Class RevokeTOTPSharedSecretExtendedRequest
- java.lang.Object
-
- com.unboundid.ldap.sdk.LDAPRequest
-
- com.unboundid.ldap.sdk.ExtendedRequest
-
- com.unboundid.ldap.sdk.unboundidds.extensions.RevokeTOTPSharedSecretExtendedRequest
-
- All Implemented Interfaces:
ProtocolOp
,ReadOnlyLDAPRequest
,java.io.Serializable
@NotMutable @ThreadSafety(level=COMPLETELY_THREADSAFE) public final class RevokeTOTPSharedSecretExtendedRequest extends ExtendedRequest
This class provides an implementation of an extended request that may be used to revoke one or all of the TOTP shared secrets for a user so that they may no longer be used to authenticate.
NOTE: This class, and other classes within the
com.unboundid.ldap.sdk.unboundidds
package structure, are only supported for use against Ping Identity, UnboundID, and Nokia/Alcatel-Lucent 8661 server products. These classes provide support for proprietary functionality or for external specifications that are not considered stable or mature enough to be guaranteed to work in an interoperable way with other types of LDAP servers.
This request may be invoked in one of following ways:
-
With a
null
authentication identity and a non-null
TOTP shared secret. In this case, the authorization identity for the operation (typically the user as whom the underlying connection is authenticated, but possibly a different user if the request also includes a control like the proxied authorization or intermediate client request control that specifies and alternate authorization identity, or if the client authenticated with a SASL mechanism that included an alternate authorization identity) will be used as the authentication identity for this request, and only the specified TOTP shared secret will be removed from the user's entry while any other shared secrets that may be present in the user's entry will be preserved. If a static password is provided, then it will be verified, but if none is given then the provided TOTP shared secret will be considered sufficient proof of the user's identity. -
With a
null
authentication identity, a non-null
static password, and anull
TOTP shared secret. In this case, the authorization identity for the operation will be used as the authentication identity for this request, and, if the provided static password is valid, then all TOTP secrets contained in the user's entry will be revoked. -
With a non-
null
authentication identity and a non-null
TOTP shared secret. In this case, only the provided TOTP shared secret will be removed from the specified user's account while any other shared secrets will be preserved. If a static password is provided, then it will be verified, but if none is given then the provided TOTP shared secret will be considered sufficient proof of the user's identity. -
With a non-
null
authentication identity a non-null
static password, and anull
TOTP shared secret. In this case, if the static password is valid for the specified user, then all TOTP shared secrets for that user will be revoked. -
With a non-
null
authentication identity anull
static password, and anull
TOTP shared secret. In this case, the authentication identity from the request must be different from the authorization identity for the operation, and the authorization identity must have the password-reset privilege. All TOTP shared secrets for the specified user will be revoked.
This extended request has an OID of 1.3.6.1.4.1.30221.2.6.58, and it must include a request value with the following encoding:
RevokeTOTPSharedSecretRequest ::= SEQUENCE { authenticationID [0] OCTET STRING OPTIONAL, staticPassword [1] OCTET STRING OPTIONAL, totpSharedSecret [2] OCTET STRING OPTIONAL, ... }
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
REVOKE_TOTP_SHARED_SECRET_REQUEST_OID
The OID (1.3.6.1.4.1.30221.2.6.58) for the revoke TOTP shared secret extended request.-
Fields inherited from class com.unboundid.ldap.sdk.ExtendedRequest
TYPE_EXTENDED_REQUEST_OID, TYPE_EXTENDED_REQUEST_VALUE
-
-
Constructor Summary
Constructors Constructor Description RevokeTOTPSharedSecretExtendedRequest(ExtendedRequest request)
Creates a new revoke TOTP shared secret extended request that is decoded from the provided generic extended request.RevokeTOTPSharedSecretExtendedRequest(java.lang.String authenticationID, byte[] staticPassword, java.lang.String totpSharedSecret, Control... controls)
Creates a new revoke TOTP shared secret extended request with the provided information.RevokeTOTPSharedSecretExtendedRequest(java.lang.String authenticationID, ASN1OctetString staticPassword, java.lang.String totpSharedSecret, Control... controls)
Creates a new revoke TOTP shared secret extended request with the provided information.RevokeTOTPSharedSecretExtendedRequest(java.lang.String authenticationID, java.lang.String staticPassword, java.lang.String totpSharedSecret, Control... controls)
Creates a new revoke TOTP shared secret extended request with the provided information.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description RevokeTOTPSharedSecretExtendedRequest
duplicate()
Creates a new instance of this LDAP request that may be modified without impacting this request.RevokeTOTPSharedSecretExtendedRequest
duplicate(Control[] controls)
Creates a new instance of this LDAP request that may be modified without impacting this request.java.lang.String
getAuthenticationID()
Retrieves the authentication ID that identifies the user for whom to revoke the TOTP shared secrets, if provided.java.lang.String
getExtendedRequestName()
Retrieves the user-friendly name for the extended request, if available.byte[]
getStaticPasswordBytes()
Retrieves the bytes that comprise the static password for the target user, if provided.java.lang.String
getStaticPasswordString()
Retrieves the string representation of the static password for the target user, if provided.java.lang.String
getTOTPSharedSecret()
Retrieves the base32-encoded representation of the TOTP shared secret to be revoked, if provided.void
toString(java.lang.StringBuilder buffer)
Appends a string representation of this request to the provided buffer.-
Methods inherited from class com.unboundid.ldap.sdk.ExtendedRequest
encodeProtocolOp, getLastMessageID, getOID, getOperationType, getProtocolOpType, getValue, hasValue, process, responseReceived, toCode, writeTo
-
Methods inherited from class com.unboundid.ldap.sdk.LDAPRequest
followReferrals, getControl, getControlList, getControls, getIntermediateResponseListener, getReferralConnector, getResponseTimeoutMillis, hasControl, hasControl, setFollowReferrals, setIntermediateResponseListener, setReferralConnector, setResponseTimeoutMillis, toString
-
-
-
-
Field Detail
-
REVOKE_TOTP_SHARED_SECRET_REQUEST_OID
@NotNull public static final java.lang.String REVOKE_TOTP_SHARED_SECRET_REQUEST_OID
The OID (1.3.6.1.4.1.30221.2.6.58) for the revoke TOTP shared secret extended request.- See Also:
- Constant Field Values
-
-
Constructor Detail
-
RevokeTOTPSharedSecretExtendedRequest
public RevokeTOTPSharedSecretExtendedRequest(@Nullable java.lang.String authenticationID, @Nullable java.lang.String staticPassword, @Nullable java.lang.String totpSharedSecret, @Nullable Control... controls)
Creates a new revoke TOTP shared secret extended request with the provided information.- Parameters:
authenticationID
- The authentication ID to use to identify the user for whom to revoke the TOTP shared secret. It should be a string in the form "dn:" followed by the DN of the target user, or "u:" followed by the username. It may benull
if the authorization identity for the operation should be used as the authentication identity for this request.staticPassword
- The static password of the user for whom the TOTP shared secrets are to be revoked. It may benull
if the providedtotpSharedSecret
is non-null
, or if theauthenticationID
is non-null
and the operation's authorization identity has the password-reset privilege.totpSharedSecret
- The base32-encoded representation of the TOTP shared secret to revoke. It may benull
if all TOTP shared secrets should be purged from the target user's entry. If it isnull
, then either thestaticPassword
element must be non-null
, or theauthenticationID
element must be non-null
, must be different from the operation's authorization identity, and the authorization identity must have the password-reset privilege.controls
- The set of controls to include in the request. It may benull
or empty if there should not be any request controls.
-
RevokeTOTPSharedSecretExtendedRequest
public RevokeTOTPSharedSecretExtendedRequest(@Nullable java.lang.String authenticationID, @Nullable byte[] staticPassword, @Nullable java.lang.String totpSharedSecret, @Nullable Control... controls)
Creates a new revoke TOTP shared secret extended request with the provided information.- Parameters:
authenticationID
- The authentication ID to use to identify the user for whom to revoke the TOTP shared secret. It should be a string in the form "dn:" followed by the DN of the target user, or "u:" followed by the username. It may benull
if the authorization identity for the operation should be used as the authentication identity for this request.staticPassword
- The static password of the user for whom the TOTP shared secrets are to be revoked. It may benull
if the providedtotpSharedSecret
is non-null
, or if theauthenticationID
is non-null
and the operation's authorization identity has the password-reset privilege.totpSharedSecret
- The base32-encoded representation of the TOTP shared secret to revoke. It may benull
if all TOTP shared secrets should be purged from the target user's entry. If it isnull
, then either thestaticPassword
element must be non-null
, or theauthenticationID
element must be non-null
, must be different from the operation's authorization identity, and the authorization identity must have the password-reset privilege.controls
- The set of controls to include in the request. It may benull
or empty if there should not be any request controls.
-
RevokeTOTPSharedSecretExtendedRequest
public RevokeTOTPSharedSecretExtendedRequest(@Nullable java.lang.String authenticationID, @Nullable ASN1OctetString staticPassword, @Nullable java.lang.String totpSharedSecret, @Nullable Control... controls)
Creates a new revoke TOTP shared secret extended request with the provided information.- Parameters:
authenticationID
- The authentication ID to use to identify the user for whom to revoke the TOTP shared secret. It should be a string in the form "dn:" followed by the DN of the target user, or "u:" followed by the username. It may benull
if the authorization identity for the operation should be used as the authentication identity for this request.staticPassword
- The static password of the user for whom the TOTP shared secrets are to be revoked. It may benull
if the providedtotpSharedSecret
is non-null
, or if theauthenticationID
is non-null
and the operation's authorization identity has the password-reset privilege.totpSharedSecret
- The base32-encoded representation of the TOTP shared secret to revoke. It may benull
if all TOTP shared secrets should be purged from the target user's entry. If it isnull
, then either thestaticPassword
element must be non-null
, or theauthenticationID
element must be non-null
, must be different from the operation's authorization identity, and the authorization identity must have the password-reset privilege.controls
- The set of controls to include in the request. It may benull
or empty if there should not be any request controls.
-
RevokeTOTPSharedSecretExtendedRequest
public RevokeTOTPSharedSecretExtendedRequest(@NotNull ExtendedRequest request) throws LDAPException
Creates a new revoke TOTP shared secret extended request that is decoded from the provided generic extended request.- Parameters:
request
- The generic extended request to decode as a revoke TOTP shared secret request.- Throws:
LDAPException
- If a problem is encountered while attempting to decode the provided request.
-
-
Method Detail
-
getAuthenticationID
@Nullable public java.lang.String getAuthenticationID()
Retrieves the authentication ID that identifies the user for whom to revoke the TOTP shared secrets, if provided.- Returns:
- The authentication ID that identifies the target user, or
null
if the shared secrets are to be revoked for the operation's authorization identity.
-
getStaticPasswordString
@Nullable public java.lang.String getStaticPasswordString()
Retrieves the string representation of the static password for the target user, if provided.- Returns:
- The string representation of the static password for the target
user, or
null
if no static password was provided.
-
getStaticPasswordBytes
@Nullable public byte[] getStaticPasswordBytes()
Retrieves the bytes that comprise the static password for the target user, if provided.- Returns:
- The bytes that comprise the static password for the target user,
or
null
if no static password was provided.
-
getTOTPSharedSecret
@Nullable public java.lang.String getTOTPSharedSecret()
Retrieves the base32-encoded representation of the TOTP shared secret to be revoked, if provided.- Returns:
- The base32-encoded representation of the TOTP shared secret to be
revoked, or
null
if all of the user's TOTP shared secrets should be revoked.
-
duplicate
@NotNull public RevokeTOTPSharedSecretExtendedRequest duplicate()
Creates a new instance of this LDAP request that may be modified without impacting this request.. Subclasses should override this method to return a duplicate of the appropriate type.- Specified by:
duplicate
in interfaceReadOnlyLDAPRequest
- Overrides:
duplicate
in classExtendedRequest
- Returns:
- A new instance of this LDAP request that may be modified without impacting this request.
-
duplicate
@NotNull public RevokeTOTPSharedSecretExtendedRequest duplicate(@Nullable Control[] controls)
Creates a new instance of this LDAP request that may be modified without impacting this request. The provided controls will be used for the new request instead of duplicating the controls from this request.. Subclasses should override this method to return a duplicate of the appropriate type.- Specified by:
duplicate
in interfaceReadOnlyLDAPRequest
- Overrides:
duplicate
in classExtendedRequest
- Parameters:
controls
- The set of controls to include in the duplicate request.- Returns:
- A new instance of this LDAP request that may be modified without impacting this request.
-
getExtendedRequestName
@NotNull public java.lang.String getExtendedRequestName()
Retrieves the user-friendly name for the extended request, if available. If no user-friendly name has been defined, then the OID will be returned.- Overrides:
getExtendedRequestName
in classExtendedRequest
- Returns:
- The user-friendly name for this extended request, or the OID if no user-friendly name is available.
-
toString
public void toString(@NotNull java.lang.StringBuilder buffer)
Appends a string representation of this request to the provided buffer.- Specified by:
toString
in interfaceProtocolOp
- Specified by:
toString
in interfaceReadOnlyLDAPRequest
- Overrides:
toString
in classExtendedRequest
- Parameters:
buffer
- The buffer to which to append a string representation of this request.
-
-