com.unboundid.directory.sdk.ds.api

Class OneTimePasswordDeliveryMechanism

java.lang.Object

com.unboundid.directory.sdk.ds.api.OneTimePasswordDeliveryMechanism

All Implemented Interfaces:

Configurable, ExampleUsageProvider, Reconfigurable<OneTimePasswordDeliveryMechanismConfig>, UnboundIDExtension

@Extensible
 @DirectoryServerExtension
 @DirectoryProxyServerExtension(appliesToLocalContent=true,
                               appliesToRemoteContent=true)
 @ThreadSafety(level=INTERFACE_THREADSAFE)
public abstract class OneTimePasswordDeliveryMechanism
extends java.lang.Object
implements UnboundIDExtension, Reconfigurable<OneTimePasswordDeliveryMechanismConfig>, ExampleUsageProvider

This class defines an API that must be implemented by extensions which attempt to deliver one-time passwords (OTPs) to end users through some out-of-band mechanism. The one-time passwords will have been generated by the deliver one-time password extended request, and may be used to authenticate to the server through the UNBOUNDID-DELIVERED-OTP SASL mechanism.

Configuring One-Time Password Delivery Mechanisms

In order to configure a one-time password delivery mechanism created using this API, use a command like:

      dsconfig create-otp-delivery-mechanism \
           --mechanism-name "{mechanism-name}" \
           --type third-party \
           --set enabled:true \
           --set "extension-class:{class-name}" \
           --set "extension-argument:{name=value}"
 

where "{mechanism-name}" is the name to use for the one-time password instance, "{class-name}" is the fully-qualified name of the Java class that extends com.unboundid.directory.sdk.ds.api.OneTimePasswordDeliveryMechanism, and "{name=value}" represents name-value pairs for any arguments to provide to the one-time password delivery mechanism. If multiple arguments should be provided to the OTP delivery mechanism, then the "--set extension-argument:{name=value}" option should be provided multiple times.

Constructor Summary

Constructors

Constructor and Description
OneTimePasswordDeliveryMechanism() Creates a new instance of this one-time password delivery mechanism.

Method Summary

Modifier and Type	Method and Description
com.unboundid.ldap.sdk.ResultCode	applyConfiguration(OneTimePasswordDeliveryMechanismConfig config, com.unboundid.util.args.ArgumentParser parser, java.util.List<java.lang.String> adminActionsRequired, java.util.List<java.lang.String> messages) Attempts to apply the configuration from the provided argument parser to this extension.
void	defineConfigArguments(com.unboundid.util.args.ArgumentParser parser) Updates the provided argument parser to define any configuration arguments which may be used by this extension.
java.lang.String	deliverMessage(OneTimePasswordDeliveryMechanismConfig config, java.lang.String tokenID, java.lang.String tokenValue, java.lang.String messageSubject, java.lang.String fullMessage, java.lang.String compactMessage, Entry userEntry, java.lang.String targetRecipientID, java.lang.StringBuilder resultMessage) Attempts to deliver a message (containing a single-use token) to the specified user.
abstract java.lang.String	deliverOneTimePassword(java.lang.String oneTimePassword, Entry userEntry, java.lang.String targetRecipientID, java.lang.StringBuilder resultMessage) Attempts to deliver the provided one-time password to the specified user.
void	finalizeOTPDeliveryMechanism() Performs any cleanup which may be necessary when this one-time password delivery mechanism is to be taken out of service.
java.util.Map<java.util.List<java.lang.String>,java.lang.String>	getExamplesArgumentSets() Retrieves a map containing examples of configurations that may be used for this extension.
abstract java.lang.String[]	getExtensionDescription() Retrieves a human-readable description for this extension.
abstract java.lang.String	getExtensionName() Retrieves a human-readable name for this extension.
void	getSupportedDeliveryMechanismInfo(OneTimePasswordDeliveryMechanismConfig config, Entry userEntry, java.util.List<com.unboundid.ldap.sdk.unboundidds.extensions.SupportedOTPDeliveryMechanismInfo> deliveryMechanismInfo) Updates the provided list with one or more SupportedOTPDeliveryMechanismInfo objects indicating whether this OTP delivery mechanism is supported for the specified user.
void	initializeOTPDeliveryMechanism(DirectoryServerContext serverContext, OneTimePasswordDeliveryMechanismConfig config, com.unboundid.util.args.ArgumentParser parser) Initializes this one-time password delivery mechanism.
boolean	isConfigurationAcceptable(OneTimePasswordDeliveryMechanismConfig config, com.unboundid.util.args.ArgumentParser parser, java.util.List<java.lang.String> unacceptableReasons) Indicates whether the configuration represented by the provided argument parser is acceptable for use by this extension.
boolean	supportsGenericMessageDelivery() Indicates whether this one-time password delivery mechanism supports general purpose message delivery via the deliverMessage(com.unboundid.directory.sdk.ds.config.OneTimePasswordDeliveryMechanismConfig, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, com.unboundid.directory.sdk.common.types.Entry, java.lang.String, java.lang.StringBuilder) method.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

OneTimePasswordDeliveryMechanism

public OneTimePasswordDeliveryMechanism()

Creates a new instance of this one-time password delivery mechanism. All OTP delivery mechanism implementations must include a default constructor, but any initialization should generally be done in the initializeOTPDeliveryMechanism method.

Method Detail

getExtensionName

public abstract java.lang.String getExtensionName()

Retrieves a human-readable name for this extension.

Specified by:

getExtensionName in interface UnboundIDExtension

Returns:

A human-readable name for this extension.

getExtensionDescription

public abstract java.lang.String[] getExtensionDescription()

Retrieves a human-readable description for this extension. Each element of the array that is returned will be considered a separate paragraph in generated documentation.

Specified by:

getExtensionDescription in interface UnboundIDExtension

Returns:

A human-readable description for this extension, or null or an empty array if no description should be available.

defineConfigArguments

public void defineConfigArguments(com.unboundid.util.args.ArgumentParser parser)
                           throws com.unboundid.util.args.ArgumentException

Updates the provided argument parser to define any configuration arguments which may be used by this extension. The argument parser may also be updated to define relationships between arguments (e.g., to specify required, exclusive, or dependent argument sets).

Specified by:

defineConfigArguments in interface Configurable

Parameters:

parser - The argument parser to be updated with the configuration arguments which may be used by this extension.

Throws:

com.unboundid.util.args.ArgumentException - If a problem is encountered while updating the provided argument parser.

initializeOTPDeliveryMechanism

public void initializeOTPDeliveryMechanism(DirectoryServerContext serverContext,
                                           OneTimePasswordDeliveryMechanismConfig config,
                                           com.unboundid.util.args.ArgumentParser parser)
                                    throws com.unboundid.ldap.sdk.LDAPException

Initializes this one-time password delivery mechanism.

Parameters:

serverContext - A handle to the server context for the server in which this extension is running.

config - The general configuration for this OTP delivery mechanism.

parser - The argument parser which has been initialized from the configuration for this OTP delivery mechanism.

Throws:

com.unboundid.ldap.sdk.LDAPException - If a problem occurs while initializing this OTP delivery mechanism.

isConfigurationAcceptable

public boolean isConfigurationAcceptable(OneTimePasswordDeliveryMechanismConfig config,
                                         com.unboundid.util.args.ArgumentParser parser,
                                         java.util.List<java.lang.String> unacceptableReasons)

Indicates whether the configuration represented by the provided argument parser is acceptable for use by this extension. The parser will have been used to parse any configuration available for this extension, and any automatic validation will have been performed. This method may be used to perform any more complex validation which cannot be performed automatically by the argument parser.

Specified by:

isConfigurationAcceptable in interface Reconfigurable<OneTimePasswordDeliveryMechanismConfig>

Parameters:

config - The general configuration for this extension.

parser - The argument parser that has been used to parse the proposed configuration for this extension.

unacceptableReasons - A list to which messages may be added to provide additional information about why the provided configuration is not acceptable.

Returns:

true if the configuration in the provided argument parser appears to be acceptable, or false if not.

applyConfiguration

public com.unboundid.ldap.sdk.ResultCode applyConfiguration(OneTimePasswordDeliveryMechanismConfig config,
                                                            com.unboundid.util.args.ArgumentParser parser,
                                                            java.util.List<java.lang.String> adminActionsRequired,
                                                            java.util.List<java.lang.String> messages)

Attempts to apply the configuration from the provided argument parser to this extension.

Specified by:

applyConfiguration in interface Reconfigurable<OneTimePasswordDeliveryMechanismConfig>

Parameters:

config - The general configuration for this extension.

parser - The argument parser that has been used to parse the new configuration for this extension.

adminActionsRequired - A list to which messages may be added to provide additional information about any additional administrative actions that may be required to apply some of the configuration changes.

messages - A list to which messages may be added to provide additional information about the processing performed by this method.

Returns:

A result code providing information about the result of applying the configuration change. A result of SUCCESS should be used to indicate that all processing completed successfully. Any other result will indicate that a problem occurred during processing.

finalizeOTPDeliveryMechanism

public void finalizeOTPDeliveryMechanism()

Performs any cleanup which may be necessary when this one-time password delivery mechanism is to be taken out of service.

deliverOneTimePassword

public abstract java.lang.String deliverOneTimePassword(java.lang.String oneTimePassword,
                                                        Entry userEntry,
                                                        java.lang.String targetRecipientID,
                                                        java.lang.StringBuilder resultMessage)
                                                 throws com.unboundid.ldap.sdk.LDAPException

Attempts to deliver the provided one-time password to the specified user.

Parameters:

oneTimePassword - The one-time password to be delivered.

userEntry - The entry for the user to whom the one-time password should be delivered.

targetRecipientID - The target recipient ID that should be used for the delivery, if possible. It may be null if there is no appropriate identifier for this delivery mechanism or if the delivery mechanism may choose which recipient ID should be used. However, if it is non-null, then the delivery mechanism must verify that the provided recipient ID is valid for the associated user (e.g., for an e-mail delivery mechanism, the recipient ID would probably be an e-mail address, and the delivery mechanism must verify that the provided e-mail address is associated with the given user account).

resultMessage - A buffer to which a message may be appended with additional information about the password delivery.

Returns:

An identifier for the user in a format appropriate to the delivery mechanism (e.g., an e-mail address for an e-mail delivery mechanism, a phone number for an SMS or voice call delivery mechanism, etc.). It may be null if there is no appropriate identifier for this delivery mechanism that is needed beyond the name of the delivery mechanism and the DN of the recipient.

Throws:

com.unboundid.ldap.sdk.LDAPException - If a problem is encountered while attempting to send the one-time password to the user. The exception should have a result code of TOKEN_DELIVERY_INVALID_RECIPIENT_ID if the client specified a recipient ID that is not valid for the target user, TOKEN_DELIVERY_MECHANISM_UNAVAILABLE if this delivery mechanism is not supported for the target user, or TOKEN_DELIVERY_ATTEMPT_FAILED if the delivery mechanism should be supported but the attempt to deliver the one-time password failed.

supportsGenericMessageDelivery

public boolean supportsGenericMessageDelivery()

Indicates whether this one-time password delivery mechanism supports general purpose message delivery via the deliverMessage(com.unboundid.directory.sdk.ds.config.OneTimePasswordDeliveryMechanismConfig, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, com.unboundid.directory.sdk.common.types.Entry, java.lang.String, java.lang.StringBuilder) method.

Returns:

true if the deliverMessage method can be used for general-purpose message delivery, or false if only the deliverOneTimePassword method can be used.

deliverMessage

public java.lang.String deliverMessage(OneTimePasswordDeliveryMechanismConfig config,
                                       java.lang.String tokenID,
                                       java.lang.String tokenValue,
                                       java.lang.String messageSubject,
                                       java.lang.String fullMessage,
                                       java.lang.String compactMessage,
                                       Entry userEntry,
                                       java.lang.String targetRecipientID,
                                       java.lang.StringBuilder resultMessage)
                                throws com.unboundid.ldap.sdk.LDAPException

Attempts to deliver a message (containing a single-use token) to the specified user.

Parameters:

config - The general configuration for this OTP delivery mechanism.

tokenID - The token ID for the single-use token contained in the message to be delivered.

tokenValue - The value for the single-use token contained in the message to be delivered.

messageSubject - The message subject that should be used, if appropriate. It may be null if no subject was provided.

fullMessage - The message that should be delivered if this delivery mechanism does not impose a significant constraint on message size.

compactMessage - The message that should be delivered if this delivery mechanism does impose a significant constraint on message size.

userEntry - The entry for the user to whom the token should be delivered.

targetRecipientID - The target recipient ID that should be used for the delivery, if possible. It may be null if there is no appropriate identifier for this delivery mechanism or if the delivery mechanism may choose which recipient ID should be used. However, if it is non-null, then the delivery mechanism must verify that the provided recipient ID is valid for the associated user (e.g., for an e-mail delivery mechanism, the recipient ID would probably be an e-mail address, and the delivery mechanism must verify that the provided e-mail address is associated with the given user account).

resultMessage - A buffer to which a message may be appended with additional information about the token delivery.

Returns:

An identifier for the user in a format appropriate to the delivery mechanism (e.g., an e-mail address for an e-mail delivery mechanism, a phone number for an SMS or voice call delivery mechanism, etc.). It may be null if there is no appropriate identifier for this delivery mechanism that is needed beyond the name of the delivery mechanism and the DN of the recipient.

Throws:

com.unboundid.ldap.sdk.LDAPException - If a problem is encountered while attempting to deliver the single-use token message to the user. The exception should have a result code of TOKEN_DELIVERY_INVALID_RECIPIENT_ID if the client specified a recipient ID that is not valid for the target user, TOKEN_DELIVERY_MECHANISM_UNAVAILABLE if this delivery mechanism is not supported for the target user, or TOKEN_DELIVERY_ATTEMPT_FAILED if the delivery mechanism should be supported but the attempt to deliver the token failed.

getSupportedDeliveryMechanismInfo

public void getSupportedDeliveryMechanismInfo(OneTimePasswordDeliveryMechanismConfig config,
                                              Entry userEntry,
                                              java.util.List<com.unboundid.ldap.sdk.unboundidds.extensions.SupportedOTPDeliveryMechanismInfo> deliveryMechanismInfo)

Updates the provided list with one or more SupportedOTPDeliveryMechanismInfo objects indicating whether this OTP delivery mechanism is supported for the specified user.

Parameters:

config - The general configuration for this OTP delivery mechanism.

userEntry - The entry of the user for whom to make the determination.

deliveryMechanismInfo - The list to which any objects may be appended with information about the level of support this OTP delivery mechanism has for use in conjunction with the specified user.

getExamplesArgumentSets

public java.util.Map<java.util.List<java.lang.String>,java.lang.String> getExamplesArgumentSets()

Retrieves a map containing examples of configurations that may be used for this extension. The map key should be a list of sample arguments, and the corresponding value should be a description of the behavior that will be exhibited by the extension when used with that configuration.

Specified by:

getExamplesArgumentSets in interface ExampleUsageProvider

Returns:

A map containing examples of configurations that may be used for this extension. It may be null or empty if there should not be any example argument sets.