Search in sources :

Example 1 with ExtendedResponse

use of javax.naming.ldap.ExtendedResponse in project ldapchai by ldapchai.

the class ApacheLdapProviderImpl method extendedOperation.

public ExtendedResponse extendedOperation(final ExtendedRequest request) throws ChaiOperationException, ChaiUnavailableException, IllegalStateException {
    final org.apache.directory.api.ldap.model.message.ExtendedRequest apacheRequest = new org.apache.directory.api.ldap.model.message.ExtendedRequest() {

        public String getRequestName() {
            return request.getID();
        }

        public org.apache.directory.api.ldap.model.message.ExtendedRequest setRequestName(final String oid) {
            return this;
        }

        public org.apache.directory.api.ldap.model.message.ExtendedRequest setMessageId(final int messageId) {
            return this;
        }

        public org.apache.directory.api.ldap.model.message.ExtendedRequest addControl(final Control control) {
            return null;
        }

        public org.apache.directory.api.ldap.model.message.ExtendedRequest addAllControls(final Control[] controls) {
            return null;
        }

        public org.apache.directory.api.ldap.model.message.ExtendedRequest removeControl(final Control control) {
            return null;
        }

        public MessageTypeEnum getResponseType() {
            return null;
        }

        public ResultResponse getResultResponse() {
            return null;
        }

        public boolean hasResponse() {
            return false;
        }

        public MessageTypeEnum getType() {
            return null;
        }

        public Map<String, Control> getControls() {
            return null;
        }

        public Control getControl(final String oid) {
            return null;
        }

        public boolean hasControl(final String oid) {
            return false;
        }

        public int getMessageId() {
            return 0;
        }

        public Object get(final Object key) {
            return null;
        }

        public Object put(final Object key, final Object value) {
            return null;
        }
    };
    try {
        final org.apache.directory.api.ldap.model.message.ExtendedResponse apacheResponse = connection.extended(apacheRequest);
        final ExtendedResponse extendedResponse = new ExtendedResponse() {

            public String getID() {
                return apacheResponse.getResponseName();
            }

            public byte[] getEncodedValue() {
                return null;
            }
        };
        return extendedResponse;
    } catch (LdapException e) {
        throw ChaiOperationException.forErrorMessage(e.getMessage());
    }
}
Also used : Control(org.apache.directory.api.ldap.model.message.Control) ChaiRequestControl(com.novell.ldapchai.ChaiRequestControl) ExtendedResponse(javax.naming.ldap.ExtendedResponse) ExtendedRequest(javax.naming.ldap.ExtendedRequest) LdapException(org.apache.directory.api.ldap.model.exception.LdapException)

Example 2 with ExtendedResponse

use of javax.naming.ldap.ExtendedResponse in project ldapchai by ldapchai.

the class NmasResponseSet method readNmasUserResponseSet.

static NmasResponseSet readNmasUserResponseSet(final ChaiUser theUser) throws ChaiUnavailableException, ChaiValidationException {
    final GetLoginConfigRequest request = new GetLoginConfigRequest();
    request.setObjectDN(theUser.getEntryDN());
    request.setTag("ChallengeResponseQuestions");
    request.setMethodID(NMASChallengeResponse.METHOD_ID);
    request.setMethodIDLen(NMASChallengeResponse.METHOD_ID.length * 4);
    try {
        final ExtendedResponse response = theUser.getChaiProvider().extendedOperation(request);
        final byte[] responseValue = response.getEncodedValue();
        if (responseValue == null) {
            return null;
        }
        final String xmlString = new String(responseValue, "UTF8");
        LOGGER.trace("[parse v3]: read ChallengeResponseQuestions from server: " + xmlString);
        ChallengeSet cs = null;
        int parseAttempts = 0;
        final StringBuilder parsingErrorMsg = new StringBuilder();
        {
            final int beginIndex = xmlString.indexOf("<");
            if (beginIndex > 0) {
                try {
                    parseAttempts++;
                    final String xmlSubstring = xmlString.substring(beginIndex, xmlString.length());
                    LOGGER.trace("attempting parse of index stripped value: " + xmlSubstring);
                    cs = parseNmasUserResponseXML(xmlSubstring);
                    LOGGER.trace("successfully parsed nmas ChallengeResponseQuestions response after index " + beginIndex);
                } catch (JDOMException e) {
                    if (parsingErrorMsg.length() > 0) {
                        parsingErrorMsg.append(", ");
                    }
                    parsingErrorMsg.append("error parsing index stripped value: ").append(e.getMessage());
                    LOGGER.trace("unable to parse index stripped ChallengeResponseQuestions nmas response; error: " + e.getMessage());
                }
            }
        }
        if (cs == null) {
            if (xmlString.startsWith("<?xml")) {
                try {
                    parseAttempts++;
                    cs = parseNmasUserResponseXML(xmlString);
                } catch (JDOMException e) {
                    parsingErrorMsg.append("error parsing raw value: ").append(e.getMessage());
                    LOGGER.trace("unable to parse raw ChallengeResponseQuestions nmas response; will retry after stripping header; error: " + e.getMessage());
                }
                LOGGER.trace("successfully parsed full nmas ChallengeResponseQuestions response");
            }
        }
        if (cs == null) {
            if (xmlString.length() > 16) {
                // first 16 bytes are non-xml header.
                final String strippedXml = xmlString.substring(16);
                try {
                    parseAttempts++;
                    cs = parseNmasUserResponseXML(strippedXml);
                    LOGGER.trace("successfully parsed full nmas ChallengeResponseQuestions response");
                } catch (JDOMException e) {
                    if (parsingErrorMsg.length() > 0) {
                        parsingErrorMsg.append(", ");
                    }
                    parsingErrorMsg.append("error parsing header stripped value: ").append(e.getMessage());
                    LOGGER.trace("unable to parse stripped ChallengeResponseQuestions nmas response; error: " + e.getMessage());
                }
            }
        }
        if (cs == null) {
            final String logMsg = "unable to parse nmas ChallengeResponseQuestions: " + parsingErrorMsg;
            if (parseAttempts > 0 && xmlString.length() > 16) {
                LOGGER.error(logMsg);
            } else {
                LOGGER.trace(logMsg);
            }
            return null;
        }
        final Map<Challenge, String> crMap = new HashMap<Challenge, String>();
        for (final Challenge loopChallenge : cs.getChallenges()) {
            crMap.put(loopChallenge, null);
        }
        return new NmasResponseSet(crMap, cs.getLocale(), cs.getMinRandomRequired(), AbstractResponseSet.STATE.READ, theUser, cs.getIdentifier());
    } catch (ChaiOperationException e) {
        LOGGER.error("error reading nmas user response for " + theUser.getEntryDN() + ", error: " + e.getMessage());
    } catch (IOException e) {
        LOGGER.error("error reading nmas user response for " + theUser.getEntryDN() + ", error: " + e.getMessage());
    }
    return null;
}
Also used : ChallengeSet(com.novell.ldapchai.cr.ChallengeSet) ChaiChallengeSet(com.novell.ldapchai.cr.ChaiChallengeSet) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) IOException(java.io.IOException) JDOMException(org.jdom2.JDOMException) GetLoginConfigRequest(com.novell.security.nmas.jndi.ldap.ext.GetLoginConfigRequest) Challenge(com.novell.ldapchai.cr.Challenge) ChaiChallenge(com.novell.ldapchai.cr.ChaiChallenge) ExtendedResponse(javax.naming.ldap.ExtendedResponse) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)

Example 3 with ExtendedResponse

use of javax.naming.ldap.ExtendedResponse in project ldapchai by ldapchai.

the class InetOrgPersonImpl method changePassword.

public final void changePassword(final String oldPassword, final String newPassword) throws ChaiUnavailableException, ChaiPasswordPolicyException {
    final boolean useNmasSetting = this.getChaiProvider().getChaiConfiguration().getBooleanSetting(ChaiSetting.EDIRECTORY_ENABLE_NMAS);
    if (!useNmasSetting) {
        try {
            replaceAttribute(ATTR_PASSWORD, oldPassword, newPassword);
        } catch (ChaiOperationException e) {
            throw new ChaiPasswordPolicyException(e.getMessage(), ChaiErrors.getErrorForMessage(e.getMessage()));
        }
    } else {
        final ChangePwdRequest request = new ChangePwdRequest();
        request.setNewPwd(newPassword);
        request.setObjectDN(this.getEntryDN());
        request.setOldPwd(oldPassword);
        final ExtendedResponse response;
        try {
            response = getChaiProvider().extendedOperation(request);
        } catch (ChaiOperationException e) {
            throw new ChaiPasswordPolicyException(e.getMessage(), ChaiErrors.getErrorForMessage(e.getMessage()));
        }
        if (response != null) {
            final ChangePwdResponse changeResponse = (ChangePwdResponse) response;
            final int responseCode = changeResponse.getNmasRetCode();
            if (responseCode != 0) {
                LOGGER.debug("error changing nmas password: " + responseCode);
                final String errorString = "nmas error " + responseCode;
                throw new ChaiPasswordPolicyException(errorString, ChaiErrors.getErrorForMessage(errorString));
            }
        }
    }
}
Also used : ChangePwdResponse(com.novell.security.nmas.jndi.ldap.ext.ChangePwdResponse) ChaiPasswordPolicyException(com.novell.ldapchai.exception.ChaiPasswordPolicyException) ExtendedResponse(javax.naming.ldap.ExtendedResponse) ChangePwdRequest(com.novell.security.nmas.jndi.ldap.ext.ChangePwdRequest) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)

Example 4 with ExtendedResponse

use of javax.naming.ldap.ExtendedResponse in project ldapchai by ldapchai.

the class InetOrgPersonImpl method readPassword.

public final String readPassword() throws ChaiUnavailableException, ChaiOperationException {
    final boolean useNmasSetting = this.getChaiProvider().getChaiConfiguration().getBooleanSetting(ChaiSetting.EDIRECTORY_ENABLE_NMAS);
    if (!useNmasSetting) {
        throw new UnsupportedOperationException("readPassword() is not supported when ChaiSetting.EDIRECTORY_ENABLE_NMAS is false");
    }
    final GetPwdRequest request = new GetPwdRequest("", this.getEntryDN());
    final ExtendedResponse response;
    response = getChaiProvider().extendedOperation(request);
    if (response != null) {
        final GetPwdResponse getResponse = (GetPwdResponse) response;
        final int responseCode = getResponse.getNmasRetCode();
        switch(responseCode) {
            // Success
            case 0:
                return getResponse.getPwdStr();
            // NMAS_E_ENTRY_ATTRIBUTE_NOT_FOUND
            case (-16049):
                LOGGER.debug("readPassword() reports: NMAS_E_ENTRY_ATTRIBUTE_NOT_FOUND " + responseCode);
                throw new ChaiOperationException("object has no password attribute: error " + responseCode, ChaiError.NO_SUCH_ATTRIBUTE);
            default:
                LOGGER.debug("error testing nmas password: " + responseCode);
                throw new ChaiOperationException("error reading nmas password: error " + responseCode, ChaiError.UNKNOWN);
        }
    }
    LOGGER.debug("unknown error retreiving password (null response)");
    throw new ChaiOperationException("unknown error retreiving password (null response)", ChaiError.UNKNOWN);
}
Also used : GetPwdResponse(com.novell.security.nmas.jndi.ldap.ext.GetPwdResponse) GetPwdRequest(com.novell.security.nmas.jndi.ldap.ext.GetPwdRequest) ExtendedResponse(javax.naming.ldap.ExtendedResponse) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)

Example 5 with ExtendedResponse

use of javax.naming.ldap.ExtendedResponse in project ldapchai by ldapchai.

the class InetOrgPersonImpl method testPasswordPolicy.

public boolean testPasswordPolicy(final String password) throws ChaiUnavailableException, ChaiPasswordPolicyException {
    final boolean useNmasSetting = this.getChaiProvider().getChaiConfiguration().getBooleanSetting(ChaiSetting.EDIRECTORY_ENABLE_NMAS);
    if (!useNmasSetting) {
        return true;
    }
    final PwdPolicyCheckRequest request = new PwdPolicyCheckRequest();
    request.setData(password);
    request.setObjectDN(this.getEntryDN());
    final ExtendedResponse response;
    try {
        response = getChaiProvider().extendedOperation(request);
    } catch (ChaiOperationException e) {
        LOGGER.debug("unexpected error while checking [nmas] password policy: " + e.getMessage());
        return true;
    }
    if (response != null) {
        final PwdPolicyCheckResponse setResponse = (PwdPolicyCheckResponse) response;
        final int responseCode = setResponse.getNmasRetCode();
        if (responseCode != 0) {
            LOGGER.debug("nmas response code returned from server while testing nmas password: " + responseCode);
            final String errorString = "nmas error " + responseCode;
            throw new ChaiPasswordPolicyException(errorString, ChaiErrors.getErrorForMessage(errorString));
        }
    }
    return true;
}
Also used : PwdPolicyCheckResponse(com.novell.security.nmas.jndi.ldap.ext.PwdPolicyCheckResponse) ExtendedResponse(javax.naming.ldap.ExtendedResponse) ChaiPasswordPolicyException(com.novell.ldapchai.exception.ChaiPasswordPolicyException) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException) PwdPolicyCheckRequest(com.novell.security.nmas.jndi.ldap.ext.PwdPolicyCheckRequest)

Aggregations

ExtendedResponse (javax.naming.ldap.ExtendedResponse)8 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)6 ChaiPasswordPolicyException (com.novell.ldapchai.exception.ChaiPasswordPolicyException)3 IOException (java.io.IOException)3 ChaiChallenge (com.novell.ldapchai.cr.ChaiChallenge)2 Challenge (com.novell.ldapchai.cr.Challenge)2 HashMap (java.util.HashMap)2 LinkedHashMap (java.util.LinkedHashMap)2 ExtendedRequest (javax.naming.ldap.ExtendedRequest)2 JDOMException (org.jdom2.JDOMException)2 ChaiRequestControl (com.novell.ldapchai.ChaiRequestControl)1 Answer (com.novell.ldapchai.cr.Answer)1 ChaiChallengeSet (com.novell.ldapchai.cr.ChaiChallengeSet)1 ChallengeSet (com.novell.ldapchai.cr.ChallengeSet)1 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)1 ChaiValidationException (com.novell.ldapchai.exception.ChaiValidationException)1 ChangePwdRequest (com.novell.security.nmas.jndi.ldap.ext.ChangePwdRequest)1 ChangePwdResponse (com.novell.security.nmas.jndi.ldap.ext.ChangePwdResponse)1 GetLoginConfigRequest (com.novell.security.nmas.jndi.ldap.ext.GetLoginConfigRequest)1 GetPwdRequest (com.novell.security.nmas.jndi.ldap.ext.GetPwdRequest)1