All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.unboundid.ldap.sdk.unboundidds.extensions.SetSubtreeAccessibilityExtendedRequest Maven / Gradle / Ivy

/*
 * Copyright 2012-2017 UnboundID Corp.
 * All Rights Reserved.
 */
/*
 * Copyright (C) 2015-2017 UnboundID Corp.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License (GPLv2 only)
 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, see .
 */
package com.unboundid.ldap.sdk.unboundidds.extensions;



import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;

import com.unboundid.asn1.ASN1Element;
import com.unboundid.asn1.ASN1Enumerated;
import com.unboundid.asn1.ASN1OctetString;
import com.unboundid.asn1.ASN1Sequence;
import com.unboundid.ldap.sdk.Control;
import com.unboundid.ldap.sdk.ExtendedRequest;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.ResultCode;
import com.unboundid.util.Debug;
import com.unboundid.util.NotMutable;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import com.unboundid.util.Validator;

import static com.unboundid.ldap.sdk.unboundidds.extensions.ExtOpMessages.*;



/**
 * This class provides an implementation of an extended request that may be used
 * to set the accessibility of one or more subtrees in the Ping Identity,
 * UnboundID, or Alcatel-Lucent 8661 Directory Server.  It may be used to
 * indicate that a specified set of entries and all their subordinates should be
 * invisible or read-only, or to restore it to full accessibility.
 * 
*
* NOTE: This class is part of the Commercial Edition of the UnboundID * LDAP SDK for Java. It is not available for use in applications that * include only the Standard Edition of the LDAP SDK, and is not supported for * use in conjunction with non-UnboundID products. *
*
* The OID for this request is 1.3.6.1.4.1.30221.2.6.19, and the * value must have the encoding specified below. Note that the initial * specification for this extended request only allowed for the specification of * a single subtree, whereas it is now possible to affect the accessibility of * multiple subtrees in a single request. In order to preserve compatibility * with the original encoding, if there is more than one target subtree, then * the first subtree must be specified as the first element in the value * sequence and the remaining subtrees must be specified in the * additionalSubtreeBaseDNs element. *

*
 *   SetSubtreeAccessibilityRequestValue ::= SEQUENCE {
 *        subtreeBaseDN                LDAPDN,
 *        subtreeAccessibility         ENUMERATED {
 *             accessible                 (0),
 *             read-only-bind-allowed     (1),
 *             read-only-bind-denied      (2),
 *             hidden                     (3),
 *             ... },
 *        bypassUserDN                 [0] LDAPDN OPTIONAL,
 *        additionalSubtreeBaseDNs     [1] SEQUENCE OF LDAPDN OPTIONAL,
 *        ... }
 * 
*/ @NotMutable() @ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE) public final class SetSubtreeAccessibilityExtendedRequest extends ExtendedRequest { /** * The OID (1.3.6.1.4.1.30221.2.6.19) for the set subtree accessibility * extended request. */ public static final String SET_SUBTREE_ACCESSIBILITY_REQUEST_OID = "1.3.6.1.4.1.30221.2.6.19"; /** * The BER type for the bypass user DN element of the request. */ private static final byte TYPE_BYPASS_USER_DN = (byte) 0x80; /** * The BER type for the set of additional subtree base DNs. */ private static final byte TYPE_ADDITIONAL_SUBTREE_BASE_DNS = (byte) 0xA1; /** * The serial version UID for this serializable class. */ private static final long serialVersionUID = -3003738735546060245L; // The set of subtree base DNs included in the request. private final List subtreeBaseDNs; // The DN of a user who will be exempted from the restrictions. This is not // applicable for a subtree accessibility of ACCESSIBLE. private final String bypassUserDN; // The accessibility state to use for the target subtrees. private final SubtreeAccessibilityState accessibilityState; /** * Creates a new set subtree accessibility extended request with the provided * information. * * @param subtreeBaseDNs The set of base DNs for the target subtree. * It must not be {@code null} or empty. * @param accessibilityState The accessibility state to use for the target * subtrees. * @param bypassUserDN The DN of a user that will be allowed to bypass * restrictions on the target subtrees. * @param controls The set of controls to include in the request. */ private SetSubtreeAccessibilityExtendedRequest( final Collection subtreeBaseDNs, final SubtreeAccessibilityState accessibilityState, final String bypassUserDN, final Control... controls) { super(SET_SUBTREE_ACCESSIBILITY_REQUEST_OID, encodeValue(subtreeBaseDNs, accessibilityState, bypassUserDN), controls); this.subtreeBaseDNs = Collections.unmodifiableList( new ArrayList(subtreeBaseDNs)); this.accessibilityState = accessibilityState; this.bypassUserDN = bypassUserDN; } /** * Encodes the provided information for use as the extended request value. * * @param subtreeBaseDNs The set of base DNs for the target subtrees. * It must not be {@code null} or empty. * @param accessibilityState The accessibility state to use for the target * subtrees. * @param bypassUserDN The DN of a user that will be allowed to bypass * restrictions on the target subtrees. * * @return An ASN.1 octet string containing the encoded value. */ private static ASN1OctetString encodeValue( final Collection subtreeBaseDNs, final SubtreeAccessibilityState accessibilityState, final String bypassUserDN) { final Iterator dnIterator = subtreeBaseDNs.iterator(); final String subtreeBaseDN = dnIterator.next(); Validator.ensureNotNull(subtreeBaseDN); final ArrayList elements = new ArrayList(4); elements.add(new ASN1OctetString(subtreeBaseDN)); elements.add(new ASN1Enumerated(accessibilityState.intValue())); if (bypassUserDN != null) { elements.add(new ASN1OctetString(TYPE_BYPASS_USER_DN, bypassUserDN)); } if (dnIterator.hasNext()) { final ArrayList additionalDNElements = new ArrayList(subtreeBaseDNs.size()-1); while (dnIterator.hasNext()) { final String additionalDN = dnIterator.next(); Validator.ensureNotNull(additionalDN); additionalDNElements.add(new ASN1OctetString(additionalDN)); } elements.add(new ASN1Sequence(TYPE_ADDITIONAL_SUBTREE_BASE_DNS, additionalDNElements)); } return new ASN1OctetString(new ASN1Sequence(elements).encode()); } /** * Creates a new set subtree accessibility extended request from the provided * generic extended request. * * @param extendedRequest The generic extended request to use to create this * set subtree accessibility extended request. * * @throws LDAPException If a problem occurs while decoding the request. */ public SetSubtreeAccessibilityExtendedRequest( final ExtendedRequest extendedRequest) throws LDAPException { super(extendedRequest); final ASN1OctetString value = extendedRequest.getValue(); if (value == null) { throw new LDAPException(ResultCode.DECODING_ERROR, ERR_SET_SUBTREE_ACCESSIBILITY_NO_VALUE.get()); } try { final ASN1Element[] elements = ASN1Sequence.decodeAsSequence(value.getValue()).elements(); final List baseDNs = new ArrayList(10); baseDNs.add(ASN1OctetString.decodeAsOctetString( elements[0]).stringValue()); final int accessibilityStateValue = ASN1Enumerated.decodeAsEnumerated(elements[1]).intValue(); accessibilityState = SubtreeAccessibilityState.valueOf(accessibilityStateValue); if (accessibilityState == null) { throw new LDAPException(ResultCode.DECODING_ERROR, ERR_SET_SUBTREE_ACCESSIBILITY_INVALID_ACCESSIBILITY_STATE.get( accessibilityStateValue)); } String bypassDN = null; for (int i=2; i < elements.length; i++) { switch (elements[i].getType()) { case TYPE_BYPASS_USER_DN: bypassDN = ASN1OctetString.decodeAsOctetString(elements[i]).stringValue(); break; case TYPE_ADDITIONAL_SUBTREE_BASE_DNS: for (final ASN1Element e : ASN1Sequence.decodeAsSequence(elements[i]).elements()) { baseDNs.add(ASN1OctetString.decodeAsOctetString(e).stringValue()); } break; default: throw new LDAPException(ResultCode.DECODING_ERROR, ERR_SET_SUBTREE_ACCESSIBILITY_INVALID_ELEMENT_TYPE.get( StaticUtils.toHex(elements[i].getType()))); } } bypassUserDN = bypassDN; subtreeBaseDNs = Collections.unmodifiableList(baseDNs); } catch (final LDAPException le) { Debug.debugException(le); throw le; } catch (final Exception e) { Debug.debugException(e); throw new LDAPException(ResultCode.DECODING_ERROR, ERR_SET_SUBTREE_ACCESSIBILITY_CANNOT_DECODE.get( StaticUtils.getExceptionMessage(e)), e); } if ((accessibilityState == SubtreeAccessibilityState.ACCESSIBLE) && (bypassUserDN != null)) { throw new LDAPException(ResultCode.DECODING_ERROR, ERR_SET_SUBTREE_ACCESSIBILITY_UNEXPECTED_BYPASS_DN.get( accessibilityState.getStateName())); } } /** * Creates a new set subtree accessibility extended request that will make the * specified subtree accessible. * * @param subtreeBaseDN The base DN for the subtree to make accessible. It * must not be {@code null}. * @param controls The set of controls to include in the request. It * may be {@code null} or empty if no controls are * needed. * * @return The set subtree accessibility extended request that was created. */ public static SetSubtreeAccessibilityExtendedRequest createSetAccessibleRequest(final String subtreeBaseDN, final Control... controls) { Validator.ensureNotNull(subtreeBaseDN); return new SetSubtreeAccessibilityExtendedRequest( Arrays.asList(subtreeBaseDN), SubtreeAccessibilityState.ACCESSIBLE, null, controls); } /** * Creates a new set subtree accessibility extended request that will make the * specified subtrees accessible. * * @param subtreeBaseDNs The base DNs for the subtrees to make accessible. * It must not be {@code null} or empty. If multiple * base DNs are specified, then all must reside below * the same backend base DN. * @param controls The set of controls to include in the request. It * may be {@code null} or empty if no controls are * needed. * * @return The set subtree accessibility extended request that was created. */ public static SetSubtreeAccessibilityExtendedRequest createSetAccessibleRequest( final Collection subtreeBaseDNs, final Control... controls) { Validator.ensureNotNull(subtreeBaseDNs); Validator.ensureFalse(subtreeBaseDNs.isEmpty()); return new SetSubtreeAccessibilityExtendedRequest(subtreeBaseDNs, SubtreeAccessibilityState.ACCESSIBLE, null, controls); } /** * Creates a new set subtree accessibility extended request that will make the * specified subtree read-only. * * @param subtreeBaseDN The base DN for the subtree to make read-only. It * must not be {@code null}. * @param allowBind Indicates whether users within the specified subtree * will be allowed to bind. * @param bypassUserDN The DN of a user that will be allowed to perform * write (add, delete, modify, and modify DN) * operations in the specified subtree. It may be * {@code null} if no bypass user is needed. * @param controls The set of controls to include in the request. It * may be {@code null} or empty if no controls are * needed. * * @return The set subtree accessibility extended request that was created. */ public static SetSubtreeAccessibilityExtendedRequest createSetReadOnlyRequest(final String subtreeBaseDN, final boolean allowBind, final String bypassUserDN, final Control... controls) { Validator.ensureNotNull(subtreeBaseDN); if (allowBind) { return new SetSubtreeAccessibilityExtendedRequest( Arrays.asList(subtreeBaseDN), SubtreeAccessibilityState.READ_ONLY_BIND_ALLOWED, bypassUserDN, controls); } else { return new SetSubtreeAccessibilityExtendedRequest( Arrays.asList(subtreeBaseDN), SubtreeAccessibilityState.READ_ONLY_BIND_DENIED, bypassUserDN, controls); } } /** * Creates a new set subtree accessibility extended request that will make the * specified subtrees read-only. * * @param subtreeBaseDNs The base DNs for the subtrees to make read-only. * It must not be {@code null} or empty. If multiple * base DNs are specified, then all must reside below * the same backend base DN. * @param allowBind Indicates whether users within the specified * subtrees will be allowed to bind. * @param bypassUserDN The DN of a user that will be allowed to perform * write (add, delete, modify, and modify DN) * operations in the specified subtrees. It may be * {@code null} if no bypass user is needed. * @param controls The set of controls to include in the request. It * may be {@code null} or empty if no controls are * needed. * * @return The set subtree accessibility extended request that was created. */ public static SetSubtreeAccessibilityExtendedRequest createSetReadOnlyRequest(final Collection subtreeBaseDNs, final boolean allowBind, final String bypassUserDN, final Control... controls) { Validator.ensureNotNull(subtreeBaseDNs); Validator.ensureFalse(subtreeBaseDNs.isEmpty()); if (allowBind) { return new SetSubtreeAccessibilityExtendedRequest(subtreeBaseDNs, SubtreeAccessibilityState.READ_ONLY_BIND_ALLOWED, bypassUserDN, controls); } else { return new SetSubtreeAccessibilityExtendedRequest(subtreeBaseDNs, SubtreeAccessibilityState.READ_ONLY_BIND_DENIED, bypassUserDN, controls); } } /** * Creates a new set subtree accessibility extended request that will make the * specified subtree hidden. * * @param subtreeBaseDN The base DN for the subtree to make hidden. It must * not be {@code null}. * @param bypassUserDN The DN of a user that will be allowed to perform * write (add, delete, modify, and modify DN) * operations in the specified subtree. It may be * {@code null} if no bypass user is needed. * @param controls The set of controls to include in the request. It * may be {@code null} or empty if no controls are * needed. * * @return The set subtree accessibility extended request that was created. */ public static SetSubtreeAccessibilityExtendedRequest createSetHiddenRequest(final String subtreeBaseDN, final String bypassUserDN, final Control... controls) { Validator.ensureNotNull(subtreeBaseDN); return new SetSubtreeAccessibilityExtendedRequest( Arrays.asList(subtreeBaseDN), SubtreeAccessibilityState.HIDDEN, bypassUserDN, controls); } /** * Creates a new set subtree accessibility extended request that will make the * specified subtrees hidden. * * @param subtreeBaseDNs The base DNs for the subtrees to make hidden. It * must not be {@code null} or empty. If multiple * base DNs are specified, then all must reside below * the same backend base DN. * @param bypassUserDN The DN of a user that will be allowed to perform * write (add, delete, modify, and modify DN) * operations in the specified subtrees. It may be * {@code null} if no bypass user is needed. * @param controls The set of controls to include in the request. It * may be {@code null} or empty if no controls are * needed. * * @return The set subtree accessibility extended request that was created. */ public static SetSubtreeAccessibilityExtendedRequest createSetHiddenRequest(final Collection subtreeBaseDNs, final String bypassUserDN, final Control... controls) { Validator.ensureNotNull(subtreeBaseDNs); Validator.ensureFalse(subtreeBaseDNs.isEmpty()); return new SetSubtreeAccessibilityExtendedRequest(subtreeBaseDNs, SubtreeAccessibilityState.HIDDEN, bypassUserDN, controls); } /** * Retrieves the base DN for the target subtree. Note that if multiple * base DNs are defined, this will only retrieve the first. The * {@link #getSubtreeBaseDNs()} method should be used to get the complete set * of target subtree base DNs. * * @return The base DN for the target subtree. */ public String getSubtreeBaseDN() { return subtreeBaseDNs.get(0); } /** * Retrieves the base DNs for all target subtrees. * * @return The base DNs for all target subtrees. */ public List getSubtreeBaseDNs() { return subtreeBaseDNs; } /** * Retrieves the accessibility state to apply to the target subtrees. * * @return The accessibility state to apply to the target subtrees. */ public SubtreeAccessibilityState getAccessibilityState() { return accessibilityState; } /** * Retrieves the DN of the user that will be allowed to bypass the * restrictions imposed on the target subtrees for all other users. * * @return The DN of the user that will be allowed to bypass the restrictions * imposed on the target subtrees for all other users, or * {@code null} if there are no restrictions to be imposed on the * target subtrees or if no bypass user is defined for those * subtrees. */ public String getBypassUserDN() { return bypassUserDN; } /** * {@inheritDoc} */ @Override() public SetSubtreeAccessibilityExtendedRequest duplicate() { return duplicate(getControls()); } /** * {@inheritDoc} */ @Override() public SetSubtreeAccessibilityExtendedRequest duplicate( final Control[] controls) { return new SetSubtreeAccessibilityExtendedRequest(subtreeBaseDNs, accessibilityState, bypassUserDN, controls); } /** * {@inheritDoc} */ @Override() public String getExtendedRequestName() { return INFO_EXTENDED_REQUEST_NAME_SET_SUBTREE_ACCESSIBILITY.get(); } /** * {@inheritDoc} */ @Override() public void toString(final StringBuilder buffer) { buffer.append("SetSubtreeAccessibilityExtendedRequest(baseDNs={"); final Iterator dnIterator = subtreeBaseDNs.iterator(); while (dnIterator.hasNext()) { buffer.append('"'); buffer.append(dnIterator.next()); buffer.append('"'); if (dnIterator.hasNext()) { buffer.append(", "); } } buffer.append("}, accessibilityType=\""); buffer.append(accessibilityState.getStateName()); buffer.append('"'); if (bypassUserDN != null) { buffer.append(", bypassUserDN=\""); buffer.append(bypassUserDN); buffer.append('"'); } final Control[] controls = getControls(); if (controls.length > 0) { buffer.append(", controls={"); for (int i=0; i < controls.length; i++) { if (i > 0) { buffer.append(", "); } buffer.append(controls[i]); } buffer.append('}'); } buffer.append(')'); } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy