001/*
002 * Copyright 2012-2022 Ping Identity Corporation
003 * All Rights Reserved.
004 */
005/*
006 * Copyright 2012-2022 Ping Identity Corporation
007 *
008 * Licensed under the Apache License, Version 2.0 (the "License");
009 * you may not use this file except in compliance with the License.
010 * You may obtain a copy of the License at
011 *
012 *    http://www.apache.org/licenses/LICENSE-2.0
013 *
014 * Unless required by applicable law or agreed to in writing, software
015 * distributed under the License is distributed on an "AS IS" BASIS,
016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
017 * See the License for the specific language governing permissions and
018 * limitations under the License.
019 */
020/*
021 * Copyright (C) 2012-2022 Ping Identity Corporation
022 *
023 * This program is free software; you can redistribute it and/or modify
024 * it under the terms of the GNU General Public License (GPLv2 only)
025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
026 * as published by the Free Software Foundation.
027 *
028 * This program is distributed in the hope that it will be useful,
029 * but WITHOUT ANY WARRANTY; without even the implied warranty of
030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
031 * GNU General Public License for more details.
032 *
033 * You should have received a copy of the GNU General Public License
034 * along with this program; if not, see <http://www.gnu.org/licenses>.
035 */
036package com.unboundid.ldap.sdk.unboundidds.extensions;
037
038
039
040import com.unboundid.asn1.ASN1Element;
041import com.unboundid.asn1.ASN1OctetString;
042import com.unboundid.asn1.ASN1Sequence;
043import com.unboundid.ldap.sdk.Control;
044import com.unboundid.ldap.sdk.ExtendedRequest;
045import com.unboundid.ldap.sdk.LDAPException;
046import com.unboundid.ldap.sdk.ResultCode;
047import com.unboundid.util.Debug;
048import com.unboundid.util.NotMutable;
049import com.unboundid.util.NotNull;
050import com.unboundid.util.Nullable;
051import com.unboundid.util.StaticUtils;
052import com.unboundid.util.ThreadSafety;
053import com.unboundid.util.ThreadSafetyLevel;
054import com.unboundid.util.Validator;
055
056import static com.unboundid.ldap.sdk.unboundidds.extensions.ExtOpMessages.*;
057
058
059
060/**
061 * This class provides an implementation of an extended request which may be
062 * used to validate a TOTP password for a user.  Note that this should not be
063 * used as an alternative to authentication because it does not perform password
064 * policy processing.  Rather, this extended operation should be used only to
065 * obtain additional assurance about the identity of a user that has already
066 * been authenticated through some other means.
067 * <BR>
068 * <BLOCKQUOTE>
069 *   <B>NOTE:</B>  This class, and other classes within the
070 *   {@code com.unboundid.ldap.sdk.unboundidds} package structure, are only
071 *   supported for use against Ping Identity, UnboundID, and
072 *   Nokia/Alcatel-Lucent 8661 server products.  These classes provide support
073 *   for proprietary functionality or for external specifications that are not
074 *   considered stable or mature enough to be guaranteed to work in an
075 *   interoperable way with other types of LDAP servers.
076 * </BLOCKQUOTE>
077 * <BR>
078 * The extended request has an OID of 1.3.6.1.4.1.30221.2.6.15 and a value with
079 * the following encoding:
080 * <PRE>
081 *   ValidateTOTPPasswordRequest ::= SEQUENCE {
082 *        userDN           [0] LDAPDN,
083 *        totpPassword     [1] OCTET STRING,
084 *        ... }
085 * </PRE>
086 */
087@NotMutable()
088@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE)
089public final class ValidateTOTPPasswordExtendedRequest
090       extends ExtendedRequest
091{
092  /**
093   * The OID (1.3.6.1.4.1.30221.2.6.15) for the validate TOTP password extended
094   * request.
095   */
096  @NotNull public static final String VALIDATE_TOTP_PASSWORD_REQUEST_OID =
097       "1.3.6.1.4.1.30221.2.6.15";
098
099
100
101  /**
102   * The BER type for the user DN value element.
103   */
104  private static final byte TYPE_USER_DN = (byte) 0x80;
105
106
107
108  /**
109   * The BER type for the TOTP password value element.
110   */
111  private static final byte TYPE_TOTP_PASSWORD = (byte) 0x81;
112
113
114
115  /**
116   * The serial version UID for this serializable class.
117   */
118  private static final long serialVersionUID = -4610279612454559569L;
119
120
121
122  // The DN of the user for whom to validate the TOTP password.
123  @NotNull private final String userDN;
124
125  // The TOTP password to validate.
126  @NotNull private final String totpPassword;
127
128
129
130  /**
131   * Creates a new validate TOTP password extended request with the provided
132   * information.
133   *
134   * @param  userDN        The DN of the user for whom to validate the TOTP
135   *                       password.
136   * @param  totpPassword  The TOTP password to validate.
137   * @param  controls      The set of controls to include in the request.
138   */
139  public ValidateTOTPPasswordExtendedRequest(
140              @NotNull final String userDN,
141              @NotNull final String totpPassword,
142              @Nullable final Control... controls)
143  {
144    super(VALIDATE_TOTP_PASSWORD_REQUEST_OID,
145         encodeValue(userDN, totpPassword), controls);
146
147    Validator.ensureNotNull(userDN);
148    Validator.ensureNotNull(totpPassword);
149
150    this.userDN       = userDN;
151    this.totpPassword = totpPassword;
152  }
153
154
155
156  /**
157   * Creates a new validate TOTP password extended request from the provided
158   * generic extended request.
159   *
160   * @param  extendedRequest  The generic extended request to parse as a
161   *                          validate TOTP extended request.
162   *
163   * @throws  LDAPException  If a problem is encountered while attempting to
164   *                         parse the provided extended request.
165   */
166  public ValidateTOTPPasswordExtendedRequest(
167              @NotNull final ExtendedRequest extendedRequest)
168         throws LDAPException
169  {
170    super(extendedRequest);
171
172    final ASN1OctetString value = extendedRequest.getValue();
173    if (value == null)
174    {
175      throw new LDAPException(ResultCode.DECODING_ERROR,
176           ERR_VALIDATE_TOTP_REQUEST_MISSING_VALUE.get());
177    }
178
179    try
180    {
181      final ASN1Element[] elements =
182           ASN1Sequence.decodeAsSequence(value.getValue()).elements();
183      userDN = ASN1OctetString.decodeAsOctetString(elements[0]).stringValue();
184      totpPassword =
185           ASN1OctetString.decodeAsOctetString(elements[1]).stringValue();
186    }
187    catch (final Exception e)
188    {
189      Debug.debugException(e);
190      throw new LDAPException(ResultCode.DECODING_ERROR,
191           ERR_VALIDATE_TOTP_REQUEST_MALFORMED_VALUE.get(
192                StaticUtils.getExceptionMessage(e)),
193           e);
194    }
195  }
196
197
198
199  /**
200   * Encodes the provided information into a value suitable for use as the value
201   * for this extended request.
202   *
203   * @param  userDN        The DN of the user for whom to validate the TOTP
204   *                       password.
205   * @param  totpPassword  The TOTP password to validate.
206   *
207   * @return  The ASN.1 octet string containing the encoded value.
208   */
209  @NotNull()
210  private static ASN1OctetString encodeValue(
211                      @NotNull final String userDN,
212                      @NotNull final String totpPassword)
213  {
214    return new ASN1OctetString(new ASN1Sequence(
215         new ASN1OctetString(TYPE_USER_DN, userDN),
216         new ASN1OctetString(TYPE_TOTP_PASSWORD, totpPassword)).encode());
217  }
218
219
220
221  /**
222   * Retrieves the DN of the user for whom to validate the TOTP password.
223   *
224   * @return  The DN of the user for whom to validate the TOTP password.
225   */
226  @NotNull()
227  public String getUserDN()
228  {
229    return userDN;
230  }
231
232
233
234  /**
235   * Retrieves the TOTP password to validate.
236   *
237   * @return  The TOTP password to validate.
238   */
239  @NotNull()
240  public String getTOTPPassword()
241  {
242    return totpPassword;
243  }
244
245
246
247  /**
248   * {@inheritDoc}
249   */
250  @Override()
251  @NotNull()
252  public ValidateTOTPPasswordExtendedRequest duplicate()
253  {
254    return duplicate(getControls());
255  }
256
257
258
259  /**
260   * {@inheritDoc}
261   */
262  @Override()
263  @NotNull()
264  public ValidateTOTPPasswordExtendedRequest duplicate(
265              @Nullable final Control[] controls)
266  {
267    final ValidateTOTPPasswordExtendedRequest r =
268         new ValidateTOTPPasswordExtendedRequest(userDN, totpPassword,
269              controls);
270    r.setResponseTimeoutMillis(getResponseTimeoutMillis(null));
271    return r;
272  }
273
274
275
276  /**
277   * {@inheritDoc}
278   */
279  @Override()
280  @NotNull()
281  public String getExtendedRequestName()
282  {
283    return INFO_EXTENDED_REQUEST_NAME_VALIDATE_TOTP.get();
284  }
285
286
287
288  /**
289   * {@inheritDoc}
290   */
291  @Override()
292  public void toString(@NotNull final StringBuilder buffer)
293  {
294    buffer.append("ValidateTOTPPasswordExtendedRequest(userDN='");
295    buffer.append(userDN);
296    buffer.append('\'');
297
298    final Control[] controls = getControls();
299    if (controls.length > 0)
300    {
301      buffer.append(", controls={");
302      for (int i=0; i < controls.length; i++)
303      {
304        if (i > 0)
305        {
306          buffer.append(", ");
307        }
308
309        buffer.append(controls[i]);
310      }
311      buffer.append('}');
312    }
313
314    buffer.append(')');
315  }
316}