Class UnboundIDTOTPBindRequest
- java.lang.Object
-
- com.unboundid.ldap.sdk.LDAPRequest
-
- com.unboundid.ldap.sdk.BindRequest
-
- com.unboundid.ldap.sdk.SASLBindRequest
-
- com.unboundid.ldap.sdk.unboundidds.UnboundIDTOTPBindRequest
-
- All Implemented Interfaces:
ReadOnlyLDAPRequest
,java.io.Serializable
- Direct Known Subclasses:
ReusableTOTPBindRequest
,SingleUseTOTPBindRequest
@NotExtensible @ThreadSafety(level=NOT_THREADSAFE) public abstract class UnboundIDTOTPBindRequest extends SASLBindRequest
This class provides support for an UnboundID-proprietary SASL mechanism that uses the time-based one-time password mechanism (TOTP) as described in RFC 6238, optionally (based on the server configuration) in conjunction with a static password for a form of multifactor authentication.
NOTE: This class, and other classes within the
com.unboundid.ldap.sdk.unboundidds
package structure, are only supported for use against Ping Identity, UnboundID, and Nokia/Alcatel-Lucent 8661 server products. These classes provide support for proprietary functionality or for external specifications that are not considered stable or mature enough to be guaranteed to work in an interoperable way with other types of LDAP servers.
The name for this SASL mechanism is "UNBOUNDID-TOTP". An UNBOUNDID-TOTP SASL bind request MUST include SASL credentials with the following ASN.1 encoding:
UnboundIDTOTPCredentials ::= SEQUENCE { authenticationID [0] OCTET STRING, authorizationID [1] OCTET STRING OPTIONAL, totpPassword [2] OCTET STRING, staticPassword [3] OCTET STRING OPTIONAL }
Note that this class is abstract, with two different concrete implementations: theSingleUseTOTPBindRequest
class may be used for cases in which the one-time password will be obtained from an external source (e.g., provided by the user, perhaps using the Google Authenticator application), and theReusableTOTPBindRequest
class may be used for cases in which the one-time password should be generated by the LDAP SDK itself. Because theSingleUseTOTPBindRequest
class contains a point-in-time password, it cannot be used for re-authentication (e.g., for use with a connection pool, following referrals, or with the auto-reconnect feature). If TOTP authentication should be used in contexts where one or more of these may be needed, then the dynamic variant should be used.- See Also:
- Serialized Form
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
UNBOUNDID_TOTP_MECHANISM_NAME
The name for the UnboundID TOTP SASL mechanism.-
Fields inherited from class com.unboundid.ldap.sdk.SASLBindRequest
CRED_TYPE_SASL
-
Fields inherited from class com.unboundid.ldap.sdk.BindRequest
VERSION_ELEMENT
-
-
Constructor Summary
Constructors Modifier Constructor Description protected
UnboundIDTOTPBindRequest(java.lang.String authenticationID, java.lang.String authorizationID, byte[] staticPassword, Control... controls)
Creates a new TOTP bind request with the provided information.protected
UnboundIDTOTPBindRequest(java.lang.String authenticationID, java.lang.String authorizationID, ASN1OctetString staticPassword, Control... controls)
Creates a new TOTP bind request with the provided information.protected
UnboundIDTOTPBindRequest(java.lang.String authenticationID, java.lang.String authorizationID, java.lang.String staticPassword, Control... controls)
Creates a new TOTP bind request with the provided information.
-
Method Summary
All Methods Static Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description static ASN1OctetString
encodeCredentials(java.lang.String authenticationID, java.lang.String authorizationID, java.lang.String totpPassword, ASN1OctetString staticPassword)
Encodes the provided information in a form suitable for inclusion in an UNBOUNDID-TOTP SASL bind request.java.lang.String
getAuthenticationID()
Retrieves the authentication ID for the bind request.java.lang.String
getAuthorizationID()
Retrieves the authorization ID for the bind request, if one was provided.int
getLastMessageID()
Retrieves the message ID for the last LDAP message sent using this request.protected abstract ASN1OctetString
getSASLCredentials()
Retrieves the encoded SASL credentials that may be included in an UNBOUNDID-TOTP SASL bind request.java.lang.String
getSASLMechanismName()
Retrieves the name of the SASL mechanism used in this SASL bind request.ASN1OctetString
getStaticPassword()
Retrieves the static password for the bind request, if one was provided.protected BindResult
process(LDAPConnection connection, int depth)
Sends this bind request to the target server over the provided connection and returns the corresponding response.void
toString(java.lang.StringBuilder buffer)
Appends a string representation of this request to the provided buffer.-
Methods inherited from class com.unboundid.ldap.sdk.SASLBindRequest
getBindType, responseReceived, sendBindRequest, sendMessage, toCode
-
Methods inherited from class com.unboundid.ldap.sdk.BindRequest
duplicate, duplicate, getOperationType, getRebindRequest
-
Methods inherited from class com.unboundid.ldap.sdk.LDAPRequest
followReferrals, getControl, getControlList, getControls, getIntermediateResponseListener, getReferralConnector, getResponseTimeoutMillis, hasControl, hasControl, setFollowReferrals, setIntermediateResponseListener, setReferralConnector, setResponseTimeoutMillis, toString
-
-
-
-
Field Detail
-
UNBOUNDID_TOTP_MECHANISM_NAME
public static final java.lang.String UNBOUNDID_TOTP_MECHANISM_NAME
The name for the UnboundID TOTP SASL mechanism.- See Also:
- Constant Field Values
-
-
Constructor Detail
-
UnboundIDTOTPBindRequest
protected UnboundIDTOTPBindRequest(java.lang.String authenticationID, java.lang.String authorizationID, java.lang.String staticPassword, Control... controls)
Creates a new TOTP bind request with the provided information.- Parameters:
authenticationID
- The authentication identity for the bind request. It must not benull
, and must be in the form "u:" followed by a username, or "dn:" followed by a DN.authorizationID
- The authorization identity for the bind request. It may benull
if the authorization identity should be the same as the authentication identity. If an authorization identity is specified, it must be in the form "u:" followed by a username, or "dn:" followed by a DN. The value "dn:" may indicate an authorization identity of the anonymous user.staticPassword
- The static password for the target user. It may benull
if only the one-time password is to be used for authentication (which may or may not be allowed by the server).controls
- The set of controls to include in the bind request.
-
UnboundIDTOTPBindRequest
protected UnboundIDTOTPBindRequest(java.lang.String authenticationID, java.lang.String authorizationID, byte[] staticPassword, Control... controls)
Creates a new TOTP bind request with the provided information.- Parameters:
authenticationID
- The authentication identity for the bind request. It must not benull
, and must be in the form "u:" followed by a username, or "dn:" followed by a DN.authorizationID
- The authorization identity for the bind request. It may benull
if the authorization identity should be the same as the authentication identity. If an authorization identity is specified, it must be in the form "u:" followed by a username, or "dn:" followed by a DN. The value "dn:" may indicate an authorization identity of the anonymous user.staticPassword
- The static password for the target user. It may benull
if only the one-time password is to be used for authentication (which may or may not be allowed by the server).controls
- The set of controls to include in the bind request.
-
UnboundIDTOTPBindRequest
protected UnboundIDTOTPBindRequest(java.lang.String authenticationID, java.lang.String authorizationID, ASN1OctetString staticPassword, Control... controls)
Creates a new TOTP bind request with the provided information.- Parameters:
authenticationID
- The authentication identity for the bind request. It must not benull
, and must be in the form "u:" followed by a username, or "dn:" followed by a DN.authorizationID
- The authorization identity for the bind request. It may benull
if the authorization identity should be the same as the authentication identity. If an authorization identity is specified, it must be in the form "u:" followed by a username, or "dn:" followed by a DN. The value "dn:" may indicate an authorization identity of the anonymous user.staticPassword
- The static password for the target user. It may benull
if only the one-time password is to be used for authentication (which may or may not be allowed by the server). If it is non-null
, then it must have the appropriate BER type.controls
- The set of controls to include in the bind request.
-
-
Method Detail
-
getAuthenticationID
public final java.lang.String getAuthenticationID()
Retrieves the authentication ID for the bind request.- Returns:
- The authentication ID for the bind request.
-
getAuthorizationID
public final java.lang.String getAuthorizationID()
Retrieves the authorization ID for the bind request, if one was provided.- Returns:
- The authorization ID for the bind request, or
null
if the authorization ID should be the same as the authentication ID.
-
getStaticPassword
public final ASN1OctetString getStaticPassword()
Retrieves the static password for the bind request, if one was provided.- Returns:
- The static password for the bind request, or
null
if no static password was provided and only the one-time password should be used for authentication.
-
getSASLMechanismName
public final java.lang.String getSASLMechanismName()
Retrieves the name of the SASL mechanism used in this SASL bind request.- Specified by:
getSASLMechanismName
in classSASLBindRequest
- Returns:
- The name of the SASL mechanism used in this SASL bind request.
-
process
protected final BindResult process(LDAPConnection connection, int depth) throws LDAPException
Sends this bind request to the target server over the provided connection and returns the corresponding response.- Specified by:
process
in classBindRequest
- Parameters:
connection
- The connection to use to send this bind request to the server and read the associated response.depth
- The current referral depth for this request. It should always be one for the initial request, and should only be incremented when following referrals.- Returns:
- The bind response read from the server.
- Throws:
LDAPException
- If a problem occurs while sending the request or reading the response.
-
getSASLCredentials
protected abstract ASN1OctetString getSASLCredentials() throws LDAPException
Retrieves the encoded SASL credentials that may be included in an UNBOUNDID-TOTP SASL bind request.- Returns:
- The encoded SASL credentials that may be included in an UNBOUNDID-TOTP SASL bind request.
- Throws:
LDAPException
- If a problem is encountered while attempting to obtain the encoded credentials.
-
encodeCredentials
public static ASN1OctetString encodeCredentials(java.lang.String authenticationID, java.lang.String authorizationID, java.lang.String totpPassword, ASN1OctetString staticPassword)
Encodes the provided information in a form suitable for inclusion in an UNBOUNDID-TOTP SASL bind request.- Parameters:
authenticationID
- The authentication identity for the bind request. It must not benull
, and must be in the form "u:" followed by a username, or "dn:" followed by a DN.authorizationID
- The authorization identity for the bind request. It may benull
if the authorization identity should be the same as the authentication identity. If an authorization identity is specified, it must be in the form "u:" followed by a username, or "dn:" followed by a DN. The value "dn:" may indicate an authorization identity of the anonymous user.totpPassword
- The TOTP password to include in the bind request. It must not benull
.staticPassword
- The static password for the target user. It may benull
if only the one-time password is to be used for authentication (which may or may not be allowed by the server).- Returns:
- The encoded SASL credentials.
-
getLastMessageID
public final int getLastMessageID()
Retrieves the message ID for the last LDAP message sent using this request.- Overrides:
getLastMessageID
in classSASLBindRequest
- Returns:
- The message ID for the last LDAP message sent using this request, or -1 if it no LDAP messages have yet been sent using this request.
-
toString
public final void toString(java.lang.StringBuilder buffer)
Appends a string representation of this request to the provided buffer.- Specified by:
toString
in interfaceReadOnlyLDAPRequest
- Specified by:
toString
in classLDAPRequest
- Parameters:
buffer
- The buffer to which to append a string representation of this request.
-
-