Class GenerateTOTPSharedSecretExtendedRequest
- java.lang.Object
-
- com.unboundid.ldap.sdk.LDAPRequest
-
- com.unboundid.ldap.sdk.ExtendedRequest
-
- com.unboundid.ldap.sdk.unboundidds.extensions.GenerateTOTPSharedSecretExtendedRequest
-
- All Implemented Interfaces:
ProtocolOp
,ReadOnlyLDAPRequest
,java.io.Serializable
@NotMutable @ThreadSafety(level=COMPLETELY_THREADSAFE) public final class GenerateTOTPSharedSecretExtendedRequest extends ExtendedRequest
This class provides an implementation of an extended request that may be used to generate a shared secret for use in generating TOTP authentication codes (as per RFC 6238, for example, using the mechanism provided in theOneTimePassword
class), which can be used to authenticate to the server via theUnboundIDTOTPBindRequest
.
NOTE: This class, and other classes within the
com.unboundid.ldap.sdk.unboundidds
package structure, are only supported for use against Ping Identity, UnboundID, and Nokia/Alcatel-Lucent 8661 server products. These classes provide support for proprietary functionality or for external specifications that are not considered stable or mature enough to be guaranteed to work in an interoperable way with other types of LDAP servers.
This request may be invoked in one of following ways:
-
With a
null
authentication identity and a non-null
static password. In this case, the authorization identity for the operation (typically the user as whom the underlying connection is authenticated, but possibly a different user if the request also includes a control like the proxied authorization or intermediate client request control that specifies and alternate authorization identity, or if the client authenticated with a SASL mechanism that included an alternate authorization identity) will be used as the authentication identity for this request, and the static password must be valid for that user. This will be treated as a user requesting a TOTP shared secret for their own account. -
With a non-
null
authentication identity (which may or may not match the authorization identity for the operation) and a non-null
static password that is valid for the provided authentication identity. This will also be treated as a user requesting a TOTP shared secret for their own account. -
With a non-
null
authentication identity and anull
static password. In this case, the authentication identity must not match the authorization identity for the operation, and the authorization identity must have the password-reset privilege. This will be treated as an administrator requesting a TOTP shared secret on behalf of a user and is recommended only for the case in which the identity of the user has been verified through some means other than a static password.
If the request is processed successfully, the server will generate a TOTP shared secret for the user, will store it in the user's entry, and will return that secret back to the client via theGenerateTOTPSharedSecretExtendedResult
.
Note that this operation will not interfere with any other TOTP shared secrets that may already exist in the user's entry; the new shared secret will be merged with any existing shared secret values for the user. If a TOTP shared secret is no longer needed, theRevokeTOTPSharedSecretExtendedRequest
may be used to remove it from the user's account.
This extended request has an OID of 1.3.6.1.4.1.30221.2.6.56, and it must include a request value with the following encoding:
GenerateTOTPSharedSecretRequest ::= SEQUENCE { authenticationID [0] OCTET STRING OPTIONAL, staticPassword [1] OCTET STRING OPTIONAL, ... }
- See Also:
- Serialized Form
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
GENERATE_TOTP_SHARED_SECRET_REQUEST_OID
The OID (1.3.6.1.4.1.30221.2.6.56) for the generate TOTP shared secret extended request.-
Fields inherited from class com.unboundid.ldap.sdk.ExtendedRequest
TYPE_EXTENDED_REQUEST_OID, TYPE_EXTENDED_REQUEST_VALUE
-
-
Constructor Summary
Constructors Constructor Description GenerateTOTPSharedSecretExtendedRequest(ExtendedRequest request)
Creates a new generate TOTP shared secret extended request that is decoded from the provided generic extended request.GenerateTOTPSharedSecretExtendedRequest(java.lang.String authenticationID, byte[] staticPassword, Control... controls)
Creates a new generate TOTP shared secret extended request with the provided information.GenerateTOTPSharedSecretExtendedRequest(java.lang.String authenticationID, ASN1OctetString staticPassword, Control... controls)
Creates a new generate TOTP shared secret extended request with the provided information.GenerateTOTPSharedSecretExtendedRequest(java.lang.String authenticationID, java.lang.String staticPassword, Control... controls)
Creates a new generate TOTP shared secret extended request with the provided information.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description GenerateTOTPSharedSecretExtendedRequest
duplicate()
Creates a new instance of this LDAP request that may be modified without impacting this request.GenerateTOTPSharedSecretExtendedRequest
duplicate(Control[] controls)
Creates a new instance of this LDAP request that may be modified without impacting this request.java.lang.String
getAuthenticationID()
Retrieves the authentication ID that identifies the user for whom to generate the TOTP shared secret, if provided.java.lang.String
getExtendedRequestName()
Retrieves the user-friendly name for the extended request, if available.byte[]
getStaticPasswordBytes()
Retrieves the bytes that comprise the static password for the target user, if provided.java.lang.String
getStaticPasswordString()
Retrieves the string representation of the static password for the target user, if provided.protected GenerateTOTPSharedSecretExtendedResult
process(LDAPConnection connection, int depth)
Sends this extended request to the directory server over the provided connection and returns the associated response.void
toString(java.lang.StringBuilder buffer)
Appends a string representation of this request to the provided buffer.-
Methods inherited from class com.unboundid.ldap.sdk.ExtendedRequest
encodeProtocolOp, getLastMessageID, getOID, getOperationType, getProtocolOpType, getValue, hasValue, responseReceived, toCode, writeTo
-
Methods inherited from class com.unboundid.ldap.sdk.LDAPRequest
followReferrals, getControl, getControlList, getControls, getIntermediateResponseListener, getReferralConnector, getResponseTimeoutMillis, hasControl, hasControl, setFollowReferrals, setIntermediateResponseListener, setReferralConnector, setResponseTimeoutMillis, toString
-
-
-
-
Field Detail
-
GENERATE_TOTP_SHARED_SECRET_REQUEST_OID
public static final java.lang.String GENERATE_TOTP_SHARED_SECRET_REQUEST_OID
The OID (1.3.6.1.4.1.30221.2.6.56) for the generate TOTP shared secret extended request.- See Also:
- Constant Field Values
-
-
Constructor Detail
-
GenerateTOTPSharedSecretExtendedRequest
public GenerateTOTPSharedSecretExtendedRequest(java.lang.String authenticationID, java.lang.String staticPassword, Control... controls)
Creates a new generate TOTP shared secret extended request with the provided information.- Parameters:
authenticationID
- The authentication ID to use to identify the user for whom to generate the TOTP shared secret. It should be a string in the form "dn:" followed by the DN of the target user, or "u:" followed by the username. It may benull
if the TOTP shared secret is to be generated for the authorization identity for the operation, and only if thestaticPassword
is non-null
).staticPassword
- The static password of the user for whom to generate the TOTP shared secret. It may benull
only if theauthenticationID
is non-null
, is different from the operation's authorization identity, and the operation's authorization identity has the password-reset privilege.controls
- The set of controls to include in the request. It may benull
or empty if there should not be any request controls.
-
GenerateTOTPSharedSecretExtendedRequest
public GenerateTOTPSharedSecretExtendedRequest(java.lang.String authenticationID, byte[] staticPassword, Control... controls)
Creates a new generate TOTP shared secret extended request with the provided information.- Parameters:
authenticationID
- The authentication ID to use to identify the user for whom to generate the TOTP shared secret. It should be a string in the form "dn:" followed by the DN of the target user, or "u:" followed by the username. It may benull
if the TOTP shared secret is to be generated for the authorization identity for the operation, and only if thestaticPassword
is non-null
).staticPassword
- The static password of the user for whom to generate the TOTP shared secret. It may benull
only if theauthenticationID
is non-null
, is different from the operation's authorization identity, and the operation's authorization identity has the password-reset privilege.controls
- The set of controls to include in the request. It may benull
or empty if there should not be any request controls.
-
GenerateTOTPSharedSecretExtendedRequest
public GenerateTOTPSharedSecretExtendedRequest(java.lang.String authenticationID, ASN1OctetString staticPassword, Control... controls)
Creates a new generate TOTP shared secret extended request with the provided information.- Parameters:
authenticationID
- The authentication ID to use to identify the user for whom to generate the TOTP shared secret. It should be a string in the form "dn:" followed by the DN of the target user, or "u:" followed by the username. It may benull
if the TOTP shared secret is to be generated for the authorization identity for the operation, and only if thestaticPassword
is non-null
).staticPassword
- The static password of the user for whom to generate the TOTP shared secret. It may benull
only if theauthenticationID
is non-null
, is different from the operation's authorization identity, and the operation's authorization identity has the password-reset privilege.controls
- The set of controls to include in the request. It may benull
or empty if there should not be any request controls.
-
GenerateTOTPSharedSecretExtendedRequest
public GenerateTOTPSharedSecretExtendedRequest(ExtendedRequest request) throws LDAPException
Creates a new generate TOTP shared secret extended request that is decoded from the provided generic extended request.- Parameters:
request
- The generic extended request to decode as a generate TOTP shared secret request.- Throws:
LDAPException
- If a problem is encountered while attempting to decode the provided request.
-
-
Method Detail
-
getAuthenticationID
public java.lang.String getAuthenticationID()
Retrieves the authentication ID that identifies the user for whom to generate the TOTP shared secret, if provided.- Returns:
- The authentication ID that identifies the target user, or
null
if the shared secret is to be generated for the authorization identity associated with the extended request.
-
getStaticPasswordString
public java.lang.String getStaticPasswordString()
Retrieves the string representation of the static password for the target user, if provided.- Returns:
- The string representation of the static password for the target
user, or
null
if no static password was provided.
-
getStaticPasswordBytes
public byte[] getStaticPasswordBytes()
Retrieves the bytes that comprise the static password for the target user, if provided.- Returns:
- The bytes that comprise the static password for the target user,
or
null
if no static password was provided.
-
process
protected GenerateTOTPSharedSecretExtendedResult process(LDAPConnection connection, int depth) throws LDAPException
Sends this extended request to the directory server over the provided connection and returns the associated response.- Overrides:
process
in classExtendedRequest
- Parameters:
connection
- The connection to use to communicate with the directory server.depth
- The current referral depth for this request. It should always be one for the initial request, and should only be incremented when following referrals.- Returns:
- An LDAP result object that provides information about the result of the extended operation processing.
- Throws:
LDAPException
- If a problem occurs while sending the request or reading the response.
-
duplicate
public GenerateTOTPSharedSecretExtendedRequest duplicate()
Creates a new instance of this LDAP request that may be modified without impacting this request.. Subclasses should override this method to return a duplicate of the appropriate type.- Specified by:
duplicate
in interfaceReadOnlyLDAPRequest
- Overrides:
duplicate
in classExtendedRequest
- Returns:
- A new instance of this LDAP request that may be modified without impacting this request.
-
duplicate
public GenerateTOTPSharedSecretExtendedRequest duplicate(Control[] controls)
Creates a new instance of this LDAP request that may be modified without impacting this request. The provided controls will be used for the new request instead of duplicating the controls from this request.. Subclasses should override this method to return a duplicate of the appropriate type.- Specified by:
duplicate
in interfaceReadOnlyLDAPRequest
- Overrides:
duplicate
in classExtendedRequest
- Parameters:
controls
- The set of controls to include in the duplicate request.- Returns:
- A new instance of this LDAP request that may be modified without impacting this request.
-
getExtendedRequestName
public java.lang.String getExtendedRequestName()
Retrieves the user-friendly name for the extended request, if available. If no user-friendly name has been defined, then the OID will be returned.- Overrides:
getExtendedRequestName
in classExtendedRequest
- Returns:
- The user-friendly name for this extended request, or the OID if no user-friendly name is available.
-
toString
public void toString(java.lang.StringBuilder buffer)
Appends a string representation of this request to the provided buffer.- Specified by:
toString
in interfaceProtocolOp
- Specified by:
toString
in interfaceReadOnlyLDAPRequest
- Overrides:
toString
in classExtendedRequest
- Parameters:
buffer
- The buffer to which to append a string representation of this request.
-
-