package org.apache.directory.server.ppolicy;

import java.nio.charset.Charset;
import java.util.Date;
import org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicy;
import org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicyErrorEnum;
import org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicyImpl;
import org.apache.directory.api.ldap.extras.controls.ppolicy_impl.PasswordPolicyDecorator;
import org.apache.directory.api.ldap.model.constants.LdapSecurityConstants;
import org.apache.directory.api.ldap.model.constants.SchemaConstants;
import org.apache.directory.api.ldap.model.entry.Attribute;
import org.apache.directory.api.ldap.model.entry.DefaultEntry;
import org.apache.directory.api.ldap.model.entry.DefaultModification;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.entry.Modification;
import org.apache.directory.api.ldap.model.entry.ModificationOperation;
import org.apache.directory.api.ldap.model.exception.LdapAuthenticationException;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException;
import org.apache.directory.api.ldap.model.message.AddRequestImpl;
import org.apache.directory.api.ldap.model.message.AddResponse;
import org.apache.directory.api.ldap.model.message.BindRequestImpl;
import org.apache.directory.api.ldap.model.message.BindResponse;
import org.apache.directory.api.ldap.model.message.Control;
import org.apache.directory.api.ldap.model.message.ModifyRequestImpl;
import org.apache.directory.api.ldap.model.message.ModifyResponse;
import org.apache.directory.api.ldap.model.message.Response;
import org.apache.directory.api.ldap.model.message.ResultCodeEnum;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.ldap.model.password.PasswordUtil;
import org.apache.directory.api.util.DateUtils;
import org.apache.directory.ldap.client.api.LdapConnection;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.apache.directory.server.annotations.CreateLdapServer;
import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.core.annotations.CreateDS;
import org.apache.directory.server.core.api.InterceptorEnum;
import org.apache.directory.server.core.api.authn.ppolicy.CheckQualityEnum;
import org.apache.directory.server.core.api.authn.ppolicy.PasswordPolicyConfiguration;
import org.apache.directory.server.core.authn.ppolicy.PpolicyConfigContainer;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
import org.apache.directory.server.core.integ.IntegrationUtils;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Ignore;
import org.junit.Test;
import org.junit.runner.RunWith;

@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP"), @CreateTransport(protocol = "LDAPS")})
@RunWith(FrameworkRunner.class)
@CreateDS(enableChangeLog = false, name = "PasswordPolicyTest")
/* loaded from: input_file:org/apache/directory/server/ppolicy/PasswordPolicyIT.class */
public class PasswordPolicyIT extends AbstractLdapTestUnit {
    private static final PasswordPolicy PP_REQ_CTRL = new PasswordPolicyImpl();
    private PasswordPolicyConfiguration policyConfig;
    private Dn customPolicyDn;

    @Before
    public void setPwdPolicy() throws LdapException {
        this.policyConfig = new PasswordPolicyConfiguration();
        this.policyConfig.setPwdMaxAge(110);
        this.policyConfig.setPwdFailureCountInterval(30);
        this.policyConfig.setPwdMaxFailure(2);
        this.policyConfig.setPwdLockout(true);
        this.policyConfig.setPwdLockoutDuration(0);
        this.policyConfig.setPwdMinLength(5);
        this.policyConfig.setPwdInHistory(5);
        this.policyConfig.setPwdExpireWarning(600);
        this.policyConfig.setPwdGraceAuthNLimit(5);
        this.policyConfig.setPwdCheckQuality(CheckQualityEnum.CHECK_REJECT);
        PpolicyConfigContainer ppolicyConfigContainer = new PpolicyConfigContainer();
        Dn dn = new Dn(ldapServer.getDirectoryService().getSchemaManager(), new String[]{"cn=default"});
        ppolicyConfigContainer.addPolicy(dn, this.policyConfig);
        ppolicyConfigContainer.setDefaultPolicyDn(dn);
        this.customPolicyDn = new Dn(ldapServer.getDirectoryService().getSchemaManager(), new String[]{"cn=custom"});
        ppolicyConfigContainer.addPolicy(this.customPolicyDn, this.policyConfig);
        getService().getInterceptor(InterceptorEnum.AUTHENTICATION_INTERCEPTOR.getName()).setPwdPolicies(ppolicyConfigContainer);
    }

    @After
    public void closeConnections() {
        IntegrationUtils.closeConnections();
    }

    private PasswordPolicy getPwdRespCtrl(Response response) throws Exception {
        PasswordPolicyDecorator passwordPolicyDecorator = (Control) response.getControls().get(PP_REQ_CTRL.getOid());
        if (passwordPolicyDecorator == null) {
            return null;
        }
        return passwordPolicyDecorator.getDecorated();
    }

    private void addUser(LdapConnection ldapConnection, String str, Object obj) throws Exception {
        DefaultEntry defaultEntry = new DefaultEntry("cn=" + str + ",ou=system", new Object[]{"ObjectClass: top", "ObjectClass: person", "cn", str, "sn", str + "_sn", "userPassword", obj});
        AddRequestImpl addRequestImpl = new AddRequestImpl();
        addRequestImpl.setEntry(defaultEntry);
        addRequestImpl.addControl(PP_REQ_CTRL);
        AddResponse add = ldapConnection.add(addRequestImpl);
        Assert.assertEquals(ResultCodeEnum.SUCCESS, add.getLdapResult().getResultCode());
        Assert.assertNull(getPwdRespCtrl(add));
    }

    /* JADX WARN: Type inference failed for: r2v2, types: [byte[], byte[][]] */
    private ModifyResponse changePassword(Dn dn, String str, byte[] bArr) throws Exception {
        LdapConnection ldapConnection = null;
        try {
            ldapConnection = IntegrationUtils.getNetworkConnectionAs(ldapServer, dn.toString(), str);
            ModifyRequestImpl modifyRequestImpl = new ModifyRequestImpl();
            modifyRequestImpl.setName(dn);
            modifyRequestImpl.replace("userPassword", (byte[][]) new byte[]{bArr});
            ModifyResponse modify = ldapConnection.modify(modifyRequestImpl);
            ldapConnection.close();
            return modify;
        } catch (Throwable th) {
            ldapConnection.close();
            throw th;
        }
    }

    private ModifyResponse changePassword(Dn dn, String str, String str2) throws Exception {
        return changePassword(dn, str, str2.getBytes(Charset.forName("UTF-8")));
    }

    private void checkBindSuccess(Dn dn, String str) throws Exception {
        LdapConnection networkConnectionAs = IntegrationUtils.getNetworkConnectionAs(getLdapServer(), dn.getName(), str);
        Assert.assertNotNull(networkConnectionAs);
        Assert.assertTrue(networkConnectionAs.isAuthenticated());
        networkConnectionAs.close();
    }

    private void checkBindFailure(Dn dn, String str) throws Exception {
        LdapConnection ldapConnection = null;
        try {
            ldapConnection = IntegrationUtils.getNetworkConnectionAs(getLdapServer(), dn.getName(), str);
            Assert.assertNull(ldapConnection);
            if (ldapConnection != null) {
                ldapConnection.close();
            }
        } catch (LdapException e) {
            if (ldapConnection != null) {
                ldapConnection.close();
            }
        } catch (Throwable th) {
            if (ldapConnection != null) {
                ldapConnection.close();
            }
            throw th;
        }
    }

    private void checkBind(LdapConnection ldapConnection, Dn dn, String str, int i, String str2) throws Exception {
        for (int i2 = 0; i2 < i; i2++) {
            try {
                ldapConnection.bind(dn, str);
            } catch (LdapAuthenticationException e) {
                Assert.assertEquals(str2, e.getMessage());
            }
        }
    }

    /* JADX WARN: Type inference failed for: r1v16, types: [byte[], byte[][]] */
    @Test
    @Ignore
    public void testAddUserWithHashedPwd() throws Exception {
        LdapConnection adminNetworkConnection = IntegrationUtils.getAdminNetworkConnection(getLdapServer());
        byte[] createStoragePassword = PasswordUtil.createStoragePassword("12345", LdapSecurityConstants.HASH_METHOD_CRYPT);
        DefaultEntry defaultEntry = new DefaultEntry("cn=hashedpwd,ou=system", new Object[]{"ObjectClass: top", "ObjectClass: person", "cn: hashedpwd", "sn: hashedpwd_sn", "userPassword", createStoragePassword});
        AddRequestImpl addRequestImpl = new AddRequestImpl();
        addRequestImpl.setEntry(defaultEntry);
        addRequestImpl.addControl(PP_REQ_CTRL);
        AddResponse add = adminNetworkConnection.add(addRequestImpl);
        Assert.assertEquals(ResultCodeEnum.CONSTRAINT_VIOLATION, add.getLdapResult().getResultCode());
        PasswordPolicy pwdRespCtrl = getPwdRespCtrl(add);
        Assert.assertNotNull(pwdRespCtrl);
        Assert.assertEquals(PasswordPolicyErrorEnum.INSUFFICIENT_PASSWORD_QUALITY, pwdRespCtrl.getResponse().getPasswordPolicyError());
        this.policyConfig.setPwdCheckQuality(CheckQualityEnum.CHECK_ACCEPT);
        Attribute attribute = defaultEntry.get("userPassword");
        attribute.clear();
        attribute.add((byte[][]) new byte[]{createStoragePassword});
        AddResponse add2 = adminNetworkConnection.add(addRequestImpl);
        Assert.assertEquals(ResultCodeEnum.SUCCESS, add2.getLdapResult().getResultCode());
        Assert.assertNull(getPwdRespCtrl(add2));
        LdapConnection networkConnectionAs = IntegrationUtils.getNetworkConnectionAs(getLdapServer(), "cn=hashedpwd,ou=system", "12345");
        Assert.assertNotNull(networkConnectionAs);
        Assert.assertTrue(networkConnectionAs.isAuthenticated());
        adminNetworkConnection.close();
    }

    @Test
    public void testAddUserWithPwdChangedTime() throws Exception {
        LdapConnection adminNetworkConnection = IntegrationUtils.getAdminNetworkConnection(getLdapServer());
        DefaultEntry defaultEntry = new DefaultEntry("cn=hashedpwd,ou=system", new Object[]{"ObjectClass: top", "ObjectClass: person", "cn: hashedpwd", "sn: hashedpwd_sn", "userPassword: set4now", "pwdChangedTime", "20130913012307.296Z"});
        AddRequestImpl addRequestImpl = new AddRequestImpl();
        addRequestImpl.setEntry(defaultEntry);
        addRequestImpl.addControl(PP_REQ_CTRL);
        Assert.assertEquals(ResultCodeEnum.SUCCESS, adminNetworkConnection.add(addRequestImpl).getLdapResult().getResultCode());
        Attribute attribute = adminNetworkConnection.lookup("cn=hashedpwd,ou=system", SchemaConstants.ALL_ATTRIBUTES_ARRAY).get("pwdChangedTime");
        Assert.assertNotNull(attribute);
        Assert.assertEquals("20130913012307.296Z", attribute.getString());
        adminNetworkConnection.close();
    }

    @Test
    public void testModifyUserWithHashedPwd() throws Exception {
        Dn dn = new Dn(new String[]{"cn=hashedpwdm,ou=system"});
        LdapConnection adminNetworkConnection = IntegrationUtils.getAdminNetworkConnection(getLdapServer());
        adminNetworkConnection.add(new DefaultEntry(dn.toString(), new Object[]{"ObjectClass: top", "ObjectClass: person", "cn: hashedpwdm", "sn: hashedpwdm_sn", "userPassword", "set4now"}));
        Assert.assertEquals(ResultCodeEnum.CONSTRAINT_VIOLATION, changePassword(dn, "set4now", PasswordUtil.createStoragePassword("12345", LdapSecurityConstants.HASH_METHOD_CRYPT)).getLdapResult().getResultCode());
        checkBindFailure(dn, "12345");
        adminNetworkConnection.close();
    }

    @Test
    public void testPwdLockoutForever() throws Exception {
        this.policyConfig.setPwdMaxFailure(2);
        this.policyConfig.setPwdLockout(true);
        this.policyConfig.setPwdLockoutDuration(0);
        this.policyConfig.setPwdGraceAuthNLimit(2);
        this.policyConfig.setPwdFailureCountInterval(30);
        LdapConnection adminNetworkConnection = IntegrationUtils.getAdminNetworkConnection(getLdapServer());
        Dn dn = new Dn(new String[]{"cn=user2,ou=system"});
        DefaultEntry defaultEntry = new DefaultEntry(dn.toString(), new Object[]{"ObjectClass: top", "ObjectClass: person", "cn: user2", "sn: user_sn", "userPassword: 12345"});
        AddRequestImpl addRequestImpl = new AddRequestImpl();
        addRequestImpl.setEntry(defaultEntry);
        addRequestImpl.addControl(PP_REQ_CTRL);
        AddResponse add = adminNetworkConnection.add(addRequestImpl);
        Assert.assertEquals(ResultCodeEnum.SUCCESS, add.getLdapResult().getResultCode());
        Assert.assertNull(getPwdRespCtrl(add));
        BindRequestImpl bindRequestImpl = new BindRequestImpl();
        bindRequestImpl.setDn(dn);
        bindRequestImpl.setCredentials("1234");
        bindRequestImpl.addControl(PP_REQ_CTRL);
        LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection("localhost", ldapServer.getPort());
        for (int i = 0; i < 3; i++) {
            ldapNetworkConnection.bind(bindRequestImpl);
            Assert.assertFalse(ldapNetworkConnection.isAuthenticated());
        }
        Thread.sleep(2000L);
        Entry lookup = adminNetworkConnection.lookup(dn, SchemaConstants.ALL_ATTRIBUTES_ARRAY);
        Attribute attribute = lookup.get("pwdAccountLockedTime");
        Assert.assertNotNull(attribute);
        Assert.assertEquals("000001010000Z", attribute.getString());
        BindRequestImpl bindRequestImpl2 = new BindRequestImpl();
        bindRequestImpl2.setDn(dn);
        bindRequestImpl2.setCredentials("12345");
        bindRequestImpl2.addControl(PP_REQ_CTRL);
        ldapNetworkConnection.bind(bindRequestImpl2);
        Assert.assertFalse(ldapNetworkConnection.isAuthenticated());
        ldapNetworkConnection.close();
        ModifyRequestImpl modifyRequestImpl = new ModifyRequestImpl();
        modifyRequestImpl.setName(dn);
        modifyRequestImpl.addControl(PP_REQ_CTRL);
        modifyRequestImpl.remove(lookup.get("userPassword"));
        Assert.assertEquals(ResultCodeEnum.SUCCESS, adminNetworkConnection.modify(modifyRequestImpl).getLdapResult().getResultCode());
        Entry lookup2 = adminNetworkConnection.lookup(dn, new String[]{"+"});
        Assert.assertNull(lookup2.get("pwdFailureTime"));
        Assert.assertNull(lookup2.get("pwdGraceUseTime"));
        Assert.assertNull(lookup2.get("pwdHistory"));
        Assert.assertNull(lookup2.get("pwdChangedTime"));
        Assert.assertNull(lookup2.get("pwdAccountLockedTime"));
        adminNetworkConnection.close();
    }

    @Test
    public void testPwdMinAge() throws Exception {
        this.policyConfig.setPwdMinAge(5);
        LdapConnection adminNetworkConnection = IntegrationUtils.getAdminNetworkConnection(getLdapServer());
        Dn dn = new Dn(new String[]{"cn=userMinAge,ou=system"});
        adminNetworkConnection.add(new DefaultEntry(dn.toString(), new Object[]{"ObjectClass: top", "ObjectClass: person", "cn: userMinAge", "sn: userMinAge_sn", "userPassword: 12345"}));
        Assert.assertEquals(ResultCodeEnum.CONSTRAINT_VIOLATION, changePassword(dn, "12345", "123456").getLdapResult().getResultCode());
        Thread.sleep(5000L);
        Assert.assertEquals(ResultCodeEnum.SUCCESS, changePassword(dn, "12345", "123456").getLdapResult().getResultCode());
        checkBindSuccess(dn, "123456");
        adminNetworkConnection.close();
    }

    @Test
    public void testPwdInHistory() throws Exception {
        this.policyConfig.setPwdInHistory(2);
        LdapConnection adminNetworkConnection = IntegrationUtils.getAdminNetworkConnection(getLdapServer());
        Dn dn = new Dn(new String[]{"cn=userPwdHist,ou=system"});
        addUser(adminNetworkConnection, "userPwdHist", "12345");
        checkBindSuccess(dn, "12345");
        Assert.assertNotNull(adminNetworkConnection.lookup(dn, new String[]{"*", "+"}).get("pwdHistory"));
        Assert.assertEquals(1L, r0.size());
        Thread.sleep(1000L);
        adminNetworkConnection.modify(dn, new Modification[]{new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, "userPassword", new String[]{"67891"})});
        checkBindSuccess(dn, "67891");
        Assert.assertNotNull(adminNetworkConnection.lookup(dn, new String[]{"*", "+"}).get("pwdHistory"));
        Assert.assertEquals(2L, r0.size());
        Thread.sleep(1000L);
        Modification defaultModification = new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, "userPassword", new String[]{"abcde"});
        adminNetworkConnection.modify(dn, new Modification[]{defaultModification});
        checkBindSuccess(dn, "abcde");
        Assert.assertNotNull(adminNetworkConnection.lookup(dn, new String[]{"*", "+"}).get("pwdHistory"));
        Assert.assertEquals(2L, r0.size());
        try {
            adminNetworkConnection.modify(dn, new Modification[]{defaultModification});
            Assert.fail();
        } catch (LdapInvalidAttributeValueException e) {
        }
        adminNetworkConnection.modify(dn, new Modification[]{new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, "userPassword", new String[]{"12345"})});
        checkBindSuccess(dn, "12345");
        adminNetworkConnection.close();
    }

    @Test
    public void testPwdLength() throws Exception {
        this.policyConfig.setPwdMinLength(5);
        this.policyConfig.setPwdMaxLength(7);
        this.policyConfig.setPwdCheckQuality(CheckQualityEnum.CHECK_REJECT);
        LdapConnection adminNetworkConnection = IntegrationUtils.getAdminNetworkConnection(getLdapServer());
        Dn dn = new Dn(new String[]{"cn=userLen,ou=system"});
        adminNetworkConnection.add(new DefaultEntry(dn.toString(), new Object[]{"ObjectClass: top", "ObjectClass: person", "cn: userLen", "sn: userLen_sn", "userPassword: set4now"}));
        Assert.assertEquals(ResultCodeEnum.CONSTRAINT_VIOLATION, changePassword(dn, "set4now", "1234").getLdapResult().getResultCode());
        checkBindFailure(dn, "1234");
        Assert.assertEquals(ResultCodeEnum.CONSTRAINT_VIOLATION, changePassword(dn, "set4now", "12345678").getLdapResult().getResultCode());
        checkBindFailure(dn, "12345678");
        Assert.assertEquals(ResultCodeEnum.SUCCESS, changePassword(dn, "set4now", "123456").getLdapResult().getResultCode());
        checkBindSuccess(dn, "123456");
        adminNetworkConnection.close();
    }

    @Test
    public void testPwdMaxAgeNoGraceAuthNLimit() throws Exception {
        this.policyConfig.setPwdMaxAge(5);
        this.policyConfig.setPwdGraceAuthNLimit(0);
        LdapConnection adminNetworkConnection = IntegrationUtils.getAdminNetworkConnection(getLdapServer());
        Dn dn = new Dn(new String[]{"cn=userMaxAgeNoGraceAuthNLimit,ou=system"});
        addUser(adminNetworkConnection, "userMaxAgeNoGraceAuthNLimit", "12345");
        BindRequestImpl bindRequestImpl = new BindRequestImpl();
        bindRequestImpl.setDn(dn);
        bindRequestImpl.setCredentials("12345".getBytes());
        bindRequestImpl.addControl(PP_REQ_CTRL);
        LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection("localhost", ldapServer.getPort());
        ldapNetworkConnection.setTimeOut(0L);
        Thread.sleep(1000L);
        BindResponse bind = ldapNetworkConnection.bind(bindRequestImpl);
        Assert.assertEquals(ResultCodeEnum.SUCCESS, bind.getLdapResult().getResultCode());
        PasswordPolicy pwdRespCtrl = getPwdRespCtrl(bind);
        Assert.assertNotNull(pwdRespCtrl);
        Assert.assertTrue(pwdRespCtrl.getResponse().getTimeBeforeExpiration() > 0);
        Thread.sleep(4500L);
        BindResponse bind2 = ldapNetworkConnection.bind(bindRequestImpl);
        Assert.assertEquals(ResultCodeEnum.INVALID_CREDENTIALS, bind2.getLdapResult().getResultCode());
        Assert.assertEquals(PasswordPolicyErrorEnum.PASSWORD_EXPIRED, getPwdRespCtrl(bind2).getResponse().getPasswordPolicyError());
        adminNetworkConnection.close();
    }

    @Test
    public void testPwdMaxAgeWithGraceAuthNLimit() throws Exception {
        this.policyConfig.setPwdMaxAge(5);
        this.policyConfig.setPwdGraceAuthNLimit(2);
        LdapConnection adminNetworkConnection = IntegrationUtils.getAdminNetworkConnection(getLdapServer());
        Dn dn = new Dn(new String[]{"cn=userMaxAgeWithGraceAuthNLimit,ou=system"});
        addUser(adminNetworkConnection, "userMaxAgeWithGraceAuthNLimit", "12345");
        BindRequestImpl bindRequestImpl = new BindRequestImpl();
        bindRequestImpl.setDn(dn);
        bindRequestImpl.setCredentials("12345".getBytes());
        bindRequestImpl.addControl(PP_REQ_CTRL);
        LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection("localhost", ldapServer.getPort());
        ldapNetworkConnection.setTimeOut(0L);
        Thread.sleep(1000L);
        BindResponse bind = ldapNetworkConnection.bind(bindRequestImpl);
        Assert.assertEquals(ResultCodeEnum.SUCCESS, bind.getLdapResult().getResultCode());
        PasswordPolicy pwdRespCtrl = getPwdRespCtrl(bind);
        Assert.assertNotNull(pwdRespCtrl);
        Assert.assertTrue(pwdRespCtrl.getResponse().getTimeBeforeExpiration() > 0);
        Thread.sleep(4500L);
        BindResponse bind2 = ldapNetworkConnection.bind(bindRequestImpl);
        Assert.assertEquals(ResultCodeEnum.SUCCESS, bind2.getLdapResult().getResultCode());
        Assert.assertNotNull(getPwdRespCtrl(bind2));
        Assert.assertEquals(1L, r0.getResponse().getGraceAuthNRemaining());
        BindResponse bind3 = ldapNetworkConnection.bind(bindRequestImpl);
        Assert.assertEquals(ResultCodeEnum.SUCCESS, bind3.getLdapResult().getResultCode());
        Assert.assertNotNull(getPwdRespCtrl(bind3));
        Assert.assertEquals(0L, r0.getResponse().getGraceAuthNRemaining());
        BindResponse bind4 = ldapNetworkConnection.bind(bindRequestImpl);
        Assert.assertEquals(ResultCodeEnum.INVALID_CREDENTIALS, bind4.getLdapResult().getResultCode());
        Assert.assertEquals(PasswordPolicyErrorEnum.PASSWORD_EXPIRED, getPwdRespCtrl(bind4).getResponse().getPasswordPolicyError());
        adminNetworkConnection.close();
    }

    @Test
    public void testPwdMaxAgeWithGraceExpire() throws Exception {
        this.policyConfig.setPwdMaxAge(5);
        this.policyConfig.setPwdGraceExpire(2);
        this.policyConfig.setPwdGraceAuthNLimit(2);
        LdapConnection adminNetworkConnection = IntegrationUtils.getAdminNetworkConnection(getLdapServer());
        Dn dn = new Dn(new String[]{"cn=userMaxAgeWithGraceExpire,ou=system"});
        addUser(adminNetworkConnection, "userMaxAgeWithGraceExpire", "12345");
        BindRequestImpl bindRequestImpl = new BindRequestImpl();
        bindRequestImpl.setDn(dn);
        bindRequestImpl.setCredentials("12345".getBytes());
        bindRequestImpl.addControl(PP_REQ_CTRL);
        LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection("localhost", ldapServer.getPort());
        ldapNetworkConnection.setTimeOut(0L);
        Thread.sleep(1000L);
        BindResponse bind = ldapNetworkConnection.bind(bindRequestImpl);
        Assert.assertEquals(ResultCodeEnum.SUCCESS, bind.getLdapResult().getResultCode());
        PasswordPolicy pwdRespCtrl = getPwdRespCtrl(bind);
        Assert.assertNotNull(pwdRespCtrl);
        Assert.assertTrue(pwdRespCtrl.getResponse().getTimeBeforeExpiration() > 0);
        Thread.sleep(4500L);
        BindResponse bind2 = ldapNetworkConnection.bind(bindRequestImpl);
        Assert.assertEquals(ResultCodeEnum.SUCCESS, bind2.getLdapResult().getResultCode());
        Assert.assertNotNull(getPwdRespCtrl(bind2));
        Assert.assertEquals(1L, r0.getResponse().getGraceAuthNRemaining());
        BindResponse bind3 = ldapNetworkConnection.bind(bindRequestImpl);
        Assert.assertEquals(ResultCodeEnum.SUCCESS, bind3.getLdapResult().getResultCode());
        Assert.assertNotNull(getPwdRespCtrl(bind3));
        Assert.assertEquals(0L, r0.getResponse().getGraceAuthNRemaining());
        BindResponse bind4 = ldapNetworkConnection.bind(bindRequestImpl);
        Assert.assertEquals(ResultCodeEnum.INVALID_CREDENTIALS, bind4.getLdapResult().getResultCode());
        Assert.assertEquals(PasswordPolicyErrorEnum.PASSWORD_EXPIRED, getPwdRespCtrl(bind4).getResponse().getPasswordPolicyError());
        adminNetworkConnection.close();
    }

    @Test
    public void testPwdMaxAgeAndGraceAuth() throws Exception {
        this.policyConfig.setPwdMaxAge(5);
        this.policyConfig.setPwdExpireWarning(4);
        this.policyConfig.setPwdGraceAuthNLimit(2);
        LdapConnection adminNetworkConnection = IntegrationUtils.getAdminNetworkConnection(getLdapServer());
        Dn dn = new Dn(new String[]{"cn=userMaxAgeAndGraceAuth,ou=system"});
        addUser(adminNetworkConnection, "userMaxAgeAndGraceAuth", "12345");
        BindRequestImpl bindRequestImpl = new BindRequestImpl();
        bindRequestImpl.setDn(dn);
        bindRequestImpl.setCredentials("12345".getBytes());
        bindRequestImpl.addControl(PP_REQ_CTRL);
        LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection("localhost", ldapServer.getPort());
        ldapNetworkConnection.setTimeOut(0L);
        Thread.sleep(1000L);
        BindResponse bind = ldapNetworkConnection.bind(bindRequestImpl);
        Assert.assertEquals(ResultCodeEnum.SUCCESS, bind.getLdapResult().getResultCode());
        PasswordPolicy pwdRespCtrl = getPwdRespCtrl(bind);
        Assert.assertNotNull(pwdRespCtrl);
        Assert.assertTrue(pwdRespCtrl.getResponse().getTimeBeforeExpiration() > 0);
        Thread.sleep(4000L);
        BindResponse bind2 = ldapNetworkConnection.bind(bindRequestImpl);
        Assert.assertEquals(ResultCodeEnum.SUCCESS, bind2.getLdapResult().getResultCode());
        Assert.assertNotNull(getPwdRespCtrl(bind2));
        Assert.assertEquals(1L, r0.getResponse().getGraceAuthNRemaining());
        Thread.sleep(1000L);
        Assert.assertEquals(ResultCodeEnum.SUCCESS, ldapNetworkConnection.bind(bindRequestImpl).getLdapResult().getResultCode());
        Assert.assertEquals(0L, getPwdRespCtrl(r0).getResponse().getGraceAuthNRemaining());
        BindResponse bind3 = ldapNetworkConnection.bind(bindRequestImpl);
        Assert.assertEquals(ResultCodeEnum.INVALID_CREDENTIALS, bind3.getLdapResult().getResultCode());
        Assert.assertEquals(PasswordPolicyErrorEnum.PASSWORD_EXPIRED, getPwdRespCtrl(bind3).getResponse().getPasswordPolicyError());
        adminNetworkConnection.close();
    }

    @Test
    public void testModifyPwdSubentry() throws Exception {
        LdapConnection adminNetworkConnection = IntegrationUtils.getAdminNetworkConnection(getLdapServer());
        Dn dn = new Dn(new String[]{"cn=ppolicySubentry,ou=system"});
        DefaultEntry defaultEntry = new DefaultEntry(dn.toString(), new Object[]{"ObjectClass: top", "ObjectClass: person", "cn: ppolicySubentry", "sn: ppolicySubentry_sn", "userPassword: 12345", "pwdPolicySubEntry:" + this.customPolicyDn.getName()});
        AddRequestImpl addRequestImpl = new AddRequestImpl();
        addRequestImpl.setEntry(defaultEntry);
        addRequestImpl.addControl(PP_REQ_CTRL);
        Assert.assertEquals(ResultCodeEnum.SUCCESS, adminNetworkConnection.add(addRequestImpl).getLdapResult().getResultCode());
        Assert.assertEquals(this.customPolicyDn.getName(), adminNetworkConnection.lookup(dn, new String[]{"*", "+"}).get("pwdPolicySubEntry").getString());
        ModifyRequestImpl modifyRequestImpl = new ModifyRequestImpl();
        modifyRequestImpl.setName(dn);
        modifyRequestImpl.replace("pwdPolicySubEntry", new String[]{"cn=policy,ou=system"});
        Assert.assertEquals(ResultCodeEnum.SUCCESS, adminNetworkConnection.modify(modifyRequestImpl).getLdapResult().getResultCode());
        Assert.assertEquals("cn=policy,ou=system", adminNetworkConnection.lookup(dn, new String[]{"*", "+"}).get("pwdPolicySubEntry").getString());
        LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection("localhost", getLdapServer().getPort());
        ldapNetworkConnection.bind(dn.getName(), "12345");
        ModifyResponse modify = ldapNetworkConnection.modify(modifyRequestImpl);
        modifyRequestImpl.replace("pwdPolicySubEntry", new String[]{dn.getName()});
        Assert.assertEquals(ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS, modify.getLdapResult().getResultCode());
        ldapNetworkConnection.close();
    }

    @Test
    public void testGraceAuth() throws Exception {
        this.policyConfig.setPwdMaxFailure(2);
        this.policyConfig.setPwdLockout(true);
        this.policyConfig.setPwdLockoutDuration(0);
        this.policyConfig.setPwdGraceAuthNLimit(2);
        this.policyConfig.setPwdFailureCountInterval(60);
        this.policyConfig.setPwdMaxAge(1);
        LdapConnection adminNetworkConnection = IntegrationUtils.getAdminNetworkConnection(getLdapServer());
        Dn dn = new Dn(new String[]{"cn=userGrace,ou=system"});
        addUser(adminNetworkConnection, "userGrace", "12345");
        BindRequestImpl bindRequestImpl = new BindRequestImpl();
        bindRequestImpl.setDn(dn);
        bindRequestImpl.setCredentials("12345");
        bindRequestImpl.addControl(PP_REQ_CTRL);
        LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection("localhost", ldapServer.getPort());
        Thread.sleep(2000L);
        BindResponse bind = ldapNetworkConnection.bind(bindRequestImpl);
        Assert.assertTrue(ldapNetworkConnection.isAuthenticated());
        Assert.assertEquals(1L, getPwdRespCtrl(bind).getResponse().getGraceAuthNRemaining());
        Entry lookup = adminNetworkConnection.lookup(dn, new String[]{"+"});
        Assert.assertNotNull(lookup.get("pwdGraceUseTime"));
        Attribute attribute = lookup.get("pwdChangedTime");
        ModifyRequestImpl modifyRequestImpl = new ModifyRequestImpl();
        modifyRequestImpl.setName(dn);
        modifyRequestImpl.replace("userPassword", new String[]{"secret1"});
        Assert.assertEquals(ResultCodeEnum.SUCCESS, ldapNetworkConnection.modify(modifyRequestImpl).getLdapResult().getResultCode());
        Entry lookup2 = adminNetworkConnection.lookup(dn, new String[]{"+"});
        Assert.assertNull(lookup2.get("pwdGraceUseTime"));
        Assert.assertNotSame(attribute.getString(), lookup2.get("pwdChangedTime").getString());
        ldapNetworkConnection.close();
        adminNetworkConnection.close();
    }

    @Test
    public void testPwdLockoutWithDuration() throws Exception {
        this.policyConfig.setPwdMaxFailure(2);
        this.policyConfig.setPwdLockout(true);
        this.policyConfig.setPwdLockoutDuration(5);
        this.policyConfig.setPwdGraceAuthNLimit(2);
        this.policyConfig.setPwdFailureCountInterval(0);
        LdapConnection adminNetworkConnection = IntegrationUtils.getAdminNetworkConnection(getLdapServer());
        Dn dn = new Dn(new String[]{"cn=userLockoutWithDuration,ou=system"});
        addUser(adminNetworkConnection, "userLockoutWithDuration", "12345");
        BindRequestImpl bindRequestImpl = new BindRequestImpl();
        bindRequestImpl.setDn(dn);
        bindRequestImpl.setCredentials("1234");
        bindRequestImpl.addControl(PP_REQ_CTRL);
        LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection("localhost", ldapServer.getPort());
        for (int i = 0; i < 4; i++) {
            ldapNetworkConnection.bind(bindRequestImpl);
            Assert.assertFalse(ldapNetworkConnection.isAuthenticated());
        }
        Assert.assertNotNull(adminNetworkConnection.lookup(dn, new String[]{"+"}).get("pwdAccountLockedTime"));
        Thread.sleep(10000L);
        BindRequestImpl bindRequestImpl2 = new BindRequestImpl();
        bindRequestImpl2.setDn(dn);
        bindRequestImpl2.setCredentials("12345");
        bindRequestImpl2.addControl(PP_REQ_CTRL);
        ldapNetworkConnection.setTimeOut(Long.MAX_VALUE);
        ldapNetworkConnection.bind(bindRequestImpl2);
        Assert.assertTrue(ldapNetworkConnection.isAuthenticated());
        ldapNetworkConnection.close();
        adminNetworkConnection.close();
    }

    @Test
    public void testPwdLockoutWithNAttempts() throws Exception {
        this.policyConfig.setPwdMaxFailure(3);
        this.policyConfig.setPwdLockout(true);
        Dn dn = new Dn(new String[]{"cn=userLockout,ou=system"});
        LdapConnection adminNetworkConnection = IntegrationUtils.getAdminNetworkConnection(getLdapServer());
        addUser(adminNetworkConnection, "userLockout", "12345");
        LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection("localhost", ldapServer.getPort());
        ldapNetworkConnection.setTimeOut(0L);
        checkBind(ldapNetworkConnection, dn, "badPassword", 3, "INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user cn=userLockout,ou=system");
        checkBind(ldapNetworkConnection, dn, "badPassword", 1, "INVALID_CREDENTIALS: Bind failed: account was permanently locked");
        ldapNetworkConnection.close();
        Assert.assertNotNull(adminNetworkConnection.lookup(dn, new String[]{"+"}).get("pwdAccountLockedTime"));
        adminNetworkConnection.close();
    }

    @Test
    public void testPwdLockoutWithNAttemptsAndLockoutDelay() throws Exception {
        this.policyConfig.setPwdLockout(true);
        this.policyConfig.setPwdMaxFailure(3);
        this.policyConfig.setPwdLockoutDuration(5);
        Dn dn = new Dn(new String[]{"cn=userLockout2,ou=system"});
        LdapConnection adminNetworkConnection = IntegrationUtils.getAdminNetworkConnection(getLdapServer());
        addUser(adminNetworkConnection, "userLockout2", "12345");
        LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection("localhost", ldapServer.getPort());
        ldapNetworkConnection.setTimeOut(0L);
        checkBind(ldapNetworkConnection, dn, "badPassword", 3, "INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user cn=userLockout2,ou=system");
        boolean z = false;
        int i = 0;
        while (i < 10) {
            try {
                ldapNetworkConnection.bind(dn, "12345");
                z = true;
                break;
            } catch (LdapException e) {
                Assert.assertNotNull(adminNetworkConnection.lookup(dn, new String[]{"+"}).get("pwdAccountLockedTime"));
                Thread.sleep(1000L);
                i++;
            }
        }
        Assert.assertTrue(z);
        Assert.assertTrue(i >= 5);
        ldapNetworkConnection.close();
        Assert.assertNull(adminNetworkConnection.lookup(dn, new String[]{"+"}).get("pwdAccountLockedTime"));
        adminNetworkConnection.close();
    }

    @Test
    public void testPwdLockoutFailureCountInterval() throws Exception {
        this.policyConfig.setPwdLockout(true);
        this.policyConfig.setPwdMaxFailure(5);
        this.policyConfig.setPwdFailureCountInterval(2);
        Dn dn = new Dn(new String[]{"cn=userLockout3,ou=system"});
        LdapConnection adminNetworkConnection = IntegrationUtils.getAdminNetworkConnection(getLdapServer());
        addUser(adminNetworkConnection, "userLockout3", "12345");
        LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection("localhost", ldapServer.getPort());
        ldapNetworkConnection.setTimeOut(0L);
        checkBind(ldapNetworkConnection, dn, "badPassword", 1, "INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user cn=userLockout3,ou=system");
        Assert.assertNotNull(adminNetworkConnection.lookup(dn, new String[]{"+"}).get("pwdFailureTime"));
        Assert.assertEquals(1L, r0.size());
        Thread.sleep(1000L);
        checkBind(ldapNetworkConnection, dn, "badPassword", 1, "INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user cn=userLockout3,ou=system");
        Assert.assertNotNull(adminNetworkConnection.lookup(dn, new String[]{"+"}).get("pwdFailureTime"));
        Assert.assertEquals(2L, r0.size());
        Thread.sleep(1000L);
        checkBind(ldapNetworkConnection, dn, "badPassword", 1, "INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user cn=userLockout3,ou=system");
        Assert.assertNotNull(adminNetworkConnection.lookup(dn, new String[]{"+"}).get("pwdFailureTime"));
        Assert.assertEquals(2L, r0.size());
        Thread.sleep(1000L);
        checkBind(ldapNetworkConnection, dn, "badPassword", 1, "INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user cn=userLockout3,ou=system");
        Assert.assertNotNull(adminNetworkConnection.lookup(dn, new String[]{"+"}).get("pwdFailureTime"));
        Assert.assertEquals(2L, r0.size());
        ldapNetworkConnection.close();
        adminNetworkConnection.close();
    }

    @Test
    @Ignore
    public void testPwdAttempsDelayed() throws Exception {
        this.policyConfig.setPwdMinDelay(200);
        this.policyConfig.setPwdMaxDelay(400);
        this.policyConfig.setPwdLockout(true);
        Dn dn = new Dn(new String[]{"cn=userLockout,ou=system"});
        LdapConnection adminNetworkConnection = IntegrationUtils.getAdminNetworkConnection(getLdapServer());
        addUser(adminNetworkConnection, "userLockout", "12345");
        LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection("localhost", ldapServer.getPort());
        checkBind(ldapNetworkConnection, dn, "badPassword", 1, "INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user cn=userLockout,ou=system");
        Thread.sleep(1000L);
        checkBind(ldapNetworkConnection, dn, "12345", 1, "INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user cn=userLockout,ou=system");
        Thread.sleep(1200L);
        ldapNetworkConnection.bind(dn, "12345");
        ldapNetworkConnection.close();
        adminNetworkConnection.close();
    }

    @Test
    public void testPwMaxIdle() throws Exception {
        this.policyConfig.setPwdMaxIdle(5);
        Dn dn = new Dn(new String[]{"cn=userLockout4,ou=system"});
        LdapConnection adminNetworkConnection = IntegrationUtils.getAdminNetworkConnection(getLdapServer());
        addUser(adminNetworkConnection, "userLockout4", "12345");
        checkBindSuccess(dn, "12345");
        Thread.sleep(5000L);
        checkBindFailure(dn, "12345");
        adminNetworkConnection.close();
    }

    @Test
    public void testPwdAllowUserChange() throws Exception {
        this.policyConfig.setPwdAllowUserChange(false);
        Dn dn = new Dn(new String[]{"cn=userAllowUserChange,ou=system"});
        LdapConnection adminNetworkConnection = IntegrationUtils.getAdminNetworkConnection(getLdapServer());
        addUser(adminNetworkConnection, "userAllowUserChange", "12345");
        new LdapNetworkConnection("localhost", ldapServer.getPort()).setTimeOut(0L);
        checkBindSuccess(dn, "12345");
        ModifyRequestImpl modifyRequestImpl = new ModifyRequestImpl();
        modifyRequestImpl.setName(dn);
        modifyRequestImpl.addControl(PP_REQ_CTRL);
        modifyRequestImpl.replace("userPassword", new String[]{"67890"});
        LdapConnection networkConnectionAs = IntegrationUtils.getNetworkConnectionAs(getLdapServer(), dn.getName(), "12345");
        networkConnectionAs.setTimeOut(0L);
        Assert.assertEquals(ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS, networkConnectionAs.modify(modifyRequestImpl).getLdapResult().getResultCode());
        this.policyConfig.setPwdAllowUserChange(true);
        Assert.assertEquals(ResultCodeEnum.SUCCESS, networkConnectionAs.modify(modifyRequestImpl).getLdapResult().getResultCode());
        networkConnectionAs.close();
        checkBindSuccess(dn, "67890");
        adminNetworkConnection.close();
    }

    @Test
    public void testPwdExpireWarning() throws Exception {
        this.policyConfig.setPwdGraceAuthNLimit(0);
        this.policyConfig.setPwdMaxAge(3600);
        this.policyConfig.setPwdExpireWarning(600);
        LdapConnection ldapConnection = null;
        LdapConnection ldapConnection2 = null;
        LdapConnection ldapConnection3 = null;
        try {
            Dn dn = new Dn(new String[]{"cn=userExpireWarningToo,ou=system"});
            ldapConnection = IntegrationUtils.getAdminNetworkConnection(getLdapServer());
            ldapConnection2 = new LdapNetworkConnection("localhost", ldapServer.getPort());
            ldapConnection2.setTimeOut(0L);
            ldapConnection3 = new LdapNetworkConnection("localhost", ldapServer.getPort());
            ldapConnection3.setTimeOut(0L);
            addUser(ldapConnection, "userExpireWarningToo", "12345");
            BindRequestImpl bindRequestImpl = new BindRequestImpl();
            bindRequestImpl.setDn(dn);
            bindRequestImpl.setCredentials("12345");
            bindRequestImpl.addControl(PP_REQ_CTRL);
            PasswordPolicy pwdRespCtrl = getPwdRespCtrl(ldapConnection3.bind(bindRequestImpl));
            Assert.assertNotNull(pwdRespCtrl);
            Assert.assertNull(pwdRespCtrl.getResponse());
            ModifyRequestImpl modifyRequestImpl = new ModifyRequestImpl();
            modifyRequestImpl.setName(dn);
            modifyRequestImpl.replace("pwdChangedTime", new String[]{DateUtils.getGeneralizedTime(new Date().getTime() - 3100000)});
            ldapConnection.modify(modifyRequestImpl);
            BindRequestImpl bindRequestImpl2 = new BindRequestImpl();
            bindRequestImpl2.setDn(dn);
            bindRequestImpl2.setCredentials("12345");
            bindRequestImpl2.addControl(new PasswordPolicyImpl());
            PasswordPolicy pwdRespCtrl2 = getPwdRespCtrl(ldapConnection2.bind(bindRequestImpl2));
            Assert.assertNotNull(pwdRespCtrl2);
            Assert.assertNotNull(pwdRespCtrl2.getResponse());
            Assert.assertTrue(pwdRespCtrl2.getResponse().getTimeBeforeExpiration() > 0);
            ModifyRequestImpl modifyRequestImpl2 = new ModifyRequestImpl();
            modifyRequestImpl2.setName(dn);
            modifyRequestImpl2.replace("pwdChangedTime", new String[]{DateUtils.getGeneralizedTime(new Date().getTime() - 3700000)});
            ldapConnection.modify(modifyRequestImpl2);
            BindRequestImpl bindRequestImpl3 = new BindRequestImpl();
            bindRequestImpl3.setDn(dn);
            bindRequestImpl3.setCredentials("12345");
            bindRequestImpl3.addControl(new PasswordPolicyImpl());
            BindResponse bind = ldapConnection2.bind(bindRequestImpl3);
            Assert.assertEquals(ResultCodeEnum.INVALID_CREDENTIALS, bind.getLdapResult().getResultCode());
            PasswordPolicy pwdRespCtrl3 = getPwdRespCtrl(bind);
            Assert.assertNotNull(pwdRespCtrl3);
            Assert.assertNotNull(pwdRespCtrl3.getResponse());
            Assert.assertEquals(PasswordPolicyErrorEnum.PASSWORD_EXPIRED, pwdRespCtrl3.getResponse().getPasswordPolicyError());
            safeCloseConnections(ldapConnection2, ldapConnection3, ldapConnection);
        } catch (Throwable th) {
            safeCloseConnections(ldapConnection2, ldapConnection3, ldapConnection);
            throw th;
        }
    }

    private void safeCloseConnections(LdapConnection... ldapConnectionArr) {
        for (LdapConnection ldapConnection : ldapConnectionArr) {
            try {
                ldapConnection.close();
            } catch (Exception e) {
            }
        }
    }

    @Test
    public void testPwdMinAgeWithMustChange() throws Exception {
        this.policyConfig.setPwdMustChange(true);
        this.policyConfig.setPwdMinAge(1);
        LdapConnection adminNetworkConnection = IntegrationUtils.getAdminNetworkConnection(getLdapServer());
        Dn dn = new Dn(new String[]{"cn=userMinAgeMustChange,ou=system"});
        adminNetworkConnection.add(new DefaultEntry(dn.toString(), new Object[]{"ObjectClass: top", "ObjectClass: person", "cn: userMinAgeMustChange", "sn: userMinAgeMustChange_sn", "userPassword: 12345"}));
        LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection("localhost", getLdapServer().getPort());
        BindRequestImpl bindRequestImpl = new BindRequestImpl();
        bindRequestImpl.setDn(dn);
        bindRequestImpl.setCredentials("12345");
        bindRequestImpl.addControl(PP_REQ_CTRL);
        BindResponse bind = ldapNetworkConnection.bind(bindRequestImpl);
        Assert.assertEquals(ResultCodeEnum.SUCCESS, bind.getLdapResult().getResultCode());
        Assert.assertEquals(PasswordPolicyErrorEnum.CHANGE_AFTER_RESET, getPwdRespCtrl(bind).getResponse().getPasswordPolicyError());
        ModifyRequestImpl modifyRequestImpl = new ModifyRequestImpl();
        modifyRequestImpl.setName(dn);
        modifyRequestImpl.replace("userPassword", new String[]{"123456"});
        modifyRequestImpl.addControl(PP_REQ_CTRL);
        Assert.assertEquals(ResultCodeEnum.SUCCESS, ldapNetworkConnection.modify(modifyRequestImpl).getLdapResult().getResultCode());
        ModifyRequestImpl modifyRequestImpl2 = new ModifyRequestImpl();
        modifyRequestImpl2.setName(dn);
        modifyRequestImpl2.replace("userPassword", new String[]{"1234567"});
        modifyRequestImpl2.addControl(PP_REQ_CTRL);
        ModifyResponse modify = ldapNetworkConnection.modify(modifyRequestImpl2);
        Assert.assertEquals(ResultCodeEnum.CONSTRAINT_VIOLATION, modify.getLdapResult().getResultCode());
        Assert.assertEquals(PasswordPolicyErrorEnum.PASSWORD_TOO_YOUNG, getPwdRespCtrl(modify).getResponse().getPasswordPolicyError());
        Thread.sleep(1000L);
        Assert.assertEquals(ResultCodeEnum.SUCCESS, ldapNetworkConnection.modify(modifyRequestImpl2).getLdapResult().getResultCode());
        ldapNetworkConnection.close();
        adminNetworkConnection.close();
    }
}
