use of org.forgerock.opendj.ldap.controls.PasswordPolicyErrorType in project OpenAM by OpenRock.
the class LDAPAuthUtils method checkControls.
/**
* checks for an LDAP v3 server whether the control has returned
* if a password has expired or password is expiring and password
* policy is enabled on the server.
*
* @return The PasswordPolicyResult or null if there were no controls
*/
private PasswordPolicyResult checkControls(List<Control> controls) {
PasswordPolicyResult result = null;
if ((controls != null) && (!controls.isEmpty())) {
for (Control control : controls) {
if (control instanceof PasswordExpiredResponseControl) {
if (result == null) {
result = new PasswordPolicyResult(PasswordPolicyErrorType.PASSWORD_EXPIRED);
} else {
result.setPasswordPolicyErrorType(PasswordPolicyErrorType.PASSWORD_EXPIRED);
}
}
if (control instanceof PasswordPolicyResponseControl) {
PasswordPolicyErrorType policyErrorType = ((PasswordPolicyResponseControl) control).getErrorType();
if (policyErrorType != null) {
switch(policyErrorType) {
case ACCOUNT_LOCKED:
if (result == null) {
result = new PasswordPolicyResult(PasswordPolicyErrorType.ACCOUNT_LOCKED);
} else {
result.setPasswordPolicyErrorType(PasswordPolicyErrorType.ACCOUNT_LOCKED);
}
break;
case CHANGE_AFTER_RESET:
if (result == null) {
result = new PasswordPolicyResult(PasswordPolicyErrorType.CHANGE_AFTER_RESET);
} else {
result.setPasswordPolicyErrorType(PasswordPolicyErrorType.CHANGE_AFTER_RESET);
}
break;
case INSUFFICIENT_PASSWORD_QUALITY:
if (result == null) {
result = new PasswordPolicyResult(PasswordPolicyErrorType.INSUFFICIENT_PASSWORD_QUALITY);
} else {
result.setPasswordPolicyErrorType(PasswordPolicyErrorType.INSUFFICIENT_PASSWORD_QUALITY);
}
break;
case MUST_SUPPLY_OLD_PASSWORD:
if (result == null) {
result = new PasswordPolicyResult(PasswordPolicyErrorType.MUST_SUPPLY_OLD_PASSWORD);
} else {
result.setPasswordPolicyErrorType(PasswordPolicyErrorType.MUST_SUPPLY_OLD_PASSWORD);
}
break;
case PASSWORD_EXPIRED:
if (result == null) {
result = new PasswordPolicyResult(PasswordPolicyErrorType.PASSWORD_EXPIRED);
} else {
result.setPasswordPolicyErrorType(PasswordPolicyErrorType.PASSWORD_EXPIRED);
}
break;
case PASSWORD_IN_HISTORY:
if (result == null) {
result = new PasswordPolicyResult(PasswordPolicyErrorType.PASSWORD_IN_HISTORY);
} else {
result.setPasswordPolicyErrorType(PasswordPolicyErrorType.PASSWORD_IN_HISTORY);
}
break;
case PASSWORD_MOD_NOT_ALLOWED:
if (result == null) {
result = new PasswordPolicyResult(PasswordPolicyErrorType.PASSWORD_MOD_NOT_ALLOWED);
} else {
result.setPasswordPolicyErrorType(PasswordPolicyErrorType.PASSWORD_MOD_NOT_ALLOWED);
}
break;
case PASSWORD_TOO_SHORT:
if (result == null) {
result = new PasswordPolicyResult(PasswordPolicyErrorType.PASSWORD_TOO_SHORT);
} else {
result.setPasswordPolicyErrorType(PasswordPolicyErrorType.PASSWORD_TOO_SHORT);
}
break;
case PASSWORD_TOO_YOUNG:
if (result == null) {
result = new PasswordPolicyResult(PasswordPolicyErrorType.PASSWORD_TOO_YOUNG);
} else {
result.setPasswordPolicyErrorType(PasswordPolicyErrorType.PASSWORD_TOO_YOUNG);
}
break;
}
}
PasswordPolicyWarningType policyWarningType = ((PasswordPolicyResponseControl) control).getWarningType();
if (policyWarningType != null) {
switch(policyWarningType) {
case GRACE_LOGINS_REMAINING:
if (result == null) {
result = new PasswordPolicyResult(PasswordPolicyWarningType.GRACE_LOGINS_REMAINING, ((PasswordPolicyResponseControl) control).getWarningValue());
} else {
result.setPasswordPolicyWarningType(PasswordPolicyWarningType.GRACE_LOGINS_REMAINING, ((PasswordPolicyResponseControl) control).getWarningValue());
}
break;
case TIME_BEFORE_EXPIRATION:
if (result == null) {
result = new PasswordPolicyResult(PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION, ((PasswordPolicyResponseControl) control).getWarningValue());
} else {
result.setPasswordPolicyWarningType(PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION, ((PasswordPolicyResponseControl) control).getWarningValue());
}
break;
}
}
}
if (control instanceof PasswordExpiringResponseControl) {
PasswordExpiringResponseControl expiringControl = (PasswordExpiringResponseControl) control;
if (control.hasValue()) {
if (result == null) {
result = new PasswordPolicyResult(PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION, expiringControl.getSecondsUntilExpiration());
} else {
result.setPasswordPolicyWarningType(PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION, expiringControl.getSecondsUntilExpiration());
}
} else {
if (result == null) {
result = new PasswordPolicyResult(PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION, NO_EXPIRY_TIME);
} else {
result.setPasswordPolicyWarningType(PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION, NO_EXPIRY_TIME);
}
}
}
}
}
return result;
}
Aggregations