// and degrade authentication level to 'anonymous' as specified
// in the RFC, and this is no threat.
if ( message == SslFilter.SESSION_SECURED )
{
InternalExtendedRequest req = new ExtendedRequestImpl( 0 );
req.setOid( "1.3.6.1.4.1.1466.20037" );
req.setPayload( "SECURED".getBytes( "ISO-8859-1" ) );
message = req;
}
else if ( message == SslFilter.SESSION_UNSECURED )
{
InternalExtendedRequest req = new ExtendedRequestImpl( 0 );
req.setOid( "1.3.6.1.4.1.1466.20037" );
req.setPayload( "UNSECURED".getBytes( "ISO-8859-1" ) );
message = req;
}
if ( ( ( InternalRequest ) message ).getControls().size() > 0 && message instanceof InternalResultResponseRequest )
{
InternalResultResponseRequest req = ( InternalResultResponseRequest ) message;
for ( Control control : req.getControls().values() )
{
if ( control.isCritical() && ! ldapServer.getSupportedControls().contains( control.getOid() ) )
{
InternalResultResponse resp = req.getResultResponse();
resp.getLdapResult().setErrorMessage( "Unsupport critical control: " + control.getOid() );
resp.getLdapResult().setResultCode( ResultCodeEnum.UNAVAILABLE_CRITICAL_EXTENSION );
session.write( resp );
return;
}