Currently, when we decode an extended operation for which we know about (ie, it's registred in the LdapApiService instance), and if the RequestValue part is required, we have no way to enforce it to be present, which means the decoding will succeed, even if the resulting extended operation is invalid.
This is due to the fact that the extended operation grammar makes the value optionnal :
(works for a request or a response), while for a specific implementation, like the CancelRequest, defined in RFC 3909, the grammar is :
and it's clearly not optional.
It boils down to be able to detect the extended operation type (given by the request name, if present), and then check if the request value is present or not. It's a semantic check, while the decoding just take care of the syntax, which makes it impossible to detect such a missing value.
There is a solution for PDU which ends with no controls, as we can tell the grammar that there is some expected value, which will fail if the PDU ends, but if we have controls, then the grammar will keep going as some more data is present (we just have to change the isGrammarEndAllowed to false to make that works when no control is present, but obviously that does not work when we have some controls).
ATM, I have no solution to this problem. What would be required is to set a flag when we meet the ExtendedOperation tag (ie 0x77 or 0x78) and check this flag when we have fully decoded a PDU, but this flag has a semantic meaning, which would break the decoder as a generic ASN.1 decoder. One solution would be to have the container check itself when we reach the PDU_DECODED state in the Asn1Decoder loop...