use of javax.naming.ldap.ExtendedResponse in project ldapchai by ldapchai.
the class ApacheLdapProviderImpl method extendedOperation.
public ExtendedResponse extendedOperation(final ExtendedRequest request) throws ChaiOperationException, ChaiUnavailableException, IllegalStateException {
final org.apache.directory.api.ldap.model.message.ExtendedRequest apacheRequest = new org.apache.directory.api.ldap.model.message.ExtendedRequest() {
public String getRequestName() {
return request.getID();
}
public org.apache.directory.api.ldap.model.message.ExtendedRequest setRequestName(final String oid) {
return this;
}
public org.apache.directory.api.ldap.model.message.ExtendedRequest setMessageId(final int messageId) {
return this;
}
public org.apache.directory.api.ldap.model.message.ExtendedRequest addControl(final Control control) {
return null;
}
public org.apache.directory.api.ldap.model.message.ExtendedRequest addAllControls(final Control[] controls) {
return null;
}
public org.apache.directory.api.ldap.model.message.ExtendedRequest removeControl(final Control control) {
return null;
}
public MessageTypeEnum getResponseType() {
return null;
}
public ResultResponse getResultResponse() {
return null;
}
public boolean hasResponse() {
return false;
}
public MessageTypeEnum getType() {
return null;
}
public Map<String, Control> getControls() {
return null;
}
public Control getControl(final String oid) {
return null;
}
public boolean hasControl(final String oid) {
return false;
}
public int getMessageId() {
return 0;
}
public Object get(final Object key) {
return null;
}
public Object put(final Object key, final Object value) {
return null;
}
};
try {
final org.apache.directory.api.ldap.model.message.ExtendedResponse apacheResponse = connection.extended(apacheRequest);
final ExtendedResponse extendedResponse = new ExtendedResponse() {
public String getID() {
return apacheResponse.getResponseName();
}
public byte[] getEncodedValue() {
return null;
}
};
return extendedResponse;
} catch (LdapException e) {
throw ChaiOperationException.forErrorMessage(e.getMessage());
}
}
use of javax.naming.ldap.ExtendedResponse in project ldapchai by ldapchai.
the class NmasResponseSet method readNmasUserResponseSet.
static NmasResponseSet readNmasUserResponseSet(final ChaiUser theUser) throws ChaiUnavailableException, ChaiValidationException {
final GetLoginConfigRequest request = new GetLoginConfigRequest();
request.setObjectDN(theUser.getEntryDN());
request.setTag("ChallengeResponseQuestions");
request.setMethodID(NMASChallengeResponse.METHOD_ID);
request.setMethodIDLen(NMASChallengeResponse.METHOD_ID.length * 4);
try {
final ExtendedResponse response = theUser.getChaiProvider().extendedOperation(request);
final byte[] responseValue = response.getEncodedValue();
if (responseValue == null) {
return null;
}
final String xmlString = new String(responseValue, "UTF8");
LOGGER.trace("[parse v3]: read ChallengeResponseQuestions from server: " + xmlString);
ChallengeSet cs = null;
int parseAttempts = 0;
final StringBuilder parsingErrorMsg = new StringBuilder();
{
final int beginIndex = xmlString.indexOf("<");
if (beginIndex > 0) {
try {
parseAttempts++;
final String xmlSubstring = xmlString.substring(beginIndex, xmlString.length());
LOGGER.trace("attempting parse of index stripped value: " + xmlSubstring);
cs = parseNmasUserResponseXML(xmlSubstring);
LOGGER.trace("successfully parsed nmas ChallengeResponseQuestions response after index " + beginIndex);
} catch (JDOMException e) {
if (parsingErrorMsg.length() > 0) {
parsingErrorMsg.append(", ");
}
parsingErrorMsg.append("error parsing index stripped value: ").append(e.getMessage());
LOGGER.trace("unable to parse index stripped ChallengeResponseQuestions nmas response; error: " + e.getMessage());
}
}
}
if (cs == null) {
if (xmlString.startsWith("<?xml")) {
try {
parseAttempts++;
cs = parseNmasUserResponseXML(xmlString);
} catch (JDOMException e) {
parsingErrorMsg.append("error parsing raw value: ").append(e.getMessage());
LOGGER.trace("unable to parse raw ChallengeResponseQuestions nmas response; will retry after stripping header; error: " + e.getMessage());
}
LOGGER.trace("successfully parsed full nmas ChallengeResponseQuestions response");
}
}
if (cs == null) {
if (xmlString.length() > 16) {
// first 16 bytes are non-xml header.
final String strippedXml = xmlString.substring(16);
try {
parseAttempts++;
cs = parseNmasUserResponseXML(strippedXml);
LOGGER.trace("successfully parsed full nmas ChallengeResponseQuestions response");
} catch (JDOMException e) {
if (parsingErrorMsg.length() > 0) {
parsingErrorMsg.append(", ");
}
parsingErrorMsg.append("error parsing header stripped value: ").append(e.getMessage());
LOGGER.trace("unable to parse stripped ChallengeResponseQuestions nmas response; error: " + e.getMessage());
}
}
}
if (cs == null) {
final String logMsg = "unable to parse nmas ChallengeResponseQuestions: " + parsingErrorMsg;
if (parseAttempts > 0 && xmlString.length() > 16) {
LOGGER.error(logMsg);
} else {
LOGGER.trace(logMsg);
}
return null;
}
final Map<Challenge, String> crMap = new HashMap<Challenge, String>();
for (final Challenge loopChallenge : cs.getChallenges()) {
crMap.put(loopChallenge, null);
}
return new NmasResponseSet(crMap, cs.getLocale(), cs.getMinRandomRequired(), AbstractResponseSet.STATE.READ, theUser, cs.getIdentifier());
} catch (ChaiOperationException e) {
LOGGER.error("error reading nmas user response for " + theUser.getEntryDN() + ", error: " + e.getMessage());
} catch (IOException e) {
LOGGER.error("error reading nmas user response for " + theUser.getEntryDN() + ", error: " + e.getMessage());
}
return null;
}
use of javax.naming.ldap.ExtendedResponse in project ldapchai by ldapchai.
the class InetOrgPersonImpl method changePassword.
public final void changePassword(final String oldPassword, final String newPassword) throws ChaiUnavailableException, ChaiPasswordPolicyException {
final boolean useNmasSetting = this.getChaiProvider().getChaiConfiguration().getBooleanSetting(ChaiSetting.EDIRECTORY_ENABLE_NMAS);
if (!useNmasSetting) {
try {
replaceAttribute(ATTR_PASSWORD, oldPassword, newPassword);
} catch (ChaiOperationException e) {
throw new ChaiPasswordPolicyException(e.getMessage(), ChaiErrors.getErrorForMessage(e.getMessage()));
}
} else {
final ChangePwdRequest request = new ChangePwdRequest();
request.setNewPwd(newPassword);
request.setObjectDN(this.getEntryDN());
request.setOldPwd(oldPassword);
final ExtendedResponse response;
try {
response = getChaiProvider().extendedOperation(request);
} catch (ChaiOperationException e) {
throw new ChaiPasswordPolicyException(e.getMessage(), ChaiErrors.getErrorForMessage(e.getMessage()));
}
if (response != null) {
final ChangePwdResponse changeResponse = (ChangePwdResponse) response;
final int responseCode = changeResponse.getNmasRetCode();
if (responseCode != 0) {
LOGGER.debug("error changing nmas password: " + responseCode);
final String errorString = "nmas error " + responseCode;
throw new ChaiPasswordPolicyException(errorString, ChaiErrors.getErrorForMessage(errorString));
}
}
}
}
use of javax.naming.ldap.ExtendedResponse in project ldapchai by ldapchai.
the class InetOrgPersonImpl method readPassword.
public final String readPassword() throws ChaiUnavailableException, ChaiOperationException {
final boolean useNmasSetting = this.getChaiProvider().getChaiConfiguration().getBooleanSetting(ChaiSetting.EDIRECTORY_ENABLE_NMAS);
if (!useNmasSetting) {
throw new UnsupportedOperationException("readPassword() is not supported when ChaiSetting.EDIRECTORY_ENABLE_NMAS is false");
}
final GetPwdRequest request = new GetPwdRequest("", this.getEntryDN());
final ExtendedResponse response;
response = getChaiProvider().extendedOperation(request);
if (response != null) {
final GetPwdResponse getResponse = (GetPwdResponse) response;
final int responseCode = getResponse.getNmasRetCode();
switch(responseCode) {
// Success
case 0:
return getResponse.getPwdStr();
// NMAS_E_ENTRY_ATTRIBUTE_NOT_FOUND
case (-16049):
LOGGER.debug("readPassword() reports: NMAS_E_ENTRY_ATTRIBUTE_NOT_FOUND " + responseCode);
throw new ChaiOperationException("object has no password attribute: error " + responseCode, ChaiError.NO_SUCH_ATTRIBUTE);
default:
LOGGER.debug("error testing nmas password: " + responseCode);
throw new ChaiOperationException("error reading nmas password: error " + responseCode, ChaiError.UNKNOWN);
}
}
LOGGER.debug("unknown error retreiving password (null response)");
throw new ChaiOperationException("unknown error retreiving password (null response)", ChaiError.UNKNOWN);
}
use of javax.naming.ldap.ExtendedResponse in project ldapchai by ldapchai.
the class InetOrgPersonImpl method testPasswordPolicy.
public boolean testPasswordPolicy(final String password) throws ChaiUnavailableException, ChaiPasswordPolicyException {
final boolean useNmasSetting = this.getChaiProvider().getChaiConfiguration().getBooleanSetting(ChaiSetting.EDIRECTORY_ENABLE_NMAS);
if (!useNmasSetting) {
return true;
}
final PwdPolicyCheckRequest request = new PwdPolicyCheckRequest();
request.setData(password);
request.setObjectDN(this.getEntryDN());
final ExtendedResponse response;
try {
response = getChaiProvider().extendedOperation(request);
} catch (ChaiOperationException e) {
LOGGER.debug("unexpected error while checking [nmas] password policy: " + e.getMessage());
return true;
}
if (response != null) {
final PwdPolicyCheckResponse setResponse = (PwdPolicyCheckResponse) response;
final int responseCode = setResponse.getNmasRetCode();
if (responseCode != 0) {
LOGGER.debug("nmas response code returned from server while testing nmas password: " + responseCode);
final String errorString = "nmas error " + responseCode;
throw new ChaiPasswordPolicyException(errorString, ChaiErrors.getErrorForMessage(errorString));
}
}
return true;
}
Aggregations