/**
* A utility method which may be used by implementations in order to obtain the value of the
* specified attribute from the provided entry as a boolean.
*
* @param entry The entry whose attribute is to be parsed as a boolean.
* @param attributeType The attribute type whose value should be parsed as a boolean.
* @return The attribute's value represented as a ConditionResult value, or
* ConditionResult.UNDEFINED if the specified attribute does not exist in the entry.
* @throws DirectoryException If the value cannot be decoded as a boolean.
*/
protected static final ConditionResult getBoolean(
final Entry entry, final AttributeType attributeType) throws DirectoryException {
final List<Attribute> attrList = entry.getAttribute(attributeType);
if (attrList != null) {
for (final Attribute a : attrList) {
if (a.isEmpty()) {
continue;
}
final String valueString = toLowerCase(a.iterator().next().getValue().toString());
if (valueString.equals("true")
|| valueString.equals("yes")
|| valueString.equals("on")
|| valueString.equals("1")) {
if (debugEnabled()) {
TRACER.debugInfo(
"Attribute %s resolves to true for user entry " + "%s",
attributeType.getNameOrOID(), entry.getDN().toString());
}
return ConditionResult.TRUE;
}
if (valueString.equals("false")
|| valueString.equals("no")
|| valueString.equals("off")
|| valueString.equals("0")) {
if (debugEnabled()) {
TRACER.debugInfo(
"Attribute %s resolves to false for user " + "entry %s",
attributeType.getNameOrOID(), entry.getDN().toString());
}
return ConditionResult.FALSE;
}
if (debugEnabled()) {
TRACER.debugError(
"Unable to resolve value %s for attribute %s " + "in user entry %s as a Boolean.",
valueString, attributeType.getNameOrOID(), entry.getDN().toString());
}
final Message message =
ERR_PWPSTATE_CANNOT_DECODE_BOOLEAN.get(
valueString, attributeType.getNameOrOID(), entry.getDN().toString());
throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message);
}
}
if (debugEnabled()) {
TRACER.debugInfo(
"Returning %s because attribute %s does not exist " + "in user entry %s",
ConditionResult.UNDEFINED.toString(),
attributeType.getNameOrOID(),
entry.getDN().toString());
}
return ConditionResult.UNDEFINED;
}
/**
* A utility method which may be used by implementations in order to obtain the value of the
* specified attribute from the provided entry as a time in generalized time format.
*
* @param entry The entry whose attribute is to be parsed as a boolean.
* @param attributeType The attribute type whose value should be parsed as a generalized time
* value.
* @return The requested time, or -1 if it could not be determined.
* @throws DirectoryException If a problem occurs while attempting to decode the value as a
* generalized time.
*/
protected static final long getGeneralizedTime(
final Entry entry, final AttributeType attributeType) throws DirectoryException {
long timeValue = -1;
final List<Attribute> attrList = entry.getAttribute(attributeType);
if (attrList != null) {
for (final Attribute a : attrList) {
if (a.isEmpty()) {
continue;
}
final AttributeValue v = a.iterator().next();
try {
timeValue = GeneralizedTimeSyntax.decodeGeneralizedTimeValue(v.getNormalizedValue());
} catch (final Exception e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
TRACER.debugWarning(
"Unable to decode value %s for attribute %s " + "in user entry %s: %s",
v.getValue().toString(),
attributeType.getNameOrOID(),
entry.getDN().toString(),
stackTraceToSingleLineString(e));
}
final Message message =
ERR_PWPSTATE_CANNOT_DECODE_GENERALIZED_TIME.get(
v.getValue().toString(),
attributeType.getNameOrOID(),
entry.getDN().toString(),
String.valueOf(e));
throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message, e);
}
break;
}
}
if (timeValue == -1) {
if (debugEnabled()) {
TRACER.debugInfo(
"Returning -1 because attribute %s does not " + "exist in user entry %s",
attributeType.getNameOrOID(), entry.getDN().toString());
}
}
// FIXME: else to be consistent...
return timeValue;
}
/**
* Returns {@code true} if this authentication policy state is associated with a user whose
* account has been administratively disabled.
*
* <p>The default implementation is use the value of the "ds-pwp-account-disable" attribute in the
* user's entry.
*
* @return {@code true} if this authentication policy state is associated with a user whose
* account has been administratively disabled.
*/
public boolean isDisabled() {
final AttributeType type = DirectoryServer.getAttributeType(OP_ATTR_ACCOUNT_DISABLED, true);
try {
isDisabled = getBoolean(userEntry, type);
} catch (final Exception e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
isDisabled = ConditionResult.TRUE;
if (debugEnabled()) {
TRACER.debugWarning(
"User %s is considered administratively "
+ "disabled because an error occurred while "
+ "attempting to make the determination: %s.",
userEntry.getDN().toString(), stackTraceToSingleLineString(e));
}
return true;
}
if (isDisabled == ConditionResult.UNDEFINED) {
isDisabled = ConditionResult.FALSE;
if (debugEnabled()) {
TRACER.debugInfo(
"User %s is not administratively disabled since "
+ "the attribute \"%s\" is not present in the entry.",
userEntry.getDN().toString(), OP_ATTR_ACCOUNT_DISABLED);
}
return false;
}
if (debugEnabled()) {
TRACER.debugInfo(
"User %s %s administratively disabled.",
userEntry.getDN().toString(), ((isDisabled == ConditionResult.TRUE) ? " is" : " is not"));
}
return isDisabled == ConditionResult.TRUE;
}
private DN getDN(Entry e) {
return e != null ? e.getDN() : DN.nullDN();
}