequestControl());
userDetails = new LDAPUser(entry.getDN(), username, password, EMPTY_AUTHORITIES);
} else {
// Construct a SASL PLAIN Bind Request since no filter is available for
// 'Search and Bind'
request = new PLAINBindRequest("u:" + username, password, new GetAuthorizationEntryRequestControl(false, true, "1.1"), new RetainIdentityRequestControl());
}
try {
BindResult result = pool.bind(request);
// Use a Response Control to obtain a DN for the authentication token
if (request instanceof PLAINBindRequest) {
GetAuthorizationEntryResponseControl responseControl = GetAuthorizationEntryResponseControl.get(result);
if (responseControl == null) {
// No entry returned, User will be used for the authentication token
userDetails = new User(username, password, EMPTY_AUTHORITIES);
} else {
// Entry returned, LDAPUser will be used for the authentication token
userDetails = new LDAPUser(responseControl.getAuthZEntry().getDN(), username, password, EMPTY_AUTHORITIES);
}
}
} catch (LDAPException e) {
throw new BadCredentialsException("Invalid credentials for user: " + username, e);
}
// Construct the authentication token and return it
return new UsernamePasswordAuthenticationToken(userDetails, password, EMPTY_AUTHORITIES);
}
Aggregations