directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kayyag...@apache.org
Subject svn commit: r1395348 - in /directory: apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/ apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ apacheds/trunk/kerberos-codec/src/main...
Date Sun, 07 Oct 2012 17:43:09 GMT
Author: kayyagari
Date: Sun Oct  7 17:43:09 2012
New Revision: 1395348

URL: http://svn.apache.org/viewvc?rev=1395348&view=rev
Log:
o fixed an issue with delay in locking out account when less than 60 seconds is given for pwdFailureCountInterval in ppolicy
o fixed an issue where an account locks out permanently when locout duration is specified (this is due to the missing fractions in time)
o fixed DateUtils where fractions are missing and updated the kerberos code to use a separate date formatter

Modified:
    directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java
    directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java
    directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
    directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java
    directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosTime.java
    directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosUtils.java
    directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandlerTest.java
    directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/keytab/KeytabTest.java
    directory/apacheds/trunk/protocol-ntp/src/main/java/org/apache/directory/server/ntp/messages/NtpTimeStamp.java
    directory/shared/trunk/ldap/model/src/main/java/org/apache/directory/shared/ldap/model/csn/Csn.java
    directory/shared/trunk/ldap/model/src/test/java/org/apache/directory/shared/ldap/model/csn/CsnTest.java
    directory/shared/trunk/util/src/main/java/org/apache/directory/shared/util/DateUtils.java
    directory/shared/trunk/util/src/main/java/org/apache/directory/shared/util/GeneralizedTime.java

Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java?rev=1395348&r1=1395347&r2=1395348&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java Sun Oct  7 17:43:09 2012
@@ -77,6 +77,7 @@ import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 
+import static org.apache.directory.shared.ldap.model.constants.PasswordPolicySchemaConstants.*;
 
 /**
  * Test cases for testing PasswordPolicy implementation.
@@ -222,14 +223,13 @@ public class PasswordPolicyTest extends 
 
 
     @Test
-    public void testPwdLockout() throws Exception
+    public void testPwdLockoutForever() throws Exception
     {
         policyConfig.setPwdMaxFailure( 2 );
         policyConfig.setPwdLockout( true );
         policyConfig.setPwdLockoutDuration( 0 );
         policyConfig.setPwdGraceAuthNLimit( 2 );
-        policyConfig.setPwdFailureCountInterval( 60 );
-        policyConfig.setPwdLockoutDuration( 0 );
+        policyConfig.setPwdFailureCountInterval( 30 );
         
         LdapConnection adminConnection = getAdminNetworkConnection( getLdapServer() );
         
@@ -258,14 +258,13 @@ public class PasswordPolicyTest extends 
         
         LdapConnection userConnection = new LdapNetworkConnection( "localhost", ldapServer.getPort() );
 
-        for( int i=0; i< 4; i++ )
+        for( int i=0; i< 3; i++ )
         {
-            Thread.sleep( 1000 );
             userConnection.bind( bindReq );
             assertFalse( userConnection.isAuthenticated() );
         }
         
-        userEntry = adminConnection.lookup( userDn, "+" );
+        userEntry = adminConnection.lookup( userDn, SchemaConstants.ALL_ATTRIBUTES_ARRAY );
         Attribute pwdAccountLockedTime = userEntry.get( PasswordPolicySchemaConstants.PWD_ACCOUNT_LOCKED_TIME_AT );
         assertNotNull( pwdAccountLockedTime );
         assertEquals( "000001010000Z", pwdAccountLockedTime.getString() );
@@ -278,6 +277,23 @@ public class PasswordPolicyTest extends 
         assertFalse( userConnection.isAuthenticated() ); // but still fails cause account is locked
         
         userConnection.close();
+        
+        // test deleting the password, it should clear all the ppolicy related attributes except the ppolicy subentry
+        
+        ModifyRequest modReq = new ModifyRequestImpl();
+        modReq.setName( userDn );
+        modReq.addControl( PP_REQ_CTRL );
+        modReq.remove( userEntry.get( SchemaConstants.USER_PASSWORD_AT ) );
+        
+        ModifyResponse modResp = adminConnection.modify( modReq );
+        assertEquals( ResultCodeEnum.SUCCESS, modResp.getLdapResult().getResultCode() );
+        
+        userEntry = adminConnection.lookup( userDn, "+" );
+        assertNull( userEntry.get( PWD_FAILURE_TIME_AT ) );
+        assertNull( userEntry.get( PWD_GRACE_USE_TIME_AT ) );
+        assertNull( userEntry.get( PWD_HISTORY_AT ) );
+        assertNull( userEntry.get( PWD_CHANGED_TIME_AT ) );
+        assertNull( userEntry.get( PWD_ACCOUNT_LOCKED_TIME_AT ) );
     }
 
     
@@ -624,6 +640,65 @@ public class PasswordPolicyTest extends 
     }
 
     
+    @Test
+    public void testPwdLockoutWithDuration() throws Exception
+    {
+        policyConfig.setPwdMaxFailure( 2 );
+        policyConfig.setPwdLockout( true );
+        policyConfig.setPwdLockoutDuration( 5 ); //5 sec
+        policyConfig.setPwdGraceAuthNLimit( 2 );
+        policyConfig.setPwdFailureCountInterval( 0 );
+        
+        LdapConnection adminConnection = getAdminNetworkConnection( getLdapServer() );
+        
+        Dn userDn = new Dn( "cn=userLockout,ou=system" );
+        Entry userEntry = new DefaultEntry(
+            userDn.toString(),
+            "ObjectClass: top",
+            "ObjectClass: person",
+            "cn: userLockout",
+            "sn: userLockout_sn",
+            "userPassword: 12345" );
+
+        AddRequest addRequest = new AddRequestImpl();
+        addRequest.setEntry( userEntry );
+        addRequest.addControl( PP_REQ_CTRL );
+
+        AddResponse addResp = adminConnection.add( addRequest );
+        assertEquals( ResultCodeEnum.SUCCESS, addResp.getLdapResult().getResultCode() );
+        PasswordPolicy respCtrl = getPwdRespCtrl( addResp );
+        assertNull( respCtrl );
+
+        BindRequest bindReq = new BindRequestImpl();
+        bindReq.setDn( userDn );
+        bindReq.setCredentials( "1234" ); // wrong password
+        bindReq.addControl( PP_REQ_CTRL );
+        
+        LdapConnection userConnection = new LdapNetworkConnection( "localhost", ldapServer.getPort() );
+
+        for( int i=0; i< 4; i++ )
+        {
+            userConnection.bind( bindReq );
+            assertFalse( userConnection.isAuthenticated() );
+        }
+        
+        userEntry = adminConnection.lookup( userDn, "+" );
+        Attribute pwdAccountLockedTime = userEntry.get( PasswordPolicySchemaConstants.PWD_ACCOUNT_LOCKED_TIME_AT );
+        assertNotNull( pwdAccountLockedTime );
+        
+        Thread.sleep( 10000 );
+        bindReq = new BindRequestImpl();
+        bindReq.setDn( userDn );
+        bindReq.setCredentials( "12345" ); // correct password
+        bindReq.addControl( PP_REQ_CTRL );
+        userConnection.setTimeOut( Long.MAX_VALUE );
+        userConnection.bind( bindReq );
+        assertTrue( userConnection.isAuthenticated() );
+        
+        userConnection.close();
+    }
+
+    
     private PasswordPolicy getPwdRespCtrl( Response resp ) throws Exception
     {
         Control control = resp.getControls().get( PP_REQ_CTRL.getOid() );

Modified: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java?rev=1395348&r1=1395347&r2=1395348&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java (original)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java Sun Oct  7 17:43:09 2012
@@ -29,12 +29,14 @@ import static org.apache.directory.share
 import static org.apache.directory.shared.ldap.model.constants.PasswordPolicySchemaConstants.PWD_LAST_SUCCESS_AT;
 import static org.apache.directory.shared.ldap.model.constants.PasswordPolicySchemaConstants.PWD_START_TIME_AT;
 
+import java.util.Collections;
 import java.util.Date;
 
 import org.apache.directory.server.core.api.DirectoryService;
 import org.apache.directory.server.core.api.InterceptorEnum;
 import org.apache.directory.server.core.api.authn.ppolicy.PasswordPolicyConfiguration;
 import org.apache.directory.server.core.api.authn.ppolicy.PasswordPolicyException;
+import org.apache.directory.server.core.api.interceptor.context.ModifyOperationContext;
 import org.apache.directory.shared.ldap.model.constants.AuthenticationLevel;
 import org.apache.directory.shared.ldap.model.entry.Attribute;
 import org.apache.directory.shared.ldap.model.entry.DefaultModification;
@@ -181,23 +183,26 @@ public abstract class AbstractAuthentica
                 else
                 {
                     Date lockedDate = DateUtils.getDate( lockedTime );
-                    long time = pPolicyConfig.getPwdLockoutDuration() * 1000;
-                    time += lockedDate.getTime();
-
-                    Date unlockedDate = new Date( time );
-                    if ( lockedDate.before( unlockedDate ) )
+                    long unlockTime = pPolicyConfig.getPwdLockoutDuration() * 1000L;
+                    unlockTime += lockedDate.getTime();
+                    
+                    Date unlockDate = new Date( unlockTime );
+                    Date now = DateUtils.getDate( DateUtils.getGeneralizedTime() );
+                    
+                    if( unlockDate.after( now ) )
                     {
-                        throw new PasswordPolicyException( "account will remain locked till " + unlockedDate,
-                            ACCOUNT_LOCKED.getValue() );
+                        throw new PasswordPolicyException( "account will remain locked till " + unlockDate, ACCOUNT_LOCKED.getValue() );
                     }
                     else
                     {
                         // remove pwdAccountLockedTime attribute
-                        Modification pwdAccountLockMod = new DefaultModification(
-                            ModificationOperation.REMOVE_ATTRIBUTE, accountLockAttr );
-
-                        // DO NOT bypass the interceptor chain, otherwise the changes can't be replicated
-                        directoryService.getAdminSession().modify( userEntry.getDn(), pwdAccountLockMod );
+                        Modification pwdAccountLockMod = new DefaultModification( ModificationOperation.REMOVE_ATTRIBUTE,  accountLockAttr );
+                        ModifyOperationContext modContext = new ModifyOperationContext( directoryService.getAdminSession() );
+                        modContext.setDn( userEntry.getDn() );
+                        
+                        modContext.setModItems( Collections.singletonList( pwdAccountLockMod ) );
+                        
+                        directoryService.getPartitionNexus().modify( modContext );
                     }
                 }
             }
@@ -231,7 +236,7 @@ public abstract class AbstractAuthentica
         if ( pPolicyConfig.getPwdMaxIdle() > 0 )
         {
             Attribute pwdLastSuccessTimeAttr = userEntry.get( PWD_LAST_SUCCESS_AT );
-            long time = pPolicyConfig.getPwdMaxIdle() * 1000;
+            long time = pPolicyConfig.getPwdMaxIdle() * 1000L;
             time += DateUtils.getDate( pwdLastSuccessTimeAttr.getString() ).getTime();
 
             if ( System.currentTimeMillis() >= time )

Modified: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java?rev=1395348&r1=1395347&r2=1395348&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java Sun Oct  7 17:43:09 2012
@@ -496,9 +496,17 @@ public class AuthenticationInterceptor e
 
         Dn dn = bindContext.getDn();
         Entry userEntry = bindContext.getEntry();
-
+        
         PasswordPolicyConfiguration policyConfig = getPwdPolicy( userEntry );
 
+        // load the user entry again if ppolicy is enabled, cause the authenticator might have modified the entry
+        if( policyConfig != null )
+        {
+            LookupOperationContext lookupContext = new LookupOperationContext( adminSession, bindContext.getDn() );
+            lookupContext.setAttrsId( SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+            userEntry = directoryService.getPartitionNexus().lookup( lookupContext );
+        }
+        
         // check if the user entry is null, it will be null
         // in cases of anonymous bind
         if ( authenticated && ( userEntry == null ) && directoryService.isAllowAnonymousAccess() )
@@ -515,7 +523,7 @@ public class AuthenticationInterceptor e
 
             if ( ( policyConfig != null ) && ( userEntry != null ) )
             {
-                Attribute pwdFailTimeAt = userEntry.get( PWD_FAILURE_TIME_AT );
+                Attribute pwdFailTimeAt = userEntry.get( AT_PWD_FAILURE_TIME );
 
                 if ( pwdFailTimeAt == null )
                 {
@@ -565,7 +573,7 @@ public class AuthenticationInterceptor e
 
                     try
                     {
-                        Thread.sleep( numDelay * 1000 );
+                        Thread.sleep( numDelay * 1000L );
                     }
                     catch ( InterruptedException e )
                     {
@@ -575,11 +583,19 @@ public class AuthenticationInterceptor e
                     }
                 }
 
-                //adminSession.modify( dn, Collections.singletonList( pwdFailTimeMod ) );
-                ModifyOperationContext bindModCtx = new ModifyOperationContext( adminSession );
-                bindModCtx.setDn( dn );
-                bindModCtx.setModItems( mods );
-                directoryService.getPartitionNexus().modify( bindModCtx );
+                if( !mods.isEmpty() )
+                {
+                    String csnVal = directoryService.getCSN().toString();
+                    Modification csnMod = new DefaultModification( REPLACE_ATTRIBUTE, ENTRY_CSN_AT, csnVal );
+                    mods.add( csnMod );
+                    
+                    ModifyOperationContext bindModCtx = new ModifyOperationContext( adminSession );
+                    bindModCtx.setDn( dn );
+                    bindModCtx.setEntry( userEntry );
+                    bindModCtx.setModItems( mods );
+                    
+                    directoryService.getPartitionNexus().modify( bindModCtx );
+                }
             }
 
             String upDn = ( dn == null ? "" : dn.getName() );
@@ -616,7 +632,7 @@ public class AuthenticationInterceptor e
             // checking the expiration time *after* performing authentication, do we need to care about millisecond precision?
             if ( ( policyConfig.getPwdMaxAge() > 0 ) && ( policyConfig.getPwdGraceAuthNLimit() > 0 ) )
             {
-                Attribute pwdChangeTimeAttr = userEntry.get( PWD_CHANGED_TIME_AT );
+                Attribute pwdChangeTimeAttr = userEntry.get( AT_PWD_CHANGED_TIME );
 
                 if ( pwdChangeTimeAttr != null )
                 {
@@ -625,7 +641,7 @@ public class AuthenticationInterceptor e
 
                     if ( expired )
                     {
-                        Attribute pwdGraceUseAttr = userEntry.get( PWD_GRACE_USE_TIME_AT );
+                        Attribute pwdGraceUseAttr = userEntry.get( AT_PWD_GRACE_USE_TIME );
                         int numGraceAuth = 0;
 
                         if ( pwdGraceUseAttr != null )
@@ -649,10 +665,15 @@ public class AuthenticationInterceptor e
 
             if ( !mods.isEmpty() )
             {
-                //adminSession.modify( dn, mods );
+                String csnVal = directoryService.getCSN().toString();
+                Modification csnMod = new DefaultModification( REPLACE_ATTRIBUTE, ENTRY_CSN_AT, csnVal );
+                mods.add( csnMod );
+
                 ModifyOperationContext bindModCtx = new ModifyOperationContext( adminSession );
                 bindModCtx.setDn( dn );
+                bindModCtx.setEntry( userEntry );
                 bindModCtx.setModItems( mods );
+                
                 directoryService.getPartitionNexus().modify( bindModCtx );
             }
 
@@ -827,7 +848,7 @@ public class AuthenticationInterceptor e
 
         if ( pwdModDetails.isPwdModPresent() )
         {
-            if ( pwdResetSet.contains( userDn.getNormName() ) )
+            if ( pwdResetSet.contains( userDn.getNormName() ) && !pwdModDetails.isDelete() )
             {
                 if ( pwdModDetails.isOtherModExists() )
                 {
@@ -840,15 +861,16 @@ public class AuthenticationInterceptor e
                         modifyContext.addResponseControl( responseControl );
                     }
 
-                    throw new LdapNoPermissionException();
+                    throw new LdapNoPermissionException( "Password should be reset before making any changes to this entry" );
                 }
             }
 
-            if ( policyConfig.isPwdSafeModify() )
+            if ( policyConfig.isPwdSafeModify() && !pwdModDetails.isDelete() )
             {
                 if ( pwdModDetails.isAddOrReplace() && !pwdModDetails.isDelete() )
                 {
-                    LOG.debug( "trying to update password attribute without the supplying the old password" );
+                    String msg = "trying to update password attribute without the supplying the old password";
+                    LOG.debug( msg );
 
                     if ( isPPolicyReqCtrlPresent )
                     {
@@ -859,7 +881,7 @@ public class AuthenticationInterceptor e
                         modifyContext.addResponseControl( responseControl );
                     }
 
-                    throw new LdapNoPermissionException();
+                    throw new LdapNoPermissionException( msg );
                 }
             }
 
@@ -878,27 +900,29 @@ public class AuthenticationInterceptor e
             }
 
             Entry entry = modifyContext.getEntry();
-
-            if ( isPwdTooYoung( entry, policyConfig ) )
+            
+            boolean removeFromPwdResetSet = false;
+            
+            List<Modification> mods = new ArrayList<Modification>();
+            
+            if( pwdModDetails.isAddOrReplace() )
             {
-                if ( isPPolicyReqCtrlPresent )
+                if ( isPwdTooYoung( entry, policyConfig ) )
                 {
-                    PasswordPolicyDecorator responseControl =
-                        new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true );
-                    responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.PASSWORD_TOO_YOUNG );
-                    modifyContext.addResponseControl( responseControl );
-                }
-
-                throw new LdapOperationException( ResultCodeEnum.CONSTRAINT_VIOLATION,
-                    "password is too young to update" );
-            }
-
-            byte[] newPassword = null;
-
-            if ( ( pwdModDetails != null ) )
-            {
-                newPassword = pwdModDetails.getNewPwd();
-
+                    if ( isPPolicyReqCtrlPresent )
+                    {
+                        PasswordPolicyDecorator responseControl =
+                            new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true );
+                        responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.PASSWORD_TOO_YOUNG );
+                        modifyContext.addResponseControl( responseControl );
+                    }
+                    
+                    throw new LdapOperationException( ResultCodeEnum.CONSTRAINT_VIOLATION,
+                        "password is too young to update" );
+                }
+                
+                byte[] newPassword = pwdModDetails.getNewPwd();
+                
                 try
                 {
                     String userName = entry.getDn().getRdn().getValue().getString();
@@ -914,133 +938,163 @@ public class AuthenticationInterceptor e
                             PasswordPolicyErrorEnum.get( e.getErrorCode() ) );
                         modifyContext.addResponseControl( responseControl );
                     }
-
+                    
                     // throw exception if userPassword quality checks fail
                     throw new LdapOperationException( ResultCodeEnum.CONSTRAINT_VIOLATION, e.getMessage(), e );
                 }
-            }
-
-            int histSize = policyConfig.getPwdInHistory();
-            Modification pwdRemHistMod = null;
-            Modification pwdAddHistMod = null;
-            String pwdChangedTime = DateUtils.getGeneralizedTime();
-
-            if ( histSize > 0 )
-            {
-                Attribute pwdHistoryAt = entry.get( PWD_HISTORY_AT );
-
-                if ( pwdHistoryAt == null )
-                {
-                    pwdHistoryAt = new DefaultAttribute( AT_PWD_HISTORY );
-                }
-
-                List<PasswordHistory> pwdHistLst = new ArrayList<PasswordHistory>();
-
-                for ( Value<?> value : pwdHistoryAt )
-                {
-                    PasswordHistory pwdh = new PasswordHistory( Strings.utf8ToString( value.getBytes() ) );
-
-                    boolean matched = Arrays.equals( newPassword, pwdh.getPassword() );
-
-                    if ( matched )
+                
+                int histSize = policyConfig.getPwdInHistory();
+                Modification pwdRemHistMod = null;
+                Modification pwdAddHistMod = null;
+                String pwdChangedTime = DateUtils.getGeneralizedTime();
+                
+                if ( histSize > 0 )
+                {
+                    Attribute pwdHistoryAt = entry.get( AT_PWD_HISTORY );
+                    
+                    if ( pwdHistoryAt == null )
                     {
-                        if ( isPPolicyReqCtrlPresent )
+                        pwdHistoryAt = new DefaultAttribute( AT_PWD_HISTORY );
+                    }
+                    
+                    List<PasswordHistory> pwdHistLst = new ArrayList<PasswordHistory>();
+                    
+                    for ( Value<?> value : pwdHistoryAt )
+                    {
+                        PasswordHistory pwdh = new PasswordHistory( Strings.utf8ToString( value.getBytes() ) );
+                        
+                        boolean matched = Arrays.equals( newPassword, pwdh.getPassword() );
+                        
+                        if ( matched )
                         {
-                            PasswordPolicyDecorator responseControl =
-                                new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true );
-                            responseControl.getResponse().setPasswordPolicyError(
-                                PasswordPolicyErrorEnum.PASSWORD_IN_HISTORY );
-                            modifyContext.addResponseControl( responseControl );
+                            if ( isPPolicyReqCtrlPresent )
+                            {
+                                PasswordPolicyDecorator responseControl =
+                                    new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true );
+                                responseControl.getResponse().setPasswordPolicyError(
+                                    PasswordPolicyErrorEnum.PASSWORD_IN_HISTORY );
+                                modifyContext.addResponseControl( responseControl );
+                            }
+                            
+                            throw new LdapOperationException( ResultCodeEnum.CONSTRAINT_VIOLATION,
+                                "invalid reuse of password present in password history" );
                         }
-
-                        throw new LdapOperationException( ResultCodeEnum.CONSTRAINT_VIOLATION,
-                            "invalid reuse of password present in password history" );
+                        
+                        pwdHistLst.add( pwdh );
                     }
-
-                    pwdHistLst.add( pwdh );
-                }
-
-                if ( pwdHistLst.size() >= histSize )
-                {
-                    // see the javadoc of PasswordHistory
-                    Collections.sort( pwdHistLst );
-
-                    // remove the oldest value
-                    PasswordHistory remPwdHist = ( PasswordHistory ) pwdHistLst.toArray()[histSize - 1];
-                    Attribute tempAt = new DefaultAttribute( AT_PWD_HISTORY );
-                    tempAt.add( remPwdHist.getHistoryValue() );
-                    pwdRemHistMod = new DefaultModification( REMOVE_ATTRIBUTE, tempAt );
+                    
+                    if ( pwdHistLst.size() >= histSize )
+                    {
+                        // see the javadoc of PasswordHistory
+                        Collections.sort( pwdHistLst );
+                        
+                        // remove the oldest value
+                        PasswordHistory remPwdHist = ( PasswordHistory ) pwdHistLst.toArray()[histSize - 1];
+                        Attribute tempAt = new DefaultAttribute( AT_PWD_HISTORY );
+                        tempAt.add( remPwdHist.getHistoryValue() );
+                        pwdRemHistMod = new DefaultModification( REMOVE_ATTRIBUTE, tempAt );
+                    }
+                    
+                    PasswordHistory newPwdHist = new PasswordHistory( pwdChangedTime, newPassword );
+                    pwdHistoryAt.add( newPwdHist.getHistoryValue() );
+                    pwdAddHistMod = new DefaultModification( REPLACE_ATTRIBUTE, pwdHistoryAt );
+                }
+                
+                next( modifyContext );
+                
+                invalidateAuthenticatorCaches( modifyContext.getDn() );
+                
+                LookupOperationContext lookupContext = new LookupOperationContext( adminSession, modifyContext.getDn() );
+                lookupContext.setAttrsId( SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+                entry = directoryService.getPartitionNexus().lookup( lookupContext );
+                
+                if ( ( policyConfig.getPwdMinAge() > 0 ) || ( policyConfig.getPwdMaxAge() > 0 ) )
+                {
+                    Attribute pwdChangedTimeAt = new DefaultAttribute( AT_PWD_CHANGED_TIME );
+                    pwdChangedTimeAt.add( pwdChangedTime );
+                    Modification pwdChangedTimeMod = new DefaultModification( REPLACE_ATTRIBUTE, pwdChangedTimeAt );
+                    mods.add( pwdChangedTimeMod );
+                }
+                
+                if ( pwdAddHistMod != null )
+                {
+                    mods.add( pwdAddHistMod );
+                }
+                
+                if ( pwdRemHistMod != null )
+                {
+                    mods.add( pwdRemHistMod );
+                }
+                
+                if ( policyConfig.isPwdMustChange() )
+                {
+                    Attribute pwdMustChangeAt = new DefaultAttribute( AT_PWD_RESET );
+                    Modification pwdMustChangeMod = null;
+                    
+                    if ( modifyContext.getSession().isAnAdministrator() )
+                    {
+                        pwdMustChangeAt.add( "TRUE" );
+                        pwdMustChangeMod = new DefaultModification( REPLACE_ATTRIBUTE, pwdMustChangeAt );
+                    }
+                    else
+                    {
+                        pwdMustChangeMod = new DefaultModification( REMOVE_ATTRIBUTE, pwdMustChangeAt );
+                        removeFromPwdResetSet = true;
+                    }
+                    
+                    mods.add( pwdMustChangeMod );
                 }
-
-                pwdHistoryAt.clear();
-                PasswordHistory newPwdHist = new PasswordHistory( pwdChangedTime, newPassword );
-                pwdHistoryAt.clear();
-                pwdHistoryAt.add( newPwdHist.getHistoryValue() );
-                pwdAddHistMod = new DefaultModification( ADD_ATTRIBUTE, pwdHistoryAt );
             }
 
-            next( modifyContext );
-
-            invalidateAuthenticatorCaches( modifyContext.getDn() );
-
-            List<Modification> mods = new ArrayList<Modification>();
+            // these two attributes will be removed irrespective  of add or delete
+            Attribute pwdFailureTimeAt = entry.get( AT_PWD_FAILURE_TIME );
 
-            if ( ( policyConfig.getPwdMinAge() > 0 ) || ( policyConfig.getPwdMaxAge() > 0 ) )
+            if ( pwdFailureTimeAt != null )
             {
-                Attribute pwdChangedTimeAt = new DefaultAttribute( AT_PWD_CHANGED_TIME );
-                pwdChangedTimeAt.add( pwdChangedTime );
-                Modification pwdChangedTimeMod = new DefaultModification( REPLACE_ATTRIBUTE, pwdChangedTimeAt );
-                mods.add( pwdChangedTimeMod );
+                mods.add( new DefaultModification( REMOVE_ATTRIBUTE, pwdFailureTimeAt ) );
             }
 
-            if ( pwdAddHistMod != null )
-            {
-                mods.add( pwdAddHistMod );
-            }
+            Attribute pwdGraceUseTimeAt = entry.get( AT_PWD_GRACE_USE_TIME );
 
-            if ( pwdRemHistMod != null )
+            if ( pwdGraceUseTimeAt != null )
             {
-                mods.add( pwdRemHistMod );
+                mods.add( new DefaultModification( REMOVE_ATTRIBUTE, pwdGraceUseTimeAt ) );
             }
 
-            boolean removeFromPwdResetSet = false;
-
-            if ( policyConfig.isPwdMustChange() )
+            if( pwdModDetails.isDelete() )
             {
-                Attribute pwdMustChangeAt = new DefaultAttribute( AT_PWD_RESET );
-                Modification pwdMustChangeMod = null;
-
-                if ( modifyContext.getSession().isAnAdministrator() )
+                Attribute pwdHistory = entry.get( AT_PWD_HISTORY );
+                if( pwdHistory != null )
                 {
-                    pwdMustChangeAt.add( "TRUE" );
-                    pwdMustChangeMod = new DefaultModification( REPLACE_ATTRIBUTE, pwdMustChangeAt );
+                    mods.add( new DefaultModification( REMOVE_ATTRIBUTE, pwdHistory ) );
                 }
-                else
+                
+                Attribute pwdChangedTimeAt = entry.get( AT_PWD_CHANGED_TIME );
+                if( pwdChangedTimeAt != null )
                 {
-                    pwdMustChangeMod = new DefaultModification( REMOVE_ATTRIBUTE, pwdMustChangeAt );
-                    removeFromPwdResetSet = true;
+                    mods.add( new DefaultModification( REMOVE_ATTRIBUTE, pwdChangedTimeAt ) );
+                }
+                
+                Attribute pwdMustChangeAt = entry.get( AT_PWD_RESET );
+                if( pwdMustChangeAt != null )
+                {
+                    mods.add( new DefaultModification( REMOVE_ATTRIBUTE, pwdMustChangeAt ) );
+                }
+                
+                Attribute pwdAccountLockedTimeAt = entry.get( AT_PWD_ACCOUNT_LOCKED_TIME );
+                if( pwdAccountLockedTimeAt != null )
+                {
+                    mods.add( new DefaultModification( REMOVE_ATTRIBUTE, pwdAccountLockedTimeAt ) );
                 }
-
-                mods.add( pwdMustChangeMod );
-            }
-
-            Attribute pwdFailureTimeAt = entry.get( PWD_FAILURE_TIME_AT );
-
-            if ( pwdFailureTimeAt != null )
-            {
-                mods.add( new DefaultModification( REMOVE_ATTRIBUTE, pwdFailureTimeAt ) );
-            }
-
-            Attribute pwdGraceUseTimeAt = entry.get( PWD_GRACE_USE_TIME_AT );
-
-            if ( pwdGraceUseTimeAt != null )
-            {
-                mods.add( new DefaultModification( REMOVE_ATTRIBUTE, pwdGraceUseTimeAt ) );
             }
 
-            directoryService.getAdminSession().modify( modifyContext.getDn(), mods );
+            ModifyOperationContext internalModifyCtx = new ModifyOperationContext( adminSession );
+            internalModifyCtx.setDn( modifyContext.getDn() );
+            internalModifyCtx.setModItems( mods );
 
-            if ( removeFromPwdResetSet )
+            directoryService.getPartitionNexus().modify( internalModifyCtx );
+            
+            if ( removeFromPwdResetSet || pwdModDetails.isDelete() )
             {
                 pwdResetSet.remove( userDn.getNormName() );
             }
@@ -1048,7 +1102,6 @@ public class AuthenticationInterceptor e
         else
         {
             next( modifyContext );
-            invalidateAuthenticatorCaches( modifyContext.getDn() );
         }
     }
 
@@ -1274,8 +1327,8 @@ public class AuthenticationInterceptor e
             return 0;
         }
 
-        Attribute pwdChangedTimeAt = userEntry.get( PWD_CHANGED_TIME_AT );
-        long changedTime = DateUtils.getDate( pwdChangedTimeAt.getString() ).getTime();
+        Attribute pwdChangedTimeAt = userEntry.get( AT_PWD_CHANGED_TIME );
+        long changedTime = DateUtils.getDate(pwdChangedTimeAt.getString()).getTime();
 
         long currentTime = DateUtils.getDate( DateUtils.getGeneralizedTime() ).getTime();
         int pwdAge = ( int ) ( currentTime - changedTime ) / 1000;
@@ -1310,12 +1363,12 @@ public class AuthenticationInterceptor e
             return false;
         }
 
-        Attribute pwdChangedTimeAt = userEntry.get( PWD_CHANGED_TIME_AT );
+        Attribute pwdChangedTimeAt = userEntry.get( AT_PWD_CHANGED_TIME );
 
         if ( pwdChangedTimeAt != null )
         {
             long changedTime = DateUtils.getDate( pwdChangedTimeAt.getString() ).getTime();
-            changedTime += policyConfig.getPwdMinAge() * 1000;
+            changedTime += policyConfig.getPwdMinAge() * 1000L;
 
             long currentTime = DateUtils.getDate( DateUtils.getGeneralizedTime() ).getTime();
 
@@ -1340,7 +1393,7 @@ public class AuthenticationInterceptor e
     {
         boolean mustChange = false;
 
-        Attribute pwdResetAt = userEntry.get( PWD_RESET_AT );
+        Attribute pwdResetAt = userEntry.get( AT_PWD_RESET );
 
         if ( pwdResetAt != null )
         {
@@ -1419,6 +1472,7 @@ public class AuthenticationInterceptor e
         }
     }
 
+
     private static class PwdModDetailsHolder
     {
         private boolean pwdModPresent = false;

Modified: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java?rev=1395348&r1=1395347&r2=1395348&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java (original)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java Sun Oct  7 17:43:09 2012
@@ -25,10 +25,9 @@ import java.io.UnsupportedEncodingExcept
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
-import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Date;
-import java.util.List;
+import java.util.Iterator;
 
 import org.apache.directory.server.core.api.authn.ppolicy.PasswordPolicyConfiguration;
 import org.apache.directory.shared.ldap.model.constants.LdapSecurityConstants;
@@ -496,7 +495,7 @@ public class PasswordUtil
     {
         Date pwdChangeDate = DateUtils.getDate( pwdChangedZtime );
 
-        long time = pwdMaxAgeSec * 1000;
+        long time = pwdMaxAgeSec * 1000L;//DIRSERVER-1735
         time += pwdChangeDate.getTime();
 
         Date expiryDate = DateUtils.getDate( DateUtils.getGeneralizedTime( time ) );
@@ -529,23 +528,20 @@ public class PasswordUtil
         interval *= 1000;
 
         long currentTime = DateUtils.getDate( DateUtils.getGeneralizedTime() ).getTime();
-        List<Value<?>> valList = new ArrayList<Value<?>>();
 
-        for ( Value<?> value : pwdFailTimeAt )
+        Iterator<Value<?>> itr = pwdFailTimeAt.iterator();
+        
+        while ( itr.hasNext() )
         {
+            Value<?> value = itr.next();
             String failureTime = value.getString();
             long time = DateUtils.getDate( failureTime ).getTime();
             time += interval;
 
-            if ( currentTime > time )
+            if ( currentTime >= time )
             {
-                valList.add( value );
+                itr.remove();
             }
         }
-
-        for ( Value<?> val : valList )
-        {
-            pwdFailTimeAt.remove( val );
-        }
     }
 }

Modified: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosTime.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosTime.java?rev=1395348&r1=1395347&r2=1395348&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosTime.java (original)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosTime.java Sun Oct  7 17:43:09 2012
@@ -29,7 +29,6 @@ import java.util.Calendar;
 import java.util.Date;
 import java.util.TimeZone;
 
-import org.apache.directory.shared.util.DateUtils;
 import org.apache.directory.shared.util.Strings;
 
 
@@ -126,9 +125,9 @@ public class KerberosTime implements Com
         Calendar calendar = Calendar.getInstance( UTC );
         calendar.setTimeInMillis( date );
 
-        synchronized ( DateUtils.DATE_FORMAT )
+        synchronized ( KerberosUtils.UTC_DATE_FORMAT )
         {
-            this.date = DateUtils.DATE_FORMAT.format( calendar.getTime() );
+            this.date = KerberosUtils.UTC_DATE_FORMAT.format( calendar.getTime() );
         }
 
         kerberosTime = ( calendar.getTimeInMillis() / 1000L ) * 1000L; // drop the ms
@@ -168,9 +167,9 @@ public class KerberosTime implements Com
     {
         Date date = null;
 
-        synchronized ( DateUtils.DATE_FORMAT )
+        synchronized ( KerberosUtils.UTC_DATE_FORMAT )
         {
-            date = DateUtils.DATE_FORMAT.parse( zuluTime );
+            date = KerberosUtils.UTC_DATE_FORMAT.parse( zuluTime );
         }
 
         return new KerberosTime( date );
@@ -183,9 +182,9 @@ public class KerberosTime implements Com
      */
     public void setDate( String date ) throws ParseException
     {
-        synchronized ( DateUtils.DATE_FORMAT )
+        synchronized ( KerberosUtils.UTC_DATE_FORMAT )
         {
-            kerberosTime = DateUtils.DATE_FORMAT.parse( date ).getTime();
+            kerberosTime = KerberosUtils.UTC_DATE_FORMAT.parse( date ).getTime();
         }
 
         convertInternal( kerberosTime );

Modified: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosUtils.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosUtils.java?rev=1395348&r1=1395347&r2=1395348&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosUtils.java (original)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosUtils.java Sun Oct  7 17:43:09 2012
@@ -21,8 +21,11 @@ package org.apache.directory.shared.kerb
 
 
 import java.text.ParseException;
+import java.text.SimpleDateFormat;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.TimeZone;
+
 import javax.security.auth.kerberos.KerberosPrincipal;
 
 import org.apache.directory.server.i18n.I18n;
@@ -44,7 +47,16 @@ public class KerberosUtils
     /** An empty list of principal names */
     public static final List<String> EMPTY_PRINCIPAL_NAME = new ArrayList<String>();
 
+    public static final TimeZone UTC_TIME_ZONE = TimeZone.getTimeZone( "UTC" );
 
+    /** Defines a default date format with a "yyyyMMddHHmmss'Z'" pattern */
+    public static final SimpleDateFormat UTC_DATE_FORMAT = new SimpleDateFormat( "yyyyMMddHHmmss'Z'" );
+    
+    static
+    {
+        UTC_DATE_FORMAT.setTimeZone( UTC_TIME_ZONE );
+    }
+    
     /**
      * Parse a KerberosPrincipal instance and return the names. The Principal name
      * is described in RFC 1964 : <br/>

Modified: directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandlerTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandlerTest.java?rev=1395348&r1=1395347&r2=1395348&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandlerTest.java (original)
+++ directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandlerTest.java Sun Oct  7 17:43:09 2012
@@ -36,13 +36,12 @@ import org.apache.directory.shared.kerbe
 import org.apache.directory.shared.kerberos.components.EncryptionKey;
 import org.apache.directory.shared.kerberos.components.PaEncTsEnc;
 import org.apache.directory.shared.kerberos.exceptions.KerberosException;
-import org.apache.directory.shared.util.DateUtils;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 
 import com.mycila.junit.concurrent.Concurrency;
 import com.mycila.junit.concurrent.ConcurrentJunitRunner;
-
+import org.apache.directory.shared.kerberos.KerberosUtils;
 
 /**
  * Test case for sealing and unsealing Kerberos CipherText.
@@ -439,9 +438,9 @@ public class CipherTextHandlerTest
     {
         Date date = null;
 
-        synchronized ( DateUtils.DATE_FORMAT )
+        synchronized ( KerberosUtils.UTC_DATE_FORMAT )
         {
-            date = DateUtils.DATE_FORMAT.parse( zuluTime );
+            date = KerberosUtils.UTC_DATE_FORMAT.parse( zuluTime );
         }
 
         KerberosTime timeStamp = new KerberosTime( date );

Modified: directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/keytab/KeytabTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/keytab/KeytabTest.java?rev=1395348&r1=1395347&r2=1395348&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/keytab/KeytabTest.java (original)
+++ directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/keytab/KeytabTest.java Sun Oct  7 17:43:09 2012
@@ -36,9 +36,9 @@ import javax.crypto.spec.DESKeySpec;
 
 import org.apache.directory.server.kerberos.shared.crypto.encryption.KerberosKeyFactory;
 import org.apache.directory.shared.kerberos.KerberosTime;
+import org.apache.directory.shared.kerberos.KerberosUtils;
 import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
 import org.apache.directory.shared.kerberos.components.EncryptionKey;
-import org.apache.directory.shared.util.DateUtils;
 import org.apache.mina.core.buffer.IoBuffer;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -46,7 +46,6 @@ import org.junit.runner.RunWith;
 import com.mycila.junit.concurrent.Concurrency;
 import com.mycila.junit.concurrent.ConcurrentJunitRunner;
 
-
 /**
  * Tests 'keytab' formatted files.
  * 
@@ -165,9 +164,9 @@ public class KeytabTest
         String zuluTime = "20070217235745Z";
         Date date = null;
 
-        synchronized ( DateUtils.DATE_FORMAT )
+        synchronized ( KerberosUtils.UTC_DATE_FORMAT )
         {
-            date = DateUtils.DATE_FORMAT.parse( zuluTime );
+            date = KerberosUtils.UTC_DATE_FORMAT.parse( zuluTime );
         }
 
         KerberosTime timeStamp = new KerberosTime( date.getTime() );

Modified: directory/apacheds/trunk/protocol-ntp/src/main/java/org/apache/directory/server/ntp/messages/NtpTimeStamp.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-ntp/src/main/java/org/apache/directory/server/ntp/messages/NtpTimeStamp.java?rev=1395348&r1=1395347&r2=1395348&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-ntp/src/main/java/org/apache/directory/server/ntp/messages/NtpTimeStamp.java (original)
+++ directory/apacheds/trunk/protocol-ntp/src/main/java/org/apache/directory/server/ntp/messages/NtpTimeStamp.java Sun Oct  7 17:43:09 2012
@@ -24,6 +24,7 @@ package org.apache.directory.server.ntp.
 import java.nio.ByteBuffer;
 import java.text.SimpleDateFormat;
 import java.util.Date;
+import java.util.TimeZone;
 
 import org.apache.directory.shared.util.DateUtils;
 
@@ -46,9 +47,11 @@ public class NtpTimeStamp
 
     private static final SimpleDateFormat dateFormat = new SimpleDateFormat( "yyyy-MM-dd HH:mm:ss.SSS z" );
 
+    private static final TimeZone UTC_TIME_ZONE = TimeZone.getTimeZone( "UTC" );
+    
     static
     {
-        dateFormat.setTimeZone( DateUtils.UTC_TIME_ZONE );
+        dateFormat.setTimeZone( UTC_TIME_ZONE );
     }
 
     private long seconds = 0;

Modified: directory/shared/trunk/ldap/model/src/main/java/org/apache/directory/shared/ldap/model/csn/Csn.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/model/src/main/java/org/apache/directory/shared/ldap/model/csn/Csn.java?rev=1395348&r1=1395347&r2=1395348&view=diff
==============================================================================
--- directory/shared/trunk/ldap/model/src/main/java/org/apache/directory/shared/ldap/model/csn/Csn.java (original)
+++ directory/shared/trunk/ldap/model/src/main/java/org/apache/directory/shared/ldap/model/csn/Csn.java Sun Oct  7 17:43:09 2012
@@ -23,6 +23,7 @@ package org.apache.directory.shared.ldap
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
 import java.util.Date;
+import java.util.TimeZone;
 
 import org.apache.directory.shared.i18n.I18n;
 import org.apache.directory.shared.util.Chars;
@@ -81,10 +82,12 @@ public class Csn implements Comparable<C
     /** The Timestamp syntax. The last 'z' is _not_ the Time Zone */
     private static final SimpleDateFormat SDF = new SimpleDateFormat( "yyyyMMddHHmmss" );
 
+    private static final TimeZone UTC_TIME_ZONE = TimeZone.getTimeZone( "UTC" );
+    
     // Initialize the dateFormat with the UTC TZ
     static
     {
-        SDF.setTimeZone( DateUtils.UTC_TIME_ZONE );
+        SDF.setTimeZone( UTC_TIME_ZONE );
     }
 
     /** Padding used to format number with a fixed size */

Modified: directory/shared/trunk/ldap/model/src/test/java/org/apache/directory/shared/ldap/model/csn/CsnTest.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/model/src/test/java/org/apache/directory/shared/ldap/model/csn/CsnTest.java?rev=1395348&r1=1395347&r2=1395348&view=diff
==============================================================================
--- directory/shared/trunk/ldap/model/src/test/java/org/apache/directory/shared/ldap/model/csn/CsnTest.java (original)
+++ directory/shared/trunk/ldap/model/src/test/java/org/apache/directory/shared/ldap/model/csn/CsnTest.java Sun Oct  7 17:43:09 2012
@@ -27,8 +27,8 @@ import static org.junit.Assert.fail;
 import java.text.SimpleDateFormat;
 import java.util.Arrays;
 import java.util.Date;
+import java.util.TimeZone;
 
-import org.apache.directory.shared.util.DateUtils;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 
@@ -48,9 +48,11 @@ public class CsnTest
 {
     private static final SimpleDateFormat SDF = new SimpleDateFormat( "yyyyMMddHHmmss.123456'Z'" );
 
+    private static final TimeZone UTC_TIME_ZONE = TimeZone.getTimeZone( "UTC" );
+    
     static
     {
-        SDF.setTimeZone( DateUtils.UTC_TIME_ZONE );
+        SDF.setTimeZone( UTC_TIME_ZONE );
     }
 
 

Modified: directory/shared/trunk/util/src/main/java/org/apache/directory/shared/util/DateUtils.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/util/src/main/java/org/apache/directory/shared/util/DateUtils.java?rev=1395348&r1=1395347&r2=1395348&view=diff
==============================================================================
--- directory/shared/trunk/util/src/main/java/org/apache/directory/shared/util/DateUtils.java (original)
+++ directory/shared/trunk/util/src/main/java/org/apache/directory/shared/util/DateUtils.java Sun Oct  7 17:43:09 2012
@@ -20,10 +20,8 @@
 package org.apache.directory.shared.util;
 
 
-import java.text.SimpleDateFormat;
 import java.util.Calendar;
 import java.util.Date;
-import java.util.TimeZone;
 
 
 /**
@@ -33,17 +31,6 @@ import java.util.TimeZone;
  */
 public final class DateUtils
 {
-    /** Defines an UTC/GMT time zone */
-    public static final TimeZone UTC_TIME_ZONE = TimeZone.getTimeZone( "UTC" );
-
-    /** Defines a default date format with a "yyyyMMddHHmmss'Z'" pattern */
-    public static final SimpleDateFormat DATE_FORMAT = new SimpleDateFormat( "yyyyMMddHHmmss'Z'" );
-
-    static
-    {
-        DATE_FORMAT.setTimeZone( UTC_TIME_ZONE );
-    }
-
 
     /**
      * Private constructor.
@@ -55,128 +42,25 @@ public final class DateUtils
 
     public static Date getDate( String zuluTime )
     {
-        Calendar cal = Calendar.getInstance( UTC_TIME_ZONE );
-        cal.set( Calendar.YEAR, getYear( zuluTime ) );
-        cal.set( Calendar.MONTH, getMonth( zuluTime ) - 1 );
-        cal.set( Calendar.DAY_OF_MONTH, getDay( zuluTime ) );
-        cal.set( Calendar.HOUR_OF_DAY, getHour( zuluTime ) );
-        cal.set( Calendar.MINUTE, getMinutes( zuluTime ) );
-        cal.set( Calendar.SECOND, getSeconds( zuluTime ) );
-        return cal.getTime();
-    }
-
-
-    public static int getYear( String zuluTime )
-    {
-        return Integer.parseInt( zuluTime.substring( 0, 4 ) );
-    }
-
-
-    public static int getMonth( String zuluTime )
-    {
-        return Integer.parseInt( zuluTime.substring( 4, 6 ) );
-    }
-
-
-    public static int getDay( String zuluTime )
-    {
-        return Integer.parseInt( zuluTime.substring( 6, 8 ) );
-    }
-
-
-    public static int getHour( String zuluTime )
-    {
-        return Integer.parseInt( zuluTime.substring( 8, 10 ) );
-    }
-
-
-    public static int getMinutes( String zuluTime )
-    {
-        return Integer.parseInt( zuluTime.substring( 10, 12 ) );
-    }
-
-
-    public static int getSeconds( String zuluTime )
-    {
-        return Integer.parseInt( zuluTime.substring( 12, 14 ) );
+        try
+        {
+            return GeneralizedTime.getDate( zuluTime );
+        }
+        catch( Exception e )
+        {
+            throw new RuntimeException( e );
+        }
     }
 
 
     /**
-     * Gets the generalized time using the "Z" form of the g-time-zone described
-     * by [<a href=
-     * "http://ietf.org/internet-drafts/draft-ietf-ldapbis-syntaxes-09.txt">
-     * SYNTAXES</a>] section 3.3.13, included below:
-     * 
-     * <pre>
-     * 
-     *  3.3.13.  Generalized Time
-     * 
-     *  A value of the Generalized Time syntax is a character string
-     *  representing a date and time.  The LDAP-specific encoding of a value
-     *  of this syntax is a restriction of the format defined in [ISO8601],
-     *  and is described by the following ABNF:
-     * 
-     *  century = 2(%x30-39) ; &quot;00&quot; to &quot;99&quot;
-     *  year    = 2(%x30-39) ; &quot;00&quot; to &quot;99&quot;
-     *  month   =   ( %x30 %x31-39 ) ; &quot;01&quot; (January) to &quot;09&quot;
-     *            / ( %x31 %x30-32 ) ; &quot;10&quot; to &quot;12&quot;
-     *  day     =   ( %x30 %x31-39 )    ; &quot;01&quot; to &quot;09&quot;
-     *            / ( %x31-32 %x30-39 ) ; &quot;10&quot; to &quot;29&quot;
-     *            / ( %x33 %x30-31 )    ; &quot;30&quot; to &quot;31&quot;
-     *  hour    = ( %x30-31 %x30-39 ) / ( %x32 %x30-33 ) ; &quot;00&quot; to &quot;23&quot;
-     *  minute  = %x30-35 %x30-39                        ; &quot;00&quot; to &quot;59&quot;
-     *  second  =   ( %x30-35 %x30-39 )  ; &quot;00&quot; to &quot;59&quot;
-     *            / ( %x36 %x30 )        ; &quot;60&quot; (a leap second)
-     * 
-     *  GeneralizedTime = century year month day hour
-     *                       [ minute [ second ] ] [ fraction ]
-     *                       g-time-zone
-     *  fraction        = ( DOT / COMMA ) 1*(%x30-39)
-     *  g-time-zone     = %x5A  ; &quot;Z&quot;
-     *                    / g-differential
-     *  g-differential  = ( MINUS / PLUS ) hour [ minute ]
-     *  MINUS           = %x2D  ; minus sign (&quot;-&quot;)
-     * 
-     *  The &lt;DOT&gt;, &lt;COMMA&gt; and &lt;PLUS&gt; rules are defined in [MODELS].
-     * 
-     *  The time value represents coordinated universal time (equivalent to
-     *  Greenwich Mean Time) if the &quot;Z&quot; form of &lt;g-time-zone&gt; is used,
-     * 
-     *  otherwise the value represents a local time in the time zone
-     *  indicated by &lt;g-differential&gt;.  In the latter case, coordinated
-     *  universal time can be calculated by subtracting the differential from
-     *  the local time.  The &quot;Z&quot; form of &lt;g-time-zone&gt; SHOULD be used in
-     *  preference to &lt;g-differential&gt;.
-     * 
-     *  Examples:
-     *     199412161032Z
-     *     199412160532-0500
-     * 
-     *  Both example values represent the same coordinated universal time:
-     *  10:32 AM, December 16, 1994.
-     * 
-     *  The LDAP definition for the Generalized Time syntax is:
-     * 
-     *  ( 1.3.6.1.4.1.1466.115.121.1.24 DESC 'Generalized Time' )
-     * 
-     *  This syntax corresponds to the GeneralizedTime ASN.1 type from
-     *  [ASN.1], with the constraint that local time without a differential
-     *  SHALL NOT be used.
-     * </pre>
-     * 
-     * Gets the generalized time right now.
+     * Gets the generalized time right now. {@link GeneralizedTime}
      * 
      * @return the generalizedTime right now
      */
     public static String getGeneralizedTime()
     {
-        Date date = new Date();
-
-        synchronized ( DATE_FORMAT )
-        {
-            return DATE_FORMAT.format( date );
-        }
+        return new GeneralizedTime( Calendar.getInstance() ).toGeneralizedTime();
     }
 
 
@@ -189,10 +73,9 @@ public final class DateUtils
      */
     public static String getGeneralizedTime( Date date )
     {
-        synchronized ( DATE_FORMAT )
-        {
-            return DATE_FORMAT.format( date );
-        }
+        Calendar calendar = Calendar.getInstance();
+        calendar.setTime( date );
+        return new GeneralizedTime( calendar ).toGeneralizedTime();
     }
 
 

Modified: directory/shared/trunk/util/src/main/java/org/apache/directory/shared/util/GeneralizedTime.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/util/src/main/java/org/apache/directory/shared/util/GeneralizedTime.java?rev=1395348&r1=1395347&r2=1395348&view=diff
==============================================================================
--- directory/shared/trunk/util/src/main/java/org/apache/directory/shared/util/GeneralizedTime.java (original)
+++ directory/shared/trunk/util/src/main/java/org/apache/directory/shared/util/GeneralizedTime.java Sun Oct  7 17:43:09 2012
@@ -24,6 +24,7 @@ import java.text.DecimalFormat;
 import java.text.NumberFormat;
 import java.text.ParseException;
 import java.util.Calendar;
+import java.util.Date;
 import java.util.TimeZone;
 
 import org.apache.directory.shared.i18n.I18n;
@@ -178,6 +179,21 @@ public class GeneralizedTime implements 
 
 
     /**
+     * 
+     * Creates a new instance of GeneralizedTime by setting the date to an instance of Calendar.
+     * @see #GeneralizedTime(Calendar)
+     * 
+     * @param date the date
+     */
+    public GeneralizedTime( Date date )
+    {
+        calendar = Calendar.getInstance();
+        calendar.setTime( date );
+        setUp( calendar );
+    }
+    
+    
+    /**
      * Creates a new instance of GeneralizedTime, based on the given Calendar object.
      * Uses <pre>Format.YEAR_MONTH_DAY_HOUR_MIN_SEC</pre> as default format and
      * <pre>TimeZoneFormat.Z</pre> as default time zone format. 
@@ -186,6 +202,12 @@ public class GeneralizedTime implements 
      */
     public GeneralizedTime( Calendar calendar )
     {
+        setUp( calendar );
+    }
+
+    
+    private void setUp( Calendar calendar )
+    {
         if ( calendar == null )
         {
             throw new IllegalArgumentException( I18n.err( I18n.ERR_04358 ) );
@@ -775,4 +797,61 @@ public class GeneralizedTime implements 
         return calendar.compareTo( other.calendar );
     }
 
+
+    public long getTime()
+    {
+        return calendar.getTimeInMillis();
+    }
+    
+    public Date getDate()
+    {
+        return calendar.getTime();
+    }
+
+    
+    public int getYear()
+    {
+        return calendar.get( Calendar.YEAR );
+    }
+
+
+    public int getMonth()
+    {
+        return calendar.get( Calendar.MONTH );
+    }
+
+    
+    public int getDay()
+    {
+        return calendar.get( Calendar.DATE );
+    }
+
+    
+    public int getHour()
+    {
+        return calendar.get( Calendar.HOUR_OF_DAY );
+    }
+
+
+    public int getMinutes()
+    {
+        return calendar.get( Calendar.MINUTE );
+    }
+
+    
+    public int getSeconds()
+    {
+        return calendar.get( Calendar.SECOND );
+    }
+
+    /**
+     * 
+     *
+     * @param zuluTime
+     * @return
+     */
+    public static Date getDate( String zuluTime ) throws ParseException
+    {
+        return new GeneralizedTime( zuluTime ).calendar.getTime();
+    }
 }



Mime
View raw message