001/*
002 * Copyright 2012-2022 Ping Identity Corporation
003 * All Rights Reserved.
004 */
005/*
006 * Copyright 2012-2022 Ping Identity Corporation
007 *
008 * Licensed under the Apache License, Version 2.0 (the "License");
009 * you may not use this file except in compliance with the License.
010 * You may obtain a copy of the License at
011 *
012 *    http://www.apache.org/licenses/LICENSE-2.0
013 *
014 * Unless required by applicable law or agreed to in writing, software
015 * distributed under the License is distributed on an "AS IS" BASIS,
016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
017 * See the License for the specific language governing permissions and
018 * limitations under the License.
019 */
020/*
021 * Copyright (C) 2012-2022 Ping Identity Corporation
022 *
023 * This program is free software; you can redistribute it and/or modify
024 * it under the terms of the GNU General Public License (GPLv2 only)
025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
026 * as published by the Free Software Foundation.
027 *
028 * This program is distributed in the hope that it will be useful,
029 * but WITHOUT ANY WARRANTY; without even the implied warranty of
030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
031 * GNU General Public License for more details.
032 *
033 * You should have received a copy of the GNU General Public License
034 * along with this program; if not, see <http://www.gnu.org/licenses>.
035 */
036package com.unboundid.ldap.sdk.unboundidds.controls;
037
038
039
040import com.unboundid.asn1.ASN1Boolean;
041import com.unboundid.asn1.ASN1Element;
042import com.unboundid.asn1.ASN1OctetString;
043import com.unboundid.asn1.ASN1Sequence;
044import com.unboundid.ldap.sdk.Control;
045import com.unboundid.ldap.sdk.LDAPException;
046import com.unboundid.ldap.sdk.ResultCode;
047import com.unboundid.ldap.sdk.RootDSE;
048import com.unboundid.util.Debug;
049import com.unboundid.util.NotMutable;
050import com.unboundid.util.NotNull;
051import com.unboundid.util.Nullable;
052import com.unboundid.util.StaticUtils;
053import com.unboundid.util.ThreadSafety;
054import com.unboundid.util.ThreadSafetyLevel;
055
056import static com.unboundid.ldap.sdk.unboundidds.controls.ControlMessages.*;
057
058
059
060/**
061 * This class provides a request control which may be used to request that the
062 * server return resource limit information for the authenticated user in the
063 * response to a successful bind operation.  Resource limits that may be
064 * returned include custom size limit, time limit, idle time limit, lookthrough
065 * limit, equivalent authorization user DN, client connection policy name, and
066 * privilege names.
067 * <BR>
068 * <BLOCKQUOTE>
069 *   <B>NOTE:</B>  This class, and other classes within the
070 *   {@code com.unboundid.ldap.sdk.unboundidds} package structure, are only
071 *   supported for use against Ping Identity, UnboundID, and
072 *   Nokia/Alcatel-Lucent 8661 server products.  These classes provide support
073 *   for proprietary functionality or for external specifications that are not
074 *   considered stable or mature enough to be guaranteed to work in an
075 *   interoperable way with other types of LDAP servers.
076 * </BLOCKQUOTE>
077 * <BR>
078 * The criticality for this control may be either {@code true} or {@code false}.
079 * It may optionally have a value, although it should only have a value if the
080 * server advertises OID "1.3.6.1.4.1.30221.2.12.6"
081 * ({@link #EXCLUDE_GROUPS_FEATURE_OID}) in the supportedFeatures attribute of
082 * its root DSE.  The {@link #serverAdvertisesExcludeGroupsFeature} method can
083 * help clients make that determination.
084 * <BR><BR>
085 * If the control does have a value, then it should use the following encoding:
086 * <PRE>
087 *   GetUserResourceLimitsRequest ::= SEQUENCE {
088 *        excludeGroups     [0] BOOLEAN DEFAULT FALSE,
089 *        ... }
090 * </PRE>
091 * <BR><BR>
092 * If the control does not have a value, then the server will assume the default
093 * behavior for all elements that would be in the value.
094 *
095 * @see GetUserResourceLimitsResponseControl
096 */
097@NotMutable()
098@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE)
099public final class GetUserResourceLimitsRequestControl
100       extends Control
101{
102  /**
103   * The OID (1.3.6.1.4.1.30221.2.5.25) for the get user resource limits request
104   * control.
105   */
106  @NotNull public static final String GET_USER_RESOURCE_LIMITS_REQUEST_OID =
107       "1.3.6.1.4.1.30221.2.5.25";
108
109
110
111  /**
112   * The OID (1.3.6.1.4.1.30221.2.12.6) for the supportedFeature value that a
113   * server should advertise in its root DSE if it supports a value indicating
114   * that the server allows the control to include a value that indicates it
115   * should omit group membership information from the response control.
116   */
117  @NotNull public static final String EXCLUDE_GROUPS_FEATURE_OID =
118       "1.3.6.1.4.1.30221.2.12.6";
119
120
121
122  /**
123   * The BER type for the request value element that indicates whether groups
124   * should be excluded from the response control.
125   */
126  private static final byte TYPE_EXCLUDE_GROUPS = (byte) 0x80;
127
128
129
130  /**
131   * The serial version UID for this serializable class.
132   */
133  private static final long serialVersionUID = -4349321415426346390L;
134
135
136
137  // Indicates whether the server should exclude information about group
138  // membership from the response control.
139  private final boolean excludeGroups;
140
141
142
143  /**
144   * Creates a new get user resource limits request control.  It will not be
145   * marked critical.
146   */
147  public GetUserResourceLimitsRequestControl()
148  {
149    this(false);
150  }
151
152
153
154  /**
155   * Creates a new get user resource limits request control with the specified
156   * criticality.
157   *
158   * @param  isCritical  Indicates whether this control should be marked
159   *                     critical.
160   */
161  public GetUserResourceLimitsRequestControl(final boolean isCritical)
162  {
163    this(false, false);
164  }
165
166
167
168  /**
169   * Creates a new get user resource limits request control with the specified
170   * criticality.
171   *
172   * @param  isCritical     Indicates whether this control should be marked
173   *                        critical.
174   * @param  excludeGroups  Indicates whether the server should exclude
175   *                        information about group membership from the response
176   *                        control.  This should generally only be {@code true}
177   *                        if the client has confirmed that the server supports
178   *                        this ability, which may be determined using the
179   *                        {@link #serverAdvertisesExcludeGroupsFeature}
180   *                        method.
181   */
182  public GetUserResourceLimitsRequestControl(final boolean isCritical,
183                                             final boolean excludeGroups)
184  {
185    super(GET_USER_RESOURCE_LIMITS_REQUEST_OID, isCritical,
186         encodeValue(excludeGroups));
187
188    this.excludeGroups = excludeGroups;
189  }
190
191
192
193  /**
194   * Encodes a value for this control, if appropriate.
195   *
196   * @param  excludeGroups  Indicates whether the server should exclude
197   *                        information about group membership from the response
198   *                        control.  This should generally only be {@code true}
199   *                        if the client has confirmed that the server supports
200   *                        this ability, which may be determined using the
201   *                        {@link #serverAdvertisesExcludeGroupsFeature}
202   *                        method.
203   *
204   * @return  A value for this control, or {@code null} if no value is needed.
205   */
206  @Nullable()
207  private static ASN1OctetString encodeValue(final boolean excludeGroups)
208  {
209    if (excludeGroups)
210    {
211      return new ASN1OctetString(
212           new ASN1Sequence(
213                new ASN1Boolean(TYPE_EXCLUDE_GROUPS, true)).encode());
214    }
215
216    return null;
217  }
218
219
220
221  /**
222   * Creates a new get user resource limits request control which is decoded
223   * from the provided generic control.
224   *
225   * @param  control  The generic control to be decoded as a get user resource
226   *                  limits request control.
227   *
228   * @throws  LDAPException  If the provided control cannot be decoded as a get
229   *                         user resource limits request control.
230   */
231  public GetUserResourceLimitsRequestControl(@NotNull final Control control)
232         throws LDAPException
233  {
234    super(control);
235
236    final ASN1OctetString value = control.getValue();
237    if (value == null)
238    {
239      excludeGroups = false;
240      return;
241    }
242
243    try
244    {
245      boolean excludeGroupsMutable = false;
246      final ASN1Sequence valueSequence =
247           ASN1Sequence.decodeAsSequence(value.getValue());
248      for (final ASN1Element e : valueSequence.elements())
249      {
250        switch (e.getType())
251        {
252          case TYPE_EXCLUDE_GROUPS:
253            excludeGroupsMutable =
254                 ASN1Boolean.decodeAsBoolean(e).booleanValue();
255            break;
256        }
257      }
258
259      excludeGroups = excludeGroupsMutable;
260    }
261    catch (final Exception e)
262    {
263      Debug.debugException(e);
264      throw new LDAPException(ResultCode.DECODING_ERROR,
265           ERR_GET_USER_RESOURCE_LIMITS_REQUEST_CANNOT_DECODE.get(
266                StaticUtils.getExceptionMessage(e)),
267           e);
268    }
269  }
270
271
272
273  /**
274   * Indicates whether the control requests that the server exclude information
275   * about group membership from the corresponding response control.
276   *
277   * @return  {@code true} if the server should exclude information about group
278   *          membership from the response control, or {@code false} if not.
279   */
280  public boolean excludeGroups()
281  {
282    return excludeGroups;
283  }
284
285
286
287  /**
288   * Indicates whether the provided root DSE advertises support for a feature
289   * that indicates it is acceptable for the client to request that the server
290   * omit group membership information from the corresponding response
291   * control.
292   *
293   * @param  rootDSE  An object with information from the root DSE of the server
294   *                  for which to make the determination.  It must not be
295   *                  {@code null}.
296   *
297   * @return  {@code true} if the provided root DSE object indicates that the
298   *          server supports clients requesting to exclude group membership
299   *          information from the response control, or {@code false} if not.
300   */
301  public static boolean serverAdvertisesExcludeGroupsFeature(
302              @NotNull final RootDSE rootDSE)
303  {
304    return rootDSE.supportsFeature(EXCLUDE_GROUPS_FEATURE_OID);
305  }
306
307
308
309  /**
310   * {@inheritDoc}
311   */
312  @Override()
313  @NotNull()
314  public String getControlName()
315  {
316    return INFO_CONTROL_NAME_GET_USER_RESOURCE_LIMITS_REQUEST.get();
317  }
318
319
320
321  /**
322   * {@inheritDoc}
323   */
324  @Override()
325  public void toString(@NotNull final StringBuilder buffer)
326  {
327    buffer.append("GetUserResourceLimitsRequestControl(isCritical=");
328    buffer.append(isCritical());
329    buffer.append(", excludeGroups=");
330    buffer.append(excludeGroups);
331    buffer.append(')');
332  }
333}