001/* 002 * Copyright 2012-2020 Ping Identity Corporation 003 * All Rights Reserved. 004 */ 005/* 006 * Copyright 2012-2020 Ping Identity Corporation 007 * 008 * Licensed under the Apache License, Version 2.0 (the "License"); 009 * you may not use this file except in compliance with the License. 010 * You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, software 015 * distributed under the License is distributed on an "AS IS" BASIS, 016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 017 * See the License for the specific language governing permissions and 018 * limitations under the License. 019 */ 020/* 021 * Copyright (C) 2015-2020 Ping Identity Corporation 022 * 023 * This program is free software; you can redistribute it and/or modify 024 * it under the terms of the GNU General Public License (GPLv2 only) 025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only) 026 * as published by the Free Software Foundation. 027 * 028 * This program is distributed in the hope that it will be useful, 029 * but WITHOUT ANY WARRANTY; without even the implied warranty of 030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 031 * GNU General Public License for more details. 032 * 033 * You should have received a copy of the GNU General Public License 034 * along with this program; if not, see <http://www.gnu.org/licenses>. 035 */ 036package com.unboundid.ldap.sdk.unboundidds.extensions; 037 038 039 040import com.unboundid.asn1.ASN1Element; 041import com.unboundid.asn1.ASN1OctetString; 042import com.unboundid.asn1.ASN1Sequence; 043import com.unboundid.ldap.sdk.Control; 044import com.unboundid.ldap.sdk.ExtendedRequest; 045import com.unboundid.ldap.sdk.LDAPException; 046import com.unboundid.ldap.sdk.ResultCode; 047import com.unboundid.util.Debug; 048import com.unboundid.util.NotMutable; 049import com.unboundid.util.StaticUtils; 050import com.unboundid.util.ThreadSafety; 051import com.unboundid.util.ThreadSafetyLevel; 052import com.unboundid.util.Validator; 053 054import static com.unboundid.ldap.sdk.unboundidds.extensions.ExtOpMessages.*; 055 056 057 058/** 059 * This class provides an implementation of an extended request which may be 060 * used to validate a TOTP password for a user. Note that this should not be 061 * used as an alternative to authentication because it does not perform password 062 * policy processing. Rather, this extended operation should be used only to 063 * obtain additional assurance about the identity of a user that has already 064 * been authenticated through some other means. 065 * <BR> 066 * <BLOCKQUOTE> 067 * <B>NOTE:</B> This class, and other classes within the 068 * {@code com.unboundid.ldap.sdk.unboundidds} package structure, are only 069 * supported for use against Ping Identity, UnboundID, and 070 * Nokia/Alcatel-Lucent 8661 server products. These classes provide support 071 * for proprietary functionality or for external specifications that are not 072 * considered stable or mature enough to be guaranteed to work in an 073 * interoperable way with other types of LDAP servers. 074 * </BLOCKQUOTE> 075 * <BR> 076 * The extended request has an OID of 1.3.6.1.4.1.30221.2.6.15 and a value with 077 * the following encoding: 078 * <PRE> 079 * ValidateTOTPPasswordRequest ::= SEQUENCE { 080 * userDN [0] LDAPDN, 081 * totpPassword [1] OCTET STRING, 082 * ... } 083 * </PRE> 084 */ 085@NotMutable() 086@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE) 087public final class ValidateTOTPPasswordExtendedRequest 088 extends ExtendedRequest 089{ 090 /** 091 * The OID (1.3.6.1.4.1.30221.2.6.15) for the validate TOTP password extended 092 * request. 093 */ 094 public static final String VALIDATE_TOTP_PASSWORD_REQUEST_OID = 095 "1.3.6.1.4.1.30221.2.6.15"; 096 097 098 099 /** 100 * The BER type for the user DN value element. 101 */ 102 private static final byte TYPE_USER_DN = (byte) 0x80; 103 104 105 106 /** 107 * The BER type for the TOTP password value element. 108 */ 109 private static final byte TYPE_TOTP_PASSWORD = (byte) 0x81; 110 111 112 113 /** 114 * The serial version UID for this serializable class. 115 */ 116 private static final long serialVersionUID = -4610279612454559569L; 117 118 119 120 // The DN of the user for whom to validate the TOTP password. 121 private final String userDN; 122 123 // The TOTP password to validate. 124 private final String totpPassword; 125 126 127 128 /** 129 * Creates a new validate TOTP password extended request with the provided 130 * information. 131 * 132 * @param userDN The DN of the user for whom to validate the TOTP 133 * password. 134 * @param totpPassword The TOTP password to validate. 135 * @param controls The set of controls to include in the request. 136 */ 137 public ValidateTOTPPasswordExtendedRequest(final String userDN, 138 final String totpPassword, 139 final Control... controls) 140 { 141 super(VALIDATE_TOTP_PASSWORD_REQUEST_OID, 142 encodeValue(userDN, totpPassword), controls); 143 144 Validator.ensureNotNull(userDN); 145 Validator.ensureNotNull(totpPassword); 146 147 this.userDN = userDN; 148 this.totpPassword = totpPassword; 149 } 150 151 152 153 /** 154 * Creates a new validate TOTP password extended request from the provided 155 * generic extended request. 156 * 157 * @param extendedRequest The generic extended request to parse as a 158 * validate TOTP extended request. 159 * 160 * @throws LDAPException If a problem is encountered while attempting to 161 * parse the provided extended request. 162 */ 163 public ValidateTOTPPasswordExtendedRequest( 164 final ExtendedRequest extendedRequest) 165 throws LDAPException 166 { 167 super(extendedRequest); 168 169 final ASN1OctetString value = extendedRequest.getValue(); 170 if (value == null) 171 { 172 throw new LDAPException(ResultCode.DECODING_ERROR, 173 ERR_VALIDATE_TOTP_REQUEST_MISSING_VALUE.get()); 174 } 175 176 try 177 { 178 final ASN1Element[] elements = 179 ASN1Sequence.decodeAsSequence(value.getValue()).elements(); 180 userDN = ASN1OctetString.decodeAsOctetString(elements[0]).stringValue(); 181 totpPassword = 182 ASN1OctetString.decodeAsOctetString(elements[1]).stringValue(); 183 } 184 catch (final Exception e) 185 { 186 Debug.debugException(e); 187 throw new LDAPException(ResultCode.DECODING_ERROR, 188 ERR_VALIDATE_TOTP_REQUEST_MALFORMED_VALUE.get( 189 StaticUtils.getExceptionMessage(e)), 190 e); 191 } 192 } 193 194 195 196 /** 197 * Encodes the provided information into a value suitable for use as the value 198 * for this extended request. 199 * 200 * @param userDN The DN of the user for whom to validate the TOTP 201 * password. 202 * @param totpPassword The TOTP password to validate. 203 * 204 * @return The ASN.1 octet string containing the encoded value. 205 */ 206 private static ASN1OctetString encodeValue(final String userDN, 207 final String totpPassword) 208 { 209 return new ASN1OctetString(new ASN1Sequence( 210 new ASN1OctetString(TYPE_USER_DN, userDN), 211 new ASN1OctetString(TYPE_TOTP_PASSWORD, totpPassword)).encode()); 212 } 213 214 215 216 /** 217 * Retrieves the DN of the user for whom to validate the TOTP password. 218 * 219 * @return The DN of the user for whom to validate the TOTP password. 220 */ 221 public String getUserDN() 222 { 223 return userDN; 224 } 225 226 227 228 /** 229 * Retrieves the TOTP password to validate. 230 * 231 * @return The TOTP password to validate. 232 */ 233 public String getTOTPPassword() 234 { 235 return totpPassword; 236 } 237 238 239 240 /** 241 * {@inheritDoc} 242 */ 243 @Override() 244 public ValidateTOTPPasswordExtendedRequest duplicate() 245 { 246 return duplicate(getControls()); 247 } 248 249 250 251 /** 252 * {@inheritDoc} 253 */ 254 @Override() 255 public ValidateTOTPPasswordExtendedRequest duplicate( 256 final Control[] controls) 257 { 258 final ValidateTOTPPasswordExtendedRequest r = 259 new ValidateTOTPPasswordExtendedRequest(userDN, totpPassword, 260 controls); 261 r.setResponseTimeoutMillis(getResponseTimeoutMillis(null)); 262 return r; 263 } 264 265 266 267 /** 268 * {@inheritDoc} 269 */ 270 @Override() 271 public String getExtendedRequestName() 272 { 273 return INFO_EXTENDED_REQUEST_NAME_VALIDATE_TOTP.get(); 274 } 275 276 277 278 /** 279 * {@inheritDoc} 280 */ 281 @Override() 282 public void toString(final StringBuilder buffer) 283 { 284 buffer.append("ValidateTOTPPasswordExtendedRequest(userDN='"); 285 buffer.append(userDN); 286 buffer.append('\''); 287 288 final Control[] controls = getControls(); 289 if (controls.length > 0) 290 { 291 buffer.append(", controls={"); 292 for (int i=0; i < controls.length; i++) 293 { 294 if (i > 0) 295 { 296 buffer.append(", "); 297 } 298 299 buffer.append(controls[i]); 300 } 301 buffer.append('}'); 302 } 303 304 buffer.append(')'); 305 } 306}