external-software/github_OpenIdentityPlatform_OpenDJ.git

parent: 58a21482 | patch | commit | show whitespace

Jean-Noël Rouvignac

12.37.2015 f2ba5ed4af5beac50fdc51b267d109d6f22147a5

Code cleanup

3 files modified

	opendj-server-legacy/src/main/java/org/opends/server/controls/PasswordPolicyWarningType.java	24 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/main/java/org/opends/server/extensions/PasswordModifyExtendedOperation.java	157 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/main/java/org/opends/server/protocols/http/SdkConnectionAdapter.java	34 ●●●●● patch \| view \| raw \| blame \| history

 opendj-server-legacy/src/main/java/org/opends/server/controls/PasswordPolicyWarningType.java

@@ -48,8 +48,6 @@
  TIME_BEFORE_EXPIRATION((byte) 0x80,
                     INFO_PWPWARNTYPE_DESCRIPTION_TIME_BEFORE_EXPIRATION.get()),



  /**
   * The warning type that will be used to indicate that the user is
   * authenticating using a grace login and to provide the number of grace
@@ -58,8 +56,6 @@
  GRACE_LOGINS_REMAINING((byte) 0x81,
                     INFO_PWPWARNTYPE_DESCRIPTION_GRACE_LOGINS_REMAINING.get());



  /** A lookup table for resolving a warning type from its BER type. */
  private static final Map<Byte, PasswordPolicyWarningType> TABLE = new HashMap<>();
  static
@@ -67,23 +63,14 @@
    for (PasswordPolicyWarningType value : PasswordPolicyWarningType.values())
    {
      TABLE.put(value.type, value);
      TABLE.put(value.type, value);
    }
  }



  /**
   * The BER type to use for the associated element in the password policy
   * control.
   */
  /** The BER type to use for the associated element in the password policy control. */
  private final byte type;

  /** The message ID for the description of this password policy error type. */
  private final LocalizableMessage description;



  /**
   * Creates a new instance of a password policy warning type with the provided
   * BER type.
@@ -99,8 +86,6 @@
    this.description   = description;
  }



  /**
   * Retrieves the BER type to use for the associated element in the password
   * policy control.
@@ -113,8 +98,6 @@
    return type;
  }



  /**
   * Retrieves the password policy warning type for the provided BER type.
   *
@@ -129,8 +112,6 @@
    return TABLE.get(Byte.valueOf(type));
  }



  /**
   * Retrieves a string representation of this password policy warning type.
   *
@@ -139,7 +120,6 @@
  @Override
  public String toString()
  {
    return description == null ? null : description.toString();
    return description != null ? description.toString() : null;
  }
}


 opendj-server-legacy/src/main/java/org/opends/server/extensions/PasswordModifyExtendedOperation.java

@@ -28,6 +28,7 @@

import static org.opends.messages.CoreMessages.*;
import static org.opends.messages.ExtensionMessages.*;
import static org.opends.server.controls.PasswordPolicyErrorType.*;
import static org.opends.server.extensions.ExtensionsConstants.*;
import static org.opends.server.protocols.internal.InternalClientConnection.*;
import static org.opends.server.types.AccountStatusNotificationType.*;
@@ -56,7 +57,6 @@
import org.opends.server.api.*;
import org.opends.server.controls.PasswordPolicyErrorType;
import org.opends.server.controls.PasswordPolicyResponseControl;
import org.opends.server.controls.PasswordPolicyWarningType;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.ExtendedOperation;
import org.opends.server.core.ModifyOperation;
@@ -82,13 +82,10 @@

  /** The name of the attachment which will be used to store the fully resolved target entry. */
  public static final String AUTHZ_DN_ATTACHMENT;

  /** The name of the attachment which will be used to store the password attribute. */
  public static final String PWD_ATTRIBUTE_ATTACHMENT;

  /** The clear text password, which may not be present if the provided password was pre-encoded. */
  public static final String CLEAR_PWD_ATTACHMENT;

  /** A list containing the encoded passwords: plugins can perform changes atomically via CAS. */
  public static final String ENCODED_PWD_ATTACHMENT;

@@ -121,21 +118,6 @@
    super(newHashSet(OID_LDAP_NOOP_OPENLDAP_ASSIGNED, OID_PASSWORD_POLICY_CONTROL));
  }


  /**
   * Initializes this extended operation handler based on the information in the provided configuration.
   * It should also register itself with the Directory Server for the particular kinds of extended operations
   * that it will process.
   *
   * @param   config      The configuration that contains the information
   *                      to use to initialize this extended operation handler.
   *
   * @throws  ConfigException  If an unrecoverable problem arises in the
   *                           process of performing the initialization.
   *
   * @throws  InitializationException  If a problem occurs during initialization
   *                                   that is not related to the server configuration.
   */
  @Override
  public void initializeExtendedOperationHandler(PasswordModifyExtendedOperationHandlerCfg config)
         throws ConfigException, InitializationException
@@ -146,8 +128,7 @@
      identityMapper = DirectoryServer.getIdentityMapper(identityMapperDN);
      if (identityMapper == null)
      {
        LocalizableMessage message = ERR_EXTOP_PASSMOD_NO_SUCH_ID_MAPPER.get(identityMapperDN, config.dn());
        throw new ConfigException(message);
        throw new ConfigException(ERR_EXTOP_PASSMOD_NO_SUCH_ID_MAPPER.get(identityMapperDN, config.dn()));
      }
    }
    catch (Exception e)
@@ -167,11 +148,6 @@
    super.initializeExtendedOperationHandler(config);
  }


  /**
   * Performs any finalization that may be necessary for this extended operation handler.
   * By default, no finalization is performed.
   */
  @Override
  public void finalizeExtendedOperationHandler()
  {
@@ -180,12 +156,6 @@
    super.finalizeExtendedOperationHandler();
  }


  /**
   * Processes the provided extended operation.
   *
   * @param  operation  The extended operation to be processed.
   */
  @Override
  public void processExtendedOperation(ExtendedOperation operation)
  {
@@ -197,9 +167,6 @@
    // Look at the set of controls included in the request, if there are any.
    boolean                   noOpRequested        = false;
    boolean                   pwPolicyRequested    = false;
    int                       pwPolicyWarningValue = 0;
    PasswordPolicyErrorType   pwPolicyErrorType    = null;
    PasswordPolicyWarningType pwPolicyWarningType  = null;
    List<Control> controls = operation.getRequestControls();
    if (controls != null)
    {
@@ -252,8 +219,7 @@
    // Get the entry for the user that issued the request.
    Entry requestorEntry = operation.getAuthorizationEntry();

    // See if a user identity was provided.  If so, then try to resolve it to
    // an actual user.
    // See if a user identity was provided.  If so, then try to resolve it to an actual user.
    DN userDN = null;
    Entry userEntry = null;
    DNLock userLock = null;
@@ -425,12 +391,7 @@
      // See if the account is locked.  If so, then reject the request.
      if (pwPolicyState.isDisabled())
      {
        if (pwPolicyRequested)
        {
          pwPolicyErrorType = PasswordPolicyErrorType.ACCOUNT_LOCKED;
          operation.addResponseControl(
               new PasswordPolicyResponseControl(pwPolicyWarningType, pwPolicyWarningValue, pwPolicyErrorType));
        }
        addPwPolicyErrorResponseControl(operation, pwPolicyRequested, ACCOUNT_LOCKED);

        operation.setResultCode(ResultCode.UNWILLING_TO_PERFORM);
        operation.appendErrorMessage(ERR_EXTOP_PASSMOD_ACCOUNT_DISABLED.get());
@@ -438,12 +399,7 @@
      }
      else if (selfChange && pwPolicyState.isLocked())
      {
        if (pwPolicyRequested)
        {
          pwPolicyErrorType = PasswordPolicyErrorType.ACCOUNT_LOCKED;
          operation.addResponseControl(
               new PasswordPolicyResponseControl(pwPolicyWarningType, pwPolicyWarningValue, pwPolicyErrorType));
        }
        addPwPolicyErrorResponseControl(operation, pwPolicyRequested, ACCOUNT_LOCKED);

        operation.setResultCode(ResultCode.UNWILLING_TO_PERFORM);
        operation.appendErrorMessage(ERR_EXTOP_PASSMOD_ACCOUNT_LOCKED.get());
@@ -457,16 +413,10 @@
        if (selfChange
            && pwPolicyState.getAuthenticationPolicy().isPasswordChangeRequiresCurrentPassword())
        {
          addPwPolicyErrorResponseControl(operation, pwPolicyRequested, MUST_SUPPLY_OLD_PASSWORD);

          operation.setResultCode(ResultCode.UNWILLING_TO_PERFORM);
          operation.appendErrorMessage(ERR_EXTOP_PASSMOD_REQUIRE_CURRENT_PW.get());

          if (pwPolicyRequested)
          {
            pwPolicyErrorType = PasswordPolicyErrorType.MUST_SUPPLY_OLD_PASSWORD;
            operation.addResponseControl(
                 new PasswordPolicyResponseControl(pwPolicyWarningType, pwPolicyWarningValue, pwPolicyErrorType));
          }

          return;
        }
      }
@@ -506,12 +456,7 @@
      if (selfChange
          && !pwPolicyState.getAuthenticationPolicy().isAllowUserPasswordChanges())
      {
        if (pwPolicyRequested)
        {
          pwPolicyErrorType = PasswordPolicyErrorType.PASSWORD_MOD_NOT_ALLOWED;
          operation.addResponseControl(
               new PasswordPolicyResponseControl(pwPolicyWarningType, pwPolicyWarningValue, pwPolicyErrorType));
        }
        addPwPolicyErrorResponseControl(operation, pwPolicyRequested, PASSWORD_MOD_NOT_ALLOWED);

        operation.setResultCode(ResultCode.UNWILLING_TO_PERFORM);
        operation.appendErrorMessage(ERR_EXTOP_PASSMOD_USER_PW_CHANGES_NOT_ALLOWED.get());
@@ -530,12 +475,7 @@
      // If it's a self-change request and the user is within the minimum age, then reject it.
      if (selfChange && pwPolicyState.isWithinMinimumAge())
      {
        if (pwPolicyRequested)
        {
          pwPolicyErrorType = PasswordPolicyErrorType.PASSWORD_TOO_YOUNG;
          operation.addResponseControl(
               new PasswordPolicyResponseControl(pwPolicyWarningType, pwPolicyWarningValue, pwPolicyErrorType));
        }
        addPwPolicyErrorResponseControl(operation, pwPolicyRequested, PASSWORD_TOO_YOUNG);

        operation.setResultCode(ResultCode.UNWILLING_TO_PERFORM);
        operation.appendErrorMessage(ERR_EXTOP_PASSMOD_IN_MIN_AGE.get());
@@ -547,12 +487,7 @@
          && pwPolicyState.isPasswordExpired()
          && !pwPolicyState.getAuthenticationPolicy().isAllowExpiredPasswordChanges())
      {
        if (pwPolicyRequested)
        {
          pwPolicyErrorType = PasswordPolicyErrorType.PASSWORD_EXPIRED;
          operation.addResponseControl(
               new PasswordPolicyResponseControl(pwPolicyWarningType, pwPolicyWarningValue, pwPolicyErrorType));
        }
        addPwPolicyErrorResponseControl(operation, pwPolicyRequested, PasswordPolicyErrorType.PASSWORD_EXPIRED);

        operation.setResultCode(ResultCode.UNWILLING_TO_PERFORM);
        operation.appendErrorMessage(ERR_EXTOP_PASSMOD_PASSWORD_IS_EXPIRED.get());
@@ -626,12 +561,7 @@
          LocalizableMessageBuilder invalidReason = new LocalizableMessageBuilder();
          if (!pwPolicyState.passwordIsAcceptable(operation, userEntry, newPassword, clearPasswords, invalidReason))
          {
            if (pwPolicyRequested)
            {
              pwPolicyErrorType = PasswordPolicyErrorType.INSUFFICIENT_PASSWORD_QUALITY;
              operation.addResponseControl(
                  new PasswordPolicyResponseControl(pwPolicyWarningType, pwPolicyWarningValue, pwPolicyErrorType));
            }
            addPwPolicyErrorResponseControl(operation, pwPolicyRequested, INSUFFICIENT_PASSWORD_QUALITY);

            operation.setResultCode(ResultCode.CONSTRAINT_VIOLATION);
            operation.appendErrorMessage(ERR_EXTOP_PASSMOD_UNACCEPTABLE_PW.get(invalidReason));
@@ -825,15 +755,31 @@
        operation.getClientConnection().setMustChangePassword(false);
      }

      // If the password policy control was requested, then add the appropriate response control.
      if (pwPolicyRequested)
      addPwPolicyErrorResponseControl(operation, pwPolicyRequested, null);

      generateAccountStatusNotification(oldPassword, newPassword, userEntry, pwPolicyState, selfChange);
    }
    finally
      {
        operation.addResponseControl(
             new PasswordPolicyResponseControl(pwPolicyWarningType, pwPolicyWarningValue, pwPolicyErrorType));
      if (userLock != null)
      {
        userLock.unlock();
      }
    }
      }

      // Handle Account Status Notifications that may be needed.
      // They are not handled by the backend for internal operations.
  private void addPwPolicyErrorResponseControl(ExtendedOperation operation, boolean pwPolicyRequested,
      PasswordPolicyErrorType pwPolicyErrorType)
  {
    if (pwPolicyRequested)
    {
      operation.addResponseControl(new PasswordPolicyResponseControl(null, 0, pwPolicyErrorType));
    }
  }

  private void generateAccountStatusNotification(ByteString oldPassword, ByteString newPassword, Entry userEntry,
      PasswordPolicyState pwPolicyState, boolean selfChange)
  {
      List<ByteString> currentPasswords = null;
      if (oldPassword != null)
      {
@@ -854,14 +800,6 @@
            PASSWORD_RESET, userEntry, INFO_MODIFY_PASSWORD_RESET.get(), notifProperties);
      }
    }
    finally
    {
      if (userLock != null)
      {
        userLock.unlock();
      }
    }
  }

  private String[] decodePassword(PasswordPolicyState pwPolicyState, String encodedPassword) throws DirectoryException
  {
@@ -973,7 +911,6 @@
    return null;
  }

  /** {@inheritDoc} */
  @Override
  public boolean isConfigurationAcceptable(ExtendedOperationHandlerCfg configuration,
                                           List<LocalizableMessage> unacceptableReasons)
@@ -982,19 +919,6 @@
    return isConfigurationChangeAcceptable(config, unacceptableReasons);
  }



  /**
   * Indicates whether the provided configuration entry has an acceptable configuration for this component.
   * If it does not, then detailed information about the problem(s) should be added to the provided list.
   *
   * @param  config          The configuration entry for which to make the determination.
   * @param  unacceptableReasons  A list that can be used to hold messages about why the provided entry does not
   *                              have an acceptable configuration.
   *
   * @return  <CODE>true</CODE> if the provided entry has an acceptable configuration for this component,
   *          or <CODE>false</CODE> if not.
   */
  @Override
  public boolean isConfigurationChangeAcceptable(PasswordModifyExtendedOperationHandlerCfg config,
                                                 List<LocalizableMessage> unacceptableReasons)
@@ -1020,19 +944,6 @@
    }
  }



  /**
   * Makes a best-effort attempt to apply the configuration contained in the provided entry.
   * Information about the result of this processing should be added to the provided message list.
   * Information should always be added to this list if a configuration change could not be applied.
   * If detailed results are requested, then information about the changes applied successfully (and optionally
   * about parameters that were not changed) should also be included.
   *
   * @param  config      The entry containing the new configuration to apply for this component.
   *
   * @return  Information about the result of the configuration update.
   */
  @Override
  public ConfigChangeResult applyConfigurationChange(PasswordModifyExtendedOperationHandlerCfg config)
  {
@@ -1073,14 +984,12 @@
    return ccr;
  }

  /** {@inheritDoc} */
  @Override
  public String getExtendedOperationOID()
  {
    return OID_PASSWORD_MODIFY_REQUEST;
  }

  /** {@inheritDoc} */
  @Override
  public String getExtendedOperationName()
  {

 opendj-server-legacy/src/main/java/org/opends/server/protocols/http/SdkConnectionAdapter.java

@@ -25,6 +25,11 @@
 */
package org.opends.server.protocols.http;

import static org.forgerock.opendj.adapter.server3x.Converters.*;
import static org.forgerock.opendj.ldap.ByteString.*;
import static org.forgerock.opendj.ldap.LdapException.*;
import static org.forgerock.opendj.ldap.spi.LdapPromiseImpl.*;

import java.util.LinkedHashSet;
import java.util.concurrent.atomic.AtomicInteger;

@@ -34,9 +39,8 @@
import org.forgerock.opendj.ldap.AbstractAsynchronousConnection;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ConnectionEventListener;
import org.forgerock.opendj.ldap.LdapPromise;
import org.forgerock.opendj.ldap.spi.LdapPromiseImpl;
import org.forgerock.opendj.ldap.IntermediateResponseHandler;
import org.forgerock.opendj.ldap.LdapPromise;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.SearchResultHandler;
import org.forgerock.opendj.ldap.requests.AbandonRequest;
@@ -54,6 +58,7 @@
import org.forgerock.opendj.ldap.responses.CompareResult;
import org.forgerock.opendj.ldap.responses.ExtendedResult;
import org.forgerock.opendj.ldap.responses.Result;
import org.forgerock.opendj.ldap.spi.LdapPromiseImpl;
import org.opends.server.core.AbandonOperation;
import org.opends.server.core.AbandonOperationBasis;
import org.opends.server.core.AddOperation;
@@ -92,11 +97,6 @@
import org.opends.server.types.DisconnectReason;
import org.opends.server.types.Operation;

import static org.forgerock.opendj.adapter.server3x.Converters.*;
import static org.forgerock.opendj.ldap.ByteString.*;
import static org.forgerock.opendj.ldap.LdapException.*;
import static org.forgerock.opendj.ldap.spi.LdapPromiseImpl.*;

/**
 * Adapter class between LDAP SDK's {@link org.forgerock.opendj.ldap.Connection}
 * and OpenDJ server's
@@ -239,7 +239,6 @@
    throw new RuntimeException("Not implemented for operation " + operation);
  }

  /** {@inheritDoc} */
  @Override
  public LdapPromise<Void> abandonAsync(AbandonRequest request)
  {
@@ -248,7 +247,6 @@
        to(request.getControls()), request.getRequestID()));
  }

  /** {@inheritDoc} */
  @Override
  public LdapPromise<Result> addAsync(AddRequest request, IntermediateResponseHandler intermediateResponseHandler)
  {
@@ -257,14 +255,12 @@
        valueOfObject(request.getName()), to(request.getAllAttributes())));
  }

  /** {@inheritDoc} */
  @Override
  public void addConnectionEventListener(ConnectionEventListener listener)
  {
    // not useful so far
  }

  /** {@inheritDoc} */
  @Override
  public LdapPromise<BindResult> bindAsync(BindRequest request,
      IntermediateResponseHandler intermediateResponseHandler)
@@ -276,7 +272,6 @@
        "3", ByteString.valueOfUtf8(userName), ByteString.wrap(password)));
  }

  /** {@inheritDoc} */
  @Override
  public void close(UnbindRequest request, String reason)
  {
@@ -284,9 +279,8 @@
    if (authInfo != null && authInfo.isAuthenticated())
    {
      final int messageID = nextMessageID.getAndIncrement();
      final UnbindOperationBasis operation =
          new UnbindOperationBasis(clientConnection, messageID, messageID,
              to(request.getControls()));
      final UnbindOperationBasis operation = new UnbindOperationBasis(
          clientConnection, messageID, messageID, to(request.getControls()));
      operation.setInnerOperation(this.clientConnection.isInnerConnection());

      // run synchronous
@@ -304,7 +298,6 @@
    isClosed = true;
  }

  /** {@inheritDoc} */
  @Override
  public LdapPromise<CompareResult> compareAsync(CompareRequest request,
      IntermediateResponseHandler intermediateResponseHandler)
@@ -316,7 +309,6 @@
        request.getAssertionValue()));
  }

  /** {@inheritDoc} */
  @Override
  public LdapPromise<Result> deleteAsync(DeleteRequest request,
      IntermediateResponseHandler intermediateResponseHandler)
@@ -326,7 +318,6 @@
        to(request.getControls()), valueOfObject(request.getName())));
  }

  /** {@inheritDoc} */
  @Override
  public <R extends ExtendedResult> LdapPromise<R> extendedRequestAsync(ExtendedRequest<R> request,
      IntermediateResponseHandler intermediateResponseHandler)
@@ -347,21 +338,18 @@
    return queueingStrategy;
  }

  /** {@inheritDoc} */
  @Override
  public boolean isClosed()
  {
    return isClosed;
  }

  /** {@inheritDoc} */
  @Override
  public boolean isValid()
  {
    return this.clientConnection.isConnectionValid();
  }

  /** {@inheritDoc} */
  @Override
  public LdapPromise<Result> modifyAsync(ModifyRequest request,
      IntermediateResponseHandler intermediateResponseHandler)
@@ -372,7 +360,6 @@
        toModifications(request.getModifications())));
  }

  /** {@inheritDoc} */
  @Override
  public LdapPromise<Result> modifyDNAsync(ModifyDNRequest request,
      IntermediateResponseHandler intermediateResponseHandler)
@@ -384,14 +371,12 @@
            .getNewSuperior())));
  }

  /** {@inheritDoc} */
  @Override
  public void removeConnectionEventListener(ConnectionEventListener listener)
  {
    // not useful so far
  }

  /** {@inheritDoc} */
  @Override
  public LdapPromise<Result> searchAsync(final SearchRequest request,
      final IntermediateResponseHandler intermediateResponseHandler, final SearchResultHandler entryHandler)
@@ -405,7 +390,6 @@
        new LinkedHashSet<String>(request.getAttributes())), entryHandler);
  }

  /** {@inheritDoc} */
  @Override
  public String toString()
  {

			@@ -48,8 +48,6 @@
			TIME_BEFORE_EXPIRATION((byte) 0x80,
			INFO_PWPWARNTYPE_DESCRIPTION_TIME_BEFORE_EXPIRATION.get()),



			/**
			* The warning type that will be used to indicate that the user is
			* authenticating using a grace login and to provide the number of grace
			@@ -58,8 +56,6 @@
			GRACE_LOGINS_REMAINING((byte) 0x81,
			INFO_PWPWARNTYPE_DESCRIPTION_GRACE_LOGINS_REMAINING.get());



			/** A lookup table for resolving a warning type from its BER type. */
			private static final Map<Byte, PasswordPolicyWarningType> TABLE = new HashMap<>();
			static
			@@ -67,23 +63,14 @@
			for (PasswordPolicyWarningType value : PasswordPolicyWarningType.values())
			{
			TABLE.put(value.type, value);
			TABLE.put(value.type, value);
			}
			}



			/**
			* The BER type to use for the associated element in the password policy
			* control.
			*/
			/** The BER type to use for the associated element in the password policy control. */
			private final byte type;

			/** The message ID for the description of this password policy error type. */
			private final LocalizableMessage description;



			/**
			* Creates a new instance of a password policy warning type with the provided
			* BER type.
			@@ -99,8 +86,6 @@
			this.description = description;
			}



			/**
			* Retrieves the BER type to use for the associated element in the password
			* policy control.
			@@ -113,8 +98,6 @@
			return type;
			}



			/**
			* Retrieves the password policy warning type for the provided BER type.
			*
			@@ -129,8 +112,6 @@
			return TABLE.get(Byte.valueOf(type));
			}



			/**
			* Retrieves a string representation of this password policy warning type.
			*
			@@ -139,7 +120,6 @@
			@Override
			public String toString()
			{
			return description == null ? null : description.toString();
			return description != null ? description.toString() : null;
			}
			}

			@@ -28,6 +28,7 @@

			import static org.opends.messages.CoreMessages.*;
			import static org.opends.messages.ExtensionMessages.*;
			import static org.opends.server.controls.PasswordPolicyErrorType.*;
			import static org.opends.server.extensions.ExtensionsConstants.*;
			import static org.opends.server.protocols.internal.InternalClientConnection.*;
			import static org.opends.server.types.AccountStatusNotificationType.*;
			@@ -56,7 +57,6 @@
			import org.opends.server.api.*;
			import org.opends.server.controls.PasswordPolicyErrorType;
			import org.opends.server.controls.PasswordPolicyResponseControl;
			import org.opends.server.controls.PasswordPolicyWarningType;
			import org.opends.server.core.DirectoryServer;
			import org.opends.server.core.ExtendedOperation;
			import org.opends.server.core.ModifyOperation;
			@@ -82,13 +82,10 @@

			/** The name of the attachment which will be used to store the fully resolved target entry. */
			public static final String AUTHZ_DN_ATTACHMENT;

			/** The name of the attachment which will be used to store the password attribute. */
			public static final String PWD_ATTRIBUTE_ATTACHMENT;

			/** The clear text password, which may not be present if the provided password was pre-encoded. */
			public static final String CLEAR_PWD_ATTACHMENT;

			/** A list containing the encoded passwords: plugins can perform changes atomically via CAS. */
			public static final String ENCODED_PWD_ATTACHMENT;

			@@ -121,21 +118,6 @@
			super(newHashSet(OID_LDAP_NOOP_OPENLDAP_ASSIGNED, OID_PASSWORD_POLICY_CONTROL));
			}


			/**
			* Initializes this extended operation handler based on the information in the provided configuration.
			* It should also register itself with the Directory Server for the particular kinds of extended operations
			* that it will process.
			*
			* @param config The configuration that contains the information
			* to use to initialize this extended operation handler.
			*
			* @throws ConfigException If an unrecoverable problem arises in the
			* process of performing the initialization.
			*
			* @throws InitializationException If a problem occurs during initialization
			* that is not related to the server configuration.
			*/
			@Override
			public void initializeExtendedOperationHandler(PasswordModifyExtendedOperationHandlerCfg config)
			throws ConfigException, InitializationException
			@@ -146,8 +128,7 @@
			identityMapper = DirectoryServer.getIdentityMapper(identityMapperDN);
			if (identityMapper == null)
			{
			LocalizableMessage message = ERR_EXTOP_PASSMOD_NO_SUCH_ID_MAPPER.get(identityMapperDN, config.dn());
			throw new ConfigException(message);
			throw new ConfigException(ERR_EXTOP_PASSMOD_NO_SUCH_ID_MAPPER.get(identityMapperDN, config.dn()));
			}
			}
			catch (Exception e)
			@@ -167,11 +148,6 @@
			super.initializeExtendedOperationHandler(config);
			}


			/**
			* Performs any finalization that may be necessary for this extended operation handler.
			* By default, no finalization is performed.
			*/
			@Override
			public void finalizeExtendedOperationHandler()
			{
			@@ -180,12 +156,6 @@
			super.finalizeExtendedOperationHandler();
			}


			/**
			* Processes the provided extended operation.
			*
			* @param operation The extended operation to be processed.
			*/
			@Override
			public void processExtendedOperation(ExtendedOperation operation)
			{
			@@ -197,9 +167,6 @@
			// Look at the set of controls included in the request, if there are any.
			boolean noOpRequested = false;
			boolean pwPolicyRequested = false;
			int pwPolicyWarningValue = 0;
			PasswordPolicyErrorType pwPolicyErrorType = null;
			PasswordPolicyWarningType pwPolicyWarningType = null;
			List<Control> controls = operation.getRequestControls();
			if (controls != null)
			{
			@@ -252,8 +219,7 @@
			// Get the entry for the user that issued the request.
			Entry requestorEntry = operation.getAuthorizationEntry();

			// See if a user identity was provided. If so, then try to resolve it to
			// an actual user.
			// See if a user identity was provided. If so, then try to resolve it to an actual user.
			DN userDN = null;
			Entry userEntry = null;
			DNLock userLock = null;
			@@ -425,12 +391,7 @@
			// See if the account is locked. If so, then reject the request.
			if (pwPolicyState.isDisabled())
			{
			if (pwPolicyRequested)
			{
			pwPolicyErrorType = PasswordPolicyErrorType.ACCOUNT_LOCKED;
			operation.addResponseControl(
			new PasswordPolicyResponseControl(pwPolicyWarningType, pwPolicyWarningValue, pwPolicyErrorType));
			}
			addPwPolicyErrorResponseControl(operation, pwPolicyRequested, ACCOUNT_LOCKED);

			operation.setResultCode(ResultCode.UNWILLING_TO_PERFORM);
			operation.appendErrorMessage(ERR_EXTOP_PASSMOD_ACCOUNT_DISABLED.get());
			@@ -438,12 +399,7 @@
			}
			else if (selfChange && pwPolicyState.isLocked())
			{
			if (pwPolicyRequested)
			{
			pwPolicyErrorType = PasswordPolicyErrorType.ACCOUNT_LOCKED;
			operation.addResponseControl(
			new PasswordPolicyResponseControl(pwPolicyWarningType, pwPolicyWarningValue, pwPolicyErrorType));
			}
			addPwPolicyErrorResponseControl(operation, pwPolicyRequested, ACCOUNT_LOCKED);

			operation.setResultCode(ResultCode.UNWILLING_TO_PERFORM);
			operation.appendErrorMessage(ERR_EXTOP_PASSMOD_ACCOUNT_LOCKED.get());
			@@ -457,16 +413,10 @@
			if (selfChange
			&& pwPolicyState.getAuthenticationPolicy().isPasswordChangeRequiresCurrentPassword())
			{
			addPwPolicyErrorResponseControl(operation, pwPolicyRequested, MUST_SUPPLY_OLD_PASSWORD);

			operation.setResultCode(ResultCode.UNWILLING_TO_PERFORM);
			operation.appendErrorMessage(ERR_EXTOP_PASSMOD_REQUIRE_CURRENT_PW.get());

			if (pwPolicyRequested)
			{
			pwPolicyErrorType = PasswordPolicyErrorType.MUST_SUPPLY_OLD_PASSWORD;
			operation.addResponseControl(
			new PasswordPolicyResponseControl(pwPolicyWarningType, pwPolicyWarningValue, pwPolicyErrorType));
			}

			return;
			}
			}
			@@ -506,12 +456,7 @@
			if (selfChange
			&& !pwPolicyState.getAuthenticationPolicy().isAllowUserPasswordChanges())
			{
			if (pwPolicyRequested)
			{
			pwPolicyErrorType = PasswordPolicyErrorType.PASSWORD_MOD_NOT_ALLOWED;
			operation.addResponseControl(
			new PasswordPolicyResponseControl(pwPolicyWarningType, pwPolicyWarningValue, pwPolicyErrorType));
			}
			addPwPolicyErrorResponseControl(operation, pwPolicyRequested, PASSWORD_MOD_NOT_ALLOWED);

			operation.setResultCode(ResultCode.UNWILLING_TO_PERFORM);
			operation.appendErrorMessage(ERR_EXTOP_PASSMOD_USER_PW_CHANGES_NOT_ALLOWED.get());
			@@ -530,12 +475,7 @@
			// If it's a self-change request and the user is within the minimum age, then reject it.
			if (selfChange && pwPolicyState.isWithinMinimumAge())
			{
			if (pwPolicyRequested)
			{
			pwPolicyErrorType = PasswordPolicyErrorType.PASSWORD_TOO_YOUNG;
			operation.addResponseControl(
			new PasswordPolicyResponseControl(pwPolicyWarningType, pwPolicyWarningValue, pwPolicyErrorType));
			}
			addPwPolicyErrorResponseControl(operation, pwPolicyRequested, PASSWORD_TOO_YOUNG);

			operation.setResultCode(ResultCode.UNWILLING_TO_PERFORM);
			operation.appendErrorMessage(ERR_EXTOP_PASSMOD_IN_MIN_AGE.get());
			@@ -547,12 +487,7 @@
			&& pwPolicyState.isPasswordExpired()
			&& !pwPolicyState.getAuthenticationPolicy().isAllowExpiredPasswordChanges())
			{
			if (pwPolicyRequested)
			{
			pwPolicyErrorType = PasswordPolicyErrorType.PASSWORD_EXPIRED;
			operation.addResponseControl(
			new PasswordPolicyResponseControl(pwPolicyWarningType, pwPolicyWarningValue, pwPolicyErrorType));
			}
			addPwPolicyErrorResponseControl(operation, pwPolicyRequested, PasswordPolicyErrorType.PASSWORD_EXPIRED);

			operation.setResultCode(ResultCode.UNWILLING_TO_PERFORM);
			operation.appendErrorMessage(ERR_EXTOP_PASSMOD_PASSWORD_IS_EXPIRED.get());
			@@ -626,12 +561,7 @@
			LocalizableMessageBuilder invalidReason = new LocalizableMessageBuilder();
			if (!pwPolicyState.passwordIsAcceptable(operation, userEntry, newPassword, clearPasswords, invalidReason))
			{
			if (pwPolicyRequested)
			{
			pwPolicyErrorType = PasswordPolicyErrorType.INSUFFICIENT_PASSWORD_QUALITY;
			operation.addResponseControl(
			new PasswordPolicyResponseControl(pwPolicyWarningType, pwPolicyWarningValue, pwPolicyErrorType));
			}
			addPwPolicyErrorResponseControl(operation, pwPolicyRequested, INSUFFICIENT_PASSWORD_QUALITY);

			operation.setResultCode(ResultCode.CONSTRAINT_VIOLATION);
			operation.appendErrorMessage(ERR_EXTOP_PASSMOD_UNACCEPTABLE_PW.get(invalidReason));
			@@ -825,15 +755,31 @@
			operation.getClientConnection().setMustChangePassword(false);
			}

			// If the password policy control was requested, then add the appropriate response control.
			if (pwPolicyRequested)
			addPwPolicyErrorResponseControl(operation, pwPolicyRequested, null);

			generateAccountStatusNotification(oldPassword, newPassword, userEntry, pwPolicyState, selfChange);
			}
			finally
			{
			operation.addResponseControl(
			new PasswordPolicyResponseControl(pwPolicyWarningType, pwPolicyWarningValue, pwPolicyErrorType));
			if (userLock != null)
			{
			userLock.unlock();
			}
			}
			}

			// Handle Account Status Notifications that may be needed.
			// They are not handled by the backend for internal operations.
			private void addPwPolicyErrorResponseControl(ExtendedOperation operation, boolean pwPolicyRequested,
			PasswordPolicyErrorType pwPolicyErrorType)
			{
			if (pwPolicyRequested)
			{
			operation.addResponseControl(new PasswordPolicyResponseControl(null, 0, pwPolicyErrorType));
			}
			}

			private void generateAccountStatusNotification(ByteString oldPassword, ByteString newPassword, Entry userEntry,
			PasswordPolicyState pwPolicyState, boolean selfChange)
			{
			List<ByteString> currentPasswords = null;
			if (oldPassword != null)
			{
			@@ -854,14 +800,6 @@
			PASSWORD_RESET, userEntry, INFO_MODIFY_PASSWORD_RESET.get(), notifProperties);
			}
			}
			finally
			{
			if (userLock != null)
			{
			userLock.unlock();
			}
			}
			}

			private String[] decodePassword(PasswordPolicyState pwPolicyState, String encodedPassword) throws DirectoryException
			{
			@@ -973,7 +911,6 @@
			return null;
			}

			/** {@inheritDoc} */
			@Override
			public boolean isConfigurationAcceptable(ExtendedOperationHandlerCfg configuration,
			List<LocalizableMessage> unacceptableReasons)
			@@ -982,19 +919,6 @@
			return isConfigurationChangeAcceptable(config, unacceptableReasons);
			}



			/**
			* Indicates whether the provided configuration entry has an acceptable configuration for this component.
			* If it does not, then detailed information about the problem(s) should be added to the provided list.
			*
			* @param config The configuration entry for which to make the determination.
			* @param unacceptableReasons A list that can be used to hold messages about why the provided entry does not
			* have an acceptable configuration.
			*
			* @return <CODE>true</CODE> if the provided entry has an acceptable configuration for this component,
			* or <CODE>false</CODE> if not.
			*/
			@Override
			public boolean isConfigurationChangeAcceptable(PasswordModifyExtendedOperationHandlerCfg config,
			List<LocalizableMessage> unacceptableReasons)
			@@ -1020,19 +944,6 @@
			}
			}



			/**
			* Makes a best-effort attempt to apply the configuration contained in the provided entry.
			* Information about the result of this processing should be added to the provided message list.
			* Information should always be added to this list if a configuration change could not be applied.
			* If detailed results are requested, then information about the changes applied successfully (and optionally
			* about parameters that were not changed) should also be included.
			*
			* @param config The entry containing the new configuration to apply for this component.
			*
			* @return Information about the result of the configuration update.
			*/
			@Override
			public ConfigChangeResult applyConfigurationChange(PasswordModifyExtendedOperationHandlerCfg config)
			{
			@@ -1073,14 +984,12 @@
			return ccr;
			}

			/** {@inheritDoc} */
			@Override
			public String getExtendedOperationOID()
			{
			return OID_PASSWORD_MODIFY_REQUEST;
			}

			/** {@inheritDoc} */
			@Override
			public String getExtendedOperationName()
			{

			@@ -25,6 +25,11 @@
			*/
			package org.opends.server.protocols.http;

			import static org.forgerock.opendj.adapter.server3x.Converters.*;
			import static org.forgerock.opendj.ldap.ByteString.*;
			import static org.forgerock.opendj.ldap.LdapException.*;
			import static org.forgerock.opendj.ldap.spi.LdapPromiseImpl.*;

			import java.util.LinkedHashSet;
			import java.util.concurrent.atomic.AtomicInteger;

			@@ -34,9 +39,8 @@
			import org.forgerock.opendj.ldap.AbstractAsynchronousConnection;
			import org.forgerock.opendj.ldap.ByteString;
			import org.forgerock.opendj.ldap.ConnectionEventListener;
			import org.forgerock.opendj.ldap.LdapPromise;
			import org.forgerock.opendj.ldap.spi.LdapPromiseImpl;
			import org.forgerock.opendj.ldap.IntermediateResponseHandler;
			import org.forgerock.opendj.ldap.LdapPromise;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.forgerock.opendj.ldap.SearchResultHandler;
			import org.forgerock.opendj.ldap.requests.AbandonRequest;
			@@ -54,6 +58,7 @@
			import org.forgerock.opendj.ldap.responses.CompareResult;
			import org.forgerock.opendj.ldap.responses.ExtendedResult;
			import org.forgerock.opendj.ldap.responses.Result;
			import org.forgerock.opendj.ldap.spi.LdapPromiseImpl;
			import org.opends.server.core.AbandonOperation;
			import org.opends.server.core.AbandonOperationBasis;
			import org.opends.server.core.AddOperation;
			@@ -92,11 +97,6 @@
			import org.opends.server.types.DisconnectReason;
			import org.opends.server.types.Operation;

			import static org.forgerock.opendj.adapter.server3x.Converters.*;
			import static org.forgerock.opendj.ldap.ByteString.*;
			import static org.forgerock.opendj.ldap.LdapException.*;
			import static org.forgerock.opendj.ldap.spi.LdapPromiseImpl.*;

			/**
			* Adapter class between LDAP SDK's {@link org.forgerock.opendj.ldap.Connection}
			* and OpenDJ server's
			@@ -239,7 +239,6 @@
			throw new RuntimeException("Not implemented for operation " + operation);
			}

			/** {@inheritDoc} */
			@Override
			public LdapPromise<Void> abandonAsync(AbandonRequest request)
			{
			@@ -248,7 +247,6 @@
			to(request.getControls()), request.getRequestID()));
			}

			/** {@inheritDoc} */
			@Override
			public LdapPromise<Result> addAsync(AddRequest request, IntermediateResponseHandler intermediateResponseHandler)
			{
			@@ -257,14 +255,12 @@
			valueOfObject(request.getName()), to(request.getAllAttributes())));
			}

			/** {@inheritDoc} */
			@Override
			public void addConnectionEventListener(ConnectionEventListener listener)
			{
			// not useful so far
			}

			/** {@inheritDoc} */
			@Override
			public LdapPromise<BindResult> bindAsync(BindRequest request,
			IntermediateResponseHandler intermediateResponseHandler)
			@@ -276,7 +272,6 @@
			"3", ByteString.valueOfUtf8(userName), ByteString.wrap(password)));
			}

			/** {@inheritDoc} */
			@Override
			public void close(UnbindRequest request, String reason)
			{
			@@ -284,9 +279,8 @@
			if (authInfo != null && authInfo.isAuthenticated())
			{
			final int messageID = nextMessageID.getAndIncrement();
			final UnbindOperationBasis operation =
			new UnbindOperationBasis(clientConnection, messageID, messageID,
			to(request.getControls()));
			final UnbindOperationBasis operation = new UnbindOperationBasis(
			clientConnection, messageID, messageID, to(request.getControls()));
			operation.setInnerOperation(this.clientConnection.isInnerConnection());

			// run synchronous
			@@ -304,7 +298,6 @@
			isClosed = true;
			}

			/** {@inheritDoc} */
			@Override
			public LdapPromise<CompareResult> compareAsync(CompareRequest request,
			IntermediateResponseHandler intermediateResponseHandler)
			@@ -316,7 +309,6 @@
			request.getAssertionValue()));
			}

			/** {@inheritDoc} */
			@Override
			public LdapPromise<Result> deleteAsync(DeleteRequest request,
			IntermediateResponseHandler intermediateResponseHandler)
			@@ -326,7 +318,6 @@
			to(request.getControls()), valueOfObject(request.getName())));
			}

			/** {@inheritDoc} */
			@Override
			public <R extends ExtendedResult> LdapPromise<R> extendedRequestAsync(ExtendedRequest<R> request,
			IntermediateResponseHandler intermediateResponseHandler)
			@@ -347,21 +338,18 @@
			return queueingStrategy;
			}

			/** {@inheritDoc} */
			@Override
			public boolean isClosed()
			{
			return isClosed;
			}

			/** {@inheritDoc} */
			@Override
			public boolean isValid()
			{
			return this.clientConnection.isConnectionValid();
			}

			/** {@inheritDoc} */
			@Override
			public LdapPromise<Result> modifyAsync(ModifyRequest request,
			IntermediateResponseHandler intermediateResponseHandler)
			@@ -372,7 +360,6 @@
			toModifications(request.getModifications())));
			}

			/** {@inheritDoc} */
			@Override
			public LdapPromise<Result> modifyDNAsync(ModifyDNRequest request,
			IntermediateResponseHandler intermediateResponseHandler)
			@@ -384,14 +371,12 @@
			.getNewSuperior())));
			}

			/** {@inheritDoc} */
			@Override
			public void removeConnectionEventListener(ConnectionEventListener listener)
			{
			// not useful so far
			}

			/** {@inheritDoc} */
			@Override
			public LdapPromise<Result> searchAsync(final SearchRequest request,
			final IntermediateResponseHandler intermediateResponseHandler, final SearchResultHandler entryHandler)
			@@ -405,7 +390,6 @@
			new LinkedHashSet<String>(request.getAttributes())), entryHandler);
			}

			/** {@inheritDoc} */
			@Override
			public String toString()
			{