001/*
002 * Copyright 2012-2019 Ping Identity Corporation
003 * All Rights Reserved.
004 */
005/*
006 * Copyright (C) 2015-2019 Ping Identity Corporation
007 *
008 * This program is free software; you can redistribute it and/or modify
009 * it under the terms of the GNU General Public License (GPLv2 only)
010 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
011 * as published by the Free Software Foundation.
012 *
013 * This program is distributed in the hope that it will be useful,
014 * but WITHOUT ANY WARRANTY; without even the implied warranty of
015 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
016 * GNU General Public License for more details.
017 *
018 * You should have received a copy of the GNU General Public License
019 * along with this program; if not, see <http://www.gnu.org/licenses>.
020 */
021package com.unboundid.ldap.sdk.unboundidds.controls;
022
023
024
025import java.util.ArrayList;
026import java.util.Collections;
027import java.util.Iterator;
028import java.util.List;
029
030import com.unboundid.asn1.ASN1Element;
031import com.unboundid.asn1.ASN1Long;
032import com.unboundid.asn1.ASN1OctetString;
033import com.unboundid.asn1.ASN1Sequence;
034import com.unboundid.asn1.ASN1Set;
035import com.unboundid.ldap.sdk.Attribute;
036import com.unboundid.ldap.sdk.Control;
037import com.unboundid.ldap.sdk.BindResult;
038import com.unboundid.ldap.sdk.DecodeableControl;
039import com.unboundid.ldap.sdk.LDAPException;
040import com.unboundid.ldap.sdk.ResultCode;
041import com.unboundid.util.Debug;
042import com.unboundid.util.NotMutable;
043import com.unboundid.util.StaticUtils;
044import com.unboundid.util.ThreadSafety;
045import com.unboundid.util.ThreadSafetyLevel;
046
047import static com.unboundid.ldap.sdk.unboundidds.controls.ControlMessages.*;
048
049
050
051/**
052 * This class provides a response control that may be included in the response
053 * to a successful bind operation in order to provide information about custom
054 * resource limits for the user, including size limit, time limit, idle time
055 * limit, lookthrough limit, equivalent authorization user DN, and client
056 * connection policy name.
057 * <BR>
058 * <BLOCKQUOTE>
059 *   <B>NOTE:</B>  This class, and other classes within the
060 *   {@code com.unboundid.ldap.sdk.unboundidds} package structure, are only
061 *   supported for use against Ping Identity, UnboundID, and
062 *   Nokia/Alcatel-Lucent 8661 server products.  These classes provide support
063 *   for proprietary functionality or for external specifications that are not
064 *   considered stable or mature enough to be guaranteed to work in an
065 *   interoperable way with other types of LDAP servers.
066 * </BLOCKQUOTE>
067 * <BR>
068 * The criticality for this control should be {@code false}.  It must have a
069 * value with the following encoding:
070 * <PRE>
071 *   USER_RESOURCE_LIMITS_VALUE ::= SEQUENCE {
072 *     sizeLimit                      [0] INTEGER OPTIONAL,
073 *     timeLimitSeconds               [1] INTEGER OPTIONAL,
074 *     idleTimeLimitSeconds           [2] INTEGER OPTIONAL,
075 *     lookthroughLimit               [3] INTEGER OPTIONAL,
076 *     equivalentAuthzUserDN          [4] LDAPDN OPTIONAL,
077 *     clientConnectionPolicyName     [5] OCTET STRING OPTIONAL,
078 *     groupDNs                       [6] SET OF OCTET STRING OPTIONAL,
079 *     privilegeNames                 [7] SET OF OCTET STRING OPTIONAL,
080 *     otherAttributes                [8] PartialAttributeList OPTIONAL,
081 *     ... }
082 * </PRE>
083 *
084 * @see GetUserResourceLimitsRequestControl
085 */
086@NotMutable()
087@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE)
088public final class GetUserResourceLimitsResponseControl
089       extends Control
090       implements DecodeableControl
091{
092  /**
093   * The OID (1.3.6.1.4.1.30221.2.5.26) for the get user resource limits
094   * response control.
095   */
096  public static final String GET_USER_RESOURCE_LIMITS_RESPONSE_OID =
097       "1.3.6.1.4.1.30221.2.5.26";
098
099
100
101  /**
102   * The BER type for the value element used to specify the size limit.
103   */
104  private static final byte TYPE_SIZE_LIMIT = (byte) 0x80;
105
106
107
108  /**
109   * The BER type for the value element used to specify the time limit.
110   */
111  private static final byte TYPE_TIME_LIMIT = (byte) 0x81;
112
113
114
115  /**
116   * The BER type for the value element used to specify the idle time limit.
117   */
118  private static final byte TYPE_IDLE_TIME_LIMIT = (byte) 0x82;
119
120
121
122  /**
123   * The BER type for the value element used to specify the lookthrough limit.
124   */
125  private static final byte TYPE_LOOKTHROUGH_LIMIT = (byte) 0x83;
126
127
128
129  /**
130   * The BER type for the value element used to specify the equivalent
131   * authorization user DN.
132   */
133  private static final byte TYPE_EQUIVALENT_AUTHZ_USER_DN = (byte) 0x84;
134
135
136
137  /**
138   * The BER type for the value element used to specify the client connection
139   * policy name.
140   */
141  private static final byte TYPE_CLIENT_CONNECTION_POLICY_NAME = (byte) 0x85;
142
143
144
145  /**
146   * The BER type for the value element used to specify the DNs of groups in
147   * which the user is a member.
148   */
149  private static final byte TYPE_GROUP_DNS = (byte) 0xA6;
150
151
152
153  /**
154   * The BER type for the value element used to specify the set of user
155   * privilege names.
156   */
157  private static final byte TYPE_PRIVILEGE_NAMES = (byte) 0xA7;
158
159
160
161  /**
162   * The BER type for the value element used to specify additional attributes
163   * that may be included in the future.
164   */
165  private static final byte TYPE_OTHER_ATTRIBUTES = (byte) 0xA8;
166
167
168
169  /**
170   * The serial version UID for this serializable class.
171   */
172  private static final long serialVersionUID = -5261978490319320250L;
173
174
175
176  // The set of other select attributes from the user entry.
177  private final List<Attribute> otherAttributes;
178
179  // The set of group DNs for the user.
180  private final List<String> groupDNs;
181
182  // The set of privilege names for the user.
183  private final List<String> privilegeNames;
184
185  // The custom idle time limit for the user.
186  private final Long idleTimeLimitSeconds;
187
188  // The custom lookthrough limit for the user.
189  private final Long lookthroughLimit;
190
191  // The custom size limit for the user.
192  private final Long sizeLimit;
193
194  // The custom time limit for the user, in seconds.
195  private final Long timeLimitSeconds;
196
197  // The name of the client connection policy selected for the user.
198  private final String clientConnectionPolicyName;
199
200  // The DN of a user with equivalent authorization rights for use in servers
201  // in an entry-balancing environment in which the user's entry does not exist.
202  private final String equivalentAuthzUserDN;
203
204
205
206  /**
207   * Creates a new empty control instance that is intended to be used only for
208   * decoding controls via the {@code DecodeableControl} interface.
209   */
210  GetUserResourceLimitsResponseControl()
211  {
212    otherAttributes            = null;
213    groupDNs                   = null;
214    privilegeNames             = null;
215    idleTimeLimitSeconds       = null;
216    lookthroughLimit           = null;
217    sizeLimit                  = null;
218    timeLimitSeconds           = null;
219    clientConnectionPolicyName = null;
220    equivalentAuthzUserDN      = null;
221  }
222
223
224
225  /**
226   * Creates a new get user resource limits response control with the provided
227   * information.
228   *
229   * @param  sizeLimit                   The custom size limit for the user.
230   *                                     It may be less than or equal to zero
231   *                                     if no size limit should be enforced for
232   *                                     the user.  It may be {@code null} if
233   *                                     there is no custom size limit or it is
234   *                                     not to be included in the control.
235   * @param  timeLimitSeconds            The custom time limit for the user, in
236   *                                     seconds.  It may be less than or equal
237   *                                     to zero if no time limit should be
238   *                                     enforced for the user.  It may be
239   *                                     {@code null} if there is no custom time
240   *                                     limit or it is not to be included in
241   *                                     the control.
242   * @param  idleTimeLimitSeconds        The custom idle time limit for the
243   *                                     user, in seconds.  It may be less than
244   *                                     or equal to zero if no idle time limit
245   *                                     should be enforced for the user.  It
246   *                                     may be {@code null} if there is no
247   *                                     custom idle time limit or it is not to
248   *                                     be included in the control.
249   * @param  lookthroughLimit            The custom lookthrough limit for the
250   *                                     user.  It may be less than or equal to
251   *                                     zero if no lookthrough limit should
252   *                                     be enforced for the user.  It may be
253   *                                     {@code null} if there is no custom
254   *                                     lookthrough limit for the user or it is
255   *                                     not to be included in the control.
256   * @param  equivalentAuthzUserDN       The DN of a user with equivalent
257   *                                     authorization rights for use in servers
258   *                                     in an entry-balancing environment in
259   *                                     which the user's entry does not exist.
260   *                                     It may be an empty string if the
261   *                                     equivalent authorization should be
262   *                                     anonymous, or {@code null} if there is
263   *                                     no custom equivalent authorization user
264   *                                     DN or it is not to be included in the
265   *                                     control.
266   * @param  clientConnectionPolicyName  The name of the client connection
267   *                                     policy that has been assigned to the
268   *                                     user, or {@code null} if the client
269   *                                     connection policy name is not to be
270   *                                     included in the control.
271   */
272  public GetUserResourceLimitsResponseControl(final Long sizeLimit,
273              final Long timeLimitSeconds, final Long idleTimeLimitSeconds,
274              final Long lookthroughLimit, final String equivalentAuthzUserDN,
275              final String clientConnectionPolicyName)
276  {
277    this(sizeLimit, timeLimitSeconds, idleTimeLimitSeconds, lookthroughLimit,
278         equivalentAuthzUserDN, clientConnectionPolicyName, null, null, null);
279  }
280
281
282
283  /**
284   * Creates a new get user resource limits response control with the provided
285   * information.
286   *
287   * @param  sizeLimit                   The custom size limit for the user.
288   *                                     It may be less than or equal to zero
289   *                                     if no size limit should be enforced for
290   *                                     the user.  It may be {@code null} if
291   *                                     there is no custom size limit or it is
292   *                                     not to be included in the control.
293   * @param  timeLimitSeconds            The custom time limit for the user, in
294   *                                     seconds.  It may be less than or equal
295   *                                     to zero if no time limit should be
296   *                                     enforced for the user.  It may be
297   *                                     {@code null} if there is no custom time
298   *                                     limit or it is not to be included in
299   *                                     the control.
300   * @param  idleTimeLimitSeconds        The custom idle time limit for the
301   *                                     user, in seconds.  It may be less than
302   *                                     or equal to zero if no idle time limit
303   *                                     should be enforced for the user.  It
304   *                                     may be {@code null} if there is no
305   *                                     custom idle time limit or it is not to
306   *                                     be included in the control.
307   * @param  lookthroughLimit            The custom lookthrough limit for the
308   *                                     user.  It may be less than or equal to
309   *                                     zero if no lookthrough limit should
310   *                                     be enforced for the user.  It may be
311   *                                     {@code null} if there is no custom
312   *                                     lookthrough limit for the user or it is
313   *                                     not to be included in the control.
314   * @param  equivalentAuthzUserDN       The DN of a user with equivalent
315   *                                     authorization rights for use in servers
316   *                                     in an entry-balancing environment in
317   *                                     which the user's entry does not exist.
318   *                                     It may be an empty string if the
319   *                                     equivalent authorization should be
320   *                                     anonymous, or {@code null} if there is
321   *                                     no custom equivalent authorization user
322   *                                     DN or it is not to be included in the
323   *                                     control.
324   * @param  clientConnectionPolicyName  The name of the client connection
325   *                                     policy that has been assigned to the
326   *                                     user, or {@code null} if the client
327   *                                     connection policy name is not to be
328   *                                     included in the control.
329   * @param  groupDNs                    The DNs of the groups in which the user
330   *                                     is a member.  It may be {@code null} if
331   *                                     group membership is not known, or
332   *                                     empty if the user isn't a member of any
333   *                                     groups.
334   * @param  privilegeNames              The names of the privileges assigned to
335   *                                     the user.  It may be {@code null} if
336   *                                     the privilege names are not known, or
337   *                                     empty if the  user doesn't have any
338   *                                     privileges.
339   * @param  otherAttributes             A set of additional attributes from the
340   *                                     user's entry.  It may be {@code null}
341   *                                     or empty if no additional attributes
342   *                                     are needed.
343   */
344  public GetUserResourceLimitsResponseControl(final Long sizeLimit,
345              final Long timeLimitSeconds, final Long idleTimeLimitSeconds,
346              final Long lookthroughLimit, final String equivalentAuthzUserDN,
347              final String clientConnectionPolicyName,
348              final List<String> groupDNs, final List<String> privilegeNames,
349              final List<Attribute> otherAttributes)
350  {
351    super(GET_USER_RESOURCE_LIMITS_RESPONSE_OID, false,
352         encodeValue(sizeLimit, timeLimitSeconds, idleTimeLimitSeconds,
353              lookthroughLimit, equivalentAuthzUserDN,
354              clientConnectionPolicyName, groupDNs, privilegeNames,
355              otherAttributes));
356
357    if ((sizeLimit == null) || (sizeLimit > 0L))
358    {
359      this.sizeLimit = sizeLimit;
360    }
361    else
362    {
363      this.sizeLimit = -1L;
364    }
365
366    if ((timeLimitSeconds == null) || (timeLimitSeconds > 0L))
367    {
368      this.timeLimitSeconds = timeLimitSeconds;
369    }
370    else
371    {
372      this.timeLimitSeconds = -1L;
373    }
374
375    if ((idleTimeLimitSeconds == null) || (idleTimeLimitSeconds > 0L))
376    {
377      this.idleTimeLimitSeconds = idleTimeLimitSeconds;
378    }
379    else
380    {
381      this.idleTimeLimitSeconds = -1L;
382    }
383
384    if ((lookthroughLimit == null) || (lookthroughLimit > 0L))
385    {
386      this.lookthroughLimit = lookthroughLimit;
387    }
388    else
389    {
390      this.lookthroughLimit = -1L;
391    }
392
393    this.equivalentAuthzUserDN      = equivalentAuthzUserDN;
394    this.clientConnectionPolicyName = clientConnectionPolicyName;
395
396    if (groupDNs == null)
397    {
398      this.groupDNs = null;
399    }
400    else
401    {
402      this.groupDNs =
403           Collections.unmodifiableList(new ArrayList<>(groupDNs));
404    }
405
406    if (privilegeNames == null)
407    {
408      this.privilegeNames = null;
409    }
410    else
411    {
412      this.privilegeNames =
413           Collections.unmodifiableList(new ArrayList<>(privilegeNames));
414    }
415
416    if (otherAttributes == null)
417    {
418      this.otherAttributes = Collections.emptyList();
419    }
420    else
421    {
422      this.otherAttributes =
423           Collections.unmodifiableList(new ArrayList<>(otherAttributes));
424    }
425  }
426
427
428
429  /**
430   * Encodes the provided information into an octet string suitable for use as
431   * the value of a get user resource limits response control.
432   *
433   * @param  sizeLimit                   The custom size limit for the user.
434   *                                     It may be less than or equal to zero
435   *                                     if no size limit should be enforced for
436   *                                     the user.  It may be {@code null} if
437   *                                     there is no custom size limit or it is
438   *                                     not to be included in the control.
439   * @param  timeLimitSeconds            The custom time limit for the user, in
440   *                                     seconds.  It may be less than or equal
441   *                                     to zero if no time limit should be
442   *                                     enforced for the user.  It may be
443   *                                     {@code null} if there is no custom time
444   *                                     limit or it is not to be included in
445   *                                     the control.
446   * @param  idleTimeLimitSeconds        The custom idle time limit for the
447   *                                     user, in seconds.  It may be less than
448   *                                     or equal to zero if no idle time limit
449   *                                     should be enforced for the user.  It
450   *                                     may be {@code null} if there is no
451   *                                     custom idle time limit or it is not to
452   *                                     be included in the control.
453   * @param  lookthroughLimit            The custom lookthrough limit for the
454   *                                     user.  It may be less than or equal to
455   *                                     zero if no lookthrough limit should
456   *                                     be enforced for the user.  It may be
457   *                                     {@code null} if there is no custom
458   *                                     lookthrough limit for the user or it is
459   *                                     not to be included in the control.
460   * @param  equivalentAuthzUserDN       The DN of a user with equivalent
461   *                                     authorization rights for use in servers
462   *                                     in an entry-balancing environment in
463   *                                     which the user's entry does not exist.
464   * @param  clientConnectionPolicyName  The name of the client connection
465   *                                     policy that has been assigned to the
466   *                                     user, or {@code null} if the client
467   *                                     connection policy name is not to be
468   *                                     included in the control.
469   * @param  groupDNs                    The DNs of the groups in which the user
470   *                                     is a member.  It may be {@code null} if
471   *                                     group membership is not known, or
472   *                                     empty if the user isn't a member of any
473   *                                     groups.
474   * @param  privilegeNames              The names of the privileges assigned to
475   *                                     the user.  It may be {@code null} if
476   *                                     the privilege names are not known, or
477   *                                     empty if the  user doesn't have any
478   *                                     privileges.
479   * @param  otherAttributes             A set of additional attributes from the
480   *                                     user's entry.  It may be {@code null}
481   *                                     or empty if no additional attributes
482   *                                     are needed.
483   *
484   * @return  The octet string which may be used as the value of a get user
485   *          resource limits response control
486   */
487  private static ASN1OctetString encodeValue(final Long sizeLimit,
488              final Long timeLimitSeconds, final Long idleTimeLimitSeconds,
489              final Long lookthroughLimit, final String equivalentAuthzUserDN,
490              final String clientConnectionPolicyName,
491              final List<String> groupDNs, final List<String> privilegeNames,
492              final List<Attribute> otherAttributes)
493  {
494    final ArrayList<ASN1Element> elements = new ArrayList<>(10);
495
496    if (sizeLimit != null)
497    {
498      if (sizeLimit > 0L)
499      {
500        elements.add(new ASN1Long(TYPE_SIZE_LIMIT, sizeLimit));
501      }
502      else
503      {
504        elements.add(new ASN1Long(TYPE_SIZE_LIMIT, -1L));
505      }
506    }
507
508    if (timeLimitSeconds != null)
509    {
510      if (timeLimitSeconds > 0L)
511      {
512        elements.add(new ASN1Long(TYPE_TIME_LIMIT, timeLimitSeconds));
513      }
514      else
515      {
516        elements.add(new ASN1Long(TYPE_TIME_LIMIT, -1L));
517      }
518    }
519
520    if (idleTimeLimitSeconds != null)
521    {
522      if (idleTimeLimitSeconds > 0L)
523      {
524        elements.add(new ASN1Long(TYPE_IDLE_TIME_LIMIT, idleTimeLimitSeconds));
525      }
526      else
527      {
528        elements.add(new ASN1Long(TYPE_IDLE_TIME_LIMIT, -1L));
529      }
530    }
531
532    if (lookthroughLimit != null)
533    {
534      if (lookthroughLimit > 0L)
535      {
536        elements.add(new ASN1Long(TYPE_LOOKTHROUGH_LIMIT, lookthroughLimit));
537      }
538      else
539      {
540        elements.add(new ASN1Long(TYPE_LOOKTHROUGH_LIMIT, -1L));
541      }
542    }
543
544    if (equivalentAuthzUserDN != null)
545    {
546      elements.add(new ASN1OctetString(TYPE_EQUIVALENT_AUTHZ_USER_DN,
547           equivalentAuthzUserDN));
548    }
549
550    if (clientConnectionPolicyName != null)
551    {
552      elements.add(new ASN1OctetString(TYPE_CLIENT_CONNECTION_POLICY_NAME,
553           clientConnectionPolicyName));
554    }
555
556    if (groupDNs != null)
557    {
558      final ArrayList<ASN1Element> dnElements =
559           new ArrayList<>(groupDNs.size());
560      for (final String s : groupDNs)
561      {
562        dnElements.add(new ASN1OctetString(s));
563      }
564
565      elements.add(new ASN1Set(TYPE_GROUP_DNS, dnElements));
566    }
567
568    if (privilegeNames != null)
569    {
570      final ArrayList<ASN1Element> privElements =
571           new ArrayList<>(privilegeNames.size());
572      for (final String s : privilegeNames)
573      {
574        privElements.add(new ASN1OctetString(s));
575      }
576
577      elements.add(new ASN1Set(TYPE_PRIVILEGE_NAMES, privElements));
578    }
579
580    if ((otherAttributes != null) && (! otherAttributes.isEmpty()))
581    {
582      final ArrayList<ASN1Element> attrElements =
583           new ArrayList<>(otherAttributes.size());
584      for (final Attribute a : otherAttributes)
585      {
586        attrElements.add(a.encode());
587      }
588
589      elements.add(new ASN1Sequence(TYPE_OTHER_ATTRIBUTES, attrElements));
590    }
591
592    return new ASN1OctetString(new ASN1Sequence(elements).encode());
593  }
594
595
596
597  /**
598   * Creates a new get user resource limits response control decoded from the
599   * given generic control contents.
600   *
601   * @param  oid         The OID for the control.
602   * @param  isCritical  Indicates whether this control should be marked
603   *                     critical.
604   * @param  value       The value for the control.  It may be {@code null} if
605   *                     the control to decode does not have a value.
606   *
607   * @throws  LDAPException  If a problem occurs while attempting to decode the
608   *                         generic control as a get user resource limits
609   *                         response control.
610   */
611  public GetUserResourceLimitsResponseControl(final String oid,
612                                              final boolean isCritical,
613                                              final ASN1OctetString value)
614         throws LDAPException
615  {
616    super(oid, isCritical, value);
617
618    if (value == null)
619    {
620      throw new LDAPException(ResultCode.DECODING_ERROR,
621           ERR_GET_USER_RESOURCE_LIMITS_RESPONSE_MISSING_VALUE.get());
622    }
623
624
625    List<Attribute> oa   = Collections.emptyList();
626    List<String>    gd   = null;
627    List<String>    pn   = null;
628    Long            sL   = null;
629    Long            tL   = null;
630    Long            iTL  = null;
631    Long            lL   = null;
632    String          eAUD = null;
633    String          cCPN = null;
634
635    try
636    {
637      final ASN1Element[] elements =
638           ASN1Sequence.decodeAsSequence(value.getValue()).elements();
639      for (final ASN1Element e : elements)
640      {
641        switch (e.getType())
642        {
643          case TYPE_SIZE_LIMIT:
644            sL = ASN1Long.decodeAsLong(e).longValue();
645            break;
646          case TYPE_TIME_LIMIT:
647            tL = ASN1Long.decodeAsLong(e).longValue();
648            break;
649          case TYPE_IDLE_TIME_LIMIT:
650            iTL = ASN1Long.decodeAsLong(e).longValue();
651            break;
652          case TYPE_LOOKTHROUGH_LIMIT:
653            lL = ASN1Long.decodeAsLong(e).longValue();
654            break;
655          case TYPE_EQUIVALENT_AUTHZ_USER_DN:
656            eAUD = ASN1OctetString.decodeAsOctetString(e).stringValue();
657            break;
658          case TYPE_CLIENT_CONNECTION_POLICY_NAME:
659            cCPN = ASN1OctetString.decodeAsOctetString(e).stringValue();
660            break;
661          case TYPE_GROUP_DNS:
662            final ASN1Element[] groupElements =
663                 ASN1Set.decodeAsSet(e).elements();
664            gd = new ArrayList<>(groupElements.length);
665            for (final ASN1Element pe : groupElements)
666            {
667              gd.add(ASN1OctetString.decodeAsOctetString(pe).stringValue());
668            }
669            gd = Collections.unmodifiableList(gd);
670            break;
671          case TYPE_PRIVILEGE_NAMES:
672            final ASN1Element[] privElements =
673                 ASN1Set.decodeAsSet(e).elements();
674            pn = new ArrayList<>(privElements.length);
675            for (final ASN1Element pe : privElements)
676            {
677              pn.add(ASN1OctetString.decodeAsOctetString(pe).stringValue());
678            }
679            pn = Collections.unmodifiableList(pn);
680            break;
681          case TYPE_OTHER_ATTRIBUTES:
682            final ASN1Element[] attrElemnets =
683                 ASN1Sequence.decodeAsSequence(e).elements();
684            oa = new ArrayList<>(attrElemnets.length);
685            for (final ASN1Element ae : attrElemnets)
686            {
687              oa.add(Attribute.decode(ASN1Sequence.decodeAsSequence(ae)));
688            }
689            oa = Collections.unmodifiableList(oa);
690            break;
691          default:
692            // No action will be taken.  It may be the case that a future
693            // version of the control could return additional information.
694            break;
695        }
696      }
697    }
698    catch (final Exception e)
699    {
700      Debug.debugException(e);
701      throw new LDAPException(ResultCode.DECODING_ERROR,
702           ERR_GET_USER_RESOURCE_LIMITS_RESPONSE_CANNOT_DECODE_VALUE.get(
703                StaticUtils.getExceptionMessage(e)),
704           e);
705    }
706
707    otherAttributes            = oa;
708    groupDNs                   = gd;
709    privilegeNames             = pn;
710    sizeLimit                  = sL;
711    timeLimitSeconds           = tL;
712    idleTimeLimitSeconds       = iTL;
713    lookthroughLimit           = lL;
714    equivalentAuthzUserDN      = eAUD;
715    clientConnectionPolicyName = cCPN;
716  }
717
718
719
720  /**
721   * {@inheritDoc}
722   */
723  @Override()
724  public GetUserResourceLimitsResponseControl decodeControl(final String oid,
725                                                   final boolean isCritical,
726                                                   final ASN1OctetString value)
727         throws LDAPException
728  {
729    return new GetUserResourceLimitsResponseControl(oid, isCritical, value);
730  }
731
732
733
734  /**
735   * Extracts a get user resource limits response control from the provided
736   * result.
737   *
738   * @param  result  The bind result from which to retrieve the get user
739   *                 resource limits response control.
740   *
741   * @return  The get user resource limits response control contained in the
742   *          provided result, or {@code null} if the result did not contain a
743   *          get user resource limits response control.
744   *
745   * @throws  LDAPException  If a problem is encountered while attempting to
746   *                         decode the get user resource limits response
747   *                         control contained in the provided result.
748   */
749  public static GetUserResourceLimitsResponseControl get(
750                     final BindResult result)
751         throws LDAPException
752  {
753    final Control c =
754         result.getResponseControl(GET_USER_RESOURCE_LIMITS_RESPONSE_OID);
755    if (c == null)
756    {
757      return null;
758    }
759
760    if (c instanceof GetUserResourceLimitsResponseControl)
761    {
762      return (GetUserResourceLimitsResponseControl) c;
763    }
764    else
765    {
766      return new GetUserResourceLimitsResponseControl(c.getOID(),
767           c.isCritical(), c.getValue());
768    }
769  }
770
771
772
773  /**
774   * Retrieves the custom size limit for the user, if available.
775   *
776   * @return  The custom size limit for the user, -1 if no size limit should be
777   *          enforced for the user, or {@code null} if no custom size limit
778   *          was included in the control.
779   */
780  public Long getSizeLimit()
781  {
782    return sizeLimit;
783  }
784
785
786
787  /**
788   * Retrieves the custom time limit for the user in seconds, if available.
789   *
790   * @return  The custom time limit for the user in seconds, -1 if no time limit
791   *          should be enforced for the user, or {@code null} if no custom time
792   *          limit was included in the control.
793   */
794  public Long getTimeLimitSeconds()
795  {
796    return timeLimitSeconds;
797  }
798
799
800
801  /**
802   * Retrieves the custom idle time limit for the user in seconds, if available.
803   *
804   * @return  The custom idle time limit for the user in seconds, -1 if no idle
805   *          time limit should be enforced for the user, or {@code null} if no
806   *          custom idle time limit was included in the control.
807   */
808  public Long getIdleTimeLimitSeconds()
809  {
810    return idleTimeLimitSeconds;
811  }
812
813
814
815  /**
816   * Retrieves the custom lookthrough limit for the user, if available.
817   *
818   * @return  The custom lookthrough limit for the user, -1 if no lookthrough
819   *          limit should be enforced for the user, or {@code null} if no
820   *          custom lookthrough limit was included in the control.
821   */
822  public Long getLookthroughLimit()
823  {
824    return lookthroughLimit;
825  }
826
827
828
829  /**
830   * Retrieves the equivalent authorization user DN, for use in servers in an
831   * entry-balancing environment in which the user's entry does not exist.
832   *
833   * @return  The equivalent authorization user DN for the user, an empty string
834   *          if the equivalent authorization is anonymous, or {@code null} if
835   *          no equivalent authorization user DN was included in the control.
836   */
837  public String getEquivalentAuthzUserDN()
838  {
839    return equivalentAuthzUserDN;
840  }
841
842
843
844  /**
845   * Retrieves the name of the client connection policy that has been assigned
846   * to the user, if available.
847   *
848   * @return  The name of the client connection policy that has been assigned to
849   *          the user, or {@code null} if the client connection policy name was
850   *          not included in the control.
851   */
852  public String getClientConnectionPolicyName()
853  {
854    return clientConnectionPolicyName;
855  }
856
857
858
859  /**
860   * Retrieves the DNs of any groups in which the user is a member.
861   *
862   * @return  The DNs of any groups in which the user is a member, an empty list
863   *          if the user is not a member of any groups, or {@code null} if the
864   *           set of group DNs is not known.
865   */
866  public List<String> getGroupDNs()
867  {
868    return groupDNs;
869  }
870
871
872
873  /**
874   * Retrieves the names of any privileges assigned to the user.
875   *
876   * @return  The names of any privileges assigned to the user, an empty list if
877   *          the user is known to have no privileges, or {@code null} if the
878   *          set of user privileges is not known.
879   */
880  public List<String> getPrivilegeNames()
881  {
882    return privilegeNames;
883  }
884
885
886
887  /**
888   * Retrieves a list containing additional attributes from the user's entry.
889   *
890   * @return  A list containing additional attributes from the user's entry, or
891   *          an empty list if no additional attributes were provided.
892   */
893  public List<Attribute> getOtherAttributes()
894  {
895    return otherAttributes;
896  }
897
898
899
900  /**
901   * Retrieves the "other" attribute with the specified name.
902   *
903   * @param  name  The name of the "other" attribute to retrieve.  It must not
904   *               be {@code null}.
905   *
906   * @return  The "other" attribute with the specified name, or {@code null} if
907   *          there is no such "other" attribute.
908   */
909  public Attribute getOtherAttribute(final String name)
910  {
911    for (final Attribute a : otherAttributes)
912    {
913      if (a.getName().equalsIgnoreCase(name))
914      {
915        return a;
916      }
917    }
918
919    return null;
920  }
921
922
923
924  /**
925   * {@inheritDoc}
926   */
927  @Override()
928  public String getControlName()
929  {
930    return INFO_CONTROL_NAME_GET_USER_RESOURCE_LIMITS_RESPONSE.get();
931  }
932
933
934
935  /**
936   * {@inheritDoc}
937   */
938  @Override()
939  public void toString(final StringBuilder buffer)
940  {
941    buffer.append("GetUserResourceLimitsResponseControl(");
942
943    boolean added = false;
944    if (sizeLimit != null)
945    {
946      buffer.append("sizeLimit=");
947      buffer.append(sizeLimit);
948      added = true;
949    }
950
951    if (timeLimitSeconds != null)
952    {
953      if (added)
954      {
955        buffer.append(", ");
956      }
957
958      buffer.append("timeLimitSeconds=");
959      buffer.append(timeLimitSeconds);
960      added = true;
961    }
962
963    if (idleTimeLimitSeconds != null)
964    {
965      if (added)
966      {
967        buffer.append(", ");
968      }
969
970      buffer.append("idleTimeLimitSeconds=");
971      buffer.append(idleTimeLimitSeconds);
972      added = true;
973    }
974
975    if (lookthroughLimit != null)
976    {
977      if (added)
978      {
979        buffer.append(", ");
980      }
981
982      buffer.append("lookthroughLimit=");
983      buffer.append(lookthroughLimit);
984      added = true;
985    }
986
987    if (equivalentAuthzUserDN != null)
988    {
989      if (added)
990      {
991        buffer.append(", ");
992      }
993
994      buffer.append("equivalentAuthzUserDN=\"");
995      buffer.append(equivalentAuthzUserDN);
996      buffer.append('"');
997      added = true;
998    }
999
1000    if (clientConnectionPolicyName != null)
1001    {
1002      if (added)
1003      {
1004        buffer.append(", ");
1005      }
1006
1007      buffer.append("clientConnectionPolicyName=\"");
1008      buffer.append(clientConnectionPolicyName);
1009      buffer.append('"');
1010      added = true;
1011    }
1012
1013    if (groupDNs != null)
1014    {
1015      if (added)
1016      {
1017        buffer.append(", ");
1018      }
1019
1020      buffer.append("groupDNs={");
1021
1022      final Iterator<String> dnIterator = groupDNs.iterator();
1023      while (dnIterator.hasNext())
1024      {
1025        buffer.append('"');
1026        buffer.append(dnIterator.next());
1027        buffer.append('"');
1028
1029        if (dnIterator.hasNext())
1030        {
1031          buffer.append(", ");
1032        }
1033      }
1034
1035      buffer.append('}');
1036      added = true;
1037    }
1038
1039    if (privilegeNames != null)
1040    {
1041      if (added)
1042      {
1043        buffer.append(", ");
1044      }
1045
1046      buffer.append("privilegeNames={");
1047
1048      final Iterator<String> privilegeIterator = privilegeNames.iterator();
1049      while (privilegeIterator.hasNext())
1050      {
1051        buffer.append('"');
1052        buffer.append(privilegeIterator.next());
1053        buffer.append('"');
1054
1055        if (privilegeIterator.hasNext())
1056        {
1057          buffer.append(", ");
1058        }
1059      }
1060
1061      buffer.append('}');
1062      added = true;
1063    }
1064
1065    if (! otherAttributes.isEmpty())
1066    {
1067      if (added)
1068      {
1069        buffer.append(", ");
1070      }
1071
1072      buffer.append("otherAttributes={");
1073
1074      final Iterator<Attribute> attrIterator = otherAttributes.iterator();
1075      while (attrIterator.hasNext())
1076      {
1077        attrIterator.next().toString(buffer);
1078
1079        if (attrIterator.hasNext())
1080        {
1081          buffer.append(", ");
1082        }
1083      }
1084
1085      buffer.append('}');
1086    }
1087
1088    buffer.append("')");
1089  }
1090}