001/* 002 * Copyright 2007-2022 Ping Identity Corporation 003 * All Rights Reserved. 004 */ 005/* 006 * Copyright 2007-2022 Ping Identity Corporation 007 * 008 * Licensed under the Apache License, Version 2.0 (the "License"); 009 * you may not use this file except in compliance with the License. 010 * You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, software 015 * distributed under the License is distributed on an "AS IS" BASIS, 016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 017 * See the License for the specific language governing permissions and 018 * limitations under the License. 019 */ 020/* 021 * Copyright (C) 2007-2022 Ping Identity Corporation 022 * 023 * This program is free software; you can redistribute it and/or modify 024 * it under the terms of the GNU General Public License (GPLv2 only) 025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only) 026 * as published by the Free Software Foundation. 027 * 028 * This program is distributed in the hope that it will be useful, 029 * but WITHOUT ANY WARRANTY; without even the implied warranty of 030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 031 * GNU General Public License for more details. 032 * 033 * You should have received a copy of the GNU General Public License 034 * along with this program; if not, see <http://www.gnu.org/licenses>. 035 */ 036package com.unboundid.ldap.sdk.controls; 037 038 039 040import com.unboundid.asn1.ASN1OctetString; 041import com.unboundid.ldap.sdk.Control; 042import com.unboundid.ldap.sdk.DecodeableControl; 043import com.unboundid.ldap.sdk.LDAPException; 044import com.unboundid.ldap.sdk.LDAPResult; 045import com.unboundid.ldap.sdk.ResultCode; 046import com.unboundid.util.Debug; 047import com.unboundid.util.NotMutable; 048import com.unboundid.util.NotNull; 049import com.unboundid.util.Nullable; 050import com.unboundid.util.ThreadSafety; 051import com.unboundid.util.ThreadSafetyLevel; 052 053import static com.unboundid.ldap.sdk.controls.ControlMessages.*; 054 055 056 057/** 058 * This class provides an implementation of the password expired control as 059 * described in draft-vchu-ldap-pwd-policy. It may be included in the response 060 * for an unsuccessful bind operation to indicate that the reason for the 061 * failure is that the target user's password has expired and must be reset 062 * before the user will be allowed to authenticate. Some servers may also 063 * include this control in a successful bind response to indicate that the 064 * authenticated user must change his or her password before being allowed to 065 * perform any other operation. 066 * <BR><BR> 067 * No request control is required to trigger the server to send the password 068 * expired response control. If the server supports the use of this control and 069 * the corresponding bind operation meets the criteria for this control to be 070 * included in the response, then it will be returned to the client. 071 * <BR><BR> 072 * <H2>Example</H2> 073 * The following example demonstrates a process that may be used to perform a 074 * simple bind to authenticate against the server and handle any password 075 * expired or password expiring control that may be included in the response: 076 * <PRE> 077 * // Send a simple bind request to the directory server. 078 * BindRequest bindRequest = 079 * new SimpleBindRequest("uid=test.user,ou=People,dc=example,dc=com", 080 * "password"); 081 * BindResult bindResult; 082 * boolean bindSuccessful; 083 * boolean passwordExpired; 084 * boolean passwordAboutToExpire; 085 * try 086 * { 087 * bindResult = connection.bind(bindRequest); 088 * 089 * // If we got here, the bind was successful and we know the password was 090 * // not expired. However, we shouldn't ignore the result because the 091 * // password might be about to expire. To determine whether that is the 092 * // case, we should see if the bind result included a password expiring 093 * // control. 094 * bindSuccessful = true; 095 * passwordExpired = false; 096 * 097 * PasswordExpiringControl expiringControl = 098 * PasswordExpiringControl.get(bindResult); 099 * if (expiringControl != null) 100 * { 101 * passwordAboutToExpire = true; 102 * int secondsToExpiration = expiringControl.getSecondsUntilExpiration(); 103 * } 104 * else 105 * { 106 * passwordAboutToExpire = false; 107 * } 108 * } 109 * catch (LDAPException le) 110 * { 111 * // If we got here, then the bind failed. The failure may or may not have 112 * // been due to an expired password. To determine that, we should see if 113 * // the bind result included a password expired control. 114 * bindSuccessful = false; 115 * passwordAboutToExpire = false; 116 * bindResult = new BindResult(le.toLDAPResult()); 117 * ResultCode resultCode = le.getResultCode(); 118 * String errorMessageFromServer = le.getDiagnosticMessage(); 119 * 120 * PasswordExpiredControl expiredControl = 121 * PasswordExpiredControl.get(le); 122 * if (expiredControl != null) 123 * { 124 * passwordExpired = true; 125 * } 126 * else 127 * { 128 * passwordExpired = false; 129 * } 130 * } 131 * </PRE> 132 */ 133@NotMutable() 134@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE) 135public final class PasswordExpiredControl 136 extends Control 137 implements DecodeableControl 138{ 139 /** 140 * The OID (2.16.840.1.113730.3.4.4) for the password expired response 141 * control. 142 */ 143 @NotNull public static final String PASSWORD_EXPIRED_OID = 144 "2.16.840.1.113730.3.4.4"; 145 146 147 148 /** 149 * The serial version UID for this serializable class. 150 */ 151 private static final long serialVersionUID = -2731704592689892224L; 152 153 154 155 /** 156 * Creates a new password expired control. 157 */ 158 public PasswordExpiredControl() 159 { 160 super(PASSWORD_EXPIRED_OID, false, new ASN1OctetString("0")); 161 } 162 163 164 165 /** 166 * Creates a new password expired control with the provided information. 167 * 168 * @param oid The OID for the control. 169 * @param isCritical Indicates whether the control should be marked 170 * critical. 171 * @param value The encoded value for the control. This may be 172 * {@code null} if no value was provided. 173 * 174 * @throws LDAPException If the provided control cannot be decoded as a 175 * password expired response control. 176 */ 177 public PasswordExpiredControl(@NotNull final String oid, 178 final boolean isCritical, 179 @Nullable final ASN1OctetString value) 180 throws LDAPException 181 { 182 super(oid, isCritical, value); 183 184 if (value == null) 185 { 186 throw new LDAPException(ResultCode.DECODING_ERROR, 187 ERR_PW_EXPIRED_NO_VALUE.get()); 188 } 189 190 try 191 { 192 Integer.parseInt(value.stringValue()); 193 } 194 catch (final NumberFormatException nfe) 195 { 196 Debug.debugException(nfe); 197 throw new LDAPException(ResultCode.DECODING_ERROR, 198 ERR_PW_EXPIRED_VALUE_NOT_INTEGER.get(), nfe); 199 } 200 } 201 202 203 204 /** 205 * {@inheritDoc} 206 */ 207 @Override() 208 @NotNull() 209 public PasswordExpiredControl decodeControl( 210 @NotNull final String oid, final boolean isCritical, 211 @Nullable final ASN1OctetString value) 212 throws LDAPException 213 { 214 return new PasswordExpiredControl(oid, isCritical, value); 215 } 216 217 218 219 /** 220 * Extracts a password expired control from the provided result. 221 * 222 * @param result The result from which to retrieve the password expired 223 * control. 224 * 225 * @return The password expired control contained in the provided result, or 226 * {@code null} if the result did not contain a password expired 227 * control. 228 * 229 * @throws LDAPException If a problem is encountered while attempting to 230 * decode the password expired control contained in 231 * the provided result. 232 */ 233 @Nullable() 234 public static PasswordExpiredControl get(@NotNull final LDAPResult result) 235 throws LDAPException 236 { 237 final Control c = result.getResponseControl(PASSWORD_EXPIRED_OID); 238 if (c == null) 239 { 240 return null; 241 } 242 243 if (c instanceof PasswordExpiredControl) 244 { 245 return (PasswordExpiredControl) c; 246 } 247 else 248 { 249 return new PasswordExpiredControl(c.getOID(), c.isCritical(), 250 c.getValue()); 251 } 252 } 253 254 255 256 /** 257 * Extracts a password expired control from the provided exception. 258 * 259 * @param exception The exception from which to retrieve the password 260 * expired control. 261 * 262 * @return The password expired control contained in the provided exception, 263 * or {@code null} if the exception did not contain a password 264 * expired control. 265 * 266 * @throws LDAPException If a problem is encountered while attempting to 267 * decode the password expired control contained in 268 * the provided exception. 269 */ 270 @Nullable() 271 public static PasswordExpiredControl get( 272 @NotNull final LDAPException exception) 273 throws LDAPException 274 { 275 return get(exception.toLDAPResult()); 276 } 277 278 279 280 /** 281 * {@inheritDoc} 282 */ 283 @Override() 284 @NotNull() 285 public String getControlName() 286 { 287 return INFO_CONTROL_NAME_PW_EXPIRED.get(); 288 } 289 290 291 292 /** 293 * {@inheritDoc} 294 */ 295 @Override() 296 public void toString(@NotNull final StringBuilder buffer) 297 { 298 buffer.append("PasswordExpiredControl(isCritical="); 299 buffer.append(isCritical()); 300 buffer.append(')'); 301 } 302}