001/*
002 * Copyright 2008-2020 Ping Identity Corporation
003 * All Rights Reserved.
004 */
005/*
006 * Copyright 2008-2020 Ping Identity Corporation
007 *
008 * Licensed under the Apache License, Version 2.0 (the "License");
009 * you may not use this file except in compliance with the License.
010 * You may obtain a copy of the License at
011 *
012 *    http://www.apache.org/licenses/LICENSE-2.0
013 *
014 * Unless required by applicable law or agreed to in writing, software
015 * distributed under the License is distributed on an "AS IS" BASIS,
016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
017 * See the License for the specific language governing permissions and
018 * limitations under the License.
019 */
020/*
021 * Copyright (C) 2015-2020 Ping Identity Corporation
022 *
023 * This program is free software; you can redistribute it and/or modify
024 * it under the terms of the GNU General Public License (GPLv2 only)
025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
026 * as published by the Free Software Foundation.
027 *
028 * This program is distributed in the hope that it will be useful,
029 * but WITHOUT ANY WARRANTY; without even the implied warranty of
030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
031 * GNU General Public License for more details.
032 *
033 * You should have received a copy of the GNU General Public License
034 * along with this program; if not, see <http://www.gnu.org/licenses>.
035 */
036package com.unboundid.ldap.sdk.unboundidds.extensions;
037
038
039
040import java.util.ArrayList;
041import java.util.Collection;
042import java.util.Collections;
043import java.util.Date;
044import java.util.Iterator;
045import java.util.List;
046
047import com.unboundid.asn1.ASN1Element;
048import com.unboundid.asn1.ASN1Enumerated;
049import com.unboundid.asn1.ASN1OctetString;
050import com.unboundid.asn1.ASN1Sequence;
051import com.unboundid.ldap.sdk.Control;
052import com.unboundid.ldap.sdk.ExtendedResult;
053import com.unboundid.ldap.sdk.LDAPException;
054import com.unboundid.ldap.sdk.ResultCode;
055import com.unboundid.util.Debug;
056import com.unboundid.util.NotMutable;
057import com.unboundid.util.StaticUtils;
058import com.unboundid.util.ThreadSafety;
059import com.unboundid.util.ThreadSafetyLevel;
060
061import static com.unboundid.ldap.sdk.unboundidds.extensions.ExtOpMessages.*;
062
063
064
065/**
066 * This class provides an implementation of an extended result that holds
067 * information about the response returned from a
068 * {@link GetSubtreeAccessibilityExtendedRequest}.
069 * <BR>
070 * <BLOCKQUOTE>
071 *   <B>NOTE:</B>  This class, and other classes within the
072 *   {@code com.unboundid.ldap.sdk.unboundidds} package structure, are only
073 *   supported for use against Ping Identity, UnboundID, and
074 *   Nokia/Alcatel-Lucent 8661 server products.  These classes provide support
075 *   for proprietary functionality or for external specifications that are not
076 *   considered stable or mature enough to be guaranteed to work in an
077 *   interoperable way with other types of LDAP servers.
078 * </BLOCKQUOTE>
079 * <BR>
080 * It has an OID of 1.3.6.1.4.1.30221.1.6.21, and successful responses will have
081 * a value with the following encoding:
082 * <BR><BR>
083 * <PRE>
084 *   GetSubtreeAccessibilityResultValue ::= SEQUENCE OF SEQUENCE {
085 *        subtreeBaseDN            [0] LDAPDN,
086 *        subtreeAccessibility     [1] ENUMERATED {
087 *             accessible                 (0),
088 *             read-only-bind-allowed     (1),
089 *             read-only-bind-denied      (2),
090 *             hidden                     (3),
091 *             ... },
092 *        bypassUserDN             [2] LDAPDN OPTIONAL,
093 *        effectiveTime            [3] OCTET STRING,
094 *        ... }
095 * </PRE>
096 */
097@NotMutable()
098@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE)
099public final class GetSubtreeAccessibilityExtendedResult
100       extends ExtendedResult
101{
102  /**
103   * The OID (1.3.6.1.4.1.30221.1.6.21) for the get subtree accessibility
104   * extended result.
105   */
106  public static final String GET_SUBTREE_ACCESSIBILITY_RESULT_OID =
107       "1.3.6.1.4.1.30221.1.6.21";
108
109
110
111  /**
112   * The BER type for the element that holds the base DN for a subtree
113   * accessibility restriction.
114   */
115  private static final byte TYPE_BASE_DN = (byte) 0x80;
116
117
118
119  /**
120   * The BER type for the element that holds the accessibility state for a
121   * subtree accessibility restriction.
122   */
123  private static final byte TYPE_STATE = (byte) 0x81;
124
125
126
127  /**
128   * The BER type for the element that holds the bypass user DN for a subtree
129   * accessibility restriction.
130   */
131  private static final byte TYPE_BYPASS_USER = (byte) 0x82;
132
133
134
135  /**
136   * The BER type for the element that holds the effective time for a subtree
137   * accessibility restriction.
138   */
139  private static final byte TYPE_EFFECTIVE_TIME = (byte) 0x83;
140
141
142
143  /**
144   * The serial version UID for this serializable class.
145   */
146  private static final long serialVersionUID = -3163306122775326749L;
147
148
149
150  // A list of the subtree accessibility restrictions defined in the server.
151  private final List<SubtreeAccessibilityRestriction> accessibilityRestrictions;
152
153
154
155  /**
156   * Creates a new get subtree accessibility extended result from the provided
157   * generic extended result.
158   *
159   * @param  extendedResult  The generic extended result to be decoded.
160   *
161   * @throws  LDAPException  If a problem occurs while attempting to decode the
162   *                         provided extended result as a get connection ID
163   *                         result.
164   */
165  public GetSubtreeAccessibilityExtendedResult(
166              final ExtendedResult extendedResult)
167         throws LDAPException
168  {
169    super(extendedResult);
170
171    final ASN1OctetString value = extendedResult.getValue();
172    if (value == null)
173    {
174      accessibilityRestrictions = null;
175      return;
176    }
177
178    try
179    {
180      final ASN1Element[] restrictionElements =
181           ASN1Sequence.decodeAsSequence(value.getValue()).elements();
182      final ArrayList<SubtreeAccessibilityRestriction> restrictionList =
183           new ArrayList<>(restrictionElements.length);
184
185      for (final ASN1Element e : restrictionElements)
186      {
187        String baseDN = null;
188        SubtreeAccessibilityState state = null;
189        String bypassDN = null;
190        Date effectiveTime = null;
191
192        for (final ASN1Element re : ASN1Sequence.decodeAsSequence(e).elements())
193        {
194          switch (re.getType())
195          {
196            case TYPE_BASE_DN:
197              baseDN = ASN1OctetString.decodeAsOctetString(re).stringValue();
198              break;
199            case TYPE_STATE:
200              state = SubtreeAccessibilityState.valueOf(
201                   ASN1Enumerated.decodeAsEnumerated(re).intValue());
202              if (state == null)
203              {
204                throw new LDAPException(ResultCode.DECODING_ERROR,
205                     ERR_GET_SUBTREE_ACCESSIBILITY_RESULT_UNEXPECTED_STATE.get(
206                          ASN1Enumerated.decodeAsEnumerated(re).intValue()));
207              }
208              break;
209            case TYPE_BYPASS_USER:
210              bypassDN = ASN1OctetString.decodeAsOctetString(re).stringValue();
211              break;
212            case TYPE_EFFECTIVE_TIME:
213              effectiveTime = StaticUtils.decodeGeneralizedTime(
214                   ASN1OctetString.decodeAsOctetString(re).stringValue());
215              break;
216            default:
217              throw new LDAPException(ResultCode.DECODING_ERROR,
218                   ERR_GET_SUBTREE_ACCESSIBILITY_RESULT_UNEXPECTED_TYPE.get(
219                        StaticUtils.toHex(re.getType())));
220          }
221        }
222
223        if (baseDN == null)
224        {
225          throw new LDAPException(ResultCode.DECODING_ERROR,
226               ERR_GET_SUBTREE_ACCESSIBILITY_RESULT_MISSING_BASE.get());
227        }
228
229        if (state == null)
230        {
231          throw new LDAPException(ResultCode.DECODING_ERROR,
232               ERR_GET_SUBTREE_ACCESSIBILITY_RESULT_MISSING_STATE.get());
233        }
234
235        if (effectiveTime == null)
236        {
237          throw new LDAPException(ResultCode.DECODING_ERROR,
238               ERR_GET_SUBTREE_ACCESSIBILITY_RESULT_MISSING_TIME.get());
239        }
240
241        restrictionList.add(new SubtreeAccessibilityRestriction(baseDN, state,
242             bypassDN, effectiveTime));
243      }
244
245      accessibilityRestrictions = Collections.unmodifiableList(restrictionList);
246    }
247    catch (final LDAPException le)
248    {
249      Debug.debugException(le);
250      throw le;
251    }
252    catch (final Exception e)
253    {
254      Debug.debugException(e);
255      throw new LDAPException(ResultCode.DECODING_ERROR,
256           ERR_GET_SUBTREE_ACCESSIBILITY_RESULT_DECODE_ERROR.get(
257                StaticUtils.getExceptionMessage(e)),
258           e);
259    }
260  }
261
262
263
264  /**
265   * Creates a new get subtree accessibility extended result with the provided
266   * information.
267   *
268   * @param  messageID          The message ID for the LDAP message that is
269   *                            associated with this LDAP result.
270   * @param  resultCode         The result code from the response.
271   * @param  diagnosticMessage  The diagnostic message from the response, if
272   *                            available.
273   * @param  matchedDN          The matched DN from the response, if available.
274   * @param  referralURLs       The set of referral URLs from the response, if
275   *                            available.
276   * @param  restrictions       The set of subtree accessibility restrictions
277   *                            to include in the response.  It may be
278   *                            {@code null} if this represents an error
279   *                            response, or it may be empty if there are no
280   *                            subtree accessibility restrictions defined in
281   *                            the server.
282   * @param  responseControls   The set of controls from the response, if
283   *                            available.
284   */
285  public GetSubtreeAccessibilityExtendedResult(final int messageID,
286              final ResultCode resultCode, final String diagnosticMessage,
287              final String matchedDN, final String[] referralURLs,
288              final Collection<SubtreeAccessibilityRestriction> restrictions,
289              final Control... responseControls)
290  {
291    super(messageID, resultCode, diagnosticMessage, matchedDN, referralURLs,
292          null, encodeValue(restrictions), responseControls);
293
294    if (restrictions == null)
295    {
296      accessibilityRestrictions = null;
297    }
298    else
299    {
300      accessibilityRestrictions = Collections.unmodifiableList(
301           new ArrayList<>(restrictions));
302    }
303  }
304
305
306
307  /**
308   * Encodes the value for this extended result using the provided information.
309   *
310   * @param  restrictions  The set of subtree accessibility restrictions to
311   *                       include in the response.  It may be {@code null} if
312   *                       this represents an error response, or it may be empty
313   *                       if there are no subtree accessibility restrictions
314   *                       defined in the server.
315   *
316   * @return  An ASN.1 octet string containing the properly-encoded value, or
317   *          {@code null} if there should be no value.
318   */
319  private static ASN1OctetString encodeValue(
320               final Collection<SubtreeAccessibilityRestriction> restrictions)
321  {
322    if (restrictions == null)
323    {
324      return null;
325    }
326
327    final ArrayList<ASN1Element> elements =
328         new ArrayList<>(restrictions.size());
329    for (final SubtreeAccessibilityRestriction r : restrictions)
330    {
331      final ArrayList<ASN1Element> restrictionElements = new ArrayList<>(4);
332      restrictionElements.add(new ASN1OctetString(TYPE_BASE_DN,
333           r.getSubtreeBaseDN()));
334      restrictionElements.add(new ASN1Enumerated(TYPE_STATE,
335           r.getAccessibilityState().intValue()));
336
337      if (r.getBypassUserDN() != null)
338      {
339        restrictionElements.add(new ASN1OctetString(TYPE_BYPASS_USER,
340             r.getBypassUserDN()));
341      }
342
343      restrictionElements.add(new ASN1OctetString(TYPE_EFFECTIVE_TIME,
344           StaticUtils.encodeGeneralizedTime(r.getEffectiveTime())));
345
346      elements.add(new ASN1Sequence(restrictionElements));
347    }
348
349    return new ASN1OctetString(new ASN1Sequence(elements).encode());
350  }
351
352
353
354  /**
355   * Retrieves a list of the subtree accessibility restrictions defined in the
356   * server.
357   *
358   * @return  A list of the subtree accessibility restrictions defined in the
359   *          server, an empty list if there are no restrictions defined, or
360   *          {@code null} if no restriction data was included in the response
361   *          from the server (e.g., because it was an error response).
362   */
363  public List<SubtreeAccessibilityRestriction> getAccessibilityRestrictions()
364  {
365    return accessibilityRestrictions;
366  }
367
368
369
370  /**
371   * {@inheritDoc}
372   */
373  @Override()
374  public String getExtendedResultName()
375  {
376    return INFO_EXTENDED_RESULT_NAME_GET_SUBTREE_ACCESSIBILITY.get();
377  }
378
379
380
381  /**
382   * {@inheritDoc}
383   */
384  @Override()
385  public void toString(final StringBuilder buffer)
386  {
387    buffer.append("GetSubtreeAccessibilityExtendedResult(resultCode=");
388    buffer.append(getResultCode());
389
390    final int messageID = getMessageID();
391    if (messageID >= 0)
392    {
393      buffer.append(", messageID=");
394      buffer.append(messageID);
395    }
396
397    final String diagnosticMessage = getDiagnosticMessage();
398    if (diagnosticMessage != null)
399    {
400      buffer.append(", diagnosticMessage='");
401      buffer.append(diagnosticMessage);
402      buffer.append('\'');
403    }
404
405    final String matchedDN = getMatchedDN();
406    if (matchedDN != null)
407    {
408      buffer.append(", matchedDN='");
409      buffer.append(matchedDN);
410      buffer.append('\'');
411    }
412
413    final String[] referralURLs = getReferralURLs();
414    if ((referralURLs != null) && (referralURLs.length > 0))
415    {
416      buffer.append(", referralURLs={ '");
417      for (int i=0; i < referralURLs.length; i++)
418      {
419        if (i > 0)
420        {
421          buffer.append("', '");
422        }
423        buffer.append(referralURLs[i]);
424      }
425
426      buffer.append("' }");
427    }
428
429    if (accessibilityRestrictions != null)
430    {
431      buffer.append(", accessibilityRestrictions={");
432
433      final Iterator<SubtreeAccessibilityRestriction> iterator =
434           accessibilityRestrictions.iterator();
435      while (iterator.hasNext())
436      {
437        iterator.next().toString(buffer);
438        if (iterator.hasNext())
439        {
440          buffer.append(", ");
441        }
442      }
443
444      buffer.append('}');
445    }
446
447    final Control[] controls = getResponseControls();
448    if (controls.length > 0)
449    {
450      buffer.append(", controls={");
451      for (int i=0; i < controls.length; i++)
452      {
453        if (i > 0)
454        {
455          buffer.append(", ");
456        }
457
458        buffer.append(controls[i]);
459      }
460      buffer.append('}');
461    }
462
463    buffer.append(')');
464  }
465}