Source code

001/*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License").  You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
010 * or http://forgerock.org/license/CDDLv1.0.html.
011 * See the License for the specific language governing permissions
012 * and limitations under the License.
013 *
014 * When distributing Covered Code, include this CDDL HEADER in each
015 * file and include the License file at legal-notices/CDDLv1_0.txt.
016 * If applicable, add the following below this CDDL HEADER, with the
017 * fields enclosed by brackets "[]" replaced with your own identifying
018 * information:
019 *      Portions Copyright [yyyy] [name of copyright owner]
020 *
021 * CDDL HEADER END
022 *
023 *
024 *      Copyright 2008 Sun Microsystems, Inc.
025 */
026package org.forgerock.opendj.server.config.meta;
027
028
029
030import org.forgerock.opendj.config.AdministratorAction;
031import org.forgerock.opendj.config.AggregationPropertyDefinition;
032import org.forgerock.opendj.config.AttributeTypePropertyDefinition;
033import org.forgerock.opendj.config.BooleanPropertyDefinition;
034import org.forgerock.opendj.config.ClassPropertyDefinition;
035import org.forgerock.opendj.config.client.ConcurrentModificationException;
036import org.forgerock.opendj.config.client.ManagedObject;
037import org.forgerock.opendj.config.client.MissingMandatoryPropertiesException;
038import org.forgerock.opendj.config.client.OperationRejectedException;
039import org.forgerock.opendj.config.conditions.Conditions;
040import org.forgerock.opendj.config.DefaultBehaviorProvider;
041import org.forgerock.opendj.config.DefinedDefaultBehaviorProvider;
042import org.forgerock.opendj.config.EnumPropertyDefinition;
043import org.forgerock.opendj.config.ManagedObjectAlreadyExistsException;
044import org.forgerock.opendj.config.ManagedObjectDefinition;
045import org.forgerock.opendj.config.PropertyOption;
046import org.forgerock.opendj.config.PropertyProvider;
047import org.forgerock.opendj.config.server.ConfigurationChangeListener;
048import org.forgerock.opendj.config.server.ServerManagedObject;
049import org.forgerock.opendj.config.Tag;
050import org.forgerock.opendj.config.UndefinedDefaultBehaviorProvider;
051import org.forgerock.opendj.ldap.DN;
052import org.forgerock.opendj.ldap.LdapException;
053import org.forgerock.opendj.ldap.schema.AttributeType;
054import org.forgerock.opendj.server.config.client.CertificateMapperCfgClient;
055import org.forgerock.opendj.server.config.client.ExternalSASLMechanismHandlerCfgClient;
056import org.forgerock.opendj.server.config.server.CertificateMapperCfg;
057import org.forgerock.opendj.server.config.server.ExternalSASLMechanismHandlerCfg;
058import org.forgerock.opendj.server.config.server.SASLMechanismHandlerCfg;
059
060
061
062/**
063 * An interface for querying the External SASL Mechanism Handler
064 * managed object definition meta information.
065 * <p>
066 * The External SASL Mechanism Handler performs all processing related
067 * to SASL EXTERNAL authentication.
068 */
069public final class ExternalSASLMechanismHandlerCfgDefn extends ManagedObjectDefinition<ExternalSASLMechanismHandlerCfgClient, ExternalSASLMechanismHandlerCfg> {
070
071  /** The singleton configuration definition instance. */
072  private static final ExternalSASLMechanismHandlerCfgDefn INSTANCE = new ExternalSASLMechanismHandlerCfgDefn();
073
074
075
076  /**
077   * Defines the set of permissable values for the "certificate-validation-policy" property.
078   * <p>
079   * Indicates whether to attempt to validate the peer certificate
080   * against a certificate held in the user's entry.
081   */
082  public static enum CertificateValidationPolicy {
083
084    /**
085     * Always require the peer certificate to be present in the user's
086     * entry.
087     */
088    ALWAYS("always"),
089
090
091
092    /**
093     * If the user's entry contains one or more certificates, require
094     * that one of them match the peer certificate.
095     */
096    IFPRESENT("ifpresent"),
097
098
099
100    /**
101     * Do not look for the peer certificate to be present in the
102     * user's entry.
103     */
104    NEVER("never");
105
106
107
108    /** String representation of the value. */
109    private final String name;
110
111
112
113    /** Private constructor. */
114    private CertificateValidationPolicy(String name) { this.name = name; }
115
116
117
118    /** {@inheritDoc} */
119    public String toString() { return name; }
120
121  }
122
123
124
125  /** The "certificate-attribute" property definition. */
126  private static final AttributeTypePropertyDefinition PD_CERTIFICATE_ATTRIBUTE;
127
128
129
130  /** The "certificate-mapper" property definition. */
131  private static final AggregationPropertyDefinition<CertificateMapperCfgClient, CertificateMapperCfg> PD_CERTIFICATE_MAPPER;
132
133
134
135  /** The "certificate-validation-policy" property definition. */
136  private static final EnumPropertyDefinition<CertificateValidationPolicy> PD_CERTIFICATE_VALIDATION_POLICY;
137
138
139
140  /** The "java-class" property definition. */
141  private static final ClassPropertyDefinition PD_JAVA_CLASS;
142
143
144
145  /** Build the "certificate-attribute" property definition. */
146  static {
147      AttributeTypePropertyDefinition.Builder builder = AttributeTypePropertyDefinition.createBuilder(INSTANCE, "certificate-attribute");
148      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "certificate-attribute"));
149      DefaultBehaviorProvider<AttributeType> provider = new DefinedDefaultBehaviorProvider<AttributeType>("userCertificate");
150      builder.setDefaultBehaviorProvider(provider);
151      PD_CERTIFICATE_ATTRIBUTE = builder.getInstance();
152      INSTANCE.registerPropertyDefinition(PD_CERTIFICATE_ATTRIBUTE);
153  }
154
155
156
157  /** Build the "certificate-mapper" property definition. */
158  static {
159      AggregationPropertyDefinition.Builder<CertificateMapperCfgClient, CertificateMapperCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "certificate-mapper");
160      builder.setOption(PropertyOption.MANDATORY);
161      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "certificate-mapper"));
162      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
163      builder.setParentPath("/");
164      builder.setRelationDefinition("certificate-mapper");
165      builder.setTargetNeedsEnablingCondition(Conditions.contains("enabled", "true"));
166      builder.setTargetIsEnabledCondition(Conditions.contains("enabled", "true"));
167      PD_CERTIFICATE_MAPPER = builder.getInstance();
168      INSTANCE.registerPropertyDefinition(PD_CERTIFICATE_MAPPER);
169      INSTANCE.registerConstraint(PD_CERTIFICATE_MAPPER.getSourceConstraint());
170  }
171
172
173
174  /** Build the "certificate-validation-policy" property definition. */
175  static {
176      EnumPropertyDefinition.Builder<CertificateValidationPolicy> builder = EnumPropertyDefinition.createBuilder(INSTANCE, "certificate-validation-policy");
177      builder.setOption(PropertyOption.MANDATORY);
178      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "certificate-validation-policy"));
179      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<CertificateValidationPolicy>());
180      builder.setEnumClass(CertificateValidationPolicy.class);
181      PD_CERTIFICATE_VALIDATION_POLICY = builder.getInstance();
182      INSTANCE.registerPropertyDefinition(PD_CERTIFICATE_VALIDATION_POLICY);
183  }
184
185
186
187  /** Build the "java-class" property definition. */
188  static {
189      ClassPropertyDefinition.Builder builder = ClassPropertyDefinition.createBuilder(INSTANCE, "java-class");
190      builder.setOption(PropertyOption.MANDATORY);
191      builder.setOption(PropertyOption.ADVANCED);
192      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.COMPONENT_RESTART, INSTANCE, "java-class"));
193      DefaultBehaviorProvider<String> provider = new DefinedDefaultBehaviorProvider<String>("org.opends.server.extensions.ExternalSASLMechanismHandler");
194      builder.setDefaultBehaviorProvider(provider);
195      builder.addInstanceOf("org.opends.server.api.SASLMechanismHandler");
196      PD_JAVA_CLASS = builder.getInstance();
197      INSTANCE.registerPropertyDefinition(PD_JAVA_CLASS);
198  }
199
200
201
202  // Register the tags associated with this managed object definition.
203  static {
204    INSTANCE.registerTag(Tag.valueOf("security"));
205  }
206
207
208
209  /**
210   * Get the External SASL Mechanism Handler configuration definition
211   * singleton.
212   *
213   * @return Returns the External SASL Mechanism Handler configuration
214   *         definition singleton.
215   */
216  public static ExternalSASLMechanismHandlerCfgDefn getInstance() {
217    return INSTANCE;
218  }
219
220
221
222  /**
223   * Private constructor.
224   */
225  private ExternalSASLMechanismHandlerCfgDefn() {
226    super("external-sasl-mechanism-handler", SASLMechanismHandlerCfgDefn.getInstance());
227  }
228
229
230
231  /** {@inheritDoc} */
232  public ExternalSASLMechanismHandlerCfgClient createClientConfiguration(
233      ManagedObject<? extends ExternalSASLMechanismHandlerCfgClient> impl) {
234    return new ExternalSASLMechanismHandlerCfgClientImpl(impl);
235  }
236
237
238
239  /** {@inheritDoc} */
240  public ExternalSASLMechanismHandlerCfg createServerConfiguration(
241      ServerManagedObject<? extends ExternalSASLMechanismHandlerCfg> impl) {
242    return new ExternalSASLMechanismHandlerCfgServerImpl(impl);
243  }
244
245
246
247  /** {@inheritDoc} */
248  public Class<ExternalSASLMechanismHandlerCfg> getServerConfigurationClass() {
249    return ExternalSASLMechanismHandlerCfg.class;
250  }
251
252
253
254  /**
255   * Get the "certificate-attribute" property definition.
256   * <p>
257   * Specifies the name of the attribute to hold user certificates.
258   * <p>
259   * This property must specify the name of a valid attribute type
260   * defined in the server schema.
261   *
262   * @return Returns the "certificate-attribute" property definition.
263   */
264  public AttributeTypePropertyDefinition getCertificateAttributePropertyDefinition() {
265    return PD_CERTIFICATE_ATTRIBUTE;
266  }
267
268
269
270  /**
271   * Get the "certificate-mapper" property definition.
272   * <p>
273   * Specifies the name of the certificate mapper that should be used
274   * to match client certificates to user entries.
275   *
276   * @return Returns the "certificate-mapper" property definition.
277   */
278  public AggregationPropertyDefinition<CertificateMapperCfgClient, CertificateMapperCfg> getCertificateMapperPropertyDefinition() {
279    return PD_CERTIFICATE_MAPPER;
280  }
281
282
283
284  /**
285   * Get the "certificate-validation-policy" property definition.
286   * <p>
287   * Indicates whether to attempt to validate the peer certificate
288   * against a certificate held in the user's entry.
289   *
290   * @return Returns the "certificate-validation-policy" property definition.
291   */
292  public EnumPropertyDefinition<CertificateValidationPolicy> getCertificateValidationPolicyPropertyDefinition() {
293    return PD_CERTIFICATE_VALIDATION_POLICY;
294  }
295
296
297
298  /**
299   * Get the "enabled" property definition.
300   * <p>
301   * Indicates whether the SASL mechanism handler is enabled for use.
302   *
303   * @return Returns the "enabled" property definition.
304   */
305  public BooleanPropertyDefinition getEnabledPropertyDefinition() {
306    return SASLMechanismHandlerCfgDefn.getInstance().getEnabledPropertyDefinition();
307  }
308
309
310
311  /**
312   * Get the "java-class" property definition.
313   * <p>
314   * Specifies the fully-qualified name of the Java class that
315   * provides the SASL mechanism handler implementation.
316   *
317   * @return Returns the "java-class" property definition.
318   */
319  public ClassPropertyDefinition getJavaClassPropertyDefinition() {
320    return PD_JAVA_CLASS;
321  }
322
323
324
325  /**
326   * Managed object client implementation.
327   */
328  private static class ExternalSASLMechanismHandlerCfgClientImpl implements
329    ExternalSASLMechanismHandlerCfgClient {
330
331    /** Private implementation. */
332    private ManagedObject<? extends ExternalSASLMechanismHandlerCfgClient> impl;
333
334
335
336    /** Private constructor. */
337    private ExternalSASLMechanismHandlerCfgClientImpl(
338        ManagedObject<? extends ExternalSASLMechanismHandlerCfgClient> impl) {
339      this.impl = impl;
340    }
341
342
343
344    /** {@inheritDoc} */
345    public AttributeType getCertificateAttribute() {
346      return impl.getPropertyValue(INSTANCE.getCertificateAttributePropertyDefinition());
347    }
348
349
350
351    /** {@inheritDoc} */
352    public void setCertificateAttribute(AttributeType value) {
353      impl.setPropertyValue(INSTANCE.getCertificateAttributePropertyDefinition(), value);
354    }
355
356
357
358    /** {@inheritDoc} */
359    public String getCertificateMapper() {
360      return impl.getPropertyValue(INSTANCE.getCertificateMapperPropertyDefinition());
361    }
362
363
364
365    /** {@inheritDoc} */
366    public void setCertificateMapper(String value) {
367      impl.setPropertyValue(INSTANCE.getCertificateMapperPropertyDefinition(), value);
368    }
369
370
371
372    /** {@inheritDoc} */
373    public CertificateValidationPolicy getCertificateValidationPolicy() {
374      return impl.getPropertyValue(INSTANCE.getCertificateValidationPolicyPropertyDefinition());
375    }
376
377
378
379    /** {@inheritDoc} */
380    public void setCertificateValidationPolicy(CertificateValidationPolicy value) {
381      impl.setPropertyValue(INSTANCE.getCertificateValidationPolicyPropertyDefinition(), value);
382    }
383
384
385
386    /** {@inheritDoc} */
387    public Boolean isEnabled() {
388      return impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition());
389    }
390
391
392
393    /** {@inheritDoc} */
394    public void setEnabled(boolean value) {
395      impl.setPropertyValue(INSTANCE.getEnabledPropertyDefinition(), value);
396    }
397
398
399
400    /** {@inheritDoc} */
401    public String getJavaClass() {
402      return impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition());
403    }
404
405
406
407    /** {@inheritDoc} */
408    public void setJavaClass(String value) {
409      impl.setPropertyValue(INSTANCE.getJavaClassPropertyDefinition(), value);
410    }
411
412
413
414    /** {@inheritDoc} */
415    public ManagedObjectDefinition<? extends ExternalSASLMechanismHandlerCfgClient, ? extends ExternalSASLMechanismHandlerCfg> definition() {
416      return INSTANCE;
417    }
418
419
420
421    /** {@inheritDoc} */
422    public PropertyProvider properties() {
423      return impl;
424    }
425
426
427
428    /** {@inheritDoc} */
429    public void commit() throws ManagedObjectAlreadyExistsException,
430        MissingMandatoryPropertiesException, ConcurrentModificationException,
431        OperationRejectedException, LdapException {
432      impl.commit();
433    }
434
435
436
437    /** {@inheritDoc} */
438    public String toString() {
439      return impl.toString();
440    }
441  }
442
443
444
445  /**
446   * Managed object server implementation.
447   */
448  private static class ExternalSASLMechanismHandlerCfgServerImpl implements
449    ExternalSASLMechanismHandlerCfg {
450
451    /** Private implementation. */
452    private ServerManagedObject<? extends ExternalSASLMechanismHandlerCfg> impl;
453
454    /** The value of the "certificate-attribute" property. */
455    private final AttributeType pCertificateAttribute;
456
457    /** The value of the "certificate-mapper" property. */
458    private final String pCertificateMapper;
459
460    /** The value of the "certificate-validation-policy" property. */
461    private final CertificateValidationPolicy pCertificateValidationPolicy;
462
463    /** The value of the "enabled" property. */
464    private final boolean pEnabled;
465
466    /** The value of the "java-class" property. */
467    private final String pJavaClass;
468
469
470
471    /** Private constructor. */
472    private ExternalSASLMechanismHandlerCfgServerImpl(ServerManagedObject<? extends ExternalSASLMechanismHandlerCfg> impl) {
473      this.impl = impl;
474      this.pCertificateAttribute = impl.getPropertyValue(INSTANCE.getCertificateAttributePropertyDefinition());
475      this.pCertificateMapper = impl.getPropertyValue(INSTANCE.getCertificateMapperPropertyDefinition());
476      this.pCertificateValidationPolicy = impl.getPropertyValue(INSTANCE.getCertificateValidationPolicyPropertyDefinition());
477      this.pEnabled = impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition());
478      this.pJavaClass = impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition());
479    }
480
481
482
483    /** {@inheritDoc} */
484    public void addExternalChangeListener(
485        ConfigurationChangeListener<ExternalSASLMechanismHandlerCfg> listener) {
486      impl.registerChangeListener(listener);
487    }
488
489
490
491    /** {@inheritDoc} */
492    public void removeExternalChangeListener(
493        ConfigurationChangeListener<ExternalSASLMechanismHandlerCfg> listener) {
494      impl.deregisterChangeListener(listener);
495    }
496    /** {@inheritDoc} */
497    public void addChangeListener(
498        ConfigurationChangeListener<SASLMechanismHandlerCfg> listener) {
499      impl.registerChangeListener(listener);
500    }
501
502
503
504    /** {@inheritDoc} */
505    public void removeChangeListener(
506        ConfigurationChangeListener<SASLMechanismHandlerCfg> listener) {
507      impl.deregisterChangeListener(listener);
508    }
509
510
511
512    /** {@inheritDoc} */
513    public AttributeType getCertificateAttribute() {
514      return pCertificateAttribute;
515    }
516
517
518
519    /** {@inheritDoc} */
520    public String getCertificateMapper() {
521      return pCertificateMapper;
522    }
523
524
525
526    /**
527     * {@inheritDoc}
528     */
529    public DN getCertificateMapperDN() {
530      String value = getCertificateMapper();
531      if (value == null) return null;
532      return INSTANCE.getCertificateMapperPropertyDefinition().getChildDN(value);
533    }
534
535
536
537    /** {@inheritDoc} */
538    public CertificateValidationPolicy getCertificateValidationPolicy() {
539      return pCertificateValidationPolicy;
540    }
541
542
543
544    /** {@inheritDoc} */
545    public boolean isEnabled() {
546      return pEnabled;
547    }
548
549
550
551    /** {@inheritDoc} */
552    public String getJavaClass() {
553      return pJavaClass;
554    }
555
556
557
558    /** {@inheritDoc} */
559    public Class<? extends ExternalSASLMechanismHandlerCfg> configurationClass() {
560      return ExternalSASLMechanismHandlerCfg.class;
561    }
562
563
564
565    /** {@inheritDoc} */
566    public DN dn() {
567      return impl.getDN();
568    }
569
570
571
572    /** {@inheritDoc} */
573    public String toString() {
574      return impl.toString();
575    }
576  }
577}