From 938eec61d6c1bf9f62c9c3dad50086d02340f006 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Sat, 03 Feb 2007 00:30:16 +0000
Subject: [PATCH] Update the proxied authorization control code to require that the controls have a criticality of "true" as per the specification in RFC 4370.

---
 opends/src/server/org/opends/server/controls/ProxiedAuthV2Control.java |   44 ++++++++++++++++----------------------------
 1 files changed, 16 insertions(+), 28 deletions(-)

diff --git a/opends/src/server/org/opends/server/controls/ProxiedAuthV2Control.java b/opends/src/server/org/opends/server/controls/ProxiedAuthV2Control.java
index 02b2912..07f993d 100644
--- a/opends/src/server/org/opends/server/controls/ProxiedAuthV2Control.java
+++ b/opends/src/server/org/opends/server/controls/ProxiedAuthV2Control.java
@@ -22,7 +22,7 @@
  * CDDL HEADER END
  *
  *
- *      Portions Copyright 2006 Sun Microsystems, Inc.
+ *      Portions Copyright 2006-2007 Sun Microsystems, Inc.
  */
 package org.opends.server.controls;
 
@@ -49,6 +49,7 @@
 import static org.opends.server.messages.ProtocolMessages.*;
 import static org.opends.server.util.ServerConstants.*;
 import static org.opends.server.util.StaticUtils.*;
+import static org.opends.server.util.Validator.*;
 
 
 
@@ -84,10 +85,11 @@
    */
   public ProxiedAuthV2Control(ASN1OctetString authorizationID)
   {
-    super(OID_PROXIED_AUTH_V2, true, encodeValue(authorizationID));
+    super(OID_PROXIED_AUTH_V2, true, authorizationID);
 
     assert debugConstructor(CLASS_NAME, String.valueOf(authorizationID));
 
+    ensureNotNull(authorizationID);
     this.authorizationID = authorizationID;
   }
 
@@ -118,36 +120,12 @@
 
 
   /**
-   * Generates an encoded value for this control containing the provided
-   * authorization ID.
-   *
-   * @param  authorizationID  The authorization ID to be encoded.
-   *
-   * @return  The encoded control value.
-   */
-  private static ASN1OctetString encodeValue(ASN1OctetString authorizationID)
-  {
-    assert debugEnter(CLASS_NAME, "encodeValue",
-                      String.valueOf(authorizationID));
-
-    if (authorizationID == null)
-    {
-      return new ASN1OctetString();
-    }
-    else
-    {
-      return authorizationID;
-    }
-  }
-
-
-
-  /**
    * Creates a new proxied authorization v2 control from the contents of the
    * provided control.
    *
    * @param  control  The generic control containing the information to use to
-   *                  create this proxied authorization v2 control.
+   *                  create this proxied authorization v2 control.  It must not
+   *                  be {@code null}.
    *
    * @return  The proxied authorization v2 control decoded from the provided
    *          control.
@@ -160,6 +138,16 @@
   {
     assert debugEnter(CLASS_NAME, "decodeControl", String.valueOf(control));
 
+    ensureNotNull(control);
+
+    if (! control.isCritical())
+    {
+      int    msgID   = MSGID_PROXYAUTH2_CONTROL_NOT_CRITICAL;
+      String message = getMessage(msgID);
+      throw new LDAPException(LDAPResultCode.PROTOCOL_ERROR, msgID,
+                              message);
+    }
+
     if (! control.hasValue())
     {
       int    msgID   = MSGID_PROXYAUTH2_NO_CONTROL_VALUE;

--
Gitblit v1.10.0