001/* 002 * Copyright 2007-2022 Ping Identity Corporation 003 * All Rights Reserved. 004 */ 005/* 006 * Copyright 2007-2022 Ping Identity Corporation 007 * 008 * Licensed under the Apache License, Version 2.0 (the "License"); 009 * you may not use this file except in compliance with the License. 010 * You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, software 015 * distributed under the License is distributed on an "AS IS" BASIS, 016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 017 * See the License for the specific language governing permissions and 018 * limitations under the License. 019 */ 020/* 021 * Copyright (C) 2007-2022 Ping Identity Corporation 022 * 023 * This program is free software; you can redistribute it and/or modify 024 * it under the terms of the GNU General Public License (GPLv2 only) 025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only) 026 * as published by the Free Software Foundation. 027 * 028 * This program is distributed in the hope that it will be useful, 029 * but WITHOUT ANY WARRANTY; without even the implied warranty of 030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 031 * GNU General Public License for more details. 032 * 033 * You should have received a copy of the GNU General Public License 034 * along with this program; if not, see <http://www.gnu.org/licenses>. 035 */ 036package com.unboundid.ldap.sdk.controls; 037 038 039 040import com.unboundid.asn1.ASN1OctetString; 041import com.unboundid.ldap.sdk.BindResult; 042import com.unboundid.ldap.sdk.Control; 043import com.unboundid.ldap.sdk.DecodeableControl; 044import com.unboundid.ldap.sdk.LDAPException; 045import com.unboundid.ldap.sdk.ResultCode; 046import com.unboundid.util.NotMutable; 047import com.unboundid.util.NotNull; 048import com.unboundid.util.Nullable; 049import com.unboundid.util.ThreadSafety; 050import com.unboundid.util.ThreadSafetyLevel; 051import com.unboundid.util.Validator; 052 053import static com.unboundid.ldap.sdk.controls.ControlMessages.*; 054 055 056 057/** 058 * This class provides an implementation of the authorization identity bind 059 * response control as defined in 060 * <A HREF="http://www.ietf.org/rfc/rfc3829.txt">RFC 3829</A>. It may be used 061 * to provide the primary authorization identity associated with the client 062 * connection after processing of the associated bind operation has completed. 063 * <BR><BR> 064 * The authorization identity value returned may be empty if the resulting 065 * authorization identity is that of the anonymous user. Otherwise, it should 066 * be an "authzId" value as described in section 5.2.1.8 of 067 * <A HREF="http://www.ietf.org/rfc/rfc4513.txt">RFC 4513</A>. That is, it 068 * should be either "dn:" followed by the distinguished name of the target user, 069 * or "u:" followed by the username. 070 * <BR><BR> 071 * Note that the authorization identity response control should only be included 072 * in a bind response message if the corresponding request included the 073 * {@link AuthorizationIdentityRequestControl}, and only if the bind was 074 * successful. 075 */ 076@NotMutable() 077@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE) 078public final class AuthorizationIdentityResponseControl 079 extends Control 080 implements DecodeableControl 081{ 082 /** 083 * The OID (2.16.840.1.113730.3.4.15) for the authorization identity response 084 * control. 085 */ 086 @NotNull public static final String AUTHORIZATION_IDENTITY_RESPONSE_OID = 087 "2.16.840.1.113730.3.4.15"; 088 089 090 091 /** 092 * The serial version UID for this serializable class. 093 */ 094 private static final long serialVersionUID = -6315724175438820336L; 095 096 097 098 // The authorization ID string returned by the server. 099 @NotNull private final String authorizationID; 100 101 102 103 /** 104 * Creates a new empty control instance that is intended to be used only for 105 * decoding controls via the {@code DecodeableControl} interface. 106 */ 107 AuthorizationIdentityResponseControl() 108 { 109 authorizationID = null; 110 } 111 112 113 114 /** 115 * Creates a new authorization identity response control with the provided 116 * authorization ID. 117 * 118 * @param authorizationID The authorization identity associated with the 119 * client connection. It must not be {@code null}, 120 * although it may be a zero-length string to 121 * indicate that the authorization identity is the 122 * anonymous user. 123 */ 124 public AuthorizationIdentityResponseControl( 125 @NotNull final String authorizationID) 126 { 127 super(AUTHORIZATION_IDENTITY_RESPONSE_OID, false, 128 new ASN1OctetString(authorizationID)); 129 130 Validator.ensureNotNull(authorizationID); 131 132 this.authorizationID = authorizationID; 133 } 134 135 136 137 /** 138 * Creates a new authorization identity response control with the provided 139 * information. 140 * 141 * @param oid The OID for the control. 142 * @param isCritical Indicates whether the control should be marked 143 * critical. 144 * @param value The encoded value for the control. This may be 145 * {@code null} if no value was provided. 146 * 147 * @throws LDAPException If the provided control cannot be decoded as an 148 * authorization identity response control. 149 */ 150 public AuthorizationIdentityResponseControl(@NotNull final String oid, 151 final boolean isCritical, 152 @Nullable final ASN1OctetString value) 153 throws LDAPException 154 { 155 super(oid, isCritical, value); 156 157 if (value == null) 158 { 159 throw new LDAPException(ResultCode.DECODING_ERROR, 160 ERR_AUTHZID_RESPONSE_NO_VALUE.get()); 161 } 162 else 163 { 164 authorizationID = value.stringValue(); 165 } 166 } 167 168 169 170 /** 171 * {@inheritDoc} 172 */ 173 @Override() 174 @NotNull() 175 public AuthorizationIdentityResponseControl 176 decodeControl(@NotNull final String oid, final boolean isCritical, 177 @Nullable final ASN1OctetString value) 178 throws LDAPException 179 { 180 return new AuthorizationIdentityResponseControl(oid, isCritical, value); 181 } 182 183 184 185 /** 186 * Extracts an authorization identity response control from the provided 187 * result. 188 * 189 * @param result The result from which to retrieve the authorization 190 * identity response control. 191 * 192 * @return The authorization identity response control contained in the 193 * provided result, or {@code null} if the result did not contain an 194 * authorization identity response control. 195 * 196 * @throws LDAPException If a problem is encountered while attempting to 197 * decode the authorization identity response control 198 * contained in the provided result. 199 */ 200 @Nullable() 201 public static AuthorizationIdentityResponseControl get( 202 @NotNull final BindResult result) 203 throws LDAPException 204 { 205 final Control c = 206 result.getResponseControl(AUTHORIZATION_IDENTITY_RESPONSE_OID); 207 if (c == null) 208 { 209 return null; 210 } 211 212 if (c instanceof AuthorizationIdentityResponseControl) 213 { 214 return (AuthorizationIdentityResponseControl) c; 215 } 216 else 217 { 218 return new AuthorizationIdentityResponseControl(c.getOID(), 219 c.isCritical(), c.getValue()); 220 } 221 } 222 223 224 225 /** 226 * Retrieves the authorization ID string for this authorization identity 227 * response control. It may be a zero-length string if the associated 228 * authorization identity is that of the anonymous user. 229 * 230 * @return The authorization ID string for this authorization identity 231 * response control. 232 */ 233 @NotNull() 234 public String getAuthorizationID() 235 { 236 return authorizationID; 237 } 238 239 240 241 /** 242 * {@inheritDoc} 243 */ 244 @Override() 245 @NotNull() 246 public String getControlName() 247 { 248 return INFO_CONTROL_NAME_AUTHZID_RESPONSE.get(); 249 } 250 251 252 253 /** 254 * {@inheritDoc} 255 */ 256 @Override() 257 public void toString(@NotNull final StringBuilder buffer) 258 { 259 buffer.append("AuthorizationIdentityResponseControl(authorizationID='"); 260 buffer.append(authorizationID); 261 buffer.append("', isCritical="); 262 buffer.append(isCritical()); 263 buffer.append(')'); 264 } 265}