/*
|
* CDDL HEADER START
|
*
|
* The contents of this file are subject to the terms of the
|
* Common Development and Distribution License, Version 1.0 only
|
* (the "License"). You may not use this file except in compliance
|
* with the License.
|
*
|
* You can obtain a copy of the license at
|
* trunk/opends/resource/legal-notices/OpenDS.LICENSE
|
* or https://OpenDS.dev.java.net/OpenDS.LICENSE.
|
* See the License for the specific language governing permissions
|
* and limitations under the License.
|
*
|
* When distributing Covered Code, include this CDDL HEADER in each
|
* file and include the License file at
|
* trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
|
* add the following below this CDDL HEADER, with the fields enclosed
|
* by brackets "[]" replaced with your own identifying information:
|
* Portions Copyright [yyyy] [name of copyright owner]
|
*
|
* CDDL HEADER END
|
*
|
*
|
* Copyright 2010 Sun Microsystems, Inc.
|
*/
|
package org.opends.sdk.controls;
|
|
|
|
import static com.sun.opends.sdk.messages.Messages.*;
|
import static com.sun.opends.sdk.util.StaticUtils.getExceptionMessage;
|
|
import java.io.IOException;
|
|
import org.opends.sdk.*;
|
import org.opends.sdk.asn1.ASN1;
|
import org.opends.sdk.asn1.ASN1Reader;
|
|
import com.sun.opends.sdk.util.StaticUtils;
|
import com.sun.opends.sdk.util.Validator;
|
|
|
|
/**
|
* The proxy authorization v2 request control as defined in RFC 4370. This
|
* control allows a user to request that an operation be performed using the
|
* authorization of another user.
|
* <p>
|
* The target user is specified using an authorization ID, or {@code authzId},
|
* as defined in RFC 4513 section 5.2.1.8.
|
*
|
* @see <a href="http://tools.ietf.org/html/rfc4370">RFC 4370 - Lightweight
|
* Directory Access Protocol (LDAP) Proxied Authorization Control </a>
|
* @see <a href="http://tools.ietf.org/html/rfc4513#section-5.2.1.8">RFC 4513 -
|
* SASL Authorization Identities (authzId) </a>
|
*/
|
public final class ProxiedAuthV2RequestControl implements Control
|
{
|
/**
|
* The OID for the proxied authorization v2 control.
|
*/
|
public static final String OID = "2.16.840.1.113730.3.4.18";
|
|
private static final ProxiedAuthV2RequestControl ANONYMOUS = new ProxiedAuthV2RequestControl(
|
"");
|
|
/**
|
* A decoder which can be used for decoding the proxied authorization v2
|
* request control.
|
*/
|
public static final ControlDecoder<ProxiedAuthV2RequestControl> DECODER =
|
new ControlDecoder<ProxiedAuthV2RequestControl>()
|
{
|
|
public ProxiedAuthV2RequestControl decodeControl(final Control control,
|
final DecodeOptions options) throws DecodeException
|
{
|
Validator.ensureNotNull(control);
|
|
if (control instanceof ProxiedAuthV2RequestControl)
|
{
|
return (ProxiedAuthV2RequestControl) control;
|
}
|
|
if (!control.getOID().equals(OID))
|
{
|
final LocalizableMessage message = ERR_PROXYAUTH2_CONTROL_BAD_OID.get(
|
control.getOID(), OID);
|
throw DecodeException.error(message);
|
}
|
|
if (!control.isCritical())
|
{
|
final LocalizableMessage message = ERR_PROXYAUTH2_CONTROL_NOT_CRITICAL
|
.get();
|
throw DecodeException.error(message);
|
}
|
|
if (!control.hasValue())
|
{
|
// The response control must always have a value.
|
final LocalizableMessage message = ERR_PROXYAUTH2_NO_CONTROL_VALUE
|
.get();
|
throw DecodeException.error(message);
|
}
|
|
final ASN1Reader reader = ASN1.getReader(control.getValue());
|
String authorizationID;
|
try
|
{
|
if (reader.elementAvailable())
|
{
|
// Try the legacy encoding where the value is wrapped by an
|
// extra octet string
|
authorizationID = reader.readOctetStringAsString();
|
}
|
else
|
{
|
authorizationID = control.getValue().toString();
|
}
|
}
|
catch (final IOException e)
|
{
|
StaticUtils.DEBUG_LOG.throwing("ProxiedAuthV2RequestControl",
|
"decodeControl", e);
|
|
final LocalizableMessage message = ERR_PROXYAUTH2_CANNOT_DECODE_VALUE
|
.get(getExceptionMessage(e));
|
throw DecodeException.error(message, e);
|
}
|
|
if (authorizationID.length() == 0)
|
{
|
// Anonymous.
|
return ANONYMOUS;
|
}
|
|
final int colonIndex = authorizationID.indexOf(':');
|
if (colonIndex < 0)
|
{
|
final LocalizableMessage message = ERR_PROXYAUTH2_INVALID_AUTHZID_TYPE
|
.get(authorizationID);
|
throw DecodeException.error(message);
|
}
|
|
return new ProxiedAuthV2RequestControl(authorizationID);
|
}
|
|
|
|
public String getOID()
|
{
|
return OID;
|
}
|
};
|
|
|
|
/**
|
* Creates a new proxy authorization v2 request control with the provided
|
* authorization ID. The authorization ID usually has the form "dn:"
|
* immediately followed by the distinguished name of the user, or "u:"
|
* followed by a user ID string, but other forms are permitted.
|
*
|
* @param authorizationID
|
* The authorization ID of the user whose authorization is to be used
|
* when performing the operation.
|
* @return The new control.
|
* @throws LocalizedIllegalArgumentException
|
* If {@code authorizationID} was non-empty and did not contain a
|
* valid authorization ID type.
|
* @throws NullPointerException
|
* If {@code authorizationName} was {@code null}.
|
*/
|
public static final ProxiedAuthV2RequestControl newControl(
|
final String authorizationID) throws LocalizedIllegalArgumentException,
|
NullPointerException
|
{
|
if (authorizationID.length() == 0)
|
{
|
// Anonymous.
|
return ANONYMOUS;
|
}
|
|
final int colonIndex = authorizationID.indexOf(':');
|
if (colonIndex < 0)
|
{
|
final LocalizableMessage message = ERR_PROXYAUTH2_INVALID_AUTHZID_TYPE
|
.get(authorizationID);
|
throw new LocalizedIllegalArgumentException(message);
|
}
|
|
return new ProxiedAuthV2RequestControl(authorizationID);
|
}
|
|
|
|
// The authorization ID from the control value.
|
private final String authorizationID;
|
|
|
|
private ProxiedAuthV2RequestControl(final String authorizationID)
|
{
|
this.authorizationID = authorizationID;
|
}
|
|
|
|
/**
|
* Returns the authorization ID of the user whose authorization is to be used
|
* when performing the operation. The authorization ID usually has the form
|
* "dn:" immediately followed by the distinguished name of the user, or "u:"
|
* followed by a user ID string, but other forms are permitted.
|
*
|
* @return The authorization ID of the user whose authorization is to be used
|
* when performing the operation.
|
*/
|
public String getAuthorizationID()
|
{
|
return authorizationID;
|
}
|
|
|
|
/**
|
* {@inheritDoc}
|
*/
|
public String getOID()
|
{
|
return OID;
|
}
|
|
|
|
/**
|
* {@inheritDoc}
|
*/
|
public ByteString getValue()
|
{
|
return ByteString.valueOf(authorizationID);
|
}
|
|
|
|
/**
|
* {@inheritDoc}
|
*/
|
public boolean hasValue()
|
{
|
return true;
|
}
|
|
|
|
/**
|
* {@inheritDoc}
|
*/
|
public boolean isCritical()
|
{
|
return true;
|
}
|
|
|
|
/**
|
* {@inheritDoc}
|
*/
|
@Override
|
public String toString()
|
{
|
final StringBuilder builder = new StringBuilder();
|
builder.append("ProxiedAuthorizationV2Control(oid=");
|
builder.append(getOID());
|
builder.append(", criticality=");
|
builder.append(isCritical());
|
builder.append(", authorizationID=\"");
|
builder.append(authorizationID);
|
builder.append("\")");
|
return builder.toString();
|
}
|
}
|
