001/*
002 * Copyright 2007-2021 Ping Identity Corporation
003 * All Rights Reserved.
004 */
005/*
006 * Copyright 2007-2021 Ping Identity Corporation
007 *
008 * Licensed under the Apache License, Version 2.0 (the "License");
009 * you may not use this file except in compliance with the License.
010 * You may obtain a copy of the License at
011 *
012 *    http://www.apache.org/licenses/LICENSE-2.0
013 *
014 * Unless required by applicable law or agreed to in writing, software
015 * distributed under the License is distributed on an "AS IS" BASIS,
016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
017 * See the License for the specific language governing permissions and
018 * limitations under the License.
019 */
020/*
021 * Copyright (C) 2007-2021 Ping Identity Corporation
022 *
023 * This program is free software; you can redistribute it and/or modify
024 * it under the terms of the GNU General Public License (GPLv2 only)
025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
026 * as published by the Free Software Foundation.
027 *
028 * This program is distributed in the hope that it will be useful,
029 * but WITHOUT ANY WARRANTY; without even the implied warranty of
030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
031 * GNU General Public License for more details.
032 *
033 * You should have received a copy of the GNU General Public License
034 * along with this program; if not, see <http://www.gnu.org/licenses>.
035 */
036package com.unboundid.ldap.sdk.controls;
037
038
039
040import com.unboundid.asn1.ASN1OctetString;
041import com.unboundid.ldap.sdk.BindResult;
042import com.unboundid.ldap.sdk.Control;
043import com.unboundid.ldap.sdk.DecodeableControl;
044import com.unboundid.ldap.sdk.LDAPException;
045import com.unboundid.ldap.sdk.ResultCode;
046import com.unboundid.util.NotMutable;
047import com.unboundid.util.NotNull;
048import com.unboundid.util.Nullable;
049import com.unboundid.util.ThreadSafety;
050import com.unboundid.util.ThreadSafetyLevel;
051import com.unboundid.util.Validator;
052
053import static com.unboundid.ldap.sdk.controls.ControlMessages.*;
054
055
056
057/**
058 * This class provides an implementation of the authorization identity bind
059 * response control as defined in
060 * <A HREF="http://www.ietf.org/rfc/rfc3829.txt">RFC 3829</A>.  It may be used
061 * to provide the primary authorization identity associated with the client
062 * connection after processing of the associated bind operation has completed.
063 * <BR><BR>
064 * The authorization identity value returned may be empty if the resulting
065 * authorization identity is that of the anonymous user.  Otherwise, it should
066 * be an "authzId" value as described in section 5.2.1.8 of
067 * <A HREF="http://www.ietf.org/rfc/rfc4513.txt">RFC 4513</A>.  That is, it
068 * should be either "dn:" followed by the distinguished name of the target user,
069 * or "u:" followed by the username.
070 * <BR><BR>
071 * Note that the authorization identity response control should only be included
072 * in a bind response message if the corresponding request included the
073 * {@link AuthorizationIdentityRequestControl}, and only if the bind was
074 * successful.
075 */
076@NotMutable()
077@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE)
078public final class AuthorizationIdentityResponseControl
079       extends Control
080       implements DecodeableControl
081{
082  /**
083   * The OID (2.16.840.1.113730.3.4.15) for the authorization identity response
084   * control.
085   */
086  @NotNull public static final String AUTHORIZATION_IDENTITY_RESPONSE_OID =
087       "2.16.840.1.113730.3.4.15";
088
089
090
091  /**
092   * The serial version UID for this serializable class.
093   */
094  private static final long serialVersionUID = -6315724175438820336L;
095
096
097
098  // The authorization ID string returned by the server.
099  @NotNull private final String authorizationID;
100
101
102
103  /**
104   * Creates a new empty control instance that is intended to be used only for
105   * decoding controls via the {@code DecodeableControl} interface.
106   */
107  AuthorizationIdentityResponseControl()
108  {
109    authorizationID = null;
110  }
111
112
113
114  /**
115   * Creates a new authorization identity response control with the provided
116   * authorization ID.
117   *
118   * @param  authorizationID  The authorization identity associated with the
119   *                          client connection.  It must not be {@code null},
120   *                          although it may be a zero-length string to
121   *                          indicate that the authorization identity is the
122   *                          anonymous user.
123   */
124  public AuthorizationIdentityResponseControl(
125              @NotNull final String authorizationID)
126  {
127    super(AUTHORIZATION_IDENTITY_RESPONSE_OID, false,
128          new ASN1OctetString(authorizationID));
129
130    Validator.ensureNotNull(authorizationID);
131
132    this.authorizationID = authorizationID;
133  }
134
135
136
137  /**
138   * Creates a new authorization identity response control with the provided
139   * information.
140   *
141   * @param  oid         The OID for the control.
142   * @param  isCritical  Indicates whether the control should be marked
143   *                     critical.
144   * @param  value       The encoded value for the control.  This may be
145   *                     {@code null} if no value was provided.
146   *
147   * @throws  LDAPException  If the provided control cannot be decoded as an
148   *                         authorization identity response control.
149   */
150  public AuthorizationIdentityResponseControl(@NotNull final String oid,
151              final boolean isCritical,
152              @Nullable final ASN1OctetString value)
153         throws LDAPException
154  {
155    super(oid, isCritical, value);
156
157    if (value == null)
158    {
159      throw new LDAPException(ResultCode.DECODING_ERROR,
160                              ERR_AUTHZID_RESPONSE_NO_VALUE.get());
161    }
162    else
163    {
164      authorizationID = value.stringValue();
165    }
166  }
167
168
169
170  /**
171   * {@inheritDoc}
172   */
173  @Override()
174  @NotNull()
175  public AuthorizationIdentityResponseControl
176              decodeControl(@NotNull final String oid, final boolean isCritical,
177                            @Nullable final ASN1OctetString value)
178         throws LDAPException
179  {
180    return new AuthorizationIdentityResponseControl(oid, isCritical, value);
181  }
182
183
184
185  /**
186   * Extracts an authorization identity response control from the provided
187   * result.
188   *
189   * @param  result  The result from which to retrieve the authorization
190   *                 identity response control.
191   *
192   * @return  The authorization identity response control contained in the
193   *          provided result, or {@code null} if the result did not contain an
194   *          authorization identity response control.
195   *
196   * @throws  LDAPException  If a problem is encountered while attempting to
197   *                         decode the authorization identity response control
198   *                         contained in the provided result.
199   */
200  @Nullable()
201  public static AuthorizationIdentityResponseControl get(
202                     @NotNull final BindResult result)
203         throws LDAPException
204  {
205    final Control c =
206         result.getResponseControl(AUTHORIZATION_IDENTITY_RESPONSE_OID);
207    if (c == null)
208    {
209      return null;
210    }
211
212    if (c instanceof AuthorizationIdentityResponseControl)
213    {
214      return (AuthorizationIdentityResponseControl) c;
215    }
216    else
217    {
218      return new AuthorizationIdentityResponseControl(c.getOID(),
219           c.isCritical(), c.getValue());
220    }
221  }
222
223
224
225  /**
226   * Retrieves the authorization ID string for this authorization identity
227   * response control.  It may be a zero-length string if the associated
228   * authorization identity is that of the anonymous user.
229   *
230   * @return  The authorization ID string for this authorization identity
231   *          response control.
232   */
233  @NotNull()
234  public String getAuthorizationID()
235  {
236    return authorizationID;
237  }
238
239
240
241  /**
242   * {@inheritDoc}
243   */
244  @Override()
245  @NotNull()
246  public String getControlName()
247  {
248    return INFO_CONTROL_NAME_AUTHZID_RESPONSE.get();
249  }
250
251
252
253  /**
254   * {@inheritDoc}
255   */
256  @Override()
257  public void toString(@NotNull final StringBuilder buffer)
258  {
259    buffer.append("AuthorizationIdentityResponseControl(authorizationID='");
260    buffer.append(authorizationID);
261    buffer.append("', isCritical=");
262    buffer.append(isCritical());
263    buffer.append(')');
264  }
265}