001/* 002 * Copyright 2008-2020 Ping Identity Corporation 003 * All Rights Reserved. 004 */ 005/* 006 * Copyright 2008-2020 Ping Identity Corporation 007 * 008 * Licensed under the Apache License, Version 2.0 (the "License"); 009 * you may not use this file except in compliance with the License. 010 * You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, software 015 * distributed under the License is distributed on an "AS IS" BASIS, 016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 017 * See the License for the specific language governing permissions and 018 * limitations under the License. 019 */ 020/* 021 * Copyright (C) 2015-2020 Ping Identity Corporation 022 * 023 * This program is free software; you can redistribute it and/or modify 024 * it under the terms of the GNU General Public License (GPLv2 only) 025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only) 026 * as published by the Free Software Foundation. 027 * 028 * This program is distributed in the hope that it will be useful, 029 * but WITHOUT ANY WARRANTY; without even the implied warranty of 030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 031 * GNU General Public License for more details. 032 * 033 * You should have received a copy of the GNU General Public License 034 * along with this program; if not, see <http://www.gnu.org/licenses>. 035 */ 036package com.unboundid.ldap.sdk.unboundidds.extensions; 037 038 039 040import java.util.ArrayList; 041import java.util.Collection; 042import java.util.Collections; 043import java.util.Date; 044import java.util.Iterator; 045import java.util.List; 046 047import com.unboundid.asn1.ASN1Element; 048import com.unboundid.asn1.ASN1Enumerated; 049import com.unboundid.asn1.ASN1OctetString; 050import com.unboundid.asn1.ASN1Sequence; 051import com.unboundid.ldap.sdk.Control; 052import com.unboundid.ldap.sdk.ExtendedResult; 053import com.unboundid.ldap.sdk.LDAPException; 054import com.unboundid.ldap.sdk.ResultCode; 055import com.unboundid.util.Debug; 056import com.unboundid.util.NotMutable; 057import com.unboundid.util.StaticUtils; 058import com.unboundid.util.ThreadSafety; 059import com.unboundid.util.ThreadSafetyLevel; 060 061import static com.unboundid.ldap.sdk.unboundidds.extensions.ExtOpMessages.*; 062 063 064 065/** 066 * This class provides an implementation of an extended result that holds 067 * information about the response returned from a 068 * {@link GetSubtreeAccessibilityExtendedRequest}. 069 * <BR> 070 * <BLOCKQUOTE> 071 * <B>NOTE:</B> This class, and other classes within the 072 * {@code com.unboundid.ldap.sdk.unboundidds} package structure, are only 073 * supported for use against Ping Identity, UnboundID, and 074 * Nokia/Alcatel-Lucent 8661 server products. These classes provide support 075 * for proprietary functionality or for external specifications that are not 076 * considered stable or mature enough to be guaranteed to work in an 077 * interoperable way with other types of LDAP servers. 078 * </BLOCKQUOTE> 079 * <BR> 080 * It has an OID of 1.3.6.1.4.1.30221.1.6.21, and successful responses will have 081 * a value with the following encoding: 082 * <BR><BR> 083 * <PRE> 084 * GetSubtreeAccessibilityResultValue ::= SEQUENCE OF SEQUENCE { 085 * subtreeBaseDN [0] LDAPDN, 086 * subtreeAccessibility [1] ENUMERATED { 087 * accessible (0), 088 * read-only-bind-allowed (1), 089 * read-only-bind-denied (2), 090 * hidden (3), 091 * ... }, 092 * bypassUserDN [2] LDAPDN OPTIONAL, 093 * effectiveTime [3] OCTET STRING, 094 * ... } 095 * </PRE> 096 */ 097@NotMutable() 098@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE) 099public final class GetSubtreeAccessibilityExtendedResult 100 extends ExtendedResult 101{ 102 /** 103 * The OID (1.3.6.1.4.1.30221.1.6.21) for the get subtree accessibility 104 * extended result. 105 */ 106 public static final String GET_SUBTREE_ACCESSIBILITY_RESULT_OID = 107 "1.3.6.1.4.1.30221.1.6.21"; 108 109 110 111 /** 112 * The BER type for the element that holds the base DN for a subtree 113 * accessibility restriction. 114 */ 115 private static final byte TYPE_BASE_DN = (byte) 0x80; 116 117 118 119 /** 120 * The BER type for the element that holds the accessibility state for a 121 * subtree accessibility restriction. 122 */ 123 private static final byte TYPE_STATE = (byte) 0x81; 124 125 126 127 /** 128 * The BER type for the element that holds the bypass user DN for a subtree 129 * accessibility restriction. 130 */ 131 private static final byte TYPE_BYPASS_USER = (byte) 0x82; 132 133 134 135 /** 136 * The BER type for the element that holds the effective time for a subtree 137 * accessibility restriction. 138 */ 139 private static final byte TYPE_EFFECTIVE_TIME = (byte) 0x83; 140 141 142 143 /** 144 * The serial version UID for this serializable class. 145 */ 146 private static final long serialVersionUID = -3163306122775326749L; 147 148 149 150 // A list of the subtree accessibility restrictions defined in the server. 151 private final List<SubtreeAccessibilityRestriction> accessibilityRestrictions; 152 153 154 155 /** 156 * Creates a new get subtree accessibility extended result from the provided 157 * generic extended result. 158 * 159 * @param extendedResult The generic extended result to be decoded. 160 * 161 * @throws LDAPException If a problem occurs while attempting to decode the 162 * provided extended result as a get connection ID 163 * result. 164 */ 165 public GetSubtreeAccessibilityExtendedResult( 166 final ExtendedResult extendedResult) 167 throws LDAPException 168 { 169 super(extendedResult); 170 171 final ASN1OctetString value = extendedResult.getValue(); 172 if (value == null) 173 { 174 accessibilityRestrictions = null; 175 return; 176 } 177 178 try 179 { 180 final ASN1Element[] restrictionElements = 181 ASN1Sequence.decodeAsSequence(value.getValue()).elements(); 182 final ArrayList<SubtreeAccessibilityRestriction> restrictionList = 183 new ArrayList<>(restrictionElements.length); 184 185 for (final ASN1Element e : restrictionElements) 186 { 187 String baseDN = null; 188 SubtreeAccessibilityState state = null; 189 String bypassDN = null; 190 Date effectiveTime = null; 191 192 for (final ASN1Element re : ASN1Sequence.decodeAsSequence(e).elements()) 193 { 194 switch (re.getType()) 195 { 196 case TYPE_BASE_DN: 197 baseDN = ASN1OctetString.decodeAsOctetString(re).stringValue(); 198 break; 199 case TYPE_STATE: 200 state = SubtreeAccessibilityState.valueOf( 201 ASN1Enumerated.decodeAsEnumerated(re).intValue()); 202 if (state == null) 203 { 204 throw new LDAPException(ResultCode.DECODING_ERROR, 205 ERR_GET_SUBTREE_ACCESSIBILITY_RESULT_UNEXPECTED_STATE.get( 206 ASN1Enumerated.decodeAsEnumerated(re).intValue())); 207 } 208 break; 209 case TYPE_BYPASS_USER: 210 bypassDN = ASN1OctetString.decodeAsOctetString(re).stringValue(); 211 break; 212 case TYPE_EFFECTIVE_TIME: 213 effectiveTime = StaticUtils.decodeGeneralizedTime( 214 ASN1OctetString.decodeAsOctetString(re).stringValue()); 215 break; 216 default: 217 throw new LDAPException(ResultCode.DECODING_ERROR, 218 ERR_GET_SUBTREE_ACCESSIBILITY_RESULT_UNEXPECTED_TYPE.get( 219 StaticUtils.toHex(re.getType()))); 220 } 221 } 222 223 if (baseDN == null) 224 { 225 throw new LDAPException(ResultCode.DECODING_ERROR, 226 ERR_GET_SUBTREE_ACCESSIBILITY_RESULT_MISSING_BASE.get()); 227 } 228 229 if (state == null) 230 { 231 throw new LDAPException(ResultCode.DECODING_ERROR, 232 ERR_GET_SUBTREE_ACCESSIBILITY_RESULT_MISSING_STATE.get()); 233 } 234 235 if (effectiveTime == null) 236 { 237 throw new LDAPException(ResultCode.DECODING_ERROR, 238 ERR_GET_SUBTREE_ACCESSIBILITY_RESULT_MISSING_TIME.get()); 239 } 240 241 restrictionList.add(new SubtreeAccessibilityRestriction(baseDN, state, 242 bypassDN, effectiveTime)); 243 } 244 245 accessibilityRestrictions = Collections.unmodifiableList(restrictionList); 246 } 247 catch (final LDAPException le) 248 { 249 Debug.debugException(le); 250 throw le; 251 } 252 catch (final Exception e) 253 { 254 Debug.debugException(e); 255 throw new LDAPException(ResultCode.DECODING_ERROR, 256 ERR_GET_SUBTREE_ACCESSIBILITY_RESULT_DECODE_ERROR.get( 257 StaticUtils.getExceptionMessage(e)), 258 e); 259 } 260 } 261 262 263 264 /** 265 * Creates a new get subtree accessibility extended result with the provided 266 * information. 267 * 268 * @param messageID The message ID for the LDAP message that is 269 * associated with this LDAP result. 270 * @param resultCode The result code from the response. 271 * @param diagnosticMessage The diagnostic message from the response, if 272 * available. 273 * @param matchedDN The matched DN from the response, if available. 274 * @param referralURLs The set of referral URLs from the response, if 275 * available. 276 * @param restrictions The set of subtree accessibility restrictions 277 * to include in the response. It may be 278 * {@code null} if this represents an error 279 * response, or it may be empty if there are no 280 * subtree accessibility restrictions defined in 281 * the server. 282 * @param responseControls The set of controls from the response, if 283 * available. 284 */ 285 public GetSubtreeAccessibilityExtendedResult(final int messageID, 286 final ResultCode resultCode, final String diagnosticMessage, 287 final String matchedDN, final String[] referralURLs, 288 final Collection<SubtreeAccessibilityRestriction> restrictions, 289 final Control... responseControls) 290 { 291 super(messageID, resultCode, diagnosticMessage, matchedDN, referralURLs, 292 null, encodeValue(restrictions), responseControls); 293 294 if (restrictions == null) 295 { 296 accessibilityRestrictions = null; 297 } 298 else 299 { 300 accessibilityRestrictions = Collections.unmodifiableList( 301 new ArrayList<>(restrictions)); 302 } 303 } 304 305 306 307 /** 308 * Encodes the value for this extended result using the provided information. 309 * 310 * @param restrictions The set of subtree accessibility restrictions to 311 * include in the response. It may be {@code null} if 312 * this represents an error response, or it may be empty 313 * if there are no subtree accessibility restrictions 314 * defined in the server. 315 * 316 * @return An ASN.1 octet string containing the properly-encoded value, or 317 * {@code null} if there should be no value. 318 */ 319 private static ASN1OctetString encodeValue( 320 final Collection<SubtreeAccessibilityRestriction> restrictions) 321 { 322 if (restrictions == null) 323 { 324 return null; 325 } 326 327 final ArrayList<ASN1Element> elements = 328 new ArrayList<>(restrictions.size()); 329 for (final SubtreeAccessibilityRestriction r : restrictions) 330 { 331 final ArrayList<ASN1Element> restrictionElements = new ArrayList<>(4); 332 restrictionElements.add(new ASN1OctetString(TYPE_BASE_DN, 333 r.getSubtreeBaseDN())); 334 restrictionElements.add(new ASN1Enumerated(TYPE_STATE, 335 r.getAccessibilityState().intValue())); 336 337 if (r.getBypassUserDN() != null) 338 { 339 restrictionElements.add(new ASN1OctetString(TYPE_BYPASS_USER, 340 r.getBypassUserDN())); 341 } 342 343 restrictionElements.add(new ASN1OctetString(TYPE_EFFECTIVE_TIME, 344 StaticUtils.encodeGeneralizedTime(r.getEffectiveTime()))); 345 346 elements.add(new ASN1Sequence(restrictionElements)); 347 } 348 349 return new ASN1OctetString(new ASN1Sequence(elements).encode()); 350 } 351 352 353 354 /** 355 * Retrieves a list of the subtree accessibility restrictions defined in the 356 * server. 357 * 358 * @return A list of the subtree accessibility restrictions defined in the 359 * server, an empty list if there are no restrictions defined, or 360 * {@code null} if no restriction data was included in the response 361 * from the server (e.g., because it was an error response). 362 */ 363 public List<SubtreeAccessibilityRestriction> getAccessibilityRestrictions() 364 { 365 return accessibilityRestrictions; 366 } 367 368 369 370 /** 371 * {@inheritDoc} 372 */ 373 @Override() 374 public String getExtendedResultName() 375 { 376 return INFO_EXTENDED_RESULT_NAME_GET_SUBTREE_ACCESSIBILITY.get(); 377 } 378 379 380 381 /** 382 * {@inheritDoc} 383 */ 384 @Override() 385 public void toString(final StringBuilder buffer) 386 { 387 buffer.append("GetSubtreeAccessibilityExtendedResult(resultCode="); 388 buffer.append(getResultCode()); 389 390 final int messageID = getMessageID(); 391 if (messageID >= 0) 392 { 393 buffer.append(", messageID="); 394 buffer.append(messageID); 395 } 396 397 final String diagnosticMessage = getDiagnosticMessage(); 398 if (diagnosticMessage != null) 399 { 400 buffer.append(", diagnosticMessage='"); 401 buffer.append(diagnosticMessage); 402 buffer.append('\''); 403 } 404 405 final String matchedDN = getMatchedDN(); 406 if (matchedDN != null) 407 { 408 buffer.append(", matchedDN='"); 409 buffer.append(matchedDN); 410 buffer.append('\''); 411 } 412 413 final String[] referralURLs = getReferralURLs(); 414 if ((referralURLs != null) && (referralURLs.length > 0)) 415 { 416 buffer.append(", referralURLs={ '"); 417 for (int i=0; i < referralURLs.length; i++) 418 { 419 if (i > 0) 420 { 421 buffer.append("', '"); 422 } 423 buffer.append(referralURLs[i]); 424 } 425 426 buffer.append("' }"); 427 } 428 429 if (accessibilityRestrictions != null) 430 { 431 buffer.append(", accessibilityRestrictions={"); 432 433 final Iterator<SubtreeAccessibilityRestriction> iterator = 434 accessibilityRestrictions.iterator(); 435 while (iterator.hasNext()) 436 { 437 iterator.next().toString(buffer); 438 if (iterator.hasNext()) 439 { 440 buffer.append(", "); 441 } 442 } 443 444 buffer.append('}'); 445 } 446 447 final Control[] controls = getResponseControls(); 448 if (controls.length > 0) 449 { 450 buffer.append(", controls={"); 451 for (int i=0; i < controls.length; i++) 452 { 453 if (i > 0) 454 { 455 buffer.append(", "); 456 } 457 458 buffer.append(controls[i]); 459 } 460 buffer.append('}'); 461 } 462 463 buffer.append(')'); 464 } 465}