001/*
002 * Copyright 2007-2020 Ping Identity Corporation
003 * All Rights Reserved.
004 */
005/*
006 * Copyright 2007-2020 Ping Identity Corporation
007 *
008 * Licensed under the Apache License, Version 2.0 (the "License");
009 * you may not use this file except in compliance with the License.
010 * You may obtain a copy of the License at
011 *
012 *    http://www.apache.org/licenses/LICENSE-2.0
013 *
014 * Unless required by applicable law or agreed to in writing, software
015 * distributed under the License is distributed on an "AS IS" BASIS,
016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
017 * See the License for the specific language governing permissions and
018 * limitations under the License.
019 */
020/*
021 * Copyright (C) 2008-2020 Ping Identity Corporation
022 *
023 * This program is free software; you can redistribute it and/or modify
024 * it under the terms of the GNU General Public License (GPLv2 only)
025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
026 * as published by the Free Software Foundation.
027 *
028 * This program is distributed in the hope that it will be useful,
029 * but WITHOUT ANY WARRANTY; without even the implied warranty of
030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
031 * GNU General Public License for more details.
032 *
033 * You should have received a copy of the GNU General Public License
034 * along with this program; if not, see <http://www.gnu.org/licenses>.
035 */
036package com.unboundid.ldap.sdk.controls;
037
038
039
040import com.unboundid.asn1.ASN1OctetString;
041import com.unboundid.ldap.sdk.Control;
042import com.unboundid.ldap.sdk.DecodeableControl;
043import com.unboundid.ldap.sdk.LDAPException;
044import com.unboundid.ldap.sdk.LDAPResult;
045import com.unboundid.ldap.sdk.ResultCode;
046import com.unboundid.util.Debug;
047import com.unboundid.util.NotMutable;
048import com.unboundid.util.ThreadSafety;
049import com.unboundid.util.ThreadSafetyLevel;
050
051import static com.unboundid.ldap.sdk.controls.ControlMessages.*;
052
053
054
055/**
056 * This class provides an implementation of the password expired control as
057 * described in draft-vchu-ldap-pwd-policy.  It may be included in the response
058 * for an unsuccessful bind operation to indicate that the reason for the
059 * failure is that the target user's password has expired and must be reset
060 * before the user will be allowed to authenticate.  Some servers may also
061 * include this control in a successful bind response to indicate that the
062 * authenticated user must change his or her password before being allowed to
063 * perform any other operation.
064 * <BR><BR>
065 * No request control is required to trigger the server to send the password
066 * expired response control.  If the server supports the use of this control and
067 * the corresponding bind operation meets the criteria for this control to be
068 * included in the response, then it will be returned to the client.
069 * <BR><BR>
070 * <H2>Example</H2>
071 * The following example demonstrates a process that may be used to perform a
072 * simple bind to authenticate against the server and handle any password
073 * expired or password expiring control that may be included in the response:
074 * <PRE>
075 * // Send a simple bind request to the directory server.
076 * BindRequest bindRequest =
077 *      new SimpleBindRequest("uid=test.user,ou=People,dc=example,dc=com",
078 *           "password");
079 * BindResult bindResult;
080 * boolean bindSuccessful;
081 * boolean passwordExpired;
082 * boolean passwordAboutToExpire;
083 * try
084 * {
085 *   bindResult = connection.bind(bindRequest);
086 *
087 *   // If we got here, the bind was successful and we know the password was
088 *   // not expired.  However, we shouldn't ignore the result because the
089 *   // password might be about to expire.  To determine whether that is the
090 *   // case, we should see if the bind result included a password expiring
091 *   // control.
092 *   bindSuccessful = true;
093 *   passwordExpired = false;
094 *
095 *   PasswordExpiringControl expiringControl =
096 *        PasswordExpiringControl.get(bindResult);
097 *   if (expiringControl != null)
098 *   {
099 *     passwordAboutToExpire = true;
100 *     int secondsToExpiration = expiringControl.getSecondsUntilExpiration();
101 *   }
102 *   else
103 *   {
104 *     passwordAboutToExpire = false;
105 *   }
106 * }
107 * catch (LDAPException le)
108 * {
109 *   // If we got here, then the bind failed.  The failure may or may not have
110 *   // been due to an expired password.  To determine that, we should see if
111 *   // the bind result included a password expired control.
112 *   bindSuccessful = false;
113 *   passwordAboutToExpire = false;
114 *   bindResult = new BindResult(le.toLDAPResult());
115 *   ResultCode resultCode = le.getResultCode();
116 *   String errorMessageFromServer = le.getDiagnosticMessage();
117 *
118 *   PasswordExpiredControl expiredControl =
119 *        PasswordExpiredControl.get(le);
120 *   if (expiredControl != null)
121 *   {
122 *     passwordExpired = true;
123 *   }
124 *   else
125 *   {
126 *     passwordExpired = false;
127 *   }
128 * }
129 * </PRE>
130 */
131@NotMutable()
132@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE)
133public final class PasswordExpiredControl
134       extends Control
135       implements DecodeableControl
136{
137  /**
138   * The OID (2.16.840.1.113730.3.4.4) for the password expired response
139   * control.
140   */
141  public static final String PASSWORD_EXPIRED_OID = "2.16.840.1.113730.3.4.4";
142
143
144
145  /**
146   * The serial version UID for this serializable class.
147   */
148  private static final long serialVersionUID = -2731704592689892224L;
149
150
151
152  /**
153   * Creates a new password expired control.
154   */
155  public PasswordExpiredControl()
156  {
157    super(PASSWORD_EXPIRED_OID, false, new ASN1OctetString("0"));
158  }
159
160
161
162  /**
163   * Creates a new password expired control with the provided information.
164   *
165   * @param  oid         The OID for the control.
166   * @param  isCritical  Indicates whether the control should be marked
167   *                     critical.
168   * @param  value       The encoded value for the control.  This may be
169   *                     {@code null} if no value was provided.
170   *
171   * @throws  LDAPException  If the provided control cannot be decoded as a
172   *                         password expired response control.
173   */
174  public PasswordExpiredControl(final String oid, final boolean isCritical,
175                                final ASN1OctetString value)
176         throws LDAPException
177  {
178    super(oid, isCritical, value);
179
180    if (value == null)
181    {
182      throw new LDAPException(ResultCode.DECODING_ERROR,
183                              ERR_PW_EXPIRED_NO_VALUE.get());
184    }
185
186    try
187    {
188      Integer.parseInt(value.stringValue());
189    }
190    catch (final NumberFormatException nfe)
191    {
192      Debug.debugException(nfe);
193      throw new LDAPException(ResultCode.DECODING_ERROR,
194                              ERR_PW_EXPIRED_VALUE_NOT_INTEGER.get(), nfe);
195    }
196  }
197
198
199
200  /**
201   * {@inheritDoc}
202   */
203  @Override()
204  public PasswordExpiredControl
205              decodeControl(final String oid, final boolean isCritical,
206                            final ASN1OctetString value)
207         throws LDAPException
208  {
209    return new PasswordExpiredControl(oid, isCritical, value);
210  }
211
212
213
214  /**
215   * Extracts a password expired control from the provided result.
216   *
217   * @param  result  The result from which to retrieve the password expired
218   *                 control.
219   *
220   * @return  The password expired control contained in the provided result, or
221   *          {@code null} if the result did not contain a password expired
222   *          control.
223   *
224   * @throws  LDAPException  If a problem is encountered while attempting to
225   *                         decode the password expired control contained in
226   *                         the provided result.
227   */
228  public static PasswordExpiredControl get(final LDAPResult result)
229         throws LDAPException
230  {
231    final Control c = result.getResponseControl(PASSWORD_EXPIRED_OID);
232    if (c == null)
233    {
234      return null;
235    }
236
237    if (c instanceof PasswordExpiredControl)
238    {
239      return (PasswordExpiredControl) c;
240    }
241    else
242    {
243      return new PasswordExpiredControl(c.getOID(), c.isCritical(),
244           c.getValue());
245    }
246  }
247
248
249
250  /**
251   * Extracts a password expired control from the provided exception.
252   *
253   * @param  exception  The exception from which to retrieve the password
254   *                    expired control.
255   *
256   * @return  The password expired control contained in the provided exception,
257   *          or {@code null} if the exception did not contain a password
258   *          expired control.
259   *
260   * @throws  LDAPException  If a problem is encountered while attempting to
261   *                         decode the password expired control contained in
262   *                         the provided exception.
263   */
264  public static PasswordExpiredControl get(final LDAPException exception)
265         throws LDAPException
266  {
267    return get(exception.toLDAPResult());
268  }
269
270
271
272  /**
273   * {@inheritDoc}
274   */
275  @Override()
276  public String getControlName()
277  {
278    return INFO_CONTROL_NAME_PW_EXPIRED.get();
279  }
280
281
282
283  /**
284   * {@inheritDoc}
285   */
286  @Override()
287  public void toString(final StringBuilder buffer)
288  {
289    buffer.append("PasswordExpiredControl(isCritical=");
290    buffer.append(isCritical());
291    buffer.append(')');
292  }
293}