Search in sources :

Example 1 with PasswordPolicyWarningType

use of org.forgerock.opendj.ldap.controls.PasswordPolicyWarningType in project OpenAM by OpenRock.

the class LDAPAuthUtils method checkControls.

/**
     * checks for  an LDAP v3 server whether the control has returned
     * if a password has expired or password is expiring and password
     * policy is enabled on the server.
     *
     * @return The PasswordPolicyResult or null if there were no controls
     */
private PasswordPolicyResult checkControls(List<Control> controls) {
    PasswordPolicyResult result = null;
    if ((controls != null) && (!controls.isEmpty())) {
        for (Control control : controls) {
            if (control instanceof PasswordExpiredResponseControl) {
                if (result == null) {
                    result = new PasswordPolicyResult(PasswordPolicyErrorType.PASSWORD_EXPIRED);
                } else {
                    result.setPasswordPolicyErrorType(PasswordPolicyErrorType.PASSWORD_EXPIRED);
                }
            }
            if (control instanceof PasswordPolicyResponseControl) {
                PasswordPolicyErrorType policyErrorType = ((PasswordPolicyResponseControl) control).getErrorType();
                if (policyErrorType != null) {
                    switch(policyErrorType) {
                        case ACCOUNT_LOCKED:
                            if (result == null) {
                                result = new PasswordPolicyResult(PasswordPolicyErrorType.ACCOUNT_LOCKED);
                            } else {
                                result.setPasswordPolicyErrorType(PasswordPolicyErrorType.ACCOUNT_LOCKED);
                            }
                            break;
                        case CHANGE_AFTER_RESET:
                            if (result == null) {
                                result = new PasswordPolicyResult(PasswordPolicyErrorType.CHANGE_AFTER_RESET);
                            } else {
                                result.setPasswordPolicyErrorType(PasswordPolicyErrorType.CHANGE_AFTER_RESET);
                            }
                            break;
                        case INSUFFICIENT_PASSWORD_QUALITY:
                            if (result == null) {
                                result = new PasswordPolicyResult(PasswordPolicyErrorType.INSUFFICIENT_PASSWORD_QUALITY);
                            } else {
                                result.setPasswordPolicyErrorType(PasswordPolicyErrorType.INSUFFICIENT_PASSWORD_QUALITY);
                            }
                            break;
                        case MUST_SUPPLY_OLD_PASSWORD:
                            if (result == null) {
                                result = new PasswordPolicyResult(PasswordPolicyErrorType.MUST_SUPPLY_OLD_PASSWORD);
                            } else {
                                result.setPasswordPolicyErrorType(PasswordPolicyErrorType.MUST_SUPPLY_OLD_PASSWORD);
                            }
                            break;
                        case PASSWORD_EXPIRED:
                            if (result == null) {
                                result = new PasswordPolicyResult(PasswordPolicyErrorType.PASSWORD_EXPIRED);
                            } else {
                                result.setPasswordPolicyErrorType(PasswordPolicyErrorType.PASSWORD_EXPIRED);
                            }
                            break;
                        case PASSWORD_IN_HISTORY:
                            if (result == null) {
                                result = new PasswordPolicyResult(PasswordPolicyErrorType.PASSWORD_IN_HISTORY);
                            } else {
                                result.setPasswordPolicyErrorType(PasswordPolicyErrorType.PASSWORD_IN_HISTORY);
                            }
                            break;
                        case PASSWORD_MOD_NOT_ALLOWED:
                            if (result == null) {
                                result = new PasswordPolicyResult(PasswordPolicyErrorType.PASSWORD_MOD_NOT_ALLOWED);
                            } else {
                                result.setPasswordPolicyErrorType(PasswordPolicyErrorType.PASSWORD_MOD_NOT_ALLOWED);
                            }
                            break;
                        case PASSWORD_TOO_SHORT:
                            if (result == null) {
                                result = new PasswordPolicyResult(PasswordPolicyErrorType.PASSWORD_TOO_SHORT);
                            } else {
                                result.setPasswordPolicyErrorType(PasswordPolicyErrorType.PASSWORD_TOO_SHORT);
                            }
                            break;
                        case PASSWORD_TOO_YOUNG:
                            if (result == null) {
                                result = new PasswordPolicyResult(PasswordPolicyErrorType.PASSWORD_TOO_YOUNG);
                            } else {
                                result.setPasswordPolicyErrorType(PasswordPolicyErrorType.PASSWORD_TOO_YOUNG);
                            }
                            break;
                    }
                }
                PasswordPolicyWarningType policyWarningType = ((PasswordPolicyResponseControl) control).getWarningType();
                if (policyWarningType != null) {
                    switch(policyWarningType) {
                        case GRACE_LOGINS_REMAINING:
                            if (result == null) {
                                result = new PasswordPolicyResult(PasswordPolicyWarningType.GRACE_LOGINS_REMAINING, ((PasswordPolicyResponseControl) control).getWarningValue());
                            } else {
                                result.setPasswordPolicyWarningType(PasswordPolicyWarningType.GRACE_LOGINS_REMAINING, ((PasswordPolicyResponseControl) control).getWarningValue());
                            }
                            break;
                        case TIME_BEFORE_EXPIRATION:
                            if (result == null) {
                                result = new PasswordPolicyResult(PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION, ((PasswordPolicyResponseControl) control).getWarningValue());
                            } else {
                                result.setPasswordPolicyWarningType(PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION, ((PasswordPolicyResponseControl) control).getWarningValue());
                            }
                            break;
                    }
                }
            }
            if (control instanceof PasswordExpiringResponseControl) {
                PasswordExpiringResponseControl expiringControl = (PasswordExpiringResponseControl) control;
                if (control.hasValue()) {
                    if (result == null) {
                        result = new PasswordPolicyResult(PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION, expiringControl.getSecondsUntilExpiration());
                    } else {
                        result.setPasswordPolicyWarningType(PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION, expiringControl.getSecondsUntilExpiration());
                    }
                } else {
                    if (result == null) {
                        result = new PasswordPolicyResult(PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION, NO_EXPIRY_TIME);
                    } else {
                        result.setPasswordPolicyWarningType(PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION, NO_EXPIRY_TIME);
                    }
                }
            }
        }
    }
    return result;
}
Also used : PasswordExpiredResponseControl(org.forgerock.opendj.ldap.controls.PasswordExpiredResponseControl) PasswordPolicyWarningType(org.forgerock.opendj.ldap.controls.PasswordPolicyWarningType) PasswordExpiringResponseControl(org.forgerock.opendj.ldap.controls.PasswordExpiringResponseControl) PasswordExpiringResponseControl(org.forgerock.opendj.ldap.controls.PasswordExpiringResponseControl) PasswordExpiredResponseControl(org.forgerock.opendj.ldap.controls.PasswordExpiredResponseControl) PasswordPolicyRequestControl(org.forgerock.opendj.ldap.controls.PasswordPolicyRequestControl) Control(org.forgerock.opendj.ldap.controls.Control) PasswordPolicyResponseControl(org.forgerock.opendj.ldap.controls.PasswordPolicyResponseControl) PasswordPolicyErrorType(org.forgerock.opendj.ldap.controls.PasswordPolicyErrorType) PasswordPolicyResponseControl(org.forgerock.opendj.ldap.controls.PasswordPolicyResponseControl)

Aggregations

Control (org.forgerock.opendj.ldap.controls.Control)1 PasswordExpiredResponseControl (org.forgerock.opendj.ldap.controls.PasswordExpiredResponseControl)1 PasswordExpiringResponseControl (org.forgerock.opendj.ldap.controls.PasswordExpiringResponseControl)1 PasswordPolicyErrorType (org.forgerock.opendj.ldap.controls.PasswordPolicyErrorType)1 PasswordPolicyRequestControl (org.forgerock.opendj.ldap.controls.PasswordPolicyRequestControl)1 PasswordPolicyResponseControl (org.forgerock.opendj.ldap.controls.PasswordPolicyResponseControl)1 PasswordPolicyWarningType (org.forgerock.opendj.ldap.controls.PasswordPolicyWarningType)1