001/*
002 * Copyright 2012-2020 Ping Identity Corporation
003 * All Rights Reserved.
004 */
005/*
006 * Copyright 2012-2020 Ping Identity Corporation
007 *
008 * Licensed under the Apache License, Version 2.0 (the "License");
009 * you may not use this file except in compliance with the License.
010 * You may obtain a copy of the License at
011 *
012 *    http://www.apache.org/licenses/LICENSE-2.0
013 *
014 * Unless required by applicable law or agreed to in writing, software
015 * distributed under the License is distributed on an "AS IS" BASIS,
016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
017 * See the License for the specific language governing permissions and
018 * limitations under the License.
019 */
020/*
021 * Copyright (C) 2015-2020 Ping Identity Corporation
022 *
023 * This program is free software; you can redistribute it and/or modify
024 * it under the terms of the GNU General Public License (GPLv2 only)
025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
026 * as published by the Free Software Foundation.
027 *
028 * This program is distributed in the hope that it will be useful,
029 * but WITHOUT ANY WARRANTY; without even the implied warranty of
030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
031 * GNU General Public License for more details.
032 *
033 * You should have received a copy of the GNU General Public License
034 * along with this program; if not, see <http://www.gnu.org/licenses>.
035 */
036package com.unboundid.ldap.sdk.unboundidds.extensions;
037
038
039
040import com.unboundid.asn1.ASN1Element;
041import com.unboundid.asn1.ASN1OctetString;
042import com.unboundid.asn1.ASN1Sequence;
043import com.unboundid.ldap.sdk.Control;
044import com.unboundid.ldap.sdk.ExtendedRequest;
045import com.unboundid.ldap.sdk.LDAPException;
046import com.unboundid.ldap.sdk.ResultCode;
047import com.unboundid.util.Debug;
048import com.unboundid.util.NotMutable;
049import com.unboundid.util.StaticUtils;
050import com.unboundid.util.ThreadSafety;
051import com.unboundid.util.ThreadSafetyLevel;
052import com.unboundid.util.Validator;
053
054import static com.unboundid.ldap.sdk.unboundidds.extensions.ExtOpMessages.*;
055
056
057
058/**
059 * This class provides an implementation of an extended request which may be
060 * used to validate a TOTP password for a user.  Note that this should not be
061 * used as an alternative to authentication because it does not perform password
062 * policy processing.  Rather, this extended operation should be used only to
063 * obtain additional assurance about the identity of a user that has already
064 * been authenticated through some other means.
065 * <BR>
066 * <BLOCKQUOTE>
067 *   <B>NOTE:</B>  This class, and other classes within the
068 *   {@code com.unboundid.ldap.sdk.unboundidds} package structure, are only
069 *   supported for use against Ping Identity, UnboundID, and
070 *   Nokia/Alcatel-Lucent 8661 server products.  These classes provide support
071 *   for proprietary functionality or for external specifications that are not
072 *   considered stable or mature enough to be guaranteed to work in an
073 *   interoperable way with other types of LDAP servers.
074 * </BLOCKQUOTE>
075 * <BR>
076 * The extended request has an OID of 1.3.6.1.4.1.30221.2.6.15 and a value with
077 * the following encoding:
078 * <PRE>
079 *   ValidateTOTPPasswordRequest ::= SEQUENCE {
080 *        userDN           [0] LDAPDN,
081 *        totpPassword     [1] OCTET STRING,
082 *        ... }
083 * </PRE>
084 */
085@NotMutable()
086@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE)
087public final class ValidateTOTPPasswordExtendedRequest
088       extends ExtendedRequest
089{
090  /**
091   * The OID (1.3.6.1.4.1.30221.2.6.15) for the validate TOTP password extended
092   * request.
093   */
094  public static final String VALIDATE_TOTP_PASSWORD_REQUEST_OID =
095       "1.3.6.1.4.1.30221.2.6.15";
096
097
098
099  /**
100   * The BER type for the user DN value element.
101   */
102  private static final byte TYPE_USER_DN = (byte) 0x80;
103
104
105
106  /**
107   * The BER type for the TOTP password value element.
108   */
109  private static final byte TYPE_TOTP_PASSWORD = (byte) 0x81;
110
111
112
113  /**
114   * The serial version UID for this serializable class.
115   */
116  private static final long serialVersionUID = -4610279612454559569L;
117
118
119
120  // The DN of the user for whom to validate the TOTP password.
121  private final String userDN;
122
123  // The TOTP password to validate.
124  private final String totpPassword;
125
126
127
128  /**
129   * Creates a new validate TOTP password extended request with the provided
130   * information.
131   *
132   * @param  userDN        The DN of the user for whom to validate the TOTP
133   *                       password.
134   * @param  totpPassword  The TOTP password to validate.
135   * @param  controls      The set of controls to include in the request.
136   */
137  public ValidateTOTPPasswordExtendedRequest(final String userDN,
138                                             final String totpPassword,
139                                             final Control... controls)
140  {
141    super(VALIDATE_TOTP_PASSWORD_REQUEST_OID,
142         encodeValue(userDN, totpPassword), controls);
143
144    Validator.ensureNotNull(userDN);
145    Validator.ensureNotNull(totpPassword);
146
147    this.userDN       = userDN;
148    this.totpPassword = totpPassword;
149  }
150
151
152
153  /**
154   * Creates a new validate TOTP password extended request from the provided
155   * generic extended request.
156   *
157   * @param  extendedRequest  The generic extended request to parse as a
158   *                          validate TOTP extended request.
159   *
160   * @throws  LDAPException  If a problem is encountered while attempting to
161   *                         parse the provided extended request.
162   */
163  public ValidateTOTPPasswordExtendedRequest(
164              final ExtendedRequest extendedRequest)
165         throws LDAPException
166  {
167    super(extendedRequest);
168
169    final ASN1OctetString value = extendedRequest.getValue();
170    if (value == null)
171    {
172      throw new LDAPException(ResultCode.DECODING_ERROR,
173           ERR_VALIDATE_TOTP_REQUEST_MISSING_VALUE.get());
174    }
175
176    try
177    {
178      final ASN1Element[] elements =
179           ASN1Sequence.decodeAsSequence(value.getValue()).elements();
180      userDN = ASN1OctetString.decodeAsOctetString(elements[0]).stringValue();
181      totpPassword =
182           ASN1OctetString.decodeAsOctetString(elements[1]).stringValue();
183    }
184    catch (final Exception e)
185    {
186      Debug.debugException(e);
187      throw new LDAPException(ResultCode.DECODING_ERROR,
188           ERR_VALIDATE_TOTP_REQUEST_MALFORMED_VALUE.get(
189                StaticUtils.getExceptionMessage(e)),
190           e);
191    }
192  }
193
194
195
196  /**
197   * Encodes the provided information into a value suitable for use as the value
198   * for this extended request.
199   *
200   * @param  userDN        The DN of the user for whom to validate the TOTP
201   *                       password.
202   * @param  totpPassword  The TOTP password to validate.
203   *
204   * @return  The ASN.1 octet string containing the encoded value.
205   */
206  private static ASN1OctetString encodeValue(final String userDN,
207                                             final String totpPassword)
208  {
209    return new ASN1OctetString(new ASN1Sequence(
210         new ASN1OctetString(TYPE_USER_DN, userDN),
211         new ASN1OctetString(TYPE_TOTP_PASSWORD, totpPassword)).encode());
212  }
213
214
215
216  /**
217   * Retrieves the DN of the user for whom to validate the TOTP password.
218   *
219   * @return  The DN of the user for whom to validate the TOTP password.
220   */
221  public String getUserDN()
222  {
223    return userDN;
224  }
225
226
227
228  /**
229   * Retrieves the TOTP password to validate.
230   *
231   * @return  The TOTP password to validate.
232   */
233  public String getTOTPPassword()
234  {
235    return totpPassword;
236  }
237
238
239
240  /**
241   * {@inheritDoc}
242   */
243  @Override()
244  public ValidateTOTPPasswordExtendedRequest duplicate()
245  {
246    return duplicate(getControls());
247  }
248
249
250
251  /**
252   * {@inheritDoc}
253   */
254  @Override()
255  public ValidateTOTPPasswordExtendedRequest duplicate(
256              final Control[] controls)
257  {
258    final ValidateTOTPPasswordExtendedRequest r =
259         new ValidateTOTPPasswordExtendedRequest(userDN, totpPassword,
260              controls);
261    r.setResponseTimeoutMillis(getResponseTimeoutMillis(null));
262    return r;
263  }
264
265
266
267  /**
268   * {@inheritDoc}
269   */
270  @Override()
271  public String getExtendedRequestName()
272  {
273    return INFO_EXTENDED_REQUEST_NAME_VALIDATE_TOTP.get();
274  }
275
276
277
278  /**
279   * {@inheritDoc}
280   */
281  @Override()
282  public void toString(final StringBuilder buffer)
283  {
284    buffer.append("ValidateTOTPPasswordExtendedRequest(userDN='");
285    buffer.append(userDN);
286    buffer.append('\'');
287
288    final Control[] controls = getControls();
289    if (controls.length > 0)
290    {
291      buffer.append(", controls={");
292      for (int i=0; i < controls.length; i++)
293      {
294        if (i > 0)
295        {
296          buffer.append(", ");
297        }
298
299        buffer.append(controls[i]);
300      }
301      buffer.append('}');
302    }
303
304    buffer.append(')');
305  }
306}