/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at legal-notices/CDDLv1_0.txt.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2012 profiq s.r.o.
* Portions Copyright 2012-2014 ForgeRock AS
*/
import
/**
* Provider for the password expiration time virtual attribute.
*/
public class PasswordExpirationTimeVirtualAttributeProvider
{
/**
* Debug tracer to log debugging information.
*/
/**
* Default constructor.
*/
{
super();
}
/** {@inheritDoc} */
public boolean isMultiValued()
{
return false;
}
/** {@inheritDoc} */
{
// Do not process LDAP operational entries.
{
if (expirationTime == -1)
{
// It does not expire.
}
}
}
/** {@inheritDoc} */
boolean isPreIndexed)
{
return false;
}
/** {@inheritDoc} */
{
}
/** {@inheritDoc} */
{
// Do not process LDAP operational entries.
return !entry.isSubentry()
&& !entry.isLDAPSubentry()
}
/**
* Utility method to wrap the PasswordPolicyState.getExpirationTime().
*
* @param entry LDAP entry
* @return Expiration time in milliseconds since the epoch.
*/
{
// Do not process LDAP operational entries.
try
{
}
catch (DirectoryException de)
{
}
{
// No authentication policy: debug log this as an error since all
// entries should have at least the default password policy.
}
else if (policy.isPasswordPolicy())
{
try
{
pwpState =
}
catch (DirectoryException de)
{
}
return pwpState.getPasswordExpirationTime();
}
else
{
// Not a password policy, could be PTA, etc.
}
return -1L;
}
}