001/* 002 * Copyright 2007-2020 Ping Identity Corporation 003 * All Rights Reserved. 004 */ 005/* 006 * Copyright 2007-2020 Ping Identity Corporation 007 * 008 * Licensed under the Apache License, Version 2.0 (the "License"); 009 * you may not use this file except in compliance with the License. 010 * You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, software 015 * distributed under the License is distributed on an "AS IS" BASIS, 016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 017 * See the License for the specific language governing permissions and 018 * limitations under the License. 019 */ 020/* 021 * Copyright (C) 2008-2020 Ping Identity Corporation 022 * 023 * This program is free software; you can redistribute it and/or modify 024 * it under the terms of the GNU General Public License (GPLv2 only) 025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only) 026 * as published by the Free Software Foundation. 027 * 028 * This program is distributed in the hope that it will be useful, 029 * but WITHOUT ANY WARRANTY; without even the implied warranty of 030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 031 * GNU General Public License for more details. 032 * 033 * You should have received a copy of the GNU General Public License 034 * along with this program; if not, see <http://www.gnu.org/licenses>. 035 */ 036package com.unboundid.ldap.sdk.controls; 037 038 039 040import com.unboundid.asn1.ASN1OctetString; 041import com.unboundid.ldap.sdk.Control; 042import com.unboundid.ldap.sdk.DecodeableControl; 043import com.unboundid.ldap.sdk.LDAPException; 044import com.unboundid.ldap.sdk.LDAPResult; 045import com.unboundid.ldap.sdk.ResultCode; 046import com.unboundid.util.Debug; 047import com.unboundid.util.NotMutable; 048import com.unboundid.util.ThreadSafety; 049import com.unboundid.util.ThreadSafetyLevel; 050 051import static com.unboundid.ldap.sdk.controls.ControlMessages.*; 052 053 054 055/** 056 * This class provides an implementation of the password expired control as 057 * described in draft-vchu-ldap-pwd-policy. It may be included in the response 058 * for an unsuccessful bind operation to indicate that the reason for the 059 * failure is that the target user's password has expired and must be reset 060 * before the user will be allowed to authenticate. Some servers may also 061 * include this control in a successful bind response to indicate that the 062 * authenticated user must change his or her password before being allowed to 063 * perform any other operation. 064 * <BR><BR> 065 * No request control is required to trigger the server to send the password 066 * expired response control. If the server supports the use of this control and 067 * the corresponding bind operation meets the criteria for this control to be 068 * included in the response, then it will be returned to the client. 069 * <BR><BR> 070 * <H2>Example</H2> 071 * The following example demonstrates a process that may be used to perform a 072 * simple bind to authenticate against the server and handle any password 073 * expired or password expiring control that may be included in the response: 074 * <PRE> 075 * // Send a simple bind request to the directory server. 076 * BindRequest bindRequest = 077 * new SimpleBindRequest("uid=test.user,ou=People,dc=example,dc=com", 078 * "password"); 079 * BindResult bindResult; 080 * boolean bindSuccessful; 081 * boolean passwordExpired; 082 * boolean passwordAboutToExpire; 083 * try 084 * { 085 * bindResult = connection.bind(bindRequest); 086 * 087 * // If we got here, the bind was successful and we know the password was 088 * // not expired. However, we shouldn't ignore the result because the 089 * // password might be about to expire. To determine whether that is the 090 * // case, we should see if the bind result included a password expiring 091 * // control. 092 * bindSuccessful = true; 093 * passwordExpired = false; 094 * 095 * PasswordExpiringControl expiringControl = 096 * PasswordExpiringControl.get(bindResult); 097 * if (expiringControl != null) 098 * { 099 * passwordAboutToExpire = true; 100 * int secondsToExpiration = expiringControl.getSecondsUntilExpiration(); 101 * } 102 * else 103 * { 104 * passwordAboutToExpire = false; 105 * } 106 * } 107 * catch (LDAPException le) 108 * { 109 * // If we got here, then the bind failed. The failure may or may not have 110 * // been due to an expired password. To determine that, we should see if 111 * // the bind result included a password expired control. 112 * bindSuccessful = false; 113 * passwordAboutToExpire = false; 114 * bindResult = new BindResult(le.toLDAPResult()); 115 * ResultCode resultCode = le.getResultCode(); 116 * String errorMessageFromServer = le.getDiagnosticMessage(); 117 * 118 * PasswordExpiredControl expiredControl = 119 * PasswordExpiredControl.get(le); 120 * if (expiredControl != null) 121 * { 122 * passwordExpired = true; 123 * } 124 * else 125 * { 126 * passwordExpired = false; 127 * } 128 * } 129 * </PRE> 130 */ 131@NotMutable() 132@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE) 133public final class PasswordExpiredControl 134 extends Control 135 implements DecodeableControl 136{ 137 /** 138 * The OID (2.16.840.1.113730.3.4.4) for the password expired response 139 * control. 140 */ 141 public static final String PASSWORD_EXPIRED_OID = "2.16.840.1.113730.3.4.4"; 142 143 144 145 /** 146 * The serial version UID for this serializable class. 147 */ 148 private static final long serialVersionUID = -2731704592689892224L; 149 150 151 152 /** 153 * Creates a new password expired control. 154 */ 155 public PasswordExpiredControl() 156 { 157 super(PASSWORD_EXPIRED_OID, false, new ASN1OctetString("0")); 158 } 159 160 161 162 /** 163 * Creates a new password expired control with the provided information. 164 * 165 * @param oid The OID for the control. 166 * @param isCritical Indicates whether the control should be marked 167 * critical. 168 * @param value The encoded value for the control. This may be 169 * {@code null} if no value was provided. 170 * 171 * @throws LDAPException If the provided control cannot be decoded as a 172 * password expired response control. 173 */ 174 public PasswordExpiredControl(final String oid, final boolean isCritical, 175 final ASN1OctetString value) 176 throws LDAPException 177 { 178 super(oid, isCritical, value); 179 180 if (value == null) 181 { 182 throw new LDAPException(ResultCode.DECODING_ERROR, 183 ERR_PW_EXPIRED_NO_VALUE.get()); 184 } 185 186 try 187 { 188 Integer.parseInt(value.stringValue()); 189 } 190 catch (final NumberFormatException nfe) 191 { 192 Debug.debugException(nfe); 193 throw new LDAPException(ResultCode.DECODING_ERROR, 194 ERR_PW_EXPIRED_VALUE_NOT_INTEGER.get(), nfe); 195 } 196 } 197 198 199 200 /** 201 * {@inheritDoc} 202 */ 203 @Override() 204 public PasswordExpiredControl 205 decodeControl(final String oid, final boolean isCritical, 206 final ASN1OctetString value) 207 throws LDAPException 208 { 209 return new PasswordExpiredControl(oid, isCritical, value); 210 } 211 212 213 214 /** 215 * Extracts a password expired control from the provided result. 216 * 217 * @param result The result from which to retrieve the password expired 218 * control. 219 * 220 * @return The password expired control contained in the provided result, or 221 * {@code null} if the result did not contain a password expired 222 * control. 223 * 224 * @throws LDAPException If a problem is encountered while attempting to 225 * decode the password expired control contained in 226 * the provided result. 227 */ 228 public static PasswordExpiredControl get(final LDAPResult result) 229 throws LDAPException 230 { 231 final Control c = result.getResponseControl(PASSWORD_EXPIRED_OID); 232 if (c == null) 233 { 234 return null; 235 } 236 237 if (c instanceof PasswordExpiredControl) 238 { 239 return (PasswordExpiredControl) c; 240 } 241 else 242 { 243 return new PasswordExpiredControl(c.getOID(), c.isCritical(), 244 c.getValue()); 245 } 246 } 247 248 249 250 /** 251 * Extracts a password expired control from the provided exception. 252 * 253 * @param exception The exception from which to retrieve the password 254 * expired control. 255 * 256 * @return The password expired control contained in the provided exception, 257 * or {@code null} if the exception did not contain a password 258 * expired control. 259 * 260 * @throws LDAPException If a problem is encountered while attempting to 261 * decode the password expired control contained in 262 * the provided exception. 263 */ 264 public static PasswordExpiredControl get(final LDAPException exception) 265 throws LDAPException 266 { 267 return get(exception.toLDAPResult()); 268 } 269 270 271 272 /** 273 * {@inheritDoc} 274 */ 275 @Override() 276 public String getControlName() 277 { 278 return INFO_CONTROL_NAME_PW_EXPIRED.get(); 279 } 280 281 282 283 /** 284 * {@inheritDoc} 285 */ 286 @Override() 287 public void toString(final StringBuilder buffer) 288 { 289 buffer.append("PasswordExpiredControl(isCritical="); 290 buffer.append(isCritical()); 291 buffer.append(')'); 292 } 293}