001/*
002 * Copyright 2007-2022 Ping Identity Corporation
003 * All Rights Reserved.
004 */
005/*
006 * Copyright 2007-2022 Ping Identity Corporation
007 *
008 * Licensed under the Apache License, Version 2.0 (the "License");
009 * you may not use this file except in compliance with the License.
010 * You may obtain a copy of the License at
011 *
012 *    http://www.apache.org/licenses/LICENSE-2.0
013 *
014 * Unless required by applicable law or agreed to in writing, software
015 * distributed under the License is distributed on an "AS IS" BASIS,
016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
017 * See the License for the specific language governing permissions and
018 * limitations under the License.
019 */
020/*
021 * Copyright (C) 2007-2022 Ping Identity Corporation
022 *
023 * This program is free software; you can redistribute it and/or modify
024 * it under the terms of the GNU General Public License (GPLv2 only)
025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
026 * as published by the Free Software Foundation.
027 *
028 * This program is distributed in the hope that it will be useful,
029 * but WITHOUT ANY WARRANTY; without even the implied warranty of
030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
031 * GNU General Public License for more details.
032 *
033 * You should have received a copy of the GNU General Public License
034 * along with this program; if not, see <http://www.gnu.org/licenses>.
035 */
036package com.unboundid.ldap.sdk.controls;
037
038
039
040import com.unboundid.asn1.ASN1OctetString;
041import com.unboundid.ldap.sdk.Control;
042import com.unboundid.ldap.sdk.DecodeableControl;
043import com.unboundid.ldap.sdk.LDAPException;
044import com.unboundid.ldap.sdk.LDAPResult;
045import com.unboundid.ldap.sdk.ResultCode;
046import com.unboundid.util.Debug;
047import com.unboundid.util.NotMutable;
048import com.unboundid.util.NotNull;
049import com.unboundid.util.Nullable;
050import com.unboundid.util.ThreadSafety;
051import com.unboundid.util.ThreadSafetyLevel;
052
053import static com.unboundid.ldap.sdk.controls.ControlMessages.*;
054
055
056
057/**
058 * This class provides an implementation of the password expired control as
059 * described in draft-vchu-ldap-pwd-policy.  It may be included in the response
060 * for an unsuccessful bind operation to indicate that the reason for the
061 * failure is that the target user's password has expired and must be reset
062 * before the user will be allowed to authenticate.  Some servers may also
063 * include this control in a successful bind response to indicate that the
064 * authenticated user must change his or her password before being allowed to
065 * perform any other operation.
066 * <BR><BR>
067 * No request control is required to trigger the server to send the password
068 * expired response control.  If the server supports the use of this control and
069 * the corresponding bind operation meets the criteria for this control to be
070 * included in the response, then it will be returned to the client.
071 * <BR><BR>
072 * <H2>Example</H2>
073 * The following example demonstrates a process that may be used to perform a
074 * simple bind to authenticate against the server and handle any password
075 * expired or password expiring control that may be included in the response:
076 * <PRE>
077 * // Send a simple bind request to the directory server.
078 * BindRequest bindRequest =
079 *      new SimpleBindRequest("uid=test.user,ou=People,dc=example,dc=com",
080 *           "password");
081 * BindResult bindResult;
082 * boolean bindSuccessful;
083 * boolean passwordExpired;
084 * boolean passwordAboutToExpire;
085 * try
086 * {
087 *   bindResult = connection.bind(bindRequest);
088 *
089 *   // If we got here, the bind was successful and we know the password was
090 *   // not expired.  However, we shouldn't ignore the result because the
091 *   // password might be about to expire.  To determine whether that is the
092 *   // case, we should see if the bind result included a password expiring
093 *   // control.
094 *   bindSuccessful = true;
095 *   passwordExpired = false;
096 *
097 *   PasswordExpiringControl expiringControl =
098 *        PasswordExpiringControl.get(bindResult);
099 *   if (expiringControl != null)
100 *   {
101 *     passwordAboutToExpire = true;
102 *     int secondsToExpiration = expiringControl.getSecondsUntilExpiration();
103 *   }
104 *   else
105 *   {
106 *     passwordAboutToExpire = false;
107 *   }
108 * }
109 * catch (LDAPException le)
110 * {
111 *   // If we got here, then the bind failed.  The failure may or may not have
112 *   // been due to an expired password.  To determine that, we should see if
113 *   // the bind result included a password expired control.
114 *   bindSuccessful = false;
115 *   passwordAboutToExpire = false;
116 *   bindResult = new BindResult(le.toLDAPResult());
117 *   ResultCode resultCode = le.getResultCode();
118 *   String errorMessageFromServer = le.getDiagnosticMessage();
119 *
120 *   PasswordExpiredControl expiredControl =
121 *        PasswordExpiredControl.get(le);
122 *   if (expiredControl != null)
123 *   {
124 *     passwordExpired = true;
125 *   }
126 *   else
127 *   {
128 *     passwordExpired = false;
129 *   }
130 * }
131 * </PRE>
132 */
133@NotMutable()
134@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE)
135public final class PasswordExpiredControl
136       extends Control
137       implements DecodeableControl
138{
139  /**
140   * The OID (2.16.840.1.113730.3.4.4) for the password expired response
141   * control.
142   */
143  @NotNull public static final String PASSWORD_EXPIRED_OID =
144       "2.16.840.1.113730.3.4.4";
145
146
147
148  /**
149   * The serial version UID for this serializable class.
150   */
151  private static final long serialVersionUID = -2731704592689892224L;
152
153
154
155  /**
156   * Creates a new password expired control.
157   */
158  public PasswordExpiredControl()
159  {
160    super(PASSWORD_EXPIRED_OID, false, new ASN1OctetString("0"));
161  }
162
163
164
165  /**
166   * Creates a new password expired control with the provided information.
167   *
168   * @param  oid         The OID for the control.
169   * @param  isCritical  Indicates whether the control should be marked
170   *                     critical.
171   * @param  value       The encoded value for the control.  This may be
172   *                     {@code null} if no value was provided.
173   *
174   * @throws  LDAPException  If the provided control cannot be decoded as a
175   *                         password expired response control.
176   */
177  public PasswordExpiredControl(@NotNull final String oid,
178                                final boolean isCritical,
179                                @Nullable final ASN1OctetString value)
180         throws LDAPException
181  {
182    super(oid, isCritical, value);
183
184    if (value == null)
185    {
186      throw new LDAPException(ResultCode.DECODING_ERROR,
187                              ERR_PW_EXPIRED_NO_VALUE.get());
188    }
189
190    try
191    {
192      Integer.parseInt(value.stringValue());
193    }
194    catch (final NumberFormatException nfe)
195    {
196      Debug.debugException(nfe);
197      throw new LDAPException(ResultCode.DECODING_ERROR,
198                              ERR_PW_EXPIRED_VALUE_NOT_INTEGER.get(), nfe);
199    }
200  }
201
202
203
204  /**
205   * {@inheritDoc}
206   */
207  @Override()
208  @NotNull()
209  public PasswordExpiredControl decodeControl(
210              @NotNull final String oid, final boolean isCritical,
211              @Nullable final ASN1OctetString value)
212         throws LDAPException
213  {
214    return new PasswordExpiredControl(oid, isCritical, value);
215  }
216
217
218
219  /**
220   * Extracts a password expired control from the provided result.
221   *
222   * @param  result  The result from which to retrieve the password expired
223   *                 control.
224   *
225   * @return  The password expired control contained in the provided result, or
226   *          {@code null} if the result did not contain a password expired
227   *          control.
228   *
229   * @throws  LDAPException  If a problem is encountered while attempting to
230   *                         decode the password expired control contained in
231   *                         the provided result.
232   */
233  @Nullable()
234  public static PasswordExpiredControl get(@NotNull final LDAPResult result)
235         throws LDAPException
236  {
237    final Control c = result.getResponseControl(PASSWORD_EXPIRED_OID);
238    if (c == null)
239    {
240      return null;
241    }
242
243    if (c instanceof PasswordExpiredControl)
244    {
245      return (PasswordExpiredControl) c;
246    }
247    else
248    {
249      return new PasswordExpiredControl(c.getOID(), c.isCritical(),
250           c.getValue());
251    }
252  }
253
254
255
256  /**
257   * Extracts a password expired control from the provided exception.
258   *
259   * @param  exception  The exception from which to retrieve the password
260   *                    expired control.
261   *
262   * @return  The password expired control contained in the provided exception,
263   *          or {@code null} if the exception did not contain a password
264   *          expired control.
265   *
266   * @throws  LDAPException  If a problem is encountered while attempting to
267   *                         decode the password expired control contained in
268   *                         the provided exception.
269   */
270  @Nullable()
271  public static PasswordExpiredControl get(
272                     @NotNull final LDAPException exception)
273         throws LDAPException
274  {
275    return get(exception.toLDAPResult());
276  }
277
278
279
280  /**
281   * {@inheritDoc}
282   */
283  @Override()
284  @NotNull()
285  public String getControlName()
286  {
287    return INFO_CONTROL_NAME_PW_EXPIRED.get();
288  }
289
290
291
292  /**
293   * {@inheritDoc}
294   */
295  @Override()
296  public void toString(@NotNull final StringBuilder buffer)
297  {
298    buffer.append("PasswordExpiredControl(isCritical=");
299    buffer.append(isCritical());
300    buffer.append(')');
301  }
302}