Fix issue OPENDJ-242. Make sure PasswordPolicyState internal state is upda...

Ludovic Poitou

22.09.2011 94c29c40c5ac835fcfd3bd5274fb784b95106638

Fix issue OPENDJ-242. 
Make sure PasswordPolicyState internal state is updated as the operational attributes are in the user entry.
Also in the Password Policy State Extended Operation, retrieve the state from the modified entry after the update.

 opends/src/server/org/opends/server/core/PasswordPolicyState.java

@@ -23,6 +23,7 @@
 *
 *
 *      Copyright 2006-2010 Sun Microsystems, Inc.
 *      Portions Copyright 2011 ForgeRock AS
 */
package org.opends.server.core;

@@ -1386,19 +1387,17 @@
      return;
    }

    long highestFailureTime = -1;
    for (Long l : authFailureTimes)
    {
      highestFailureTime = Math.max(l, highestFailureTime);
    }

    AttributeType type =
         DirectoryServer.getAttributeType(OP_ATTR_PWPOLICY_FAILURE_TIME_LC,
                                          true);
    this.authFailureTimes = authFailureTimes;

    AttributeBuilder builder = new AttributeBuilder(type);
    long highestFailureTime = -1;

    for (Long l : authFailureTimes)
    {
      highestFailureTime = Math.max(l, highestFailureTime);
      builder
          .add(AttributeValues.create(type, GeneralizedTimeSyntax.format(l)));
    }
@@ -2724,6 +2723,8 @@

    if (getRequiredChangeTime() != requiredChangeTime)
    {
      this.requiredChangeTime = requiredChangeTime;

      AttributeType type = DirectoryServer.getAttributeType(
                               OP_ATTR_PWPOLICY_CHANGED_BY_REQUIRED_TIME, true);

@@ -2757,6 +2758,8 @@
          userDNString);
    }

    this.requiredChangeTime = Long.MIN_VALUE;

    AttributeType type = DirectoryServer.getAttributeType(
                             OP_ATTR_PWPOLICY_CHANGED_BY_REQUIRED_TIME, true);
    if (updateEntry)
@@ -3077,6 +3080,8 @@
          userDNString);
    }

    this.graceLoginTimes = graceLoginTimes;

    AttributeType type =
         DirectoryServer.getAttributeType(OP_ATTR_PWPOLICY_GRACE_LOGIN_TIME_LC,
                                          true);

 opends/src/server/org/opends/server/extensions/PasswordPolicyStateExtendedOperation.java

@@ -23,6 +23,7 @@
 *
 *
 *      Copyright 2006-2009 Sun Microsystems, Inc.
 *      Portions Copyright 2011 ForgeRock AS
 */
package org.opends.server.extensions;

@@ -588,39 +589,13 @@
    Entry userEntry;
    InternalClientConnection conn =
         new InternalClientConnection(clientConnection.getAuthenticationInfo());
    InternalSearchOperation internalSearch =
         conn.processSearch(targetDN, SearchScope.BASE_OBJECT,
                            DereferencePolicy.NEVER_DEREF_ALIASES, 1, 0,
                            false, userFilter, requestAttributes, null);
    if (internalSearch.getResultCode() != ResultCode.SUCCESS)

    userEntry = searchUserEntry(conn, operation, targetDN);

    if (userEntry == null)
    {
      operation.setResultCode(internalSearch.getResultCode());
      operation.setErrorMessage(internalSearch.getErrorMessage());
      operation.setMatchedDN(internalSearch.getMatchedDN());
      operation.setReferralURLs(internalSearch.getReferralURLs());
      return;
    }

    List<SearchResultEntry> matchingEntries = internalSearch.getSearchEntries();
    if (matchingEntries.isEmpty())
    {
      operation.setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
      return;
    }
    else if (matchingEntries.size() > 1)
    {
      Message message = ERR_PWPSTATE_EXTOP_MULTIPLE_ENTRIES.get(
              String.valueOf(targetDN));
      operation.appendErrorMessage(message);
      operation.setResultCode(ResultCode.CONSTRAINT_VIOLATION);
      return;
    }
    else
    {
      userEntry = matchingEntries.get(0);
    }


    // Get the password policy state for the user entry.
    PasswordPolicyState pwpState;
    PasswordPolicy      policy;
@@ -640,7 +615,6 @@
      return;
    }


    // Create a hash set that will be used to hold the types of the return
    // types that should be included in the response.
    boolean returnAll;
@@ -721,6 +695,28 @@
          operation.setReferralURLs(modifyOperation.getReferralURLs());
          return;
        }
        // Retrieve the updated entry
        userEntry = searchUserEntry(conn, operation, targetDN);
        if (userEntry == null)
        {
          return;
        }
        // And it's updated password policy state
        try
        {
          pwpState = new PasswordPolicyState(userEntry, false);
          policy = pwpState.getPolicy();
        }
        catch (DirectoryException de)
        {
          if (debugEnabled())
          {
            TRACER.debugCaught(DebugLogLevel.ERROR, de);
          }

          operation.setResponseData(de);
          return;
        }
      }
    }
    catch (Exception e)
@@ -737,7 +733,6 @@
      return;
    }


    try
    {
      // Construct the sequence of values to return.
@@ -757,7 +752,57 @@
    }
  }

  /**
   * Searches and returns the entry referenced by targetDN. If there's not
   * exactly one entry found, an error is reported for the operation.
   *
   * @param conn      The internal connection used to issue the search
   * @param operation The extended operation being processed
   * @param targetDN  The DN targeted by this operation
   *
   * @return the Entry if one and only one is found, null otherwise
   */
  private Entry searchUserEntry (InternalClientConnection conn,
                              ExtendedOperation operation,
                              DN targetDN)
  {
    Entry entry;

    InternalSearchOperation internalSearch =
         conn.processSearch(targetDN, SearchScope.BASE_OBJECT,
                            DereferencePolicy.NEVER_DEREF_ALIASES, 1, 0,
                            false, userFilter, requestAttributes, null);
    if (internalSearch.getResultCode() != ResultCode.SUCCESS)
    {
      operation.setResultCode(internalSearch.getResultCode());
      operation.setErrorMessage(internalSearch.getErrorMessage());
      operation.setMatchedDN(internalSearch.getMatchedDN());
      operation.setReferralURLs(internalSearch.getReferralURLs());
      return null;
    }

    List<SearchResultEntry> matchingEntries = internalSearch.getSearchEntries();
    if (matchingEntries.isEmpty())
    {
      operation.setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
      return null;
    }
    else if (matchingEntries.size() > 1)
    {
      Message message = ERR_PWPSTATE_EXTOP_MULTIPLE_ENTRIES.get(
              String.valueOf(targetDN));
      operation.appendErrorMessage(message);
      operation.setResultCode(ResultCode.CONSTRAINT_VIOLATION);
      return null;
    }
    else
    {
      entry = matchingEntries.get(0);
    }

    return entry;

  }

  /**
   * Encodes the provided information in a form suitable for including in the
@@ -888,16 +933,15 @@
    if (returnAll ||
        returnTypes.contains(OP_GET_SECONDS_UNTIL_ACCOUNT_EXPIRATION))
    {
      String secondsStr;
      String secondsStr = null;
      long expTime = pwpState.getAccountExpirationTime();
      if (expTime < 0)
      if (expTime >= 0)
      {
        secondsStr = null;
      }
      else
      {
        secondsStr =
             String.valueOf((expTime - pwpState.getCurrentTime()) / 1000);
        long seconds = (expTime - pwpState.getCurrentTime()) / 1000;
        if (seconds > 0)
        {
          secondsStr = String.valueOf(seconds);
        }
      }

      encode(writer, OP_GET_SECONDS_UNTIL_ACCOUNT_EXPIRATION,