/**
* Handle password expiration - if any accounts appear to have triggered this, put up warnings, or
* even shut them down.
*
* <p>NOTE: If there are multiple accounts with password expiration policies, the device password
* will be set to expire in the shortest required interval (most secure). The logic in this method
* operates based on the aggregate setting - irrespective of which account caused the expiration.
* In other words, all accounts (that require expiration) will run/stop based on the requirements
* of the account with the shortest interval.
*/
private void onPasswordExpiring(Context context) {
// 1. Do we have any accounts that matter here?
long nextExpiringAccountId = findShortestExpiration(context);
// 2. If not, exit immediately
if (nextExpiringAccountId == -1) {
return;
}
// 3. If yes, are we warning or expired?
long expirationDate = getDPM().getPasswordExpiration(mAdminName);
long timeUntilExpiration = expirationDate - System.currentTimeMillis();
boolean expired = timeUntilExpiration < 0;
final NotificationController nc = NotificationControllerCreatorHolder.getInstance(context);
if (!expired) {
// 4. If warning, simply put up a generic notification and report that it came from
// the shortest-expiring account.
nc.showPasswordExpiringNotificationSynchronous(nextExpiringAccountId);
} else {
// 5. Actually expired - find all accounts that expire passwords, and wipe them
boolean wiped = wipeExpiredAccounts(context);
if (wiped) {
nc.showPasswordExpiredNotificationSynchronous(nextExpiringAccountId);
}
}
}
