Search in sources :

Example 1 with GetAuthorizationEntryResponseControl

use of com.unboundid.ldap.sdk.unboundidds.controls.GetAuthorizationEntryResponseControl in project ldapsdk by pingidentity.

the class ResultUtils method addGetAuthorizationEntryResponseControl.

/**
 * Adds a multi-line string representation of the provided control, which is
 * expected to be a get authorization entry response control, to the given
 * list.
 *
 * @param  lines     The list to which the lines should be added.
 * @param  c         The control to be formatted.
 * @param  prefix    The prefix to use for each line.
 * @param  maxWidth  The maximum length of each line in characters, including
 *                   the comment prefix and indent.
 */
private static void addGetAuthorizationEntryResponseControl(@NotNull final List<String> lines, @NotNull final Control c, @NotNull final String prefix, final int maxWidth) {
    final GetAuthorizationEntryResponseControl decoded;
    try {
        decoded = new GetAuthorizationEntryResponseControl(c.getOID(), c.isCritical(), c.getValue());
    } catch (final Exception e) {
        Debug.debugException(e);
        addGenericResponseControl(lines, c, prefix, maxWidth);
        return;
    }
    wrap(lines, INFO_RESULT_UTILS_GET_AUTHZ_ENTRY_HEADER.get(), prefix, maxWidth);
    final String indentPrefix = prefix + "     ";
    wrap(lines, INFO_RESULT_UTILS_RESPONSE_CONTROL_OID.get(c.getOID()), indentPrefix, maxWidth);
    wrap(lines, INFO_RESULT_UTILS_GET_AUTHZ_ENTRY_IS_AUTHENTICATED.get(decoded.isAuthenticated()), indentPrefix, maxWidth);
    if (!decoded.isAuthenticated()) {
        return;
    }
    wrap(lines, INFO_RESULT_UTILS_GET_AUTHZ_ENTRY_IDS_MATCH.get(decoded.identitiesMatch()), indentPrefix, maxWidth);
    final String authNID = decoded.getAuthNID();
    if (authNID != null) {
        wrap(lines, INFO_RESULT_UTILS_GET_AUTHZ_ENTRY_AUTHN_ID.get(authNID), indentPrefix, maxWidth);
    }
    final Entry authNEntry = decoded.getAuthNEntry();
    if (authNEntry != null) {
        wrap(lines, INFO_RESULT_UTILS_GET_AUTHZ_ENTRY_AUTHN_ENTRY_HEADER.get(), indentPrefix, maxWidth);
        addLDIF(lines, authNEntry, true, indentPrefix + "     ", maxWidth);
    }
    if (decoded.identitiesMatch()) {
        return;
    }
    final String authZID = decoded.getAuthZID();
    if (authZID != null) {
        wrap(lines, INFO_RESULT_UTILS_GET_AUTHZ_ENTRY_AUTHZ_ID.get(authZID), indentPrefix, maxWidth);
    }
    final Entry authZEntry = decoded.getAuthZEntry();
    if (authZEntry != null) {
        wrap(lines, INFO_RESULT_UTILS_GET_AUTHZ_ENTRY_AUTHZ_ENTRY_HEADER.get(), indentPrefix, maxWidth);
        addLDIF(lines, authZEntry, true, indentPrefix + "     ", maxWidth);
    }
}
Also used : GetAuthorizationEntryResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.GetAuthorizationEntryResponseControl) Entry(com.unboundid.ldap.sdk.Entry) SearchResultEntry(com.unboundid.ldap.sdk.SearchResultEntry) JoinedEntry(com.unboundid.ldap.sdk.unboundidds.controls.JoinedEntry) ASN1OctetString(com.unboundid.asn1.ASN1OctetString) LDAPException(com.unboundid.ldap.sdk.LDAPException)

Example 2 with GetAuthorizationEntryResponseControl

use of com.unboundid.ldap.sdk.unboundidds.controls.GetAuthorizationEntryResponseControl in project ldapsdk by pingidentity.

the class ResultUtilsTestCase method getFormatResponseControlData.

/**
 * Retrieves a set of data for testing the {@code formatResponseControl}
 * method.
 *
 * @return  The test data.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@DataProvider(name = "formatResponseControlData")
public Iterator<Object[]> getFormatResponseControlData() throws Exception {
    final LinkedList<Object[]> resultList = new LinkedList<Object[]>();
    // A generic response control with no value.
    resultList.add(new Object[] { new Control("1.2.3.4"), Arrays.asList("#      Response Control:", "#           OID:  1.2.3.4", "#           Is Critical:  false") });
    // A generic response control with a value.
    resultList.add(new Object[] { new Control("1.2.3.4", true, new ASN1OctetString("control value")), Arrays.asList("#      Response Control:", "#           OID:  1.2.3.4", "#           Is Critical:  true", "#           Raw Value:", "#                63 6f 6e 74 72 6f 6c 20 76 61 6c 75 " + "65            control value") });
    // A valid authorization identity response control.
    resultList.add(new Object[] { new AuthorizationIdentityResponseControl("u:test.user"), Arrays.asList("#      Authorization Identity Response Control:", "#           OID:  " + AuthorizationIdentityResponseControl.AUTHORIZATION_IDENTITY_RESPONSE_OID, "#           Authorization ID:  u:test.user") });
    // An invalid authorization identity response control.
    resultList.add(new Object[] { new Control(AuthorizationIdentityResponseControl.AUTHORIZATION_IDENTITY_RESPONSE_OID), Arrays.asList("#      Response Control:", "#           OID:  " + AuthorizationIdentityResponseControl.AUTHORIZATION_IDENTITY_RESPONSE_OID, "#           Is Critical:  false") });
    // A valid content synchronization done response control.
    resultList.add(new Object[] { new ContentSyncDoneControl(new ASN1OctetString("cookie"), true), Arrays.asList("#      Content Synchronization Done Response Control:", "#           OID:  " + ContentSyncDoneControl.SYNC_DONE_OID, "#           Refresh Deletes:  true", "#           Cookie Data:", "#                63 6f 6f 6b 69 " + "65                                 cookie") });
    // An invalid content synchronization done response control.
    resultList.add(new Object[] { new Control(ContentSyncDoneControl.SYNC_DONE_OID), Arrays.asList("#      Response Control:", "#           OID:  " + ContentSyncDoneControl.SYNC_DONE_OID, "#           Is Critical:  false") });
    // A valid content synchronization state response control.
    final UUID uuid = CryptoHelper.getRandomUUID();
    resultList.add(new Object[] { new ContentSyncStateControl(ContentSyncState.MODIFY, uuid, new ASN1OctetString("cookie")), Arrays.asList("#      Content Synchronization State Response Control:", "#           OID:  " + ContentSyncStateControl.SYNC_STATE_OID, "#           Entry UUID:  " + uuid.toString(), "#           Synchronization State:  MODIFY", "#           Cookie Data:", "#                63 6f 6f 6b 69 " + "65                                 cookie") });
    // An invalid content synchronization state response control.
    resultList.add(new Object[] { new Control(ContentSyncStateControl.SYNC_STATE_OID), Arrays.asList("#      Response Control:", "#           OID:  " + ContentSyncStateControl.SYNC_STATE_OID, "#           Is Critical:  false") });
    // A valid entry change notification control.
    resultList.add(new Object[] { new EntryChangeNotificationControl(PersistentSearchChangeType.MODIFY_DN, "ou=People,dc=example,dc=com", 123456789L), Arrays.asList("#      Entry Change Notification Control:", "#           OID:  " + EntryChangeNotificationControl.ENTRY_CHANGE_NOTIFICATION_OID, "#           Change Type:  moddn", "#           Change Number:  123456789", "#           Previous DN:  ou=People,dc=example,dc=com") });
    // An invalid entry change notification control.
    resultList.add(new Object[] { new Control(EntryChangeNotificationControl.ENTRY_CHANGE_NOTIFICATION_OID), Arrays.asList("#      Response Control:", "#           OID:  " + EntryChangeNotificationControl.ENTRY_CHANGE_NOTIFICATION_OID, "#           Is Critical:  false") });
    // A valid password expired control.
    resultList.add(new Object[] { new PasswordExpiredControl(), Arrays.asList("#      Password Expired Response Control:", "#           OID:  " + PasswordExpiredControl.PASSWORD_EXPIRED_OID) });
    // An invalid password expired control.
    resultList.add(new Object[] { new Control(PasswordExpiredControl.PASSWORD_EXPIRED_OID, false, new ASN1OctetString("control value")), Arrays.asList("#      Response Control:", "#           OID:  " + PasswordExpiredControl.PASSWORD_EXPIRED_OID, "#           Is Critical:  false", "#           Raw Value:", "#                63 6f 6e 74 72 6f 6c 20 76 61 6c 75 " + "65            control value") });
    // A valid password expiring control.
    resultList.add(new Object[] { new PasswordExpiringControl(12345), Arrays.asList("#      Password Expiring Response Control:", "#           OID:  " + PasswordExpiringControl.PASSWORD_EXPIRING_OID, "#           Seconds Until Expiration:  12345") });
    // An invalid password expiring control.
    resultList.add(new Object[] { new Control(PasswordExpiringControl.PASSWORD_EXPIRING_OID), Arrays.asList("#      Response Control:", "#           OID:  " + PasswordExpiringControl.PASSWORD_EXPIRING_OID, "#           Is Critical:  false") });
    // A valid post-read response control.
    resultList.add(new Object[] { new PostReadResponseControl(new ReadOnlyEntry("dn: dc=example,dc=com", "objectClass: top", "objectClass: domain", "dc: example")), Arrays.asList("#      Post-Read Response Control:", "#           OID:  " + PostReadResponseControl.POST_READ_RESPONSE_OID, "#           Post-Read Entry:", "#                dn: dc=example,dc=com", "#                objectClass: top", "#                objectClass: domain", "#                dc: example") });
    // An invalid post-read response control.
    resultList.add(new Object[] { new Control(PostReadResponseControl.POST_READ_RESPONSE_OID), Arrays.asList("#      Response Control:", "#           OID:  " + PostReadResponseControl.POST_READ_RESPONSE_OID, "#           Is Critical:  false") });
    // A valid pre-read response control.
    resultList.add(new Object[] { new PreReadResponseControl(new ReadOnlyEntry("dn: dc=example,dc=com", "objectClass: top", "objectClass: domain", "dc: example")), Arrays.asList("#      Pre-Read Response Control:", "#           OID:  " + PreReadResponseControl.PRE_READ_RESPONSE_OID, "#           Pre-Read Entry:", "#                dn: dc=example,dc=com", "#                objectClass: top", "#                objectClass: domain", "#                dc: example") });
    // An invalid pre-read response control.
    resultList.add(new Object[] { new Control(PreReadResponseControl.PRE_READ_RESPONSE_OID), Arrays.asList("#      Response Control:", "#           OID:  " + PreReadResponseControl.PRE_READ_RESPONSE_OID, "#           Is Critical:  false") });
    // A valid server-side sort response control.
    resultList.add(new Object[] { new ServerSideSortResponseControl(ResultCode.INVALID_ATTRIBUTE_SYNTAX, "objectClass", false), Arrays.asList("#      Server-Side Sort Response Control:", "#           OID:  " + ServerSideSortResponseControl.SERVER_SIDE_SORT_RESPONSE_OID, "#           Result Code:  21 (invalid attribute syntax)", "#           Attribute Name:  objectClass") });
    // An invalid server-side sort response control.
    resultList.add(new Object[] { new Control(ServerSideSortResponseControl.SERVER_SIDE_SORT_RESPONSE_OID), Arrays.asList("#      Response Control:", "#           OID:  " + ServerSideSortResponseControl.SERVER_SIDE_SORT_RESPONSE_OID, "#           Is Critical:  false") });
    // A valid simple paged results response control.
    resultList.add(new Object[] { new SimplePagedResultsControl(12345, new ASN1OctetString("cookie")), Arrays.asList("#      Simple Paged Results Response Control:", "#           OID:  " + SimplePagedResultsControl.PAGED_RESULTS_OID, "#           Estimated Total Result Set Size:  12345", "#           Cookie Data:", "#                63 6f 6f 6b 69 " + "65                                 cookie") });
    // An invalid simple paged results response control.
    resultList.add(new Object[] { new Control(SimplePagedResultsControl.PAGED_RESULTS_OID), Arrays.asList("#      Response Control:", "#           OID:  " + SimplePagedResultsControl.PAGED_RESULTS_OID, "#           Is Critical:  false") });
    // A valid virtual list view response control.
    resultList.add(new Object[] { new VirtualListViewResponseControl(12345, 67890, ResultCode.SUCCESS, new ASN1OctetString("cookie")), Arrays.asList("#      Virtual List View Response Control:", "#           OID:  " + VirtualListViewResponseControl.VIRTUAL_LIST_VIEW_RESPONSE_OID, "#           Result Code:  0 (success)", "#           Estimated Content Count:  67890", "#           Target Position:  12345", "#           Context ID:", "#                63 6f 6f 6b 69 " + "65                                 cookie") });
    // An invalid virtual list view response control.
    resultList.add(new Object[] { new Control(VirtualListViewResponseControl.VIRTUAL_LIST_VIEW_RESPONSE_OID), Arrays.asList("#      Response Control:", "#           OID:  " + VirtualListViewResponseControl.VIRTUAL_LIST_VIEW_RESPONSE_OID, "#           Is Critical:  false") });
    // A valid account usable response control that indicates the account is
    // usable.
    resultList.add(new Object[] { new AccountUsableResponseControl(12345), Arrays.asList("#      Account Usable Response Control:", "#           OID:  " + AccountUsableResponseControl.ACCOUNT_USABLE_RESPONSE_OID, "#           Account Is Usable:  true", "#           Password Is Expired:  false", "#           Must Change Password:  false", "#           Account Is Inactive:  false", "#           Seconds Until Password Expiration:  12345") });
    // A valid account usable response control that indicates the account is not
    // usable.
    resultList.add(new Object[] { new AccountUsableResponseControl(true, true, true, 12345, 67890), Arrays.asList("#      Account Usable Response Control:", "#           OID:  " + AccountUsableResponseControl.ACCOUNT_USABLE_RESPONSE_OID, "#           Account Is Usable:  false", "#           Unusable Reasons:", "#                The account has been locked or deactivated.", "#                The password must be changed before any " + "other operations will be allowed.", "#                The password is expired.", "#                12345 grace logins are available.", "#                The account will be automatically unlocked " + "in 67890 seconds.", "#           Password Is Expired:  true", "#           Must Change Password:  true", "#           Account Is Inactive:  true", "#           Remaining Grace Logins:  12345", "#           Seconds Until Account Unlock:  67890") });
    // An invalid account usable response control.
    resultList.add(new Object[] { new Control(AccountUsableResponseControl.ACCOUNT_USABLE_RESPONSE_OID), Arrays.asList("#      Response Control:", "#           OID:  " + AccountUsableResponseControl.ACCOUNT_USABLE_RESPONSE_OID, "#           Is Critical:  false") });
    // A valid assured replication response control that indicates the account
    // is usable.
    resultList.add(new Object[] { new AssuredReplicationResponseControl(AssuredReplicationLocalLevel.PROCESSED_ALL_SERVERS, true, "local message", AssuredReplicationRemoteLevel.RECEIVED_ANY_REMOTE_LOCATION, false, "remote message", "csn", Arrays.asList(new AssuredReplicationServerResult(AssuredReplicationServerResultCode.COMPLETE, (short) 12345, (short) 12346), new AssuredReplicationServerResult(AssuredReplicationServerResultCode.TIMEOUT, (short) 12347, (short) 12348))), Arrays.asList("#      Assured Replication Response Control:", "#           OID:  " + AssuredReplicationResponseControl.ASSURED_REPLICATION_RESPONSE_OID, "#           Change Sequence Number:  csn", "#           Local Assurance Level:  PROCESSED_ALL_SERVERS", "#           Local Assurance Satisfied:  true", "#           Local Assurance Message:  local message", "#           Remote Assurance Level:  " + "RECEIVED_ANY_REMOTE_LOCATION", "#           Remote Assurance Satisfied:  false", "#           Remote Assurance Message:  remote message", "#           Server Result:", "#                Server Result Code:  COMPLETE", "#                Replication Server ID:  12345", "#                Replica ID:  12346", "#           Server Result:", "#                Server Result Code:  TIMEOUT", "#                Replication Server ID:  12347", "#                Replica ID:  12348") });
    // An invalid assured replication response control.
    resultList.add(new Object[] { new Control(AssuredReplicationResponseControl.ASSURED_REPLICATION_RESPONSE_OID), Arrays.asList("#      Response Control:", "#           OID:  " + AssuredReplicationResponseControl.ASSURED_REPLICATION_RESPONSE_OID, "#           Is Critical:  false") });
    // A valid generate password response control without a password expiration
    // time.
    resultList.add(new Object[] { new GeneratePasswordResponseControl("generated-password", false, (Long) null), Arrays.asList("#      Generate Password Response Control:", "#           OID:  " + GeneratePasswordResponseControl.GENERATE_PASSWORD_RESPONSE_OID, "#           Generated Password:  generated-password", "#           Must Change Password:  false") });
    // A valid generate password response control with a password expiration
    // time.
    resultList.add(new Object[] { new GeneratePasswordResponseControl("generated-password", true, 86400L), Arrays.asList("#      Generate Password Response Control:", "#           OID:  " + GeneratePasswordResponseControl.GENERATE_PASSWORD_RESPONSE_OID, "#           Generated Password:  generated-password", "#           Must Change Password:  true", "#           Seconds Until Expiration:  86400") });
    // An invalid generate password response control.
    resultList.add(new Object[] { new Control(GeneratePasswordResponseControl.GENERATE_PASSWORD_RESPONSE_OID), Arrays.asList("#      Response Control:", "#           OID:  " + GeneratePasswordResponseControl.GENERATE_PASSWORD_RESPONSE_OID, "#           Is Critical:  false") });
    // A valid get authorization entry response control for an unauthenticated
    // connection.
    resultList.add(new Object[] { new GetAuthorizationEntryResponseControl(false, true, "dn:", null, null, null), Arrays.asList("#      Get Authorization Entry Response Control:", "#           OID:  " + GetAuthorizationEntryResponseControl.GET_AUTHORIZATION_ENTRY_RESPONSE_OID, "#           Is Authenticated:  false") });
    // A valid get authorization entry response control for an authenticated
    // connection in which the authentication and authorization identities
    // match.
    resultList.add(new Object[] { new GetAuthorizationEntryResponseControl(true, true, "u:test.user", new ReadOnlyEntry("dn: uid=test.user,ou=People,dc=example,dc=com", "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: test.user", "givenName: Test", "sn: User", "cn: Test User"), null, null), Arrays.asList("#      Get Authorization Entry Response Control:", "#           OID:  " + GetAuthorizationEntryResponseControl.GET_AUTHORIZATION_ENTRY_RESPONSE_OID, "#           Is Authenticated:  true", "#           Authentication and Authorization Identities " + "Match:  true", "#           Authentication Identity ID:  u:test.user", "#           Authentication Identity Entry:", "#                dn: uid=test.user,ou=People,dc=example," + "dc=com", "#                objectClass: top", "#                objectClass: person", "#                objectClass: organizationalPerson", "#                objectClass: inetOrgPerson", "#                uid: test.user", "#                givenName: Test", "#                sn: User", "#                cn: Test User") });
    // A valid get authorization entry response control for an authenticated
    // connection in which the authentication and authorization identities
    // differ.
    resultList.add(new Object[] { new GetAuthorizationEntryResponseControl(true, false, "u:test.user", new ReadOnlyEntry("dn: uid=test.user,ou=People,dc=example,dc=com", "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: test.user", "givenName: Test", "sn: User", "cn: Test User"), "u:another.user", new ReadOnlyEntry("dn: uid=another.user,ou=People,dc=example,dc=com", "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: another.user", "givenName: Another", "sn: User", "cn: Another User")), Arrays.asList("#      Get Authorization Entry Response Control:", "#           OID:  " + GetAuthorizationEntryResponseControl.GET_AUTHORIZATION_ENTRY_RESPONSE_OID, "#           Is Authenticated:  true", "#           Authentication and Authorization Identities " + "Match:  false", "#           Authentication Identity ID:  u:test.user", "#           Authentication Identity Entry:", "#                dn: uid=test.user,ou=People,dc=example," + "dc=com", "#                objectClass: top", "#                objectClass: person", "#                objectClass: organizationalPerson", "#                objectClass: inetOrgPerson", "#                uid: test.user", "#                givenName: Test", "#                sn: User", "#                cn: Test User", "#           Authorization Identity ID:  u:another.user", "#           Authorization Identity Entry:", "#                dn: uid=another.user,ou=People,dc=example," + "dc=com", "#                objectClass: top", "#                objectClass: person", "#                objectClass: organizationalPerson", "#                objectClass: inetOrgPerson", "#                uid: another.user", "#                givenName: Another", "#                sn: User", "#                cn: Another User") });
    // An invalid get authorization identity response control.
    resultList.add(new Object[] { new Control(GetAuthorizationEntryResponseControl.GET_AUTHORIZATION_ENTRY_RESPONSE_OID), Arrays.asList("#      Response Control:", "#           OID:  " + GetAuthorizationEntryResponseControl.GET_AUTHORIZATION_ENTRY_RESPONSE_OID, "#           Is Critical:  false") });
    // A valid get backend set ID response control with a single backend set ID.
    resultList.add(new Object[] { new GetBackendSetIDResponseControl("rpID", "bsID"), Arrays.asList("#      Get Backend Set ID Response Control:", "#           OID:  " + GetBackendSetIDResponseControl.GET_BACKEND_SET_ID_RESPONSE_OID, "#           Entry-Balancing Request Processor ID:  rpID", "#           Backend Set ID:  bsID") });
    // A valid get backend set ID response control with multiple backend set
    // IDs.
    resultList.add(new Object[] { new GetBackendSetIDResponseControl("rpID", Arrays.asList("bs1", "bs2")), Arrays.asList("#      Get Backend Set ID Response Control:", "#           OID:  " + GetBackendSetIDResponseControl.GET_BACKEND_SET_ID_RESPONSE_OID, "#           Entry-Balancing Request Processor ID:  rpID", "#           Backend Set ID:  bs1", "#           Backend Set ID:  bs2") });
    // An invalid get backend set ID response control.
    resultList.add(new Object[] { new Control(GetBackendSetIDResponseControl.GET_BACKEND_SET_ID_RESPONSE_OID), Arrays.asList("#      Response Control:", "#           OID:  " + GetBackendSetIDResponseControl.GET_BACKEND_SET_ID_RESPONSE_OID, "#           Is Critical:  false") });
    // A valid get password policy state issues response control without any
    // issues.
    resultList.add(new Object[] { new GetPasswordPolicyStateIssuesResponseControl(null, null, null), Arrays.asList("#      Get Password Policy State Issues Response Control:", "#           OID:  " + GetPasswordPolicyStateIssuesResponseControl.GET_PASSWORD_POLICY_STATE_ISSUES_RESPONSE_OID) });
    // A valid get password policy state issues response control with multiple
    // notices, warnings, and errors, and an authentication failure reason
    resultList.add(new Object[] { new GetPasswordPolicyStateIssuesResponseControl(Arrays.asList(new PasswordPolicyStateAccountUsabilityNotice(PasswordPolicyStateAccountUsabilityNotice.NOTICE_TYPE_IN_MINIMUM_PASSWORD_AGE, PasswordPolicyStateAccountUsabilityNotice.NOTICE_NAME_IN_MINIMUM_PASSWORD_AGE, "You can't change your password yet"), new PasswordPolicyStateAccountUsabilityNotice(PasswordPolicyStateAccountUsabilityNotice.NOTICE_TYPE_OUTSTANDING_RETIRED_PASSWORD, PasswordPolicyStateAccountUsabilityNotice.NOTICE_NAME_OUTSTANDING_RETIRED_PASSWORD, "You have a valid retired password")), Arrays.asList(new PasswordPolicyStateAccountUsabilityWarning(PasswordPolicyStateAccountUsabilityWarning.WARNING_TYPE_ACCOUNT_EXPIRING, PasswordPolicyStateAccountUsabilityWarning.WARNING_NAME_ACCOUNT_EXPIRING, "Your account will expire soon"), new PasswordPolicyStateAccountUsabilityWarning(PasswordPolicyStateAccountUsabilityWarning.WARNING_TYPE_PASSWORD_EXPIRING, PasswordPolicyStateAccountUsabilityWarning.WARNING_NAME_PASSWORD_EXPIRING, "Your password will expire soon")), Arrays.asList(new PasswordPolicyStateAccountUsabilityError(PasswordPolicyStateAccountUsabilityError.ERROR_TYPE_ACCOUNT_DISABLED, PasswordPolicyStateAccountUsabilityError.ERROR_NAME_ACCOUNT_DISABLED, "Your account is disabled"), new PasswordPolicyStateAccountUsabilityError(PasswordPolicyStateAccountUsabilityError.ERROR_TYPE_ACCOUNT_EXPIRED, PasswordPolicyStateAccountUsabilityError.ERROR_NAME_ACCOUNT_EXPIRED, "Your account is expired")), new AuthenticationFailureReason(AuthenticationFailureReason.FAILURE_TYPE_ACCOUNT_NOT_USABLE, AuthenticationFailureReason.FAILURE_NAME_ACCOUNT_NOT_USABLE, "Your account is not usable")), Arrays.asList("#      Get Password Policy State Issues Response Control:", "#           OID:  " + GetPasswordPolicyStateIssuesResponseControl.GET_PASSWORD_POLICY_STATE_ISSUES_RESPONSE_OID, "#           Authentication Failure Reason:", "#                Failure Type:  account-not-usable", "#                Failure Message:  Your account is not usable", "#           Account Usability Error:", "#                Error Name:  account-disabled", "#                Error Message:  Your account is disabled", "#           Account Usability Error:", "#                Error Name:  account-expired", "#                Error Message:  Your account is expired", "#           Account Usability Warning:", "#                Warning Name:  account-expiring", "#                Warning Message:  Your account will expire " + "soon", "#           Account Usability Warning:", "#                Warning Name:  password-expiring", "#                Warning Message:  Your password will " + "expire soon", "#           Account Usability Notice:", "#                Notice Name:  in-minimum-password-age", "#                Notice Message:  You can't change your " + "password yet", "#           Account Usability Notice:", "#                Notice Name:  outstanding-retired-password", "#                Notice Message:  You have a valid retired " + "password") });
    // An invalid get password policy state issues response control.
    resultList.add(new Object[] { new Control(GetPasswordPolicyStateIssuesResponseControl.GET_PASSWORD_POLICY_STATE_ISSUES_RESPONSE_OID), Arrays.asList("#      Response Control:", "#           OID:  " + GetPasswordPolicyStateIssuesResponseControl.GET_PASSWORD_POLICY_STATE_ISSUES_RESPONSE_OID, "#           Is Critical:  false") });
    // A valid get recent login history response control without any successful
    // or failed attempts.
    resultList.add(new Object[] { new GetRecentLoginHistoryResponseControl(new RecentLoginHistory(null, null)), Arrays.asList("#      Get Recent Login History Response Control:", "#           OID:  " + GetRecentLoginHistoryResponseControl.GET_RECENT_LOGIN_HISTORY_RESPONSE_OID, "#           No Successful Attempts", "#           No Failed Attempts") });
    // A valid get recent login history response control with both successful
    // and failed attempts.
    final long currentTime = System.currentTimeMillis();
    final TreeSet<RecentLoginHistoryAttempt> successes = new TreeSet<>();
    successes.add(new RecentLoginHistoryAttempt(true, currentTime, "simple", "1.2.3.4", null, 0L));
    final TreeSet<RecentLoginHistoryAttempt> failures = new TreeSet<>();
    failures.add(new RecentLoginHistoryAttempt(false, (currentTime - 5_000L), "simple", "1.2.3.4", "invalid-credentials", 1L));
    RecentLoginHistory recentLoginHistory = new RecentLoginHistory(successes, failures);
    resultList.add(new Object[] { new GetRecentLoginHistoryResponseControl(recentLoginHistory), Arrays.asList("#      Get Recent Login History Response Control:", "#           OID:  " + GetRecentLoginHistoryResponseControl.GET_RECENT_LOGIN_HISTORY_RESPONSE_OID, "#           Successful Attempt:", "#                Timestamp:  " + StaticUtils.encodeRFC3339Time(currentTime), "#                Authentication Method:  simple", "#                Client IP Address:  1.2.3.4", "#                Additional Attempt Count:  0", "#           Failed Attempt:", "#                Timestamp:  " + StaticUtils.encodeRFC3339Time(currentTime - 5_000L), "#                Authentication Method:  simple", "#                Client IP Address:  1.2.3.4", "#                Failure Reason:  invalid-credentials", "#                Additional Attempt Count:  1") });
    // An invalid recent login history response control.
    resultList.add(new Object[] { new Control(GetRecentLoginHistoryResponseControl.GET_RECENT_LOGIN_HISTORY_RESPONSE_OID), Arrays.asList("#      Response Control:", "#           OID:  " + GetRecentLoginHistoryResponseControl.GET_RECENT_LOGIN_HISTORY_RESPONSE_OID, "#           Is Critical:  false") });
    // A valid get server ID response control.
    resultList.add(new Object[] { new GetServerIDResponseControl("serverID"), Arrays.asList("#      Get Server ID Response Control:", "#           OID:  " + GetServerIDResponseControl.GET_SERVER_ID_RESPONSE_OID, "#           Server ID:  serverID") });
    // An invalid get server ID response control.
    resultList.add(new Object[] { new Control(GetServerIDResponseControl.GET_SERVER_ID_RESPONSE_OID), Arrays.asList("#      Response Control:", "#           OID:  " + GetServerIDResponseControl.GET_SERVER_ID_RESPONSE_OID, "#           Is Critical:  false") });
    // A valid get user resource limits response control with a minimal set of
    // fields and unlimited values where possible.
    resultList.add(new Object[] { new GetUserResourceLimitsResponseControl(0L, 0L, 0L, 0L, null, null), Arrays.asList("#      Get User Resource Limits Response Control:", "#           OID:  " + GetUserResourceLimitsResponseControl.GET_USER_RESOURCE_LIMITS_RESPONSE_OID, "#           Size Limit:  Unlimited", "#           Time Limit:  Unlimited", "#           Idle Time Limit:  Unlimited", "#           Lookthrough Limit:  Unlimited") });
    // A valid get user resource limits response control with all fields and
    // definite limits.
    resultList.add(new Object[] { new GetUserResourceLimitsResponseControl(12345L, 67890L, 98765L, 54321L, "uid=equivalent.user,ou=People,dc=example,dc=com", "CCP", Arrays.asList("cn=Group 1,ou=Groups,dc=example,dc=com", "cn=Group 2,ou=Groups,dc=example,dc=com"), Arrays.asList("bypass-read-acl", "config-read"), Arrays.asList(new Attribute("other-attr-1", "value1"), new Attribute("other-attr-2", "value2"))), Arrays.asList("#      Get User Resource Limits Response Control:", "#           OID:  " + GetUserResourceLimitsResponseControl.GET_USER_RESOURCE_LIMITS_RESPONSE_OID, "#           Size Limit:  12345", "#           Time Limit:  67890 seconds", "#           Idle Time Limit:  98765 seconds", "#           Lookthrough Limit:  54321", "#           Equivalent Authorization User DN:  " + "uid=equivalent.user,ou=People,dc=example,dc=com", "#           Client Connection Policy Name:  CCP", "#           Group DNs:", "#                cn=Group 1,ou=Groups,dc=example,dc=com", "#                cn=Group 2,ou=Groups,dc=example,dc=com", "#           Privileges:", "#                bypass-read-acl", "#                config-read", "#           Other Attributes:", "#                other-attr-1: value1", "#                other-attr-2: value2") });
    // An invalid get user resource limits response control.
    resultList.add(new Object[] { new Control(GetUserResourceLimitsResponseControl.GET_USER_RESOURCE_LIMITS_RESPONSE_OID), Arrays.asList("#      Response Control:", "#           OID:  " + GetUserResourceLimitsResponseControl.GET_USER_RESOURCE_LIMITS_RESPONSE_OID, "#           Is Critical:  false") });
    // A valid intermediate client response control.
    resultList.add(new Object[] { new IntermediateClientResponseControl(new IntermediateClientResponseValue(new IntermediateClientResponseValue(null, "upstream.server.address", false, "upstreamServerName", "upstreamSessionID", "upstreamResponseID"), "intermediate.server.address", true, "intermediateServerName", "intermediateSessionID", "intermediateResponseID")), Arrays.asList("#      Intermediate Client Response Control:", "#           OID:  " + IntermediateClientResponseControl.INTERMEDIATE_CLIENT_RESPONSE_OID, "#           Upstream Server Address:  " + "intermediate.server.address", "#           Upstream Server Secure:  true", "#           Server Name:  intermediateServerName", "#           Server Session ID:  intermediateSessionID", "#           Server Response ID:  intermediateResponseID", "#           Upstream Response:", "#                Upstream Server Address:  " + "upstream.server.address", "#                Upstream Server Secure:  false", "#                Server Name:  upstreamServerName", "#                Server Session ID:  upstreamSessionID", "#                Server Response ID:  upstreamResponseID") });
    // An invalid intermediate client response control.
    resultList.add(new Object[] { new Control(IntermediateClientResponseControl.INTERMEDIATE_CLIENT_RESPONSE_OID), Arrays.asList("#      Response Control:", "#           OID:  " + IntermediateClientResponseControl.INTERMEDIATE_CLIENT_RESPONSE_OID, "#           Is Critical:  false") });
    // A valid join result control.
    resultList.add(new Object[] { new JoinResultControl(ResultCode.SUCCESS, "diag", "dc=example,dc=com", Arrays.asList("ldap://ds1.example.com:389/dc=example,dc=com", "ldap://ds2.example.com:389/dc=example,dc=com"), Arrays.asList(new JoinedEntry(new ReadOnlyEntry("dn: ou=joined 1,dc=example,dc=com", "objectClass: top", "objectClass: organizationalUnit", "ou: joined 1"), Arrays.asList(new JoinedEntry(new ReadOnlyEntry("dn: ou=joined 1a,dc=example,dc=com", "objectClass: top", "objectClass: organizationalUnit", "ou: joined 1a"), null), new JoinedEntry(new ReadOnlyEntry("dn: ou=joined 1b,dc=example,dc=com", "objectClass: top", "objectClass: organizationalUnit", "ou: joined 1b"), null))), new JoinedEntry(new ReadOnlyEntry("dn: ou=joined 2,dc=example,dc=com", "objectClass: top", "objectClass: organizationalUnit", "ou: joined 2"), Arrays.asList(new JoinedEntry(new ReadOnlyEntry("dn: ou=joined 2a,dc=example,dc=com", "objectClass: top", "objectClass: organizationalUnit", "ou: joined 2a"), null), new JoinedEntry(new ReadOnlyEntry("dn: ou=joined 2b,dc=example,dc=com", "objectClass: top", "objectClass: organizationalUnit", "ou: joined 2b"), null))))), Arrays.asList("#      Join Result Control:", "#           OID:  " + JoinResultControl.JOIN_RESULT_OID, "#           Join Result Code:  0 (success)", "#           Join Diagnostic Message:  diag", "#           Join Matched DN:  dc=example,dc=com", "#           Join Referral URL:  " + "ldap://ds1.example.com:389/dc=example,dc=com", "#           Join Referral URL:  " + "ldap://ds2.example.com:389/dc=example,dc=com", "#           Joined With Entry:", "#                dn: ou=joined 1,dc=example,dc=com", "#                objectClass: top", "#                objectClass: organizationalUnit", "#                ou: joined 1", "#                     Joined With Entry:", "#                          dn: ou=joined 1a,dc=example,dc=com", "#                          objectClass: top", "#                          objectClass: organizationalUnit", "#                          ou: joined 1a", "#                     Joined With Entry:", "#                          dn: ou=joined 1b,dc=example,dc=com", "#                          objectClass: top", "#                          objectClass: organizationalUnit", "#                          ou: joined 1b", "#           Joined With Entry:", "#                dn: ou=joined 2,dc=example,dc=com", "#                objectClass: top", "#                objectClass: organizationalUnit", "#                ou: joined 2", "#                     Joined With Entry:", "#                          dn: ou=joined 2a,dc=example,dc=com", "#                          objectClass: top", "#                          objectClass: organizationalUnit", "#                          ou: joined 2a", "#                     Joined With Entry:", "#                          dn: ou=joined 2b,dc=example,dc=com", "#                          objectClass: top", "#                          objectClass: organizationalUnit", "#                          ou: joined 2b") });
    // An invalid join result control.
    resultList.add(new Object[] { new Control(JoinResultControl.JOIN_RESULT_OID), Arrays.asList("#      Response Control:", "#           OID:  " + JoinResultControl.JOIN_RESULT_OID, "#           Is Critical:  false") });
    // A valid matching entry count response control for an examined count.
    resultList.add(new Object[] { MatchingEntryCountResponseControl.createExactCountResponse(12345, true, true, true, false, true, Filter.createEqualityFilter("objectClass", "person"), Arrays.asList("debug message 1", "debug message 2")), Arrays.asList("#      Matching Entry Count Response Control:", "#           OID:  " + MatchingEntryCountResponseControl.MATCHING_ENTRY_COUNT_RESPONSE_OID, "#           Count Type:  Examined", "#           Count Value:  12345", "#           Search Is Indexed:  true", "#           Short Circuited:  true", "#           Fully Indexed:  false", "#           Candidates Are in Scope:  true", "#           Remaining Filter:  (objectClass=person)", "#           Debug Info:", "#                debug message 1", "#                debug message 2") });
    // A valid matching entry count response control for an unexamined count.
    resultList.add(new Object[] { MatchingEntryCountResponseControl.createExactCountResponse(67890, false, true, Arrays.asList("debug message 1", "debug message 2")), Arrays.asList("#      Matching Entry Count Response Control:", "#           OID:  " + MatchingEntryCountResponseControl.MATCHING_ENTRY_COUNT_RESPONSE_OID, "#           Count Type:  Unexamined", "#           Count Value:  67890", "#           Search Is Indexed:  true", "#           Debug Info:", "#                debug message 1", "#                debug message 2") });
    // A valid matching entry count response control for an upper bound count.
    resultList.add(new Object[] { MatchingEntryCountResponseControl.createUpperBoundResponse(98765, false, Arrays.asList("debug message 1", "debug message 2")), Arrays.asList("#      Matching Entry Count Response Control:", "#           OID:  " + MatchingEntryCountResponseControl.MATCHING_ENTRY_COUNT_RESPONSE_OID, "#           Count Type:  Upper Bound", "#           Count Value:  98765", "#           Search Is Indexed:  false", "#           Debug Info:", "#                debug message 1", "#                debug message 2") });
    // A valid matching entry count response control for an unknown count.
    resultList.add(new Object[] { MatchingEntryCountResponseControl.createUnknownCountResponse(Arrays.asList("debug message 1", "debug message 2")), Arrays.asList("#      Matching Entry Count Response Control:", "#           OID:  " + MatchingEntryCountResponseControl.MATCHING_ENTRY_COUNT_RESPONSE_OID, "#           Count Type:  Unknown", "#           Search Is Indexed:  false", "#           Debug Info:", "#                debug message 1", "#                debug message 2") });
    // An invalid matching entry count response control.
    resultList.add(new Object[] { new Control(MatchingEntryCountResponseControl.MATCHING_ENTRY_COUNT_RESPONSE_OID), Arrays.asList("#      Response Control:", "#           OID:  " + MatchingEntryCountResponseControl.MATCHING_ENTRY_COUNT_RESPONSE_OID, "#           Is Critical:  false") });
    // A valid password policy response control for a password that is about to
    // expire.
    resultList.add(new Object[] { new PasswordPolicyResponseControl(PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION, 12345, null), Arrays.asList("#      Password Policy Response Control:", "#           OID:  " + PasswordPolicyResponseControl.PASSWORD_POLICY_RESPONSE_OID, "#           Error Type:  None", "#           Warning Type:  time before expiration", "#           Warning Value:  12345") });
    // A valid password policy response control for an account that is locked.
    resultList.add(new Object[] { new PasswordPolicyResponseControl(null, -1, PasswordPolicyErrorType.ACCOUNT_LOCKED), Arrays.asList("#      Password Policy Response Control:", "#           OID:  " + PasswordPolicyResponseControl.PASSWORD_POLICY_RESPONSE_OID, "#           Error Type:  account locked", "#           Warning Type:  None") });
    // An invalid password policy response control.
    resultList.add(new Object[] { new Control(PasswordPolicyResponseControl.PASSWORD_POLICY_RESPONSE_OID), Arrays.asList("#      Response Control:", "#           OID:  " + PasswordPolicyResponseControl.PASSWORD_POLICY_RESPONSE_OID, "#           Is Critical:  false") });
    // A valid password validation details response control for a validation
    // details response.
    final LinkedHashMap<String, String> r1Map = new LinkedHashMap<String, String>(2);
    r1Map.put("prop1a", "value1a");
    r1Map.put("prop1b", "value1b");
    final LinkedHashMap<String, String> r2Map = new LinkedHashMap<String, String>(2);
    r2Map.put("prop2a", "value2a");
    r2Map.put("prop2b", "value2b");
    resultList.add(new Object[] { new PasswordValidationDetailsResponseControl(PasswordValidationDetailsResponseType.VALIDATION_DETAILS, Arrays.asList(new PasswordQualityRequirementValidationResult(new PasswordQualityRequirement("Requirement 1", "first-requirement", r1Map), true, "Requirement 1 was satisfied"), new PasswordQualityRequirementValidationResult(new PasswordQualityRequirement("Requirement 2", "second-requirement", r2Map), false, "Requirement 2 was not satisfied")), false, true, 12345), Arrays.asList("#      Password Validation Details Response Control:", "#           OID:  " + PasswordValidationDetailsResponseControl.PASSWORD_VALIDATION_DETAILS_RESPONSE_OID, "#           Result Type:  Validation Result", "#                Password Quality Requirement Validation " + "Result:", "#                     Password Quality Requirement " + "Description:  Requirement 1", "#                     Client-Side Validation Type:  " + "first-requirement", "#                     Client-Side Validation Property:  " + "prop1a=value1a", "#                     Client-Side Validation Property:  " + "prop1b=value1b", "#                     Requirement Satisfied:  true", "#                     Additional Validation Info:  " + "Requirement 1 was satisfied", "#                Password Quality Requirement Validation " + "Result:", "#                     Password Quality Requirement " + "Description:  Requirement 2", "#                     Client-Side Validation Type:  " + "second-requirement", "#                     Client-Side Validation Property:  " + "prop2a=value2a", "#                     Client-Side Validation Property:  " + "prop2b=value2b", "#                     Requirement Satisfied:  false", "#                     Additional Validation Info:  " + "Requirement 2 was not satisfied", "#           Missing Current Password:  false", "#           Must Change Password:  true", "#           Seconds Until Expiration:  12345") });
    // A valid password validation details response control for a "no password
    // provided" response.
    resultList.add(new Object[] { new PasswordValidationDetailsResponseControl(PasswordValidationDetailsResponseType.NO_PASSWORD_PROVIDED, null, true, false, null), Arrays.asList("#      Password Validation Details Response Control:", "#           OID:  " + PasswordValidationDetailsResponseControl.PASSWORD_VALIDATION_DETAILS_RESPONSE_OID, "#           Result Type:  No Password Provided", "#           Missing Current Password:  true", "#           Must Change Password:  false") });
    // A valid password validation details response control for a "multiple
    // passwords provided" response.
    resultList.add(new Object[] { new PasswordValidationDetailsResponseControl(PasswordValidationDetailsResponseType.MULTIPLE_PASSWORDS_PROVIDED, null, true, false, null), Arrays.asList("#      Password Validation Details Response Control:", "#           OID:  " + PasswordValidationDetailsResponseControl.PASSWORD_VALIDATION_DETAILS_RESPONSE_OID, "#           Result Type:  Multiple Passwords Provided", "#           Missing Current Password:  true", "#           Must Change Password:  false") });
    // A valid password validation details response control for a "no validation
    // attempted" response.
    resultList.add(new Object[] { new PasswordValidationDetailsResponseControl(PasswordValidationDetailsResponseType.NO_VALIDATION_ATTEMPTED, null, true, false, null), Arrays.asList("#      Password Validation Details Response Control:", "#           OID:  " + PasswordValidationDetailsResponseControl.PASSWORD_VALIDATION_DETAILS_RESPONSE_OID, "#           Result Type:  No Validation Attempted", "#           Missing Current Password:  true", "#           Must Change Password:  false") });
    // An invalid password validation details response control.
    resultList.add(new Object[] { new Control(PasswordValidationDetailsResponseControl.PASSWORD_VALIDATION_DETAILS_RESPONSE_OID), Arrays.asList("#      Response Control:", "#           OID:  " + PasswordValidationDetailsResponseControl.PASSWORD_VALIDATION_DETAILS_RESPONSE_OID, "#           Is Critical:  false") });
    // A valid soft delete response control.
    resultList.add(new Object[] { new SoftDeleteResponseControl("ou=test+entryUUID=" + uuid.toString() + ",dc=example,dc=com"), Arrays.asList("#      Soft Delete Response Control:", "#           OID:  " + SoftDeleteResponseControl.SOFT_DELETE_RESPONSE_OID, "#           Soft-Deleted Entry DN:  ou=test+entryUUID=" + uuid.toString() + ",dc=example,dc=com") });
    // An invalid soft delete response control.
    resultList.add(new Object[] { new Control(SoftDeleteResponseControl.SOFT_DELETE_RESPONSE_OID), Arrays.asList("#      Response Control:", "#           OID:  " + SoftDeleteResponseControl.SOFT_DELETE_RESPONSE_OID, "#           Is Critical:  false") });
    // A valid transaction settings response control.
    resultList.add(new Object[] { new TransactionSettingsResponseControl(12345, true), Arrays.asList("#      Transaction Settings Response Control:", "#           OID:  " + TransactionSettingsResponseControl.TRANSACTION_SETTINGS_RESPONSE_OID, "#           Number of Lock Conflicts:  12345", "#           Backend Lock Acquired:  true") });
    // An invalid transaction settings response control.
    resultList.add(new Object[] { new Control(TransactionSettingsResponseControl.TRANSACTION_SETTINGS_RESPONSE_OID), Arrays.asList("#      Response Control:", "#           OID:  " + TransactionSettingsResponseControl.TRANSACTION_SETTINGS_RESPONSE_OID, "#           Is Critical:  false") });
    // A valid uniqueness response control in which all of the tests passed.
    resultList.add(new Object[] { new UniquenessResponseControl("all-passed", true, true, null), Arrays.asList("#      Uniqueness Response Control:", "#           OID:  " + UniquenessResponseControl.UNIQUENESS_RESPONSE_OID, "#           Uniqueness ID:  all-passed", "#           Pre-Commit Validation Status:  Passed", "#           Post-Commit Validation Status:  Passed") });
    // A valid uniqueness response control in which the pre-commit attempt
    // failed.
    resultList.add(new Object[] { new UniquenessResponseControl("pre-commit-failed", false, null, "The pre-commit attempt failed"), Arrays.asList("#      Uniqueness Response Control:", "#           OID:  " + UniquenessResponseControl.UNIQUENESS_RESPONSE_OID, "#           Uniqueness ID:  pre-commit-failed", "#           Pre-Commit Validation Status:  Failed", "#           Post-Commit Validation Status:  Not Attempted", "#           Message:  The pre-commit attempt failed") });
    // A valid uniqueness response control in which the pre-commit attempt
    // passed but the post-commit attempt failed.
    resultList.add(new Object[] { new UniquenessResponseControl("post-commit-failed", true, false, "The post-commit attempt failed"), Arrays.asList("#      Uniqueness Response Control:", "#           OID:  " + UniquenessResponseControl.UNIQUENESS_RESPONSE_OID, "#           Uniqueness ID:  post-commit-failed", "#           Pre-Commit Validation Status:  Passed", "#           Post-Commit Validation Status:  Failed", "#           Message:  The post-commit attempt failed") });
    // A valid uniqueness response control in which no validation was attempted.
    resultList.add(new Object[] { new UniquenessResponseControl("not-attempted", null, null, "No validation was attempted"), Arrays.asList("#      Uniqueness Response Control:", "#           OID:  " + UniquenessResponseControl.UNIQUENESS_RESPONSE_OID, "#           Uniqueness ID:  not-attempted", "#           Pre-Commit Validation Status:  Not Attempted", "#           Post-Commit Validation Status:  Not Attempted", "#           Message:  No validation was attempted") });
    // An invalid uniqueness response control.
    resultList.add(new Object[] { new Control(UniquenessResponseControl.UNIQUENESS_RESPONSE_OID), Arrays.asList("#      Response Control:", "#           OID:  " + UniquenessResponseControl.UNIQUENESS_RESPONSE_OID, "#           Is Critical:  false") });
    return resultList.iterator();
}
Also used : JoinResultControl(com.unboundid.ldap.sdk.unboundidds.controls.JoinResultControl) PasswordPolicyStateAccountUsabilityError(com.unboundid.ldap.sdk.unboundidds.extensions.PasswordPolicyStateAccountUsabilityError) AuthorizationIdentityResponseControl(com.unboundid.ldap.sdk.controls.AuthorizationIdentityResponseControl) ASN1OctetString(com.unboundid.asn1.ASN1OctetString) AccountUsableResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.AccountUsableResponseControl) LinkedHashMap(java.util.LinkedHashMap) PasswordQualityRequirement(com.unboundid.ldap.sdk.unboundidds.extensions.PasswordQualityRequirement) GetAuthorizationEntryResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.GetAuthorizationEntryResponseControl) TreeSet(java.util.TreeSet) AssuredReplicationResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.AssuredReplicationResponseControl) UUID(java.util.UUID) PostReadResponseControl(com.unboundid.ldap.sdk.controls.PostReadResponseControl) RecentLoginHistory(com.unboundid.ldap.sdk.unboundidds.controls.RecentLoginHistory) GetRecentLoginHistoryResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.GetRecentLoginHistoryResponseControl) IntermediateClientResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.IntermediateClientResponseControl) LinkedList(java.util.LinkedList) IntermediateClientResponseValue(com.unboundid.ldap.sdk.unboundidds.controls.IntermediateClientResponseValue) GetBackendSetIDResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.GetBackendSetIDResponseControl) AuthenticationFailureReason(com.unboundid.ldap.sdk.unboundidds.controls.AuthenticationFailureReason) ContentSyncDoneControl(com.unboundid.ldap.sdk.controls.ContentSyncDoneControl) EntryChangeNotificationControl(com.unboundid.ldap.sdk.controls.EntryChangeNotificationControl) PreReadResponseControl(com.unboundid.ldap.sdk.controls.PreReadResponseControl) PasswordExpiringControl(com.unboundid.ldap.sdk.controls.PasswordExpiringControl) GetUserResourceLimitsResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.GetUserResourceLimitsResponseControl) SoftDeleteResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.SoftDeleteResponseControl) ASN1OctetString(com.unboundid.asn1.ASN1OctetString) RecentLoginHistoryAttempt(com.unboundid.ldap.sdk.unboundidds.controls.RecentLoginHistoryAttempt) Attribute(com.unboundid.ldap.sdk.Attribute) GetServerIDResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.GetServerIDResponseControl) JoinedEntry(com.unboundid.ldap.sdk.unboundidds.controls.JoinedEntry) IntermediateClientResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.IntermediateClientResponseControl) TransactionSettingsResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.TransactionSettingsResponseControl) Control(com.unboundid.ldap.sdk.Control) UniquenessResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.UniquenessResponseControl) SimplePagedResultsControl(com.unboundid.ldap.sdk.controls.SimplePagedResultsControl) PasswordValidationDetailsResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.PasswordValidationDetailsResponseControl) VirtualListViewResponseControl(com.unboundid.ldap.sdk.controls.VirtualListViewResponseControl) GetPasswordPolicyStateIssuesResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.GetPasswordPolicyStateIssuesResponseControl) AccountUsableResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.AccountUsableResponseControl) GetServerIDResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.GetServerIDResponseControl) SoftDeleteResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.SoftDeleteResponseControl) PasswordExpiredControl(com.unboundid.ldap.sdk.controls.PasswordExpiredControl) PasswordExpiringControl(com.unboundid.ldap.sdk.controls.PasswordExpiringControl) PostReadResponseControl(com.unboundid.ldap.sdk.controls.PostReadResponseControl) GetAuthorizationEntryResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.GetAuthorizationEntryResponseControl) ServerSideSortResponseControl(com.unboundid.ldap.sdk.controls.ServerSideSortResponseControl) MatchingEntryCountResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.MatchingEntryCountResponseControl) GeneratePasswordResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.GeneratePasswordResponseControl) EntryChangeNotificationControl(com.unboundid.ldap.sdk.controls.EntryChangeNotificationControl) GetUserResourceLimitsResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.GetUserResourceLimitsResponseControl) AssuredReplicationResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.AssuredReplicationResponseControl) ContentSyncStateControl(com.unboundid.ldap.sdk.controls.ContentSyncStateControl) GetRecentLoginHistoryResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.GetRecentLoginHistoryResponseControl) JoinResultControl(com.unboundid.ldap.sdk.unboundidds.controls.JoinResultControl) GetBackendSetIDResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.GetBackendSetIDResponseControl) PasswordPolicyResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.PasswordPolicyResponseControl) PreReadResponseControl(com.unboundid.ldap.sdk.controls.PreReadResponseControl) AuthorizationIdentityResponseControl(com.unboundid.ldap.sdk.controls.AuthorizationIdentityResponseControl) ContentSyncDoneControl(com.unboundid.ldap.sdk.controls.ContentSyncDoneControl) PasswordPolicyResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.PasswordPolicyResponseControl) GeneratePasswordResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.GeneratePasswordResponseControl) GetPasswordPolicyStateIssuesResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.GetPasswordPolicyStateIssuesResponseControl) AssuredReplicationServerResult(com.unboundid.ldap.sdk.unboundidds.controls.AssuredReplicationServerResult) PasswordValidationDetailsResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.PasswordValidationDetailsResponseControl) TransactionSettingsResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.TransactionSettingsResponseControl) ServerSideSortResponseControl(com.unboundid.ldap.sdk.controls.ServerSideSortResponseControl) ReadOnlyEntry(com.unboundid.ldap.sdk.ReadOnlyEntry) VirtualListViewResponseControl(com.unboundid.ldap.sdk.controls.VirtualListViewResponseControl) PasswordPolicyStateAccountUsabilityNotice(com.unboundid.ldap.sdk.unboundidds.extensions.PasswordPolicyStateAccountUsabilityNotice) ContentSyncStateControl(com.unboundid.ldap.sdk.controls.ContentSyncStateControl) PasswordQualityRequirementValidationResult(com.unboundid.ldap.sdk.unboundidds.controls.PasswordQualityRequirementValidationResult) PasswordPolicyStateAccountUsabilityWarning(com.unboundid.ldap.sdk.unboundidds.extensions.PasswordPolicyStateAccountUsabilityWarning) SimplePagedResultsControl(com.unboundid.ldap.sdk.controls.SimplePagedResultsControl) PasswordExpiredControl(com.unboundid.ldap.sdk.controls.PasswordExpiredControl) UniquenessResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.UniquenessResponseControl) DataProvider(org.testng.annotations.DataProvider)

Example 3 with GetAuthorizationEntryResponseControl

use of com.unboundid.ldap.sdk.unboundidds.controls.GetAuthorizationEntryResponseControl in project ssam by pingidentity.

the class LDAPAuthenticationProvider method authenticate.

/**
 * {@inheritDoc}
 */
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    String searchBindFilter = settings.getSearchBindFilter();
    User userDetails = null;
    BindRequest request = null;
    // Get the username and password, making sure they're not empty
    String username = authentication.getName();
    String password = (String) authentication.getCredentials();
    if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
        throw new BadCredentialsException("Username and password must be provided");
    }
    // If a filter is available, perform 'Search and Bind'
    if (StringUtils.isNotEmpty(searchBindFilter)) {
        Entry entry;
        String filter = searchBindFilter.replace("$0", username);
        try {
            entry = pool.searchForEntry(settings.getBaseDN(), SearchScope.SUB, Filter.create(filter));
            if (entry == null) {
                throw new BadCredentialsException("Invalid credentials for user: " + username);
            }
        } catch (LDAPSearchException e) {
            throw new BadCredentialsException("An exception occurred while searching" + " for user: " + username, e);
        } catch (LDAPException e) {
            throw new BadCredentialsException("The filter string cannot be decoded " + "as a valid search filter for user: " + username, e);
        }
        // Obtain the bind DN and try to bind, retaining the identity of the
        // pooled connection
        request = new SimpleBindRequest(entry.getDN(), password, new RetainIdentityRequestControl());
        userDetails = new LDAPUser(entry.getDN(), username, password, EMPTY_AUTHORITIES);
    } else {
        // Construct a SASL PLAIN Bind Request since no filter is available for
        // 'Search and Bind'
        request = new PLAINBindRequest("u:" + username, password, new GetAuthorizationEntryRequestControl(false, true, "1.1"), new RetainIdentityRequestControl());
    }
    try {
        BindResult result = pool.bind(request);
        // Use a Response Control to obtain a DN for the authentication token
        if (request instanceof PLAINBindRequest) {
            GetAuthorizationEntryResponseControl responseControl = GetAuthorizationEntryResponseControl.get(result);
            if (responseControl == null) {
                // No entry returned, User will be used for the authentication token
                userDetails = new User(username, password, EMPTY_AUTHORITIES);
            } else {
                // Entry returned, LDAPUser will be used for the authentication token
                userDetails = new LDAPUser(responseControl.getAuthZEntry().getDN(), username, password, EMPTY_AUTHORITIES);
            }
        }
    } catch (LDAPException e) {
        throw new BadCredentialsException("Invalid credentials for user:  " + username, e);
    }
    // Construct the authentication token and return it
    return new UsernamePasswordAuthenticationToken(userDetails, password, EMPTY_AUTHORITIES);
}
Also used : User(org.springframework.security.core.userdetails.User) BindRequest(com.unboundid.ldap.sdk.BindRequest) PLAINBindRequest(com.unboundid.ldap.sdk.PLAINBindRequest) SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest) PLAINBindRequest(com.unboundid.ldap.sdk.PLAINBindRequest) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) Entry(com.unboundid.ldap.sdk.Entry) SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest) GetAuthorizationEntryResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.GetAuthorizationEntryResponseControl) LDAPException(com.unboundid.ldap.sdk.LDAPException) LDAPSearchException(com.unboundid.ldap.sdk.LDAPSearchException) BindResult(com.unboundid.ldap.sdk.BindResult) RetainIdentityRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.RetainIdentityRequestControl) GetAuthorizationEntryRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetAuthorizationEntryRequestControl)

Aggregations

GetAuthorizationEntryResponseControl (com.unboundid.ldap.sdk.unboundidds.controls.GetAuthorizationEntryResponseControl)3 ASN1OctetString (com.unboundid.asn1.ASN1OctetString)2 Entry (com.unboundid.ldap.sdk.Entry)2 LDAPException (com.unboundid.ldap.sdk.LDAPException)2 JoinedEntry (com.unboundid.ldap.sdk.unboundidds.controls.JoinedEntry)2 Attribute (com.unboundid.ldap.sdk.Attribute)1 BindRequest (com.unboundid.ldap.sdk.BindRequest)1 BindResult (com.unboundid.ldap.sdk.BindResult)1 Control (com.unboundid.ldap.sdk.Control)1 LDAPSearchException (com.unboundid.ldap.sdk.LDAPSearchException)1 PLAINBindRequest (com.unboundid.ldap.sdk.PLAINBindRequest)1 ReadOnlyEntry (com.unboundid.ldap.sdk.ReadOnlyEntry)1 SearchResultEntry (com.unboundid.ldap.sdk.SearchResultEntry)1 SimpleBindRequest (com.unboundid.ldap.sdk.SimpleBindRequest)1 AuthorizationIdentityResponseControl (com.unboundid.ldap.sdk.controls.AuthorizationIdentityResponseControl)1 ContentSyncDoneControl (com.unboundid.ldap.sdk.controls.ContentSyncDoneControl)1 ContentSyncStateControl (com.unboundid.ldap.sdk.controls.ContentSyncStateControl)1 EntryChangeNotificationControl (com.unboundid.ldap.sdk.controls.EntryChangeNotificationControl)1 PasswordExpiredControl (com.unboundid.ldap.sdk.controls.PasswordExpiredControl)1 PasswordExpiringControl (com.unboundid.ldap.sdk.controls.PasswordExpiringControl)1