package org.apache.directory.server.ppolicy;

import org.apache.directory.api.ldap.codec.api.LdapApiService;
import org.apache.directory.api.ldap.codec.api.LdapApiServiceFactory;
import org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicy;
import org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicyErrorEnum;
import org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicyImpl;
import org.apache.directory.api.ldap.extras.controls.ppolicy_impl.PasswordPolicyDecorator;
import org.apache.directory.api.ldap.model.constants.LdapSecurityConstants;
import org.apache.directory.api.ldap.model.constants.SchemaConstants;
import org.apache.directory.api.ldap.model.entry.Attribute;
import org.apache.directory.api.ldap.model.entry.DefaultEntry;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.message.AddRequestImpl;
import org.apache.directory.api.ldap.model.message.AddResponse;
import org.apache.directory.api.ldap.model.message.BindRequestImpl;
import org.apache.directory.api.ldap.model.message.BindResponse;
import org.apache.directory.api.ldap.model.message.Control;
import org.apache.directory.api.ldap.model.message.ModifyRequestImpl;
import org.apache.directory.api.ldap.model.message.ModifyResponse;
import org.apache.directory.api.ldap.model.message.Response;
import org.apache.directory.api.ldap.model.message.ResultCodeEnum;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.ldap.model.password.PasswordUtil;
import org.apache.directory.ldap.client.api.LdapConnection;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.apache.directory.server.annotations.CreateLdapServer;
import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.core.annotations.CreateDS;
import org.apache.directory.server.core.api.InterceptorEnum;
import org.apache.directory.server.core.api.authn.ppolicy.PasswordPolicyConfiguration;
import org.apache.directory.server.core.authn.ppolicy.PpolicyConfigContainer;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
import org.apache.directory.server.core.integ.IntegrationUtils;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;

@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP"), @CreateTransport(protocol = "LDAPS")})
@RunWith(FrameworkRunner.class)
@CreateDS(enableChangeLog = false, name = "PasswordPolicyTest")
/* loaded from: input_file:org/apache/directory/server/ppolicy/PasswordPolicyIT.class */
public class PasswordPolicyIT extends AbstractLdapTestUnit {
    private PasswordPolicyConfiguration policyConfig;
    private static final LdapApiService codec = LdapApiServiceFactory.getSingleton();
    private static final PasswordPolicyDecorator PP_REQ_CTRL = new PasswordPolicyDecorator(codec, new PasswordPolicyImpl());

    @Before
    public void setPwdPolicy() throws LdapException {
        this.policyConfig = new PasswordPolicyConfiguration();
        this.policyConfig.setPwdMaxAge(110);
        this.policyConfig.setPwdFailureCountInterval(30);
        this.policyConfig.setPwdMaxFailure(2);
        this.policyConfig.setPwdLockout(true);
        this.policyConfig.setPwdLockoutDuration(0);
        this.policyConfig.setPwdMinLength(5);
        this.policyConfig.setPwdInHistory(5);
        this.policyConfig.setPwdExpireWarning(600);
        this.policyConfig.setPwdGraceAuthNLimit(5);
        this.policyConfig.setPwdCheckQuality(2);
        PpolicyConfigContainer ppolicyConfigContainer = new PpolicyConfigContainer();
        ppolicyConfigContainer.setDefaultPolicy(this.policyConfig);
        getService().getInterceptor(InterceptorEnum.AUTHENTICATION_INTERCEPTOR.getName()).setPwdPolicies(ppolicyConfigContainer);
        getService().getInterceptor(InterceptorEnum.AUTHENTICATION_INTERCEPTOR.getName()).loadPwdPolicyStateAtributeTypes();
    }

    @After
    public void closeConnections() {
        IntegrationUtils.closeConnections();
    }

    @Test
    public void testAddUserWithClearTextPwd() throws Exception {
        LdapConnection adminNetworkConnection = IntegrationUtils.getAdminNetworkConnection(getLdapServer());
        Dn dn = new Dn(new String[]{"cn=user,ou=system"});
        DefaultEntry defaultEntry = new DefaultEntry(dn.toString(), new Object[]{"ObjectClass: top", "ObjectClass: person", "cn: user", "sn: user_sn", "userPassword: 1234"});
        AddRequestImpl addRequestImpl = new AddRequestImpl();
        addRequestImpl.setEntry(defaultEntry);
        addRequestImpl.addControl(PP_REQ_CTRL);
        AddResponse add = adminNetworkConnection.add(addRequestImpl);
        Assert.assertEquals(ResultCodeEnum.CONSTRAINT_VIOLATION, add.getLdapResult().getResultCode());
        PasswordPolicy pwdRespCtrl = getPwdRespCtrl(add);
        Assert.assertNotNull(pwdRespCtrl);
        Assert.assertEquals(PasswordPolicyErrorEnum.PASSWORD_TOO_SHORT, pwdRespCtrl.getResponse().getPasswordPolicyError());
        Attribute attribute = defaultEntry.get("userPassword");
        attribute.clear();
        attribute.add(new String[]{"12345"});
        AddResponse add2 = adminNetworkConnection.add(addRequestImpl);
        Assert.assertEquals(ResultCodeEnum.SUCCESS, add2.getLdapResult().getResultCode());
        Assert.assertNull(getPwdRespCtrl(add2));
        LdapConnection networkConnectionAs = IntegrationUtils.getNetworkConnectionAs(getLdapServer(), dn.getName(), "12345");
        Assert.assertNotNull(networkConnectionAs);
        Assert.assertTrue(networkConnectionAs.isAuthenticated());
    }

    /* JADX WARN: Type inference failed for: r1v20, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r2v8, types: [byte[], byte[][]] */
    @Test
    public void testAddUserWithHashedPwd() throws Exception {
        LdapConnection adminNetworkConnection = IntegrationUtils.getAdminNetworkConnection(getLdapServer());
        byte[] createStoragePassword = PasswordUtil.createStoragePassword("12345", LdapSecurityConstants.HASH_METHOD_CRYPT);
        DefaultEntry defaultEntry = new DefaultEntry("cn=hashedpwd,ou=system");
        defaultEntry.add("ObjectCLass", new String[]{"person"});
        defaultEntry.add("cn", new String[]{"hashedpwd"});
        defaultEntry.add("sn", new String[]{"hashedpwd_sn"});
        defaultEntry.add("userPassword", (byte[][]) new byte[]{createStoragePassword});
        AddRequestImpl addRequestImpl = new AddRequestImpl();
        addRequestImpl.setEntry(defaultEntry);
        addRequestImpl.addControl(PP_REQ_CTRL);
        AddResponse add = adminNetworkConnection.add(addRequestImpl);
        Assert.assertEquals(ResultCodeEnum.CONSTRAINT_VIOLATION, add.getLdapResult().getResultCode());
        PasswordPolicy pwdRespCtrl = getPwdRespCtrl(add);
        Assert.assertNotNull(pwdRespCtrl);
        Assert.assertEquals(PasswordPolicyErrorEnum.INSUFFICIENT_PASSWORD_QUALITY, pwdRespCtrl.getResponse().getPasswordPolicyError());
        this.policyConfig.setPwdCheckQuality(1);
        Attribute attribute = defaultEntry.get("userPassword");
        attribute.clear();
        attribute.add((byte[][]) new byte[]{createStoragePassword});
        AddResponse add2 = adminNetworkConnection.add(addRequestImpl);
        Assert.assertEquals(ResultCodeEnum.SUCCESS, add2.getLdapResult().getResultCode());
        Assert.assertNull(getPwdRespCtrl(add2));
        LdapConnection networkConnectionAs = IntegrationUtils.getNetworkConnectionAs(getLdapServer(), "cn=hashedpwd,ou=system", "12345");
        Assert.assertNotNull(networkConnectionAs);
        Assert.assertTrue(networkConnectionAs.isAuthenticated());
    }

    @Test
    public void testPwdLockoutForever() throws Exception {
        this.policyConfig.setPwdMaxFailure(2);
        this.policyConfig.setPwdLockout(true);
        this.policyConfig.setPwdLockoutDuration(0);
        this.policyConfig.setPwdGraceAuthNLimit(2);
        this.policyConfig.setPwdFailureCountInterval(30);
        LdapConnection adminNetworkConnection = IntegrationUtils.getAdminNetworkConnection(getLdapServer());
        Dn dn = new Dn(new String[]{"cn=user2,ou=system"});
        DefaultEntry defaultEntry = new DefaultEntry(dn.toString(), new Object[]{"ObjectClass: top", "ObjectClass: person", "cn: user2", "sn: user_sn", "userPassword: 12345"});
        AddRequestImpl addRequestImpl = new AddRequestImpl();
        addRequestImpl.setEntry(defaultEntry);
        addRequestImpl.addControl(PP_REQ_CTRL);
        AddResponse add = adminNetworkConnection.add(addRequestImpl);
        Assert.assertEquals(ResultCodeEnum.SUCCESS, add.getLdapResult().getResultCode());
        Assert.assertNull(getPwdRespCtrl(add));
        BindRequestImpl bindRequestImpl = new BindRequestImpl();
        bindRequestImpl.setDn(dn);
        bindRequestImpl.setCredentials("1234");
        bindRequestImpl.addControl(PP_REQ_CTRL);
        LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection("localhost", ldapServer.getPort());
        for (int i = 0; i < 3; i++) {
            ldapNetworkConnection.bind(bindRequestImpl);
            Assert.assertFalse(ldapNetworkConnection.isAuthenticated());
        }
        Thread.sleep(2000L);
        Entry lookup = adminNetworkConnection.lookup(dn, SchemaConstants.ALL_ATTRIBUTES_ARRAY);
        Attribute attribute = lookup.get("pwdAccountLockedTime");
        Assert.assertNotNull(attribute);
        Assert.assertEquals("000001010000Z", attribute.getString());
        BindRequestImpl bindRequestImpl2 = new BindRequestImpl();
        bindRequestImpl2.setDn(dn);
        bindRequestImpl2.setCredentials("12345");
        bindRequestImpl2.addControl(PP_REQ_CTRL);
        ldapNetworkConnection.bind(bindRequestImpl2);
        Assert.assertFalse(ldapNetworkConnection.isAuthenticated());
        ldapNetworkConnection.close();
        ModifyRequestImpl modifyRequestImpl = new ModifyRequestImpl();
        modifyRequestImpl.setName(dn);
        modifyRequestImpl.addControl(PP_REQ_CTRL);
        modifyRequestImpl.remove(lookup.get("userPassword"));
        Assert.assertEquals(ResultCodeEnum.SUCCESS, adminNetworkConnection.modify(modifyRequestImpl).getLdapResult().getResultCode());
        Entry lookup2 = adminNetworkConnection.lookup(dn, new String[]{"+"});
        Assert.assertNull(lookup2.get("pwdFailureTime"));
        Assert.assertNull(lookup2.get("pwdGraceUseTime"));
        Assert.assertNull(lookup2.get("pwdHistory"));
        Assert.assertNull(lookup2.get("pwdChangedTime"));
        Assert.assertNull(lookup2.get("pwdAccountLockedTime"));
    }

    @Test
    public void testPwdMinAge() throws Exception {
        this.policyConfig.setPwdMinAge(5);
        LdapConnection adminNetworkConnection = IntegrationUtils.getAdminNetworkConnection(getLdapServer());
        Dn dn = new Dn(new String[]{"cn=userMinAge,ou=system"});
        DefaultEntry defaultEntry = new DefaultEntry(dn.toString(), new Object[]{"ObjectClass: top", "ObjectClass: person", "cn: userMinAge", "sn: userMinAge_sn", "userPassword: 12345"});
        AddRequestImpl addRequestImpl = new AddRequestImpl();
        addRequestImpl.setEntry(defaultEntry);
        addRequestImpl.addControl(PP_REQ_CTRL);
        AddResponse add = adminNetworkConnection.add(addRequestImpl);
        Assert.assertEquals(ResultCodeEnum.SUCCESS, add.getLdapResult().getResultCode());
        Assert.assertNull(getPwdRespCtrl(add));
        ModifyRequestImpl modifyRequestImpl = new ModifyRequestImpl();
        modifyRequestImpl.setName(dn);
        modifyRequestImpl.addControl(PP_REQ_CTRL);
        modifyRequestImpl.replace("userPassword", new String[]{"123456"});
        ModifyResponse modify = adminNetworkConnection.modify(modifyRequestImpl);
        Assert.assertEquals(ResultCodeEnum.CONSTRAINT_VIOLATION, modify.getLdapResult().getResultCode());
        Assert.assertEquals(PasswordPolicyErrorEnum.PASSWORD_TOO_YOUNG, getPwdRespCtrl(modify).getResponse().getPasswordPolicyError());
        Thread.sleep(5000L);
        Assert.assertEquals(ResultCodeEnum.SUCCESS, adminNetworkConnection.modify(modifyRequestImpl).getLdapResult().getResultCode());
        LdapConnection networkConnectionAs = IntegrationUtils.getNetworkConnectionAs(getLdapServer(), dn.getName(), "123456");
        Assert.assertNotNull(networkConnectionAs);
        Assert.assertTrue(networkConnectionAs.isAuthenticated());
    }

    @Test
    public void testPwdHistory() throws Exception {
        this.policyConfig.setPwdInHistory(2);
        LdapConnection adminNetworkConnection = IntegrationUtils.getAdminNetworkConnection(getLdapServer());
        Dn dn = new Dn(new String[]{"cn=userPwdHist,ou=system"});
        DefaultEntry defaultEntry = new DefaultEntry(dn.toString(), new Object[]{"ObjectClass: top", "ObjectClass: person", "cn: userPwdHist", "sn: userPwdHist_sn", "userPassword: 12345"});
        AddRequestImpl addRequestImpl = new AddRequestImpl();
        addRequestImpl.setEntry(defaultEntry);
        addRequestImpl.addControl(PP_REQ_CTRL);
        adminNetworkConnection.add(addRequestImpl);
        Assert.assertNotNull(adminNetworkConnection.lookup(dn, new String[]{"*", "+"}).get("pwdHistory"));
        Assert.assertEquals(1L, r0.size());
        Thread.sleep(1000L);
        ModifyRequestImpl modifyRequestImpl = new ModifyRequestImpl();
        modifyRequestImpl.setName(dn);
        modifyRequestImpl.addControl(PP_REQ_CTRL);
        modifyRequestImpl.replace("userPassword", new String[]{"67891"});
        adminNetworkConnection.modify(modifyRequestImpl);
        Assert.assertNotNull(adminNetworkConnection.lookup(dn, new String[]{"*", "+"}).get("pwdHistory"));
        Assert.assertEquals(2L, r0.size());
        Thread.sleep(1000L);
        ModifyRequestImpl modifyRequestImpl2 = new ModifyRequestImpl();
        modifyRequestImpl2.setName(dn);
        modifyRequestImpl2.addControl(PP_REQ_CTRL);
        modifyRequestImpl2.replace("userPassword", new String[]{"abcde"});
        Assert.assertEquals(ResultCodeEnum.SUCCESS, adminNetworkConnection.modify(modifyRequestImpl2).getLdapResult().getResultCode());
        Assert.assertNotNull(adminNetworkConnection.lookup(dn, new String[]{"*", "+"}).get("pwdHistory"));
        Assert.assertEquals(2L, r0.size());
        ModifyResponse modify = adminNetworkConnection.modify(modifyRequestImpl2);
        Assert.assertEquals(ResultCodeEnum.CONSTRAINT_VIOLATION, modify.getLdapResult().getResultCode());
        Assert.assertEquals(PasswordPolicyErrorEnum.PASSWORD_IN_HISTORY, getPwdRespCtrl(modify).getResponse().getPasswordPolicyError());
    }

    @Test
    public void testPwdLength() throws Exception {
        this.policyConfig.setPwdMinLength(5);
        this.policyConfig.setPwdMaxLength(7);
        this.policyConfig.setPwdCheckQuality(2);
        LdapConnection adminNetworkConnection = IntegrationUtils.getAdminNetworkConnection(getLdapServer());
        DefaultEntry defaultEntry = new DefaultEntry(new Dn(new String[]{"cn=userLen,ou=system"}).toString(), new Object[]{"ObjectClass: top", "ObjectClass: person", "cn: userLen", "sn: userLen_sn", "userPassword: 1234"});
        AddRequestImpl addRequestImpl = new AddRequestImpl();
        addRequestImpl.setEntry(defaultEntry);
        addRequestImpl.addControl(PP_REQ_CTRL);
        AddResponse add = adminNetworkConnection.add(addRequestImpl);
        Assert.assertEquals(ResultCodeEnum.CONSTRAINT_VIOLATION, add.getLdapResult().getResultCode());
        PasswordPolicy pwdRespCtrl = getPwdRespCtrl(add);
        Assert.assertNotNull(pwdRespCtrl);
        Assert.assertEquals(PasswordPolicyErrorEnum.PASSWORD_TOO_SHORT, pwdRespCtrl.getResponse().getPasswordPolicyError());
        Attribute attribute = defaultEntry.get("userPassword");
        attribute.clear();
        attribute.add(new String[]{"12345678"});
        AddResponse add2 = adminNetworkConnection.add(addRequestImpl);
        Assert.assertEquals(ResultCodeEnum.CONSTRAINT_VIOLATION, add2.getLdapResult().getResultCode());
        PasswordPolicy pwdRespCtrl2 = getPwdRespCtrl(add2);
        Assert.assertNotNull(pwdRespCtrl2);
        Assert.assertEquals(PasswordPolicyErrorEnum.INSUFFICIENT_PASSWORD_QUALITY, pwdRespCtrl2.getResponse().getPasswordPolicyError());
        Attribute attribute2 = defaultEntry.get("userPassword");
        attribute2.clear();
        attribute2.add(new String[]{"123456"});
        Assert.assertEquals(ResultCodeEnum.SUCCESS, adminNetworkConnection.add(addRequestImpl).getLdapResult().getResultCode());
    }

    @Test
    public void testPwdMaxAgeAndGraceAuth() throws Exception {
        this.policyConfig.setPwdMaxAge(5);
        this.policyConfig.setPwdExpireWarning(4);
        this.policyConfig.setPwdGraceAuthNLimit(2);
        LdapConnection adminNetworkConnection = IntegrationUtils.getAdminNetworkConnection(getLdapServer());
        Dn dn = new Dn(new String[]{"cn=userMaxAge,ou=system"});
        DefaultEntry defaultEntry = new DefaultEntry(dn.toString(), new Object[]{"ObjectClass: top", "ObjectClass: person", "cn: userMaxAge", "sn: userMaxAge_sn", "userPassword: 12345"});
        AddRequestImpl addRequestImpl = new AddRequestImpl();
        addRequestImpl.setEntry(defaultEntry);
        addRequestImpl.addControl(PP_REQ_CTRL);
        adminNetworkConnection.add(addRequestImpl);
        BindRequestImpl bindRequestImpl = new BindRequestImpl();
        bindRequestImpl.setDn(dn);
        bindRequestImpl.setCredentials("12345".getBytes());
        bindRequestImpl.addControl(PP_REQ_CTRL);
        LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection("localhost", ldapServer.getPort());
        ldapNetworkConnection.setTimeOut(0L);
        Thread.sleep(1000L);
        BindResponse bind = ldapNetworkConnection.bind(bindRequestImpl);
        Assert.assertEquals(ResultCodeEnum.SUCCESS, bind.getLdapResult().getResultCode());
        PasswordPolicy pwdRespCtrl = getPwdRespCtrl(bind);
        Assert.assertNotNull(pwdRespCtrl);
        Assert.assertTrue(pwdRespCtrl.getResponse().getTimeBeforeExpiration() > 0);
        Thread.sleep(4000L);
        BindResponse bind2 = ldapNetworkConnection.bind(bindRequestImpl);
        Assert.assertEquals(ResultCodeEnum.SUCCESS, bind2.getLdapResult().getResultCode());
        Assert.assertNotNull(getPwdRespCtrl(bind2));
        Assert.assertEquals(1L, r0.getResponse().getGraceAuthNsRemaining());
        Thread.sleep(1000L);
        Assert.assertEquals(ResultCodeEnum.SUCCESS, ldapNetworkConnection.bind(bindRequestImpl).getLdapResult().getResultCode());
        Assert.assertEquals(0L, getPwdRespCtrl(r0).getResponse().getGraceAuthNsRemaining());
        BindResponse bind3 = ldapNetworkConnection.bind(bindRequestImpl);
        Assert.assertEquals(ResultCodeEnum.INVALID_CREDENTIALS, bind3.getLdapResult().getResultCode());
        Assert.assertEquals(PasswordPolicyErrorEnum.PASSWORD_EXPIRED, getPwdRespCtrl(bind3).getResponse().getPasswordPolicyError());
    }

    @Test
    public void testModifyPwdSubentry() throws Exception {
        LdapConnection adminNetworkConnection = IntegrationUtils.getAdminNetworkConnection(getLdapServer());
        Dn dn = new Dn(new String[]{"cn=ppolicySubentry,ou=system"});
        DefaultEntry defaultEntry = new DefaultEntry(dn.toString(), new Object[]{"ObjectClass: top", "ObjectClass: person", "cn: ppolicySubentry", "sn: ppolicySubentry_sn", "userPassword: 12345", "pwdPolicySubEntry:" + dn.getName()});
        AddRequestImpl addRequestImpl = new AddRequestImpl();
        addRequestImpl.setEntry(defaultEntry);
        addRequestImpl.addControl(PP_REQ_CTRL);
        Assert.assertEquals(ResultCodeEnum.SUCCESS, adminNetworkConnection.add(addRequestImpl).getLdapResult().getResultCode());
        Assert.assertEquals(dn.getName(), adminNetworkConnection.lookup(dn, new String[]{"*", "+"}).get("pwdPolicySubEntry").getString());
        ModifyRequestImpl modifyRequestImpl = new ModifyRequestImpl();
        modifyRequestImpl.setName(dn);
        modifyRequestImpl.replace("pwdPolicySubEntry", new String[]{"cn=policy,ou=system"});
        Assert.assertEquals(ResultCodeEnum.SUCCESS, adminNetworkConnection.modify(modifyRequestImpl).getLdapResult().getResultCode());
        Assert.assertEquals("cn=policy,ou=system", adminNetworkConnection.lookup(dn, new String[]{"*", "+"}).get("pwdPolicySubEntry").getString());
        LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection("localhost", getLdapServer().getPort());
        ldapNetworkConnection.bind(dn.getName(), "12345");
        ModifyResponse modify = ldapNetworkConnection.modify(modifyRequestImpl);
        modifyRequestImpl.replace("pwdPolicySubEntry", new String[]{dn.getName()});
        Assert.assertEquals(ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS, modify.getLdapResult().getResultCode());
    }

    @Test
    public void testGraceAuth() throws Exception {
        this.policyConfig.setPwdMaxFailure(2);
        this.policyConfig.setPwdLockout(true);
        this.policyConfig.setPwdLockoutDuration(0);
        this.policyConfig.setPwdGraceAuthNLimit(2);
        this.policyConfig.setPwdFailureCountInterval(60);
        this.policyConfig.setPwdMaxAge(1);
        LdapConnection adminNetworkConnection = IntegrationUtils.getAdminNetworkConnection(getLdapServer());
        Dn dn = new Dn(new String[]{"cn=userGrace,ou=system"});
        DefaultEntry defaultEntry = new DefaultEntry(dn.toString(), new Object[]{"ObjectClass: top", "ObjectClass: person", "cn: userGrace", "sn: userGrace_sn", "userPassword: 12345"});
        AddRequestImpl addRequestImpl = new AddRequestImpl();
        addRequestImpl.setEntry(defaultEntry);
        addRequestImpl.addControl(PP_REQ_CTRL);
        AddResponse add = adminNetworkConnection.add(addRequestImpl);
        Assert.assertEquals(ResultCodeEnum.SUCCESS, add.getLdapResult().getResultCode());
        Assert.assertNull(getPwdRespCtrl(add));
        BindRequestImpl bindRequestImpl = new BindRequestImpl();
        bindRequestImpl.setDn(dn);
        bindRequestImpl.setCredentials("12345");
        bindRequestImpl.addControl(PP_REQ_CTRL);
        LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection("localhost", ldapServer.getPort());
        Thread.sleep(2000L);
        BindResponse bind = ldapNetworkConnection.bind(bindRequestImpl);
        Assert.assertTrue(ldapNetworkConnection.isAuthenticated());
        Assert.assertEquals(1L, getPwdRespCtrl(bind).getResponse().getGraceAuthNsRemaining());
        Entry lookup = adminNetworkConnection.lookup(dn, new String[]{"+"});
        Assert.assertNotNull(lookup.get("pwdGraceUseTime"));
        Attribute attribute = lookup.get("pwdChangedTime");
        ModifyRequestImpl modifyRequestImpl = new ModifyRequestImpl();
        modifyRequestImpl.setName(dn);
        modifyRequestImpl.replace("userPassword", new String[]{"secret1"});
        Assert.assertEquals(ResultCodeEnum.SUCCESS, ldapNetworkConnection.modify(modifyRequestImpl).getLdapResult().getResultCode());
        Entry lookup2 = adminNetworkConnection.lookup(dn, new String[]{"+"});
        Assert.assertNull(lookup2.get("pwdGraceUseTime"));
        Assert.assertNotSame(attribute.getString(), lookup2.get("pwdChangedTime").getString());
        ldapNetworkConnection.close();
    }

    @Test
    public void testPwdLockoutWithDuration() throws Exception {
        this.policyConfig.setPwdMaxFailure(2);
        this.policyConfig.setPwdLockout(true);
        this.policyConfig.setPwdLockoutDuration(5);
        this.policyConfig.setPwdGraceAuthNLimit(2);
        this.policyConfig.setPwdFailureCountInterval(0);
        LdapConnection adminNetworkConnection = IntegrationUtils.getAdminNetworkConnection(getLdapServer());
        Dn dn = new Dn(new String[]{"cn=userLockout,ou=system"});
        DefaultEntry defaultEntry = new DefaultEntry(dn.toString(), new Object[]{"ObjectClass: top", "ObjectClass: person", "cn: userLockout", "sn: userLockout_sn", "userPassword: 12345"});
        AddRequestImpl addRequestImpl = new AddRequestImpl();
        addRequestImpl.setEntry(defaultEntry);
        addRequestImpl.addControl(PP_REQ_CTRL);
        AddResponse add = adminNetworkConnection.add(addRequestImpl);
        Assert.assertEquals(ResultCodeEnum.SUCCESS, add.getLdapResult().getResultCode());
        Assert.assertNull(getPwdRespCtrl(add));
        BindRequestImpl bindRequestImpl = new BindRequestImpl();
        bindRequestImpl.setDn(dn);
        bindRequestImpl.setCredentials("1234");
        bindRequestImpl.addControl(PP_REQ_CTRL);
        LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection("localhost", ldapServer.getPort());
        for (int i = 0; i < 4; i++) {
            ldapNetworkConnection.bind(bindRequestImpl);
            Assert.assertFalse(ldapNetworkConnection.isAuthenticated());
        }
        Assert.assertNotNull(adminNetworkConnection.lookup(dn, new String[]{"+"}).get("pwdAccountLockedTime"));
        Thread.sleep(10000L);
        BindRequestImpl bindRequestImpl2 = new BindRequestImpl();
        bindRequestImpl2.setDn(dn);
        bindRequestImpl2.setCredentials("12345");
        bindRequestImpl2.addControl(PP_REQ_CTRL);
        ldapNetworkConnection.setTimeOut(Long.MAX_VALUE);
        ldapNetworkConnection.bind(bindRequestImpl2);
        Assert.assertTrue(ldapNetworkConnection.isAuthenticated());
        ldapNetworkConnection.close();
    }

    private PasswordPolicy getPwdRespCtrl(Response response) throws Exception {
        PasswordPolicyDecorator passwordPolicyDecorator = (Control) response.getControls().get(PP_REQ_CTRL.getOid());
        if (passwordPolicyDecorator == null) {
            return null;
        }
        return passwordPolicyDecorator.getDecorated();
    }
}
