001    /*
002     * Copyright 2007-2016 UnboundID Corp.
003     * All Rights Reserved.
004     */
005    /*
006     * Copyright (C) 2008-2016 UnboundID Corp.
007     *
008     * This program is free software; you can redistribute it and/or modify
009     * it under the terms of the GNU General Public License (GPLv2 only)
010     * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
011     * as published by the Free Software Foundation.
012     *
013     * This program is distributed in the hope that it will be useful,
014     * but WITHOUT ANY WARRANTY; without even the implied warranty of
015     * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
016     * GNU General Public License for more details.
017     *
018     * You should have received a copy of the GNU General Public License
019     * along with this program; if not, see <http://www.gnu.org/licenses>.
020     */
021    package com.unboundid.ldap.sdk.controls;
022    
023    
024    
025    import com.unboundid.asn1.ASN1OctetString;
026    import com.unboundid.ldap.sdk.BindResult;
027    import com.unboundid.ldap.sdk.Control;
028    import com.unboundid.ldap.sdk.DecodeableControl;
029    import com.unboundid.ldap.sdk.LDAPException;
030    import com.unboundid.ldap.sdk.ResultCode;
031    import com.unboundid.util.NotMutable;
032    import com.unboundid.util.ThreadSafety;
033    import com.unboundid.util.ThreadSafetyLevel;
034    
035    import static com.unboundid.ldap.sdk.controls.ControlMessages.*;
036    import static com.unboundid.util.Validator.*;
037    
038    
039    
040    /**
041     * This class provides an implementation of the authorization identity bind
042     * response control as defined in
043     * <A HREF="http://www.ietf.org/rfc/rfc3829.txt">RFC 3829</A>.  It may be used
044     * to provide the primary authorization identity associated with the client
045     * connection after processing of the associated bind operation has completed.
046     * <BR><BR>
047     * The authorization identity value returned may be empty if the resulting
048     * authorization identity is that of the anonymous user.  Otherwise, it should
049     * be an "authzId" value as described in section 5.2.1.8 of
050     * <A HREF="http://www.ietf.org/rfc/rfc4513.txt">RFC 4513</A>.  That is, it
051     * should be either "dn:" followed by the distinguished name of the target user,
052     * or "u:" followed by the username.
053     * <BR><BR>
054     * Note that the authorization identity response control should only be included
055     * in a bind response message if the corresponding request included the
056     * {@link AuthorizationIdentityRequestControl}, and only if the bind was
057     * successful.
058     */
059    @NotMutable()
060    @ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE)
061    public final class AuthorizationIdentityResponseControl
062           extends Control
063           implements DecodeableControl
064    {
065      /**
066       * The OID (2.16.840.1.113730.3.4.15) for the authorization identity response
067       * control.
068       */
069      public static final String AUTHORIZATION_IDENTITY_RESPONSE_OID =
070           "2.16.840.1.113730.3.4.15";
071    
072    
073    
074      /**
075       * The serial version UID for this serializable class.
076       */
077      private static final long serialVersionUID = -6315724175438820336L;
078    
079    
080    
081      // The authorization ID string returned by the server.
082      private final String authorizationID;
083    
084    
085    
086      /**
087       * Creates a new empty control instance that is intended to be used only for
088       * decoding controls via the {@code DecodeableControl} interface.
089       */
090      AuthorizationIdentityResponseControl()
091      {
092        authorizationID = null;
093      }
094    
095    
096    
097      /**
098       * Creates a new authorization identity response control with the provided
099       * authorization ID.
100       *
101       * @param  authorizationID  The authorization identity associated with the
102       *                          client connection.  It must not be {@code null},
103       *                          although it may be a zero-length string to
104       *                          indicate that the authorization identity is the
105       *                          anonymous user.
106       */
107      public AuthorizationIdentityResponseControl(final String authorizationID)
108      {
109        super(AUTHORIZATION_IDENTITY_RESPONSE_OID, false,
110              new ASN1OctetString(authorizationID));
111    
112        ensureNotNull(authorizationID);
113    
114        this.authorizationID = authorizationID;
115      }
116    
117    
118    
119      /**
120       * Creates a new authorization identity response control with the provided
121       * information.
122       *
123       * @param  oid         The OID for the control.
124       * @param  isCritical  Indicates whether the control should be marked
125       *                     critical.
126       * @param  value       The encoded value for the control.  This may be
127       *                     {@code null} if no value was provided.
128       *
129       * @throws  LDAPException  If the provided control cannot be decoded as an
130       *                         authorization identity response control.
131       */
132      public AuthorizationIdentityResponseControl(final String oid,
133                                                  final boolean isCritical,
134                                                  final ASN1OctetString value)
135             throws LDAPException
136      {
137        super(oid, isCritical, value);
138    
139        if (value == null)
140        {
141          throw new LDAPException(ResultCode.DECODING_ERROR,
142                                  ERR_AUTHZID_RESPONSE_NO_VALUE.get());
143        }
144        else
145        {
146          authorizationID = value.stringValue();
147        }
148      }
149    
150    
151    
152      /**
153       * {@inheritDoc}
154       */
155      public AuthorizationIdentityResponseControl
156                  decodeControl(final String oid, final boolean isCritical,
157                                final ASN1OctetString value)
158             throws LDAPException
159      {
160        return new AuthorizationIdentityResponseControl(oid, isCritical, value);
161      }
162    
163    
164    
165      /**
166       * Extracts an authorization identity response control from the provided
167       * result.
168       *
169       * @param  result  The result from which to retrieve the authorization
170       *                 identity response control.
171       *
172       * @return  The authorization identity response control contained in the
173       *          provided result, or {@code null} if the result did not contain an
174       *          authorization identity response control.
175       *
176       * @throws  LDAPException  If a problem is encountered while attempting to
177       *                         decode the authorization identity response control
178       *                         contained in the provided result.
179       */
180      public static AuthorizationIdentityResponseControl
181                         get(final BindResult result)
182             throws LDAPException
183      {
184        final Control c =
185             result.getResponseControl(AUTHORIZATION_IDENTITY_RESPONSE_OID);
186        if (c == null)
187        {
188          return null;
189        }
190    
191        if (c instanceof AuthorizationIdentityResponseControl)
192        {
193          return (AuthorizationIdentityResponseControl) c;
194        }
195        else
196        {
197          return new AuthorizationIdentityResponseControl(c.getOID(),
198               c.isCritical(), c.getValue());
199        }
200      }
201    
202    
203    
204      /**
205       * Retrieves the authorization ID string for this authorization identity
206       * response control.  It may be a zero-length string if the associated
207       * authorization identity is that of the anonymous user.
208       *
209       * @return  The authorization ID string for this authorization identity
210       *          response control.
211       */
212      public String getAuthorizationID()
213      {
214        return authorizationID;
215      }
216    
217    
218    
219      /**
220       * {@inheritDoc}
221       */
222      @Override()
223      public String getControlName()
224      {
225        return INFO_CONTROL_NAME_AUTHZID_RESPONSE.get();
226      }
227    
228    
229    
230      /**
231       * {@inheritDoc}
232       */
233      @Override()
234      public void toString(final StringBuilder buffer)
235      {
236        buffer.append("AuthorizationIdentityResponseControl(authorizationID='");
237        buffer.append(authorizationID);
238        buffer.append("', isCritical=");
239        buffer.append(isCritical());
240        buffer.append(')');
241      }
242    }