From 938eec61d6c1bf9f62c9c3dad50086d02340f006 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Sat, 03 Feb 2007 00:30:16 +0000
Subject: [PATCH] Update the proxied authorization control code to require that the controls have a criticality of "true" as per the specification in RFC 4370.
---
opends/src/server/org/opends/server/controls/ProxiedAuthV1Control.java | 29 ++++++++++++++++++++++++-----
1 files changed, 24 insertions(+), 5 deletions(-)
diff --git a/opends/src/server/org/opends/server/controls/ProxiedAuthV1Control.java b/opends/src/server/org/opends/server/controls/ProxiedAuthV1Control.java
index 27cfb52..518d547 100644
--- a/opends/src/server/org/opends/server/controls/ProxiedAuthV1Control.java
+++ b/opends/src/server/org/opends/server/controls/ProxiedAuthV1Control.java
@@ -22,7 +22,7 @@
* CDDL HEADER END
*
*
- * Portions Copyright 2006 Sun Microsystems, Inc.
+ * Portions Copyright 2006-2007 Sun Microsystems, Inc.
*/
package org.opends.server.controls;
@@ -50,6 +50,7 @@
import static org.opends.server.messages.ProtocolMessages.*;
import static org.opends.server.util.ServerConstants.*;
import static org.opends.server.util.StaticUtils.*;
+import static org.opends.server.util.Validator.*;
@@ -86,7 +87,7 @@
* provided information.
*
* @param rawAuthorizationDN The raw, unprocessed authorization DN from the
- * control value.
+ * control value. It must not be {@code null}.
*/
public ProxiedAuthV1Control(ASN1OctetString rawAuthorizationDN)
{
@@ -105,7 +106,8 @@
* Creates a new instance of the proxied authorization v1 control with the
* provided information.
*
- * @param authorizationDN The authorization DN from the control value.
+ * @param authorizationDN The authorization DN from the control value. It
+ * must not be {@code null}.
*/
public ProxiedAuthV1Control(DN authorizationDN)
{
@@ -156,7 +158,8 @@
* authorization DN.
*
* @param rawAuthorizationDN The raw, unprocessed authorization DN to use in
- * the control value.
+ * the control value. It must not be
+ * {@code null}.
*
* @return The encoded control value.
*/
@@ -165,6 +168,8 @@
assert debugEnter(CLASS_NAME, "encodeValue",
String.valueOf(rawAuthorizationDN));
+ ensureNotNull(rawAuthorizationDN);
+
ArrayList<ASN1Element> elements = new ArrayList<ASN1Element>(1);
elements.add(rawAuthorizationDN);
@@ -178,7 +183,8 @@
* provided control.
*
* @param control The generic control containing the information to use to
- * create this proxied authorization v1 control.
+ * create this proxied authorization v1 control. It must not
+ * be {@code null}.
*
* @return The proxied authorization v1 control decoded from the provided
* control.
@@ -191,6 +197,16 @@
{
assert debugEnter(CLASS_NAME, "decodeControl", String.valueOf(control));
+ ensureNotNull(control);
+
+ if (! control.isCritical())
+ {
+ int msgID = MSGID_PROXYAUTH1_CONTROL_NOT_CRITICAL;
+ String message = getMessage(msgID);
+ throw new LDAPException(LDAPResultCode.PROTOCOL_ERROR, msgID,
+ message);
+ }
+
if (! control.hasValue())
{
int msgID = MSGID_PROXYAUTH1_NO_CONTROL_VALUE;
@@ -293,12 +309,15 @@
* Specifies the authorization DN for this proxied auth control.
*
* @param authorizationDN The authorizationDN for this proxied auth control.
+ * It must not be {@code null}.
*/
public void setAuthorizationDN(DN authorizationDN)
{
assert debugEnter(CLASS_NAME, "setAuthorizationDN",
String.valueOf(authorizationDN));
+ ensureNotNull(authorizationDN);
+
this.authorizationDN = authorizationDN;
rawAuthorizationDN = new ASN1OctetString(authorizationDN.toString());
--
Gitblit v1.10.0