001/* 002 * Copyright 2012-2022 Ping Identity Corporation 003 * All Rights Reserved. 004 */ 005/* 006 * Copyright 2012-2022 Ping Identity Corporation 007 * 008 * Licensed under the Apache License, Version 2.0 (the "License"); 009 * you may not use this file except in compliance with the License. 010 * You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, software 015 * distributed under the License is distributed on an "AS IS" BASIS, 016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 017 * See the License for the specific language governing permissions and 018 * limitations under the License. 019 */ 020/* 021 * Copyright (C) 2012-2022 Ping Identity Corporation 022 * 023 * This program is free software; you can redistribute it and/or modify 024 * it under the terms of the GNU General Public License (GPLv2 only) 025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only) 026 * as published by the Free Software Foundation. 027 * 028 * This program is distributed in the hope that it will be useful, 029 * but WITHOUT ANY WARRANTY; without even the implied warranty of 030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 031 * GNU General Public License for more details. 032 * 033 * You should have received a copy of the GNU General Public License 034 * along with this program; if not, see <http://www.gnu.org/licenses>. 035 */ 036package com.unboundid.ldap.sdk.unboundidds.controls; 037 038 039 040import com.unboundid.asn1.ASN1Boolean; 041import com.unboundid.asn1.ASN1Element; 042import com.unboundid.asn1.ASN1OctetString; 043import com.unboundid.asn1.ASN1Sequence; 044import com.unboundid.ldap.sdk.Control; 045import com.unboundid.ldap.sdk.LDAPException; 046import com.unboundid.ldap.sdk.ResultCode; 047import com.unboundid.ldap.sdk.RootDSE; 048import com.unboundid.util.Debug; 049import com.unboundid.util.NotMutable; 050import com.unboundid.util.NotNull; 051import com.unboundid.util.Nullable; 052import com.unboundid.util.StaticUtils; 053import com.unboundid.util.ThreadSafety; 054import com.unboundid.util.ThreadSafetyLevel; 055 056import static com.unboundid.ldap.sdk.unboundidds.controls.ControlMessages.*; 057 058 059 060/** 061 * This class provides a request control which may be used to request that the 062 * server return resource limit information for the authenticated user in the 063 * response to a successful bind operation. Resource limits that may be 064 * returned include custom size limit, time limit, idle time limit, lookthrough 065 * limit, equivalent authorization user DN, client connection policy name, and 066 * privilege names. 067 * <BR> 068 * <BLOCKQUOTE> 069 * <B>NOTE:</B> This class, and other classes within the 070 * {@code com.unboundid.ldap.sdk.unboundidds} package structure, are only 071 * supported for use against Ping Identity, UnboundID, and 072 * Nokia/Alcatel-Lucent 8661 server products. These classes provide support 073 * for proprietary functionality or for external specifications that are not 074 * considered stable or mature enough to be guaranteed to work in an 075 * interoperable way with other types of LDAP servers. 076 * </BLOCKQUOTE> 077 * <BR> 078 * The criticality for this control may be either {@code true} or {@code false}. 079 * It may optionally have a value, although it should only have a value if the 080 * server advertises OID "1.3.6.1.4.1.30221.2.12.6" 081 * ({@link #EXCLUDE_GROUPS_FEATURE_OID}) in the supportedFeatures attribute of 082 * its root DSE. The {@link #serverAdvertisesExcludeGroupsFeature} method can 083 * help clients make that determination. 084 * <BR><BR> 085 * If the control does have a value, then it should use the following encoding: 086 * <PRE> 087 * GetUserResourceLimitsRequest ::= SEQUENCE { 088 * excludeGroups [0] BOOLEAN DEFAULT FALSE, 089 * ... } 090 * </PRE> 091 * <BR><BR> 092 * If the control does not have a value, then the server will assume the default 093 * behavior for all elements that would be in the value. 094 * 095 * @see GetUserResourceLimitsResponseControl 096 */ 097@NotMutable() 098@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE) 099public final class GetUserResourceLimitsRequestControl 100 extends Control 101{ 102 /** 103 * The OID (1.3.6.1.4.1.30221.2.5.25) for the get user resource limits request 104 * control. 105 */ 106 @NotNull public static final String GET_USER_RESOURCE_LIMITS_REQUEST_OID = 107 "1.3.6.1.4.1.30221.2.5.25"; 108 109 110 111 /** 112 * The OID (1.3.6.1.4.1.30221.2.12.6) for the supportedFeature value that a 113 * server should advertise in its root DSE if it supports a value indicating 114 * that the server allows the control to include a value that indicates it 115 * should omit group membership information from the response control. 116 */ 117 @NotNull public static final String EXCLUDE_GROUPS_FEATURE_OID = 118 "1.3.6.1.4.1.30221.2.12.6"; 119 120 121 122 /** 123 * The BER type for the request value element that indicates whether groups 124 * should be excluded from the response control. 125 */ 126 private static final byte TYPE_EXCLUDE_GROUPS = (byte) 0x80; 127 128 129 130 /** 131 * The serial version UID for this serializable class. 132 */ 133 private static final long serialVersionUID = -4349321415426346390L; 134 135 136 137 // Indicates whether the server should exclude information about group 138 // membership from the response control. 139 private final boolean excludeGroups; 140 141 142 143 /** 144 * Creates a new get user resource limits request control. It will not be 145 * marked critical. 146 */ 147 public GetUserResourceLimitsRequestControl() 148 { 149 this(false); 150 } 151 152 153 154 /** 155 * Creates a new get user resource limits request control with the specified 156 * criticality. 157 * 158 * @param isCritical Indicates whether this control should be marked 159 * critical. 160 */ 161 public GetUserResourceLimitsRequestControl(final boolean isCritical) 162 { 163 this(false, false); 164 } 165 166 167 168 /** 169 * Creates a new get user resource limits request control with the specified 170 * criticality. 171 * 172 * @param isCritical Indicates whether this control should be marked 173 * critical. 174 * @param excludeGroups Indicates whether the server should exclude 175 * information about group membership from the response 176 * control. This should generally only be {@code true} 177 * if the client has confirmed that the server supports 178 * this ability, which may be determined using the 179 * {@link #serverAdvertisesExcludeGroupsFeature} 180 * method. 181 */ 182 public GetUserResourceLimitsRequestControl(final boolean isCritical, 183 final boolean excludeGroups) 184 { 185 super(GET_USER_RESOURCE_LIMITS_REQUEST_OID, isCritical, 186 encodeValue(excludeGroups)); 187 188 this.excludeGroups = excludeGroups; 189 } 190 191 192 193 /** 194 * Encodes a value for this control, if appropriate. 195 * 196 * @param excludeGroups Indicates whether the server should exclude 197 * information about group membership from the response 198 * control. This should generally only be {@code true} 199 * if the client has confirmed that the server supports 200 * this ability, which may be determined using the 201 * {@link #serverAdvertisesExcludeGroupsFeature} 202 * method. 203 * 204 * @return A value for this control, or {@code null} if no value is needed. 205 */ 206 @Nullable() 207 private static ASN1OctetString encodeValue(final boolean excludeGroups) 208 { 209 if (excludeGroups) 210 { 211 return new ASN1OctetString( 212 new ASN1Sequence( 213 new ASN1Boolean(TYPE_EXCLUDE_GROUPS, true)).encode()); 214 } 215 216 return null; 217 } 218 219 220 221 /** 222 * Creates a new get user resource limits request control which is decoded 223 * from the provided generic control. 224 * 225 * @param control The generic control to be decoded as a get user resource 226 * limits request control. 227 * 228 * @throws LDAPException If the provided control cannot be decoded as a get 229 * user resource limits request control. 230 */ 231 public GetUserResourceLimitsRequestControl(@NotNull final Control control) 232 throws LDAPException 233 { 234 super(control); 235 236 final ASN1OctetString value = control.getValue(); 237 if (value == null) 238 { 239 excludeGroups = false; 240 return; 241 } 242 243 try 244 { 245 boolean excludeGroupsMutable = false; 246 final ASN1Sequence valueSequence = 247 ASN1Sequence.decodeAsSequence(value.getValue()); 248 for (final ASN1Element e : valueSequence.elements()) 249 { 250 switch (e.getType()) 251 { 252 case TYPE_EXCLUDE_GROUPS: 253 excludeGroupsMutable = 254 ASN1Boolean.decodeAsBoolean(e).booleanValue(); 255 break; 256 } 257 } 258 259 excludeGroups = excludeGroupsMutable; 260 } 261 catch (final Exception e) 262 { 263 Debug.debugException(e); 264 throw new LDAPException(ResultCode.DECODING_ERROR, 265 ERR_GET_USER_RESOURCE_LIMITS_REQUEST_CANNOT_DECODE.get( 266 StaticUtils.getExceptionMessage(e)), 267 e); 268 } 269 } 270 271 272 273 /** 274 * Indicates whether the control requests that the server exclude information 275 * about group membership from the corresponding response control. 276 * 277 * @return {@code true} if the server should exclude information about group 278 * membership from the response control, or {@code false} if not. 279 */ 280 public boolean excludeGroups() 281 { 282 return excludeGroups; 283 } 284 285 286 287 /** 288 * Indicates whether the provided root DSE advertises support for a feature 289 * that indicates it is acceptable for the client to request that the server 290 * omit group membership information from the corresponding response 291 * control. 292 * 293 * @param rootDSE An object with information from the root DSE of the server 294 * for which to make the determination. It must not be 295 * {@code null}. 296 * 297 * @return {@code true} if the provided root DSE object indicates that the 298 * server supports clients requesting to exclude group membership 299 * information from the response control, or {@code false} if not. 300 */ 301 public static boolean serverAdvertisesExcludeGroupsFeature( 302 @NotNull final RootDSE rootDSE) 303 { 304 return rootDSE.supportsFeature(EXCLUDE_GROUPS_FEATURE_OID); 305 } 306 307 308 309 /** 310 * {@inheritDoc} 311 */ 312 @Override() 313 @NotNull() 314 public String getControlName() 315 { 316 return INFO_CONTROL_NAME_GET_USER_RESOURCE_LIMITS_REQUEST.get(); 317 } 318 319 320 321 /** 322 * {@inheritDoc} 323 */ 324 @Override() 325 public void toString(@NotNull final StringBuilder buffer) 326 { 327 buffer.append("GetUserResourceLimitsRequestControl(isCritical="); 328 buffer.append(isCritical()); 329 buffer.append(", excludeGroups="); 330 buffer.append(excludeGroups); 331 buffer.append(')'); 332 } 333}