mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
opends/src/server/org/opends/server/controls/ProxiedAuthV2Control.java
@@ -30,29 +30,20 @@ import java.util.concurrent.locks.Lock; import java.io.IOException; import org.opends.server.api.IdentityMapper; import org.opends.server.core.DirectoryServer; import org.opends.server.core.PasswordPolicyState; import org.opends.server.protocols.asn1.ASN1Exception; import org.opends.server.protocols.asn1.ASN1OctetString; import org.opends.server.protocols.ldap.LDAPResultCode; import org.opends.server.types.Control; import org.opends.server.types.DirectoryException; import org.opends.server.types.DN; import org.opends.server.types.Entry; import org.opends.server.types.LDAPException; import org.opends.server.types.LockManager; import org.opends.server.types.ResultCode; import org.opends.server.protocols.asn1.*; import static org.opends.server.loggers.debug.DebugLogger.*; import org.opends.server.loggers.debug.DebugTracer; import org.opends.server.types.DebugLogLevel; import org.opends.server.types.*; import static org.opends.messages.ProtocolMessages.*; import static org.opends.server.util.ServerConstants.*; import static org.opends.server.util.StaticUtils.*; import static org.opends.server.util.Validator.*; import static org.opends.server.util.Validator.ensureNotNull; /** @@ -67,6 +58,74 @@ extends Control { /** * ControlDecoder implentation to decode this control from a ByteString. */ private static final class Decoder implements ControlDecoder<ProxiedAuthV2Control> { /** * {@inheritDoc} */ public ProxiedAuthV2Control decode(boolean isCritical, ByteString value) throws DirectoryException { if (!isCritical) { Message message = ERR_PROXYAUTH2_CONTROL_NOT_CRITICAL.get(); throw new DirectoryException(ResultCode.PROTOCOL_ERROR, message); } if (value == null) { Message message = ERR_PROXYAUTH2_NO_CONTROL_VALUE.get(); throw new DirectoryException(ResultCode.PROTOCOL_ERROR, message); } ASN1Reader reader = ASN1.getReader(value); ByteString authorizationID; try { // Try the legacy encoding where the value is wrapped by an // extra octet string authorizationID = reader.readOctetString(); } catch (Exception e) { // Try just getting the value. authorizationID = value; String lowerAuthZIDStr = toLowerCase(authorizationID.toString()); if (!lowerAuthZIDStr.startsWith("dn:") && !lowerAuthZIDStr.startsWith("u:")) { if (debugEnabled()) { TRACER.debugCaught(DebugLogLevel.ERROR, e); } Message message = ERR_PROXYAUTH2_CANNOT_DECODE_VALUE.get(getExceptionMessage(e)); throw new DirectoryException(ResultCode.PROTOCOL_ERROR, message, e); } } return new ProxiedAuthV2Control(isCritical, authorizationID); } public String getOID() { return OID_PROXIED_AUTH_V2; } } /** * The Control Decoder that can be used to decode this control. */ public static final ControlDecoder<ProxiedAuthV2Control> DECODER = new Decoder(); /** * The tracer object for the debug logger. */ private static final DebugTracer TRACER = getTracer(); @@ -75,7 +134,7 @@ // The authorization ID from the control value. private ASN1OctetString authorizationID; private ByteString authorizationID; @@ -85,13 +144,9 @@ * * @param authorizationID The authorization ID from the control value. */ public ProxiedAuthV2Control(ASN1OctetString authorizationID) public ProxiedAuthV2Control(ByteString authorizationID) { super(OID_PROXIED_AUTH_V2, true, authorizationID); ensureNotNull(authorizationID); this.authorizationID = authorizationID; this(true, authorizationID); } @@ -100,17 +155,16 @@ * Creates a new instance of the proxied authorization v2 control with the * provided information. * * @param oid The OID to use for this control. * @param isCritical Indicates whether support for this control * should be considered a critical part of the * server processing. * @param authorizationID The authorization ID from the control value. */ private ProxiedAuthV2Control(String oid, boolean isCritical, ASN1OctetString authorizationID) public ProxiedAuthV2Control(boolean isCritical, ByteString authorizationID) { super(oid, isCritical, authorizationID); super(OID_PROXIED_AUTH_V2, isCritical); ensureNotNull(authorizationID); this.authorizationID = authorizationID; } @@ -118,76 +172,15 @@ /** * Creates a new proxied authorization v2 control from the contents of the * provided control. * Writes this control's value to an ASN.1 writer. The value (if any) must be * written as an ASN1OctetString. * * @param control The generic control containing the information to use to * create this proxied authorization v2 control. It must not * be {@code null}. * * @return The proxied authorization v2 control decoded from the provided * control. * * @throws LDAPException If this control cannot be decoded as a valid * proxied authorization v2 control. * @param writer The ASN.1 writer to use. * @throws IOException If a problem occurs while writing to the stream. */ public static ProxiedAuthV2Control decodeControl(Control control) throws LDAPException { ensureNotNull(control); if (! control.isCritical()) { Message message = ERR_PROXYAUTH2_CONTROL_NOT_CRITICAL.get(); throw new LDAPException(LDAPResultCode.PROTOCOL_ERROR, message); } if (! control.hasValue()) { Message message = ERR_PROXYAUTH2_NO_CONTROL_VALUE.get(); throw new LDAPException(LDAPResultCode.PROTOCOL_ERROR, message); } ASN1OctetString authorizationID; try { authorizationID = ASN1OctetString.decodeAsOctetString(control.getValue().value()); } catch (ASN1Exception ae) { String lowerAuthZIDStr = toLowerCase(control.getValue().stringValue()); if (lowerAuthZIDStr.startsWith("dn:") || lowerAuthZIDStr.startsWith("u:")) { authorizationID = control.getValue(); } else { if (debugEnabled()) { TRACER.debugCaught(DebugLogLevel.ERROR, ae); } Message message = ERR_PROXYAUTH2_CANNOT_DECODE_VALUE.get(getExceptionMessage(ae)); throw new LDAPException(LDAPResultCode.PROTOCOL_ERROR, message, ae); } } catch (Exception e) { if (debugEnabled()) { TRACER.debugCaught(DebugLogLevel.ERROR, e); } Message message = ERR_PROXYAUTH2_CANNOT_DECODE_VALUE.get(getExceptionMessage(e)); throw new LDAPException(LDAPResultCode.PROTOCOL_ERROR, message, e); } return new ProxiedAuthV2Control(control.getOID(), control.isCritical(), authorizationID); @Override protected void writeValue(ASN1Writer writer) throws IOException { writer.writeOctetString(authorizationID); } @@ -197,7 +190,7 @@ * * @return The authorization ID for this proxied authorization V2 control. */ public ASN1OctetString getAuthorizationID() public ByteString getAuthorizationID() { return authorizationID; } @@ -205,28 +198,6 @@ /** * Specifies the authorization ID for this proxied authorization V2 control. * * @param authorizationID The authorization ID for this proxied * authorization V2 control. */ public void setAuthorizationID(ASN1OctetString authorizationID) { if (authorizationID == null) { this.authorizationID = new ASN1OctetString(); setValue(this.authorizationID); } else { this.authorizationID = authorizationID; setValue(authorizationID); } } /** * Retrieves the authorization entry for this proxied authorization V2 * control. It will also perform any necessary password policy checks to * ensure that the associated user account is suitable for use in performing @@ -244,7 +215,7 @@ throws DirectoryException { // Check for a zero-length value, which would be for an anonymous user. if (authorizationID.value().length == 0) if (authorizationID.length() == 0) { return null; } @@ -252,13 +223,12 @@ // Get a lowercase string representation. It must start with either "dn:" // or "u:". String authzID = authorizationID.stringValue(); String lowerAuthzID = toLowerCase(authzID); String lowerAuthzID = toLowerCase(authorizationID.toString()); if (lowerAuthzID.startsWith("dn:")) { // It's a DN, so decode it and see if it exists. If it's the null DN, // then just assume that it does. DN authzDN = DN.decode(authzID.substring(3)); DN authzDN = DN.decode(lowerAuthzID.substring(3)); if (authzDN.isNullDN()) { return null; @@ -297,7 +267,7 @@ if (userEntry == null) { // The requested user does not exist. Message message = ERR_PROXYAUTH2_NO_SUCH_USER.get(authzID); Message message = ERR_PROXYAUTH2_NO_SUCH_USER.get(lowerAuthzID); throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, message); } @@ -339,7 +309,7 @@ // Use the proxied authorization identity mapper to resolve the username // to an entry. IdentityMapper proxyMapper = IdentityMapper<?> proxyMapper = DirectoryServer.getProxiedAuthorizationIdentityMapper(); if (proxyMapper == null) { @@ -347,10 +317,10 @@ throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, message); } Entry userEntry = proxyMapper.getEntryForID(authzID.substring(2)); Entry userEntry = proxyMapper.getEntryForID(lowerAuthzID.substring(2)); if (userEntry == null) { Message message = ERR_PROXYAUTH2_NO_SUCH_USER.get(authzID); Message message = ERR_PROXYAUTH2_NO_SUCH_USER.get(lowerAuthzID); throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, message); } else @@ -376,7 +346,7 @@ } else { Message message = ERR_PROXYAUTH2_INVALID_AUTHZID.get(authzID); Message message = ERR_PROXYAUTH2_INVALID_AUTHZID.get(lowerAuthzID); throw new DirectoryException(ResultCode.PROTOCOL_ERROR, message); } } @@ -384,29 +354,16 @@ /** * Retrieves a string representation of this proxied auth v2 control. * * @return A string representation of this proxied auth v2 control. */ public String toString() { StringBuilder buffer = new StringBuilder(); toString(buffer); return buffer.toString(); } /** * Appends a string representation of this proxied auth v2 control to the * provided buffer. * * @param buffer The buffer to which the information should be appended. */ @Override public void toString(StringBuilder buffer) { buffer.append("ProxiedAuthorizationV2Control(authzID=\""); authorizationID.toString(buffer); buffer.append(authorizationID); buffer.append("\")"); } }
