Source code

001/*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License").  You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
010 * or http://forgerock.org/license/CDDLv1.0.html.
011 * See the License for the specific language governing permissions
012 * and limitations under the License.
013 *
014 * When distributing Covered Code, include this CDDL HEADER in each
015 * file and include the License file at legal-notices/CDDLv1_0.txt.
016 * If applicable, add the following below this CDDL HEADER, with the
017 * fields enclosed by brackets "[]" replaced with your own identifying
018 * information:
019 *      Portions Copyright [yyyy] [name of copyright owner]
020 *
021 * CDDL HEADER END
022 *
023 *
024 *      Copyright 2008 Sun Microsystems, Inc.
025 */
026package org.forgerock.opendj.server.config.meta;
027
028
029
030import java.util.Collection;
031import java.util.SortedSet;
032import org.forgerock.opendj.config.AdministratorAction;
033import org.forgerock.opendj.config.AliasDefaultBehaviorProvider;
034import org.forgerock.opendj.config.AttributeTypePropertyDefinition;
035import org.forgerock.opendj.config.BooleanPropertyDefinition;
036import org.forgerock.opendj.config.ClassPropertyDefinition;
037import org.forgerock.opendj.config.client.ConcurrentModificationException;
038import org.forgerock.opendj.config.client.ManagedObject;
039import org.forgerock.opendj.config.client.MissingMandatoryPropertiesException;
040import org.forgerock.opendj.config.client.OperationRejectedException;
041import org.forgerock.opendj.config.DefaultBehaviorProvider;
042import org.forgerock.opendj.config.DefinedDefaultBehaviorProvider;
043import org.forgerock.opendj.config.DNPropertyDefinition;
044import org.forgerock.opendj.config.EnumPropertyDefinition;
045import org.forgerock.opendj.config.ManagedObjectAlreadyExistsException;
046import org.forgerock.opendj.config.ManagedObjectDefinition;
047import org.forgerock.opendj.config.PropertyOption;
048import org.forgerock.opendj.config.PropertyProvider;
049import org.forgerock.opendj.config.server.ConfigurationChangeListener;
050import org.forgerock.opendj.config.server.ServerManagedObject;
051import org.forgerock.opendj.config.Tag;
052import org.forgerock.opendj.config.UndefinedDefaultBehaviorProvider;
053import org.forgerock.opendj.ldap.DN;
054import org.forgerock.opendj.ldap.LdapException;
055import org.forgerock.opendj.ldap.schema.AttributeType;
056import org.forgerock.opendj.server.config.client.FingerprintCertificateMapperCfgClient;
057import org.forgerock.opendj.server.config.server.CertificateMapperCfg;
058import org.forgerock.opendj.server.config.server.FingerprintCertificateMapperCfg;
059
060
061
062/**
063 * An interface for querying the Fingerprint Certificate Mapper
064 * managed object definition meta information.
065 * <p>
066 * The Fingerprint Certificate Mapper maps client certificates to user
067 * entries by looking for the MD5 or SHA1 fingerprint in a specified
068 * attribute of user entries.
069 */
070public final class FingerprintCertificateMapperCfgDefn extends ManagedObjectDefinition<FingerprintCertificateMapperCfgClient, FingerprintCertificateMapperCfg> {
071
072  /** The singleton configuration definition instance. */
073  private static final FingerprintCertificateMapperCfgDefn INSTANCE = new FingerprintCertificateMapperCfgDefn();
074
075
076
077  /**
078   * Defines the set of permissable values for the "fingerprint-algorithm" property.
079   * <p>
080   * Specifies the name of the digest algorithm to compute the
081   * fingerprint of client certificates.
082   */
083  public static enum FingerprintAlgorithm {
084
085    /**
086     * Use the MD5 digest algorithm to compute certificate
087     * fingerprints.
088     */
089    MD5("md5"),
090
091
092
093    /**
094     * Use the SHA-1 digest algorithm to compute certificate
095     * fingerprints.
096     */
097    SHA1("sha1");
098
099
100
101    /** String representation of the value. */
102    private final String name;
103
104
105
106    /** Private constructor. */
107    private FingerprintAlgorithm(String name) { this.name = name; }
108
109
110
111    /** {@inheritDoc} */
112    public String toString() { return name; }
113
114  }
115
116
117
118  /** The "fingerprint-algorithm" property definition. */
119  private static final EnumPropertyDefinition<FingerprintAlgorithm> PD_FINGERPRINT_ALGORITHM;
120
121
122
123  /** The "fingerprint-attribute" property definition. */
124  private static final AttributeTypePropertyDefinition PD_FINGERPRINT_ATTRIBUTE;
125
126
127
128  /** The "java-class" property definition. */
129  private static final ClassPropertyDefinition PD_JAVA_CLASS;
130
131
132
133  /** The "user-base-dn" property definition. */
134  private static final DNPropertyDefinition PD_USER_BASE_DN;
135
136
137
138  /** Build the "fingerprint-algorithm" property definition. */
139  static {
140      EnumPropertyDefinition.Builder<FingerprintAlgorithm> builder = EnumPropertyDefinition.createBuilder(INSTANCE, "fingerprint-algorithm");
141      builder.setOption(PropertyOption.MANDATORY);
142      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "fingerprint-algorithm"));
143      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<FingerprintAlgorithm>());
144      builder.setEnumClass(FingerprintAlgorithm.class);
145      PD_FINGERPRINT_ALGORITHM = builder.getInstance();
146      INSTANCE.registerPropertyDefinition(PD_FINGERPRINT_ALGORITHM);
147  }
148
149
150
151  /** Build the "fingerprint-attribute" property definition. */
152  static {
153      AttributeTypePropertyDefinition.Builder builder = AttributeTypePropertyDefinition.createBuilder(INSTANCE, "fingerprint-attribute");
154      builder.setOption(PropertyOption.MANDATORY);
155      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "fingerprint-attribute"));
156      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<AttributeType>());
157      PD_FINGERPRINT_ATTRIBUTE = builder.getInstance();
158      INSTANCE.registerPropertyDefinition(PD_FINGERPRINT_ATTRIBUTE);
159  }
160
161
162
163  /** Build the "java-class" property definition. */
164  static {
165      ClassPropertyDefinition.Builder builder = ClassPropertyDefinition.createBuilder(INSTANCE, "java-class");
166      builder.setOption(PropertyOption.MANDATORY);
167      builder.setOption(PropertyOption.ADVANCED);
168      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.COMPONENT_RESTART, INSTANCE, "java-class"));
169      DefaultBehaviorProvider<String> provider = new DefinedDefaultBehaviorProvider<String>("org.opends.server.extensions.FingerprintCertificateMapper");
170      builder.setDefaultBehaviorProvider(provider);
171      builder.addInstanceOf("org.opends.server.api.CertificateMapper");
172      PD_JAVA_CLASS = builder.getInstance();
173      INSTANCE.registerPropertyDefinition(PD_JAVA_CLASS);
174  }
175
176
177
178  /** Build the "user-base-dn" property definition. */
179  static {
180      DNPropertyDefinition.Builder builder = DNPropertyDefinition.createBuilder(INSTANCE, "user-base-dn");
181      builder.setOption(PropertyOption.MULTI_VALUED);
182      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "user-base-dn"));
183      builder.setDefaultBehaviorProvider(new AliasDefaultBehaviorProvider<DN>(INSTANCE, "user-base-dn"));
184      PD_USER_BASE_DN = builder.getInstance();
185      INSTANCE.registerPropertyDefinition(PD_USER_BASE_DN);
186  }
187
188
189
190  // Register the tags associated with this managed object definition.
191  static {
192    INSTANCE.registerTag(Tag.valueOf("security"));
193    INSTANCE.registerTag(Tag.valueOf("user-management"));
194  }
195
196
197
198  /**
199   * Get the Fingerprint Certificate Mapper configuration definition
200   * singleton.
201   *
202   * @return Returns the Fingerprint Certificate Mapper configuration
203   *         definition singleton.
204   */
205  public static FingerprintCertificateMapperCfgDefn getInstance() {
206    return INSTANCE;
207  }
208
209
210
211  /**
212   * Private constructor.
213   */
214  private FingerprintCertificateMapperCfgDefn() {
215    super("fingerprint-certificate-mapper", CertificateMapperCfgDefn.getInstance());
216  }
217
218
219
220  /** {@inheritDoc} */
221  public FingerprintCertificateMapperCfgClient createClientConfiguration(
222      ManagedObject<? extends FingerprintCertificateMapperCfgClient> impl) {
223    return new FingerprintCertificateMapperCfgClientImpl(impl);
224  }
225
226
227
228  /** {@inheritDoc} */
229  public FingerprintCertificateMapperCfg createServerConfiguration(
230      ServerManagedObject<? extends FingerprintCertificateMapperCfg> impl) {
231    return new FingerprintCertificateMapperCfgServerImpl(impl);
232  }
233
234
235
236  /** {@inheritDoc} */
237  public Class<FingerprintCertificateMapperCfg> getServerConfigurationClass() {
238    return FingerprintCertificateMapperCfg.class;
239  }
240
241
242
243  /**
244   * Get the "enabled" property definition.
245   * <p>
246   * Indicates whether the Fingerprint Certificate Mapper is enabled.
247   *
248   * @return Returns the "enabled" property definition.
249   */
250  public BooleanPropertyDefinition getEnabledPropertyDefinition() {
251    return CertificateMapperCfgDefn.getInstance().getEnabledPropertyDefinition();
252  }
253
254
255
256  /**
257   * Get the "fingerprint-algorithm" property definition.
258   * <p>
259   * Specifies the name of the digest algorithm to compute the
260   * fingerprint of client certificates.
261   *
262   * @return Returns the "fingerprint-algorithm" property definition.
263   */
264  public EnumPropertyDefinition<FingerprintAlgorithm> getFingerprintAlgorithmPropertyDefinition() {
265    return PD_FINGERPRINT_ALGORITHM;
266  }
267
268
269
270  /**
271   * Get the "fingerprint-attribute" property definition.
272   * <p>
273   * Specifies the attribute in which to look for the fingerprint.
274   * <p>
275   * Values of the fingerprint attribute should exactly match the MD5
276   * or SHA1 representation of the certificate fingerprint.
277   *
278   * @return Returns the "fingerprint-attribute" property definition.
279   */
280  public AttributeTypePropertyDefinition getFingerprintAttributePropertyDefinition() {
281    return PD_FINGERPRINT_ATTRIBUTE;
282  }
283
284
285
286  /**
287   * Get the "java-class" property definition.
288   * <p>
289   * Specifies the fully-qualified name of the Java class that
290   * provides the Fingerprint Certificate Mapper implementation.
291   *
292   * @return Returns the "java-class" property definition.
293   */
294  public ClassPropertyDefinition getJavaClassPropertyDefinition() {
295    return PD_JAVA_CLASS;
296  }
297
298
299
300  /**
301   * Get the "user-base-dn" property definition.
302   * <p>
303   * Specifies the set of base DNs below which to search for users.
304   * <p>
305   * The base DNs are used when performing searches to map the client
306   * certificates to a user entry.
307   *
308   * @return Returns the "user-base-dn" property definition.
309   */
310  public DNPropertyDefinition getUserBaseDNPropertyDefinition() {
311    return PD_USER_BASE_DN;
312  }
313
314
315
316  /**
317   * Managed object client implementation.
318   */
319  private static class FingerprintCertificateMapperCfgClientImpl implements
320    FingerprintCertificateMapperCfgClient {
321
322    /** Private implementation. */
323    private ManagedObject<? extends FingerprintCertificateMapperCfgClient> impl;
324
325
326
327    /** Private constructor. */
328    private FingerprintCertificateMapperCfgClientImpl(
329        ManagedObject<? extends FingerprintCertificateMapperCfgClient> impl) {
330      this.impl = impl;
331    }
332
333
334
335    /** {@inheritDoc} */
336    public Boolean isEnabled() {
337      return impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition());
338    }
339
340
341
342    /** {@inheritDoc} */
343    public void setEnabled(boolean value) {
344      impl.setPropertyValue(INSTANCE.getEnabledPropertyDefinition(), value);
345    }
346
347
348
349    /** {@inheritDoc} */
350    public FingerprintAlgorithm getFingerprintAlgorithm() {
351      return impl.getPropertyValue(INSTANCE.getFingerprintAlgorithmPropertyDefinition());
352    }
353
354
355
356    /** {@inheritDoc} */
357    public void setFingerprintAlgorithm(FingerprintAlgorithm value) {
358      impl.setPropertyValue(INSTANCE.getFingerprintAlgorithmPropertyDefinition(), value);
359    }
360
361
362
363    /** {@inheritDoc} */
364    public AttributeType getFingerprintAttribute() {
365      return impl.getPropertyValue(INSTANCE.getFingerprintAttributePropertyDefinition());
366    }
367
368
369
370    /** {@inheritDoc} */
371    public void setFingerprintAttribute(AttributeType value) {
372      impl.setPropertyValue(INSTANCE.getFingerprintAttributePropertyDefinition(), value);
373    }
374
375
376
377    /** {@inheritDoc} */
378    public String getJavaClass() {
379      return impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition());
380    }
381
382
383
384    /** {@inheritDoc} */
385    public void setJavaClass(String value) {
386      impl.setPropertyValue(INSTANCE.getJavaClassPropertyDefinition(), value);
387    }
388
389
390
391    /** {@inheritDoc} */
392    public SortedSet<DN> getUserBaseDN() {
393      return impl.getPropertyValues(INSTANCE.getUserBaseDNPropertyDefinition());
394    }
395
396
397
398    /** {@inheritDoc} */
399    public void setUserBaseDN(Collection<DN> values) {
400      impl.setPropertyValues(INSTANCE.getUserBaseDNPropertyDefinition(), values);
401    }
402
403
404
405    /** {@inheritDoc} */
406    public ManagedObjectDefinition<? extends FingerprintCertificateMapperCfgClient, ? extends FingerprintCertificateMapperCfg> definition() {
407      return INSTANCE;
408    }
409
410
411
412    /** {@inheritDoc} */
413    public PropertyProvider properties() {
414      return impl;
415    }
416
417
418
419    /** {@inheritDoc} */
420    public void commit() throws ManagedObjectAlreadyExistsException,
421        MissingMandatoryPropertiesException, ConcurrentModificationException,
422        OperationRejectedException, LdapException {
423      impl.commit();
424    }
425
426
427
428    /** {@inheritDoc} */
429    public String toString() {
430      return impl.toString();
431    }
432  }
433
434
435
436  /**
437   * Managed object server implementation.
438   */
439  private static class FingerprintCertificateMapperCfgServerImpl implements
440    FingerprintCertificateMapperCfg {
441
442    /** Private implementation. */
443    private ServerManagedObject<? extends FingerprintCertificateMapperCfg> impl;
444
445    /** The value of the "enabled" property. */
446    private final boolean pEnabled;
447
448    /** The value of the "fingerprint-algorithm" property. */
449    private final FingerprintAlgorithm pFingerprintAlgorithm;
450
451    /** The value of the "fingerprint-attribute" property. */
452    private final AttributeType pFingerprintAttribute;
453
454    /** The value of the "java-class" property. */
455    private final String pJavaClass;
456
457    /** The value of the "user-base-dn" property. */
458    private final SortedSet<DN> pUserBaseDN;
459
460
461
462    /** Private constructor. */
463    private FingerprintCertificateMapperCfgServerImpl(ServerManagedObject<? extends FingerprintCertificateMapperCfg> impl) {
464      this.impl = impl;
465      this.pEnabled = impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition());
466      this.pFingerprintAlgorithm = impl.getPropertyValue(INSTANCE.getFingerprintAlgorithmPropertyDefinition());
467      this.pFingerprintAttribute = impl.getPropertyValue(INSTANCE.getFingerprintAttributePropertyDefinition());
468      this.pJavaClass = impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition());
469      this.pUserBaseDN = impl.getPropertyValues(INSTANCE.getUserBaseDNPropertyDefinition());
470    }
471
472
473
474    /** {@inheritDoc} */
475    public void addFingerprintChangeListener(
476        ConfigurationChangeListener<FingerprintCertificateMapperCfg> listener) {
477      impl.registerChangeListener(listener);
478    }
479
480
481
482    /** {@inheritDoc} */
483    public void removeFingerprintChangeListener(
484        ConfigurationChangeListener<FingerprintCertificateMapperCfg> listener) {
485      impl.deregisterChangeListener(listener);
486    }
487    /** {@inheritDoc} */
488    public void addChangeListener(
489        ConfigurationChangeListener<CertificateMapperCfg> listener) {
490      impl.registerChangeListener(listener);
491    }
492
493
494
495    /** {@inheritDoc} */
496    public void removeChangeListener(
497        ConfigurationChangeListener<CertificateMapperCfg> listener) {
498      impl.deregisterChangeListener(listener);
499    }
500
501
502
503    /** {@inheritDoc} */
504    public boolean isEnabled() {
505      return pEnabled;
506    }
507
508
509
510    /** {@inheritDoc} */
511    public FingerprintAlgorithm getFingerprintAlgorithm() {
512      return pFingerprintAlgorithm;
513    }
514
515
516
517    /** {@inheritDoc} */
518    public AttributeType getFingerprintAttribute() {
519      return pFingerprintAttribute;
520    }
521
522
523
524    /** {@inheritDoc} */
525    public String getJavaClass() {
526      return pJavaClass;
527    }
528
529
530
531    /** {@inheritDoc} */
532    public SortedSet<DN> getUserBaseDN() {
533      return pUserBaseDN;
534    }
535
536
537
538    /** {@inheritDoc} */
539    public Class<? extends FingerprintCertificateMapperCfg> configurationClass() {
540      return FingerprintCertificateMapperCfg.class;
541    }
542
543
544
545    /** {@inheritDoc} */
546    public DN dn() {
547      return impl.getDN();
548    }
549
550
551
552    /** {@inheritDoc} */
553    public String toString() {
554      return impl.toString();
555    }
556  }
557}