Package com.unboundid.ldap.sdk.unboundidds.extensions

Class DeliverSingleUseTokenExtendedRequest

  • All Implemented Interfaces:
    ProtocolOp, ReadOnlyLDAPRequest, java.io.Serializable
    @NotMutable
@ThreadSafety(level=COMPLETELY_THREADSAFE)
public final class DeliverSingleUseTokenExtendedRequest
extends ExtendedRequest
    This class provides an implementation of an extended request that can be used to trigger the delivery of a temporary single-use token to a specified user via some out-of-band mechanism. It can be used for security purposes (e.g., as part of step-up authentication), for data validation purposes (e.g., to verify that a user can receive e-mail messages at a given address or SMS messages at a given phone number), or for other purposes in which it could be useful to deliver and consume a token through some out-of-band mechanism.
    NOTE: This class, and other classes within the com.unboundid.ldap.sdk.unboundidds package structure, are only supported for use against Ping Identity, UnboundID, and Nokia/Alcatel-Lucent 8661 server products. These classes provide support for proprietary functionality or for external specifications that are not considered stable or mature enough to be guaranteed to work in an interoperable way with other types of LDAP servers.

    This extended request has an OID of "1.3.6.1.4.1.30221.2.6.49" and it must have a value with the following encoding: 
       DeliverSingleUseTokenRequestValue ::= SEQUENCE {
        userDN                         LDAPDN,
        tokenID                        OCTET STRING,
        validityDurationMillis         [0] INTEGER OPTIONAL,
        messageSubject                 [1] OCTET STRING OPTIONAL,
        fullTextBeforeToken            [2] OCTET STRING OPTIONAL,
        fullTextAfterToken             [3] OCTET STRING OPTIONAL,
        compactTextBeforeToken         [4] OCTET STRING OPTIONAL,
        compactTextAfterToken          [5] OCTET STRING OPTIONAL,
        preferredDeliveryMechanism     [6] SEQUENCE OF SEQUENCE {
             mechanismName     OCTET STRING,
             recipientID       OCTET STRING OPTIONAL },
        deliverIfPasswordExpired       [7] BOOLEAN DEFAULT FALSE,
        deliverIfAccountLocked         [8] BOOLEAN DEFAULT FALSE,
        deliverIfAccountDisabled       [9] BOOLEAN DEFAULT FALSE,
        deliverIfAccountExpired        [10] BOOLEAN DEFAULT FALSE,
        ... }
    See Also:
    DeliverSingleUseTokenExtendedResult, ConsumeSingleUseTokenExtendedRequest, Serialized Form

    • Constructor Detail

      • DeliverSingleUseTokenExtendedRequest

        public DeliverSingleUseTokenExtendedRequest​(@NotNull
                                            java.lang.String userDN,
                                            @NotNull
                                            java.lang.String tokenID,
                                            @Nullable
                                            java.lang.Long validityDurationMillis,
                                            @Nullable
                                            java.lang.String messageSubject,
                                            @Nullable
                                            java.lang.String fullTextBeforeToken,
                                            @Nullable
                                            java.lang.String fullTextAfterToken,
                                            @Nullable
                                            java.lang.String compactTextBeforeToken,
                                            @Nullable
                                            java.lang.String compactTextAfterToken,
                                            @Nullable
                                            java.util.List<ObjectPair<java.lang.String,​java.lang.String>> preferredDeliveryMechanisms,
                                            boolean deliverIfPasswordExpired,
                                            boolean deliverIfAccountLocked,
                                            boolean deliverIfAccountDisabled,
                                            boolean deliverIfAccountExpired,
                                            @Nullable
                                            Control... controls)
        Creates a new deliver single-use token extended request with the provided information.
        Parameters:
        userDN - The DN of the user for whom the token should be generated and delivered. It must not be null.
        tokenID - An identifier for the token, which can differentiate between separate uses of this extended operation for different purposes. This token ID should be provided in the request to consume the token that has been delivered. It must not be null.
        validityDurationMillis - The maximum length of time in milliseconds that the generated token should be considered valid. It may be null if the server should determine the token validity duration. If it is non-null, then the value must be greater than zero.
        messageSubject - The text (if any) that should be used as the message subject if the delivery mechanism accepts a subject. This may be null if no subject is required or a subject should be automatically generated.
        fullTextBeforeToken - The text (if any) that should appear before the generated single-use token in the message delivered to the user via a delivery mechanism that does not impose significant constraints on message size. This may be null if no text is required before the token.
        fullTextAfterToken - The text (if any) that should appear after the generated single-use token in the message delivered to the user via a delivery mechanism that does not impose significant constraints on message size. This may be null if no text is required after the token.
        compactTextBeforeToken - The text (if any) that should appear before the generated single-use token in the message delivered to the user via a delivery mechanism that imposes significant constraints on message size. This may be null if no text is required before the token.
        compactTextAfterToken - The text (if any) that should appear after the generated single-use token in the message delivered to the user via a delivery mechanism that imposes significant constraints on message size. This may be null if no text is required after the token.
        preferredDeliveryMechanisms - An optional list of the preferred delivery mechanisms that should be used to convey the token to the target user. It may be null or empty if the server should determine the delivery mechanisms to attempt. If a list of preferred delivery mechanisms is provided, the server will only attempt to deliver the token through these mechanisms, with attempts made in the order specified in this list.
        deliverIfPasswordExpired - Indicates whether to generate and deliver a token if the target user's password is expired.
        deliverIfAccountLocked - Indicates whether to generate and deliver a token if the target user's account is locked for some reason (e.g., too many failed authentication attempts, the account has been idle for too long, the user failed to change his/her password in a timely manner after an administrative reset, etc.).
        deliverIfAccountDisabled - Indicates whether to generate and deliver a token if the target user's account has been disabled by an administrator.
        deliverIfAccountExpired - Indicates whether to generate and deliver a token if the target user's account has expired.
        controls - An optional set of controls to include in the request. It may be null or empty if no controls are required.

      • DeliverSingleUseTokenExtendedRequest

        public DeliverSingleUseTokenExtendedRequest​(@NotNull
                                            ExtendedRequest request)
                                     throws LDAPException
        Decodes the provided extended request as a deliver single-use token extended request.
        Parameters:
        request - The extended request to decode as a deliver single-use token extended request.
        Throws:
        LDAPException - If the provided extended request cannot be decoded as a deliver single-use token request.

    • Method Detail

      • getUserDN

        @NotNull
public java.lang.String getUserDN()
        Retrieves the DN of the user for whom the token should be generated and delivered.
        Returns:
        The DN of the user for whom the token should be generated and delivered.

      • getTokenID

        @NotNull
public java.lang.String getTokenID()
        Retrieves an identifier for the token, which can differentiate between separate uses of this extended operation for different purposes, and should be provided when consuming the token via the ConsumeSingleUseTokenExtendedRequest.
        Returns:
        An identifier for the token.

      • getValidityDurationMillis

        @Nullable
public java.lang.Long getValidityDurationMillis()
        Retrieves the maximum length of time in milliseconds that the generated token should be considered valid, if defined. An attempt to consume the token after this length of time has elapsed will fail.
        Returns:
        The maximum length of time in milliseconds that the generated token should be considered valid, or null if the client did not specify a value and the token validity duration will be determined by the server.

      • getMessageSubject

        @Nullable
public java.lang.String getMessageSubject()
        Retrieves the text (if any) that should be used as the message subject for delivery mechanisms that can make use of a subject.
        Returns:
        The text that should be used as the message subject for delivery mechanisms that can make use of a subject, or null if no subject should be used, or if the delivery mechanism should attempt to automatically determine a subject.

      • getFullTextBeforeToken

        @Nullable
public java.lang.String getFullTextBeforeToken()
        Retrieves the text (if any) that should appear before the single-use token in the message delivered to the user via a mechanism that does not impose significant constraints on message size.
        Returns:
        The text that should appear before the single-use token in the message delivered to the user via a mechanism that does not impose significant constraints on message size, or null if there should not be any text before the token.

      • getFullTextAfterToken

        @Nullable
public java.lang.String getFullTextAfterToken()
        Retrieves the text (if any) that should appear after the single-use token in the message delivered to the user via a mechanism that does not impose significant constraints on message size.
        Returns:
        The text that should appear after the single-use token in the message delivered to the user via a mechanism that does not impose significant constraints on message size, or null if there should not be any text after the token.

      • getCompactTextBeforeToken

        @Nullable
public java.lang.String getCompactTextBeforeToken()
        Retrieves the text (if any) that should appear before the single-use token in the message delivered to the user via a mechanism that imposes significant constraints on message size.
        Returns:
        The text that should appear before the single-use token in the message delivered to the user via a mechanism that imposes significant constraints on message size, or null if there should not be any text before the token.

      • getCompactTextAfterToken

        @Nullable
public java.lang.String getCompactTextAfterToken()
        Retrieves the text (if any) that should appear after the single-use token in the message delivered to the user via a mechanism that imposes significant constraints on message size.
        Returns:
        The text that should appear after the single-use token in the message delivered to the user via a mechanism that imposes significant constraints on message size, or null if there should not be any text after the token.

      • getPreferredDeliveryMechanisms

        @NotNull
public java.util.List<ObjectPair<java.lang.String,​java.lang.String>> getPreferredDeliveryMechanisms()
        Retrieves a list of the preferred delivery mechanisms that should be used to provide the generated token to the target user. If the returned list is empty, then the server will attempt to determine which mechanism(s) to use and in which order to try them. If this list is not empty, then the server will only attempt the specified mechanisms and in the order in which they are listed.
        Returns:
        A list of the preferred delivery mechanisms that should be used to provide the generated token to the target user, or an empty list if the server should determine the delivery mechanisms to attempt.

      • deliverIfPasswordExpired

        public boolean deliverIfPasswordExpired()
        Indicates whether to attempt to generate and deliver a token if the target user's password is expired.
        Returns:
        true if the server should attempt to deliver a token to a user with an expired password, or false if not.

      • deliverIfAccountLocked

        public boolean deliverIfAccountLocked()
        Indicates whether to attempt to generate and deliver a token if the target user's account is locked for some reason (e.g., because there have been too many failed authentication attempts, because the account has been idle for too long, or because the password was not changed soon enough after an administrative reset).
        Returns:
        true if the server should attempt to deliver a token to a user with a locked account, or false if not.

      • deliverIfAccountDisabled

        public boolean deliverIfAccountDisabled()
        Indicates whether to attempt to generate and deliver a token if the target user's account has been disabled by an administrator.
        Returns:
        true if the server should attempt to deliver a token to a user with a disabled account, or false if not.

      • deliverIfAccountExpired

        public boolean deliverIfAccountExpired()
        Indicates whether to attempt to generate and deliver a token if the target user's account has expired.
        Returns:
        true if the server should attempt to deliver a token to a user with an expired account, or false if not.

      • process

        @NotNull
public DeliverSingleUseTokenExtendedResult process​(@NotNull
                                                   LDAPConnection connection,
                                                   int depth)
                                            throws LDAPException
        Sends this extended request to the directory server over the provided connection and returns the associated response.
        Overrides:
        process in class ExtendedRequest
        Parameters:
        connection - The connection to use to communicate with the directory server.
        depth - The current referral depth for this request. It should always be one for the initial request, and should only be incremented when following referrals.
        Returns:
        An LDAP result object that provides information about the result of the extended operation processing.
        Throws:
        LDAPException - If a problem occurs while sending the request or reading the response.

      • duplicate

        @NotNull
public DeliverSingleUseTokenExtendedRequest duplicate​(@Nullable
                                                      Control[] controls)
        Creates a new instance of this LDAP request that may be modified without impacting this request. The provided controls will be used for the new request instead of duplicating the controls from this request.. Subclasses should override this method to return a duplicate of the appropriate type..
        Specified by:
        duplicate in interface ReadOnlyLDAPRequest
        Overrides:
        duplicate in class ExtendedRequest
        Parameters:
        controls - The set of controls to include in the duplicate request.
        Returns:
        A new instance of this LDAP request that may be modified without impacting this request.

      • getExtendedRequestName

        @NotNull
public java.lang.String getExtendedRequestName()
        Retrieves the user-friendly name for the extended request, if available. If no user-friendly name has been defined, then the OID will be returned.
        Overrides:
        getExtendedRequestName in class ExtendedRequest
        Returns:
        The user-friendly name for this extended request, or the OID if no user-friendly name is available.