/** * Handle password expiration - if any accounts appear to have triggered this, put up warnings, or * even shut them down. * * <p>NOTE: If there are multiple accounts with password expiration policies, the device password * will be set to expire in the shortest required interval (most secure). The logic in this method * operates based on the aggregate setting - irrespective of which account caused the expiration. * In other words, all accounts (that require expiration) will run/stop based on the requirements * of the account with the shortest interval. */ private void onPasswordExpiring(Context context) { // 1. Do we have any accounts that matter here? long nextExpiringAccountId = findShortestExpiration(context); // 2. If not, exit immediately if (nextExpiringAccountId == -1) { return; } // 3. If yes, are we warning or expired? long expirationDate = getDPM().getPasswordExpiration(mAdminName); long timeUntilExpiration = expirationDate - System.currentTimeMillis(); boolean expired = timeUntilExpiration < 0; final NotificationController nc = NotificationControllerCreatorHolder.getInstance(context); if (!expired) { // 4. If warning, simply put up a generic notification and report that it came from // the shortest-expiring account. nc.showPasswordExpiringNotificationSynchronous(nextExpiringAccountId); } else { // 5. Actually expired - find all accounts that expire passwords, and wipe them boolean wiped = wipeExpiredAccounts(context); if (wiped) { nc.showPasswordExpiredNotificationSynchronous(nextExpiringAccountId); } } }