com.hfg.ldap.ad.ActiveDirectory Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of com_hfg Show documentation
Show all versions of com_hfg Show documentation
com.hfg xml, html, svg, and bioinformatics utility library
package com.hfg.ldap.ad;
import java.util.Calendar;
import java.util.Date;
import java.util.TimeZone;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.naming.AuthenticationException;
import com.hfg.exception.InvalidValueException;
import com.hfg.util.StringUtil;
//------------------------------------------------------------------------------
/**
Active Directory functions.
@author J. Alex Taylor, hairyfatguy.com
*/
//------------------------------------------------------------------------------
// com.hfg XML/HTML Coding Library
//
// This library is free software; you can redistribute it and/or
// modify it under the terms of the GNU Lesser General Public
// License as published by the Free Software Foundation; either
// version 2.1 of the License, or (at your option) any later version.
//
// This library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public
// License along with this library; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
//
// J. Alex Taylor, President, Founder, CEO, COO, CFO, OOPS hairyfatguy.com
// [email protected]
//------------------------------------------------------------------------------
public class ActiveDirectory
{
private static final Pattern sADAuthenticationExceptionPattern = Pattern.compile("AcceptSecurityContext error, data (\\S+?), ");
private static final TimeZone UTC_TIME_ZONE = TimeZone.getTimeZone("UTC");
// A Windows tick is 100 nanoseconds. Windows epoch = 1601-01-01T00:00:00Z
// ( 1601 was the first year of the 400-year Gregorian calendar cycle at the time Windows NT was made.)
// This is 11644473600 seconds before the Unix epoch 1970-01-01T00:00:00Z.
private static final long WIN32_EPOCH_OFFSET_MS = 11644473600L * 1000;
//---------------------------------------------------------------------------
/**
Converts an LDAP-specific generalized timestamp "YYYYMMDDHHMMSS.0Z"(ex: '20190104204258.0Z').
@param inValue a 'Z' form timestamp string
@return Java Date object
*/
public static Date convertGeneralizedTimestamp(String inValue)
{
Calendar cal = Calendar.getInstance(UTC_TIME_ZONE);
cal.set(Calendar.YEAR, Integer.parseInt(inValue.substring(0, 4)));
cal.set(Calendar.MONTH, Integer.parseInt(inValue.substring(4, 6)) - 1);
cal.set(Calendar.DAY_OF_MONTH, Integer.parseInt(inValue.substring(6, 8)));
cal.set(Calendar.HOUR_OF_DAY, Integer.parseInt(inValue.substring(8, 10)));
cal.set(Calendar.MINUTE, Integer.parseInt(inValue.substring(10, 12)));
cal.set(Calendar.SECOND, Integer.parseInt(inValue.substring(12, 14)));
cal.set(Calendar.MILLISECOND, 0);
return cal.getTime();
}
//---------------------------------------------------------------------------
/**
Converts Active Directory timestamps used for pwdLastSet, accountExpires, LastLogon, LastLogonTimestamp and LastPwdSet.
The timestamp is the number of 100-nanoseconds intervals since Jan 1, 1601 UTC.
@param inValue timstamp as an 18-digit string
@return Java Date object
*/
public static Date convertWin32EpochTimestamp(String inValue)
{
Date date;
try
{
long ticksSinceWin32Epoch = Long.parseLong(inValue);
date = new Date((ticksSinceWin32Epoch / 10000) - WIN32_EPOCH_OFFSET_MS);
}
catch (Exception e)
{
throw new InvalidValueException("The input timestamp " + StringUtil.singleQuote(inValue) + " is not in the expected format!");
}
return date;
}
//---------------------------------------------------------------------------
public static String decodeAuthenticationException(AuthenticationException inException)
{
// javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903D9, comment: AcceptSecurityContext error, data 52e, v2580 ]
String msg = null;
if (inException != null
&& inException.getMessage() != null)
{
Matcher m = sADAuthenticationExceptionPattern.matcher(inException.getMessage());
if (m.find())
{
/*
525 user not found
52e invalid credentials
530 not permitted to logon at this time
531 not permitted to logon at this workstation
532 password expired
533 account disabled
534 The user has not been granted the requested logon type at this machine
701 account expired
773 user must reset password
775 user account locked
*/
if (m.group(1).equals("525"))
{
msg = "User not found";
}
else if (m.group(1).equals("52e"))
{
msg = "Invalid credentials";
}
else if (m.group(1).equals("530"))
{
msg = "Not permitted to logon at this time";
}
else if (m.group(1).equals("531"))
{
msg = "Not permitted to logon at this workstation";
}
else if (m.group(1).equals("532"))
{
msg = "Password expired";
}
else if (m.group(1).equals("533"))
{
msg = "Account disabled";
}
else if (m.group(1).equals("534"))
{
msg = "The user has not been granted the requested logon type at this machine";
}
else if (m.group(1).equals("701"))
{
msg = "Account expired";
}
else if (m.group(1).equals("773"))
{
msg = "User must reset password";
}
else if (m.group(1).equals("773"))
{
msg = "User account locked";
}
}
}
return msg;
}
}