package org.opends.sdk.controls;
|
|
|
|
import static com.sun.opends.sdk.util.Messages.ERR_PROXYAUTH2_CANNOT_DECODE_VALUE;
|
import static com.sun.opends.sdk.util.Messages.ERR_PROXYAUTH2_CONTROL_NOT_CRITICAL;
|
import static com.sun.opends.sdk.util.Messages.ERR_PROXYAUTH2_NO_CONTROL_VALUE;
|
import static org.opends.sdk.util.StaticUtils.getExceptionMessage;
|
|
import java.io.IOException;
|
|
import com.sun.opends.sdk.util.Message;
|
import org.opends.sdk.DN;
|
import org.opends.sdk.DecodeException;
|
import org.opends.sdk.asn1.ASN1;
|
import org.opends.sdk.asn1.ASN1Reader;
|
import org.opends.sdk.schema.Schema;
|
import org.opends.sdk.util.ByteString;
|
import org.opends.sdk.util.StaticUtils;
|
import org.opends.sdk.util.Validator;
|
|
|
|
/**
|
* This class implements version 2 of the proxied authorization control
|
* as defined in RFC 4370. It makes it possible for one user to request
|
* that an operation be performed under the authorization of another.
|
* The target user is specified using an authorization ID, which may be
|
* in the form "dn:" immediately followed by the DN of that user, or
|
* "u:" followed by a user ID string.
|
*/
|
public class ProxiedAuthV2Control extends Control
|
{
|
/**
|
* The OID for the proxied authorization v2 control.
|
*/
|
public static final String OID_PROXIED_AUTH_V2 = "2.16.840.1.113730.3.4.18";
|
|
|
|
/**
|
* ControlDecoder implentation to decode this control from a
|
* ByteString.
|
*/
|
private static final class Decoder implements
|
ControlDecoder<ProxiedAuthV2Control>
|
{
|
/**
|
* {@inheritDoc}
|
*/
|
public ProxiedAuthV2Control decode(boolean isCritical,
|
ByteString value, Schema schema) throws DecodeException
|
{
|
if (!isCritical)
|
{
|
Message message = ERR_PROXYAUTH2_CONTROL_NOT_CRITICAL.get();
|
throw DecodeException.error(message);
|
}
|
|
if (value == null)
|
{
|
Message message = ERR_PROXYAUTH2_NO_CONTROL_VALUE.get();
|
throw DecodeException.error(message);
|
}
|
|
ASN1Reader reader = ASN1.getReader(value);
|
String authorizationID;
|
|
try
|
{
|
if (reader.elementAvailable())
|
{
|
// Try the legacy encoding where the value is wrapped by an
|
// extra octet string
|
authorizationID = reader.readOctetStringAsString();
|
}
|
else
|
{
|
authorizationID = value.toString();
|
}
|
}
|
catch (IOException e)
|
{
|
StaticUtils.DEBUG_LOG.throwing("ProxiedAuthV2Control.Decoder",
|
"decode", e);
|
|
Message message = ERR_PROXYAUTH2_CANNOT_DECODE_VALUE
|
.get(getExceptionMessage(e));
|
throw DecodeException.error(message, e);
|
}
|
|
return new ProxiedAuthV2Control(authorizationID);
|
}
|
|
|
|
public String getOID()
|
{
|
return OID_PROXIED_AUTH_V2;
|
}
|
|
}
|
|
|
|
/**
|
* The Control Decoder that can be used to decode this control.
|
*/
|
public static final ControlDecoder<ProxiedAuthV2Control> DECODER = new Decoder();
|
|
// The authorization ID from the control value.
|
private String authorizationID;
|
|
|
|
/**
|
* Creates a new instance of the proxied authorization v2 control with
|
* the provided information.
|
*
|
* @param authorizationDN
|
* The authorization DN.
|
*/
|
public ProxiedAuthV2Control(DN authorizationDN)
|
{
|
super(OID_PROXIED_AUTH_V2, true);
|
|
Validator.ensureNotNull(authorizationID);
|
this.authorizationID = "dn:" + authorizationDN.toString();
|
}
|
|
|
|
/**
|
* Creates a new instance of the proxied authorization v2 control with
|
* the provided information.
|
*
|
* @param authorizationID
|
* The authorization ID.
|
*/
|
public ProxiedAuthV2Control(String authorizationID)
|
{
|
super(OID_PROXIED_AUTH_V2, true);
|
|
Validator.ensureNotNull(authorizationID);
|
this.authorizationID = authorizationID;
|
}
|
|
|
|
/**
|
* Retrieves the authorization ID for this proxied authorization V2
|
* control.
|
*
|
* @return The authorization ID for this proxied authorization V2
|
* control.
|
*/
|
public String getAuthorizationID()
|
{
|
return authorizationID;
|
}
|
|
|
|
@Override
|
public ByteString getValue()
|
{
|
return ByteString.valueOf(authorizationID);
|
}
|
|
|
|
@Override
|
public boolean hasValue()
|
{
|
return true;
|
}
|
|
|
|
public ProxiedAuthV2Control setAuthorizationID(DN authorizationDN)
|
{
|
Validator.ensureNotNull(authorizationDN);
|
this.authorizationID = "dn:" + authorizationDN.toString();
|
return this;
|
}
|
|
|
|
public ProxiedAuthV2Control setAuthorizationID(String authorizationID)
|
{
|
Validator.ensureNotNull(authorizationID);
|
this.authorizationID = authorizationID;
|
return this;
|
}
|
|
|
|
/**
|
* Appends a string representation of this proxied auth v2 control to
|
* the provided buffer.
|
*
|
* @param buffer
|
* The buffer to which the information should be appended.
|
*/
|
@Override
|
public void toString(StringBuilder buffer)
|
{
|
buffer.append("ProxiedAuthorizationV2Control(oid=");
|
buffer.append(getOID());
|
buffer.append(", criticality=");
|
buffer.append(isCritical());
|
buffer.append(", authorizationDN=\"");
|
buffer.append(authorizationID);
|
buffer.append("\")");
|
}
|
}
|
