Source code

001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions Copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2008 Sun Microsystems, Inc.
015 */
016package org.opends.server.admin.std.meta;
017
018
019
020import org.forgerock.opendj.ldap.DN;
021import org.forgerock.opendj.ldap.schema.AttributeType;
022import org.opends.server.admin.AdministratorAction;
023import org.opends.server.admin.AggregationPropertyDefinition;
024import org.opends.server.admin.AttributeTypePropertyDefinition;
025import org.opends.server.admin.BooleanPropertyDefinition;
026import org.opends.server.admin.ClassPropertyDefinition;
027import org.opends.server.admin.client.AuthorizationException;
028import org.opends.server.admin.client.CommunicationException;
029import org.opends.server.admin.client.ConcurrentModificationException;
030import org.opends.server.admin.client.ManagedObject;
031import org.opends.server.admin.client.MissingMandatoryPropertiesException;
032import org.opends.server.admin.client.OperationRejectedException;
033import org.opends.server.admin.condition.Conditions;
034import org.opends.server.admin.DefaultBehaviorProvider;
035import org.opends.server.admin.DefinedDefaultBehaviorProvider;
036import org.opends.server.admin.EnumPropertyDefinition;
037import org.opends.server.admin.ManagedObjectAlreadyExistsException;
038import org.opends.server.admin.ManagedObjectDefinition;
039import org.opends.server.admin.PropertyOption;
040import org.opends.server.admin.PropertyProvider;
041import org.opends.server.admin.server.ConfigurationChangeListener;
042import org.opends.server.admin.server.ServerManagedObject;
043import org.opends.server.admin.std.client.CertificateMapperCfgClient;
044import org.opends.server.admin.std.client.ExternalSASLMechanismHandlerCfgClient;
045import org.opends.server.admin.std.server.CertificateMapperCfg;
046import org.opends.server.admin.std.server.ExternalSASLMechanismHandlerCfg;
047import org.opends.server.admin.std.server.SASLMechanismHandlerCfg;
048import org.opends.server.admin.Tag;
049import org.opends.server.admin.UndefinedDefaultBehaviorProvider;
050
051
052
053/**
054 * An interface for querying the External SASL Mechanism Handler
055 * managed object definition meta information.
056 * <p>
057 * The External SASL Mechanism Handler performs all processing related
058 * to SASL EXTERNAL authentication.
059 */
060public final class ExternalSASLMechanismHandlerCfgDefn extends ManagedObjectDefinition<ExternalSASLMechanismHandlerCfgClient, ExternalSASLMechanismHandlerCfg> {
061
062  // The singleton configuration definition instance.
063  private static final ExternalSASLMechanismHandlerCfgDefn INSTANCE = new ExternalSASLMechanismHandlerCfgDefn();
064
065
066
067  /**
068   * Defines the set of permissable values for the "certificate-validation-policy" property.
069   * <p>
070   * Indicates whether to attempt to validate the peer certificate
071   * against a certificate held in the user's entry.
072   */
073  public static enum CertificateValidationPolicy {
074
075    /**
076     * Always require the peer certificate to be present in the user's
077     * entry.
078     */
079    ALWAYS("always"),
080
081
082
083    /**
084     * If the user's entry contains one or more certificates, require
085     * that one of them match the peer certificate.
086     */
087    IFPRESENT("ifpresent"),
088
089
090
091    /**
092     * Do not look for the peer certificate to be present in the
093     * user's entry.
094     */
095    NEVER("never");
096
097
098
099    // String representation of the value.
100    private final String name;
101
102
103
104    // Private constructor.
105    private CertificateValidationPolicy(String name) { this.name = name; }
106
107
108
109    /**
110     * {@inheritDoc}
111     */
112    public String toString() { return name; }
113
114  }
115
116
117
118  // The "certificate-attribute" property definition.
119  private static final AttributeTypePropertyDefinition PD_CERTIFICATE_ATTRIBUTE;
120
121
122
123  // The "certificate-mapper" property definition.
124  private static final AggregationPropertyDefinition<CertificateMapperCfgClient, CertificateMapperCfg> PD_CERTIFICATE_MAPPER;
125
126
127
128  // The "certificate-validation-policy" property definition.
129  private static final EnumPropertyDefinition<CertificateValidationPolicy> PD_CERTIFICATE_VALIDATION_POLICY;
130
131
132
133  // The "java-class" property definition.
134  private static final ClassPropertyDefinition PD_JAVA_CLASS;
135
136
137
138  // Build the "certificate-attribute" property definition.
139  static {
140      AttributeTypePropertyDefinition.Builder builder = AttributeTypePropertyDefinition.createBuilder(INSTANCE, "certificate-attribute");
141      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "certificate-attribute"));
142      DefaultBehaviorProvider<AttributeType> provider = new DefinedDefaultBehaviorProvider<AttributeType>("userCertificate");
143      builder.setDefaultBehaviorProvider(provider);
144      PD_CERTIFICATE_ATTRIBUTE = builder.getInstance();
145      INSTANCE.registerPropertyDefinition(PD_CERTIFICATE_ATTRIBUTE);
146  }
147
148
149
150  // Build the "certificate-mapper" property definition.
151  static {
152      AggregationPropertyDefinition.Builder<CertificateMapperCfgClient, CertificateMapperCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "certificate-mapper");
153      builder.setOption(PropertyOption.MANDATORY);
154      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "certificate-mapper"));
155      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
156      builder.setParentPath("/");
157      builder.setRelationDefinition("certificate-mapper");
158      builder.setTargetNeedsEnablingCondition(Conditions.contains("enabled", "true"));
159      builder.setTargetIsEnabledCondition(Conditions.contains("enabled", "true"));
160      PD_CERTIFICATE_MAPPER = builder.getInstance();
161      INSTANCE.registerPropertyDefinition(PD_CERTIFICATE_MAPPER);
162      INSTANCE.registerConstraint(PD_CERTIFICATE_MAPPER.getSourceConstraint());
163  }
164
165
166
167  // Build the "certificate-validation-policy" property definition.
168  static {
169      EnumPropertyDefinition.Builder<CertificateValidationPolicy> builder = EnumPropertyDefinition.createBuilder(INSTANCE, "certificate-validation-policy");
170      builder.setOption(PropertyOption.MANDATORY);
171      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "certificate-validation-policy"));
172      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<CertificateValidationPolicy>());
173      builder.setEnumClass(CertificateValidationPolicy.class);
174      PD_CERTIFICATE_VALIDATION_POLICY = builder.getInstance();
175      INSTANCE.registerPropertyDefinition(PD_CERTIFICATE_VALIDATION_POLICY);
176  }
177
178
179
180  // Build the "java-class" property definition.
181  static {
182      ClassPropertyDefinition.Builder builder = ClassPropertyDefinition.createBuilder(INSTANCE, "java-class");
183      builder.setOption(PropertyOption.MANDATORY);
184      builder.setOption(PropertyOption.ADVANCED);
185      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.COMPONENT_RESTART, INSTANCE, "java-class"));
186      DefaultBehaviorProvider<String> provider = new DefinedDefaultBehaviorProvider<String>("org.opends.server.extensions.ExternalSASLMechanismHandler");
187      builder.setDefaultBehaviorProvider(provider);
188      builder.addInstanceOf("org.opends.server.api.SASLMechanismHandler");
189      PD_JAVA_CLASS = builder.getInstance();
190      INSTANCE.registerPropertyDefinition(PD_JAVA_CLASS);
191  }
192
193
194
195  // Register the tags associated with this managed object definition.
196  static {
197    INSTANCE.registerTag(Tag.valueOf("security"));
198  }
199
200
201
202  /**
203   * Get the External SASL Mechanism Handler configuration definition
204   * singleton.
205   *
206   * @return Returns the External SASL Mechanism Handler configuration
207   *         definition singleton.
208   */
209  public static ExternalSASLMechanismHandlerCfgDefn getInstance() {
210    return INSTANCE;
211  }
212
213
214
215  /**
216   * Private constructor.
217   */
218  private ExternalSASLMechanismHandlerCfgDefn() {
219    super("external-sasl-mechanism-handler", SASLMechanismHandlerCfgDefn.getInstance());
220  }
221
222
223
224  /**
225   * {@inheritDoc}
226   */
227  public ExternalSASLMechanismHandlerCfgClient createClientConfiguration(
228      ManagedObject<? extends ExternalSASLMechanismHandlerCfgClient> impl) {
229    return new ExternalSASLMechanismHandlerCfgClientImpl(impl);
230  }
231
232
233
234  /**
235   * {@inheritDoc}
236   */
237  public ExternalSASLMechanismHandlerCfg createServerConfiguration(
238      ServerManagedObject<? extends ExternalSASLMechanismHandlerCfg> impl) {
239    return new ExternalSASLMechanismHandlerCfgServerImpl(impl);
240  }
241
242
243
244  /**
245   * {@inheritDoc}
246   */
247  public Class<ExternalSASLMechanismHandlerCfg> getServerConfigurationClass() {
248    return ExternalSASLMechanismHandlerCfg.class;
249  }
250
251
252
253  /**
254   * Get the "certificate-attribute" property definition.
255   * <p>
256   * Specifies the name of the attribute to hold user certificates.
257   * <p>
258   * This property must specify the name of a valid attribute type
259   * defined in the server schema.
260   *
261   * @return Returns the "certificate-attribute" property definition.
262   */
263  public AttributeTypePropertyDefinition getCertificateAttributePropertyDefinition() {
264    return PD_CERTIFICATE_ATTRIBUTE;
265  }
266
267
268
269  /**
270   * Get the "certificate-mapper" property definition.
271   * <p>
272   * Specifies the name of the certificate mapper that should be used
273   * to match client certificates to user entries.
274   *
275   * @return Returns the "certificate-mapper" property definition.
276   */
277  public AggregationPropertyDefinition<CertificateMapperCfgClient, CertificateMapperCfg> getCertificateMapperPropertyDefinition() {
278    return PD_CERTIFICATE_MAPPER;
279  }
280
281
282
283  /**
284   * Get the "certificate-validation-policy" property definition.
285   * <p>
286   * Indicates whether to attempt to validate the peer certificate
287   * against a certificate held in the user's entry.
288   *
289   * @return Returns the "certificate-validation-policy" property definition.
290   */
291  public EnumPropertyDefinition<CertificateValidationPolicy> getCertificateValidationPolicyPropertyDefinition() {
292    return PD_CERTIFICATE_VALIDATION_POLICY;
293  }
294
295
296
297  /**
298   * Get the "enabled" property definition.
299   * <p>
300   * Indicates whether the SASL mechanism handler is enabled for use.
301   *
302   * @return Returns the "enabled" property definition.
303   */
304  public BooleanPropertyDefinition getEnabledPropertyDefinition() {
305    return SASLMechanismHandlerCfgDefn.getInstance().getEnabledPropertyDefinition();
306  }
307
308
309
310  /**
311   * Get the "java-class" property definition.
312   * <p>
313   * Specifies the fully-qualified name of the Java class that
314   * provides the SASL mechanism handler implementation.
315   *
316   * @return Returns the "java-class" property definition.
317   */
318  public ClassPropertyDefinition getJavaClassPropertyDefinition() {
319    return PD_JAVA_CLASS;
320  }
321
322
323
324  /**
325   * Managed object client implementation.
326   */
327  private static class ExternalSASLMechanismHandlerCfgClientImpl implements
328    ExternalSASLMechanismHandlerCfgClient {
329
330    // Private implementation.
331    private ManagedObject<? extends ExternalSASLMechanismHandlerCfgClient> impl;
332
333
334
335    // Private constructor.
336    private ExternalSASLMechanismHandlerCfgClientImpl(
337        ManagedObject<? extends ExternalSASLMechanismHandlerCfgClient> impl) {
338      this.impl = impl;
339    }
340
341
342
343    /**
344     * {@inheritDoc}
345     */
346    public AttributeType getCertificateAttribute() {
347      return impl.getPropertyValue(INSTANCE.getCertificateAttributePropertyDefinition());
348    }
349
350
351
352    /**
353     * {@inheritDoc}
354     */
355    public void setCertificateAttribute(AttributeType value) {
356      impl.setPropertyValue(INSTANCE.getCertificateAttributePropertyDefinition(), value);
357    }
358
359
360
361    /**
362     * {@inheritDoc}
363     */
364    public String getCertificateMapper() {
365      return impl.getPropertyValue(INSTANCE.getCertificateMapperPropertyDefinition());
366    }
367
368
369
370    /**
371     * {@inheritDoc}
372     */
373    public void setCertificateMapper(String value) {
374      impl.setPropertyValue(INSTANCE.getCertificateMapperPropertyDefinition(), value);
375    }
376
377
378
379    /**
380     * {@inheritDoc}
381     */
382    public CertificateValidationPolicy getCertificateValidationPolicy() {
383      return impl.getPropertyValue(INSTANCE.getCertificateValidationPolicyPropertyDefinition());
384    }
385
386
387
388    /**
389     * {@inheritDoc}
390     */
391    public void setCertificateValidationPolicy(CertificateValidationPolicy value) {
392      impl.setPropertyValue(INSTANCE.getCertificateValidationPolicyPropertyDefinition(), value);
393    }
394
395
396
397    /**
398     * {@inheritDoc}
399     */
400    public Boolean isEnabled() {
401      return impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition());
402    }
403
404
405
406    /**
407     * {@inheritDoc}
408     */
409    public void setEnabled(boolean value) {
410      impl.setPropertyValue(INSTANCE.getEnabledPropertyDefinition(), value);
411    }
412
413
414
415    /**
416     * {@inheritDoc}
417     */
418    public String getJavaClass() {
419      return impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition());
420    }
421
422
423
424    /**
425     * {@inheritDoc}
426     */
427    public void setJavaClass(String value) {
428      impl.setPropertyValue(INSTANCE.getJavaClassPropertyDefinition(), value);
429    }
430
431
432
433    /**
434     * {@inheritDoc}
435     */
436    public ManagedObjectDefinition<? extends ExternalSASLMechanismHandlerCfgClient, ? extends ExternalSASLMechanismHandlerCfg> definition() {
437      return INSTANCE;
438    }
439
440
441
442    /**
443     * {@inheritDoc}
444     */
445    public PropertyProvider properties() {
446      return impl;
447    }
448
449
450
451    /**
452     * {@inheritDoc}
453     */
454    public void commit() throws ManagedObjectAlreadyExistsException,
455        MissingMandatoryPropertiesException, ConcurrentModificationException,
456        OperationRejectedException, AuthorizationException,
457        CommunicationException {
458      impl.commit();
459    }
460
461
462
463    /** {@inheritDoc} */
464    public String toString() {
465      return impl.toString();
466    }
467  }
468
469
470
471  /**
472   * Managed object server implementation.
473   */
474  private static class ExternalSASLMechanismHandlerCfgServerImpl implements
475    ExternalSASLMechanismHandlerCfg {
476
477    // Private implementation.
478    private ServerManagedObject<? extends ExternalSASLMechanismHandlerCfg> impl;
479
480    // The value of the "certificate-attribute" property.
481    private final AttributeType pCertificateAttribute;
482
483    // The value of the "certificate-mapper" property.
484    private final String pCertificateMapper;
485
486    // The value of the "certificate-validation-policy" property.
487    private final CertificateValidationPolicy pCertificateValidationPolicy;
488
489    // The value of the "enabled" property.
490    private final boolean pEnabled;
491
492    // The value of the "java-class" property.
493    private final String pJavaClass;
494
495
496
497    // Private constructor.
498    private ExternalSASLMechanismHandlerCfgServerImpl(ServerManagedObject<? extends ExternalSASLMechanismHandlerCfg> impl) {
499      this.impl = impl;
500      this.pCertificateAttribute = impl.getPropertyValue(INSTANCE.getCertificateAttributePropertyDefinition());
501      this.pCertificateMapper = impl.getPropertyValue(INSTANCE.getCertificateMapperPropertyDefinition());
502      this.pCertificateValidationPolicy = impl.getPropertyValue(INSTANCE.getCertificateValidationPolicyPropertyDefinition());
503      this.pEnabled = impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition());
504      this.pJavaClass = impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition());
505    }
506
507
508
509    /**
510     * {@inheritDoc}
511     */
512    public void addExternalChangeListener(
513        ConfigurationChangeListener<ExternalSASLMechanismHandlerCfg> listener) {
514      impl.registerChangeListener(listener);
515    }
516
517
518
519    /**
520     * {@inheritDoc}
521     */
522    public void removeExternalChangeListener(
523        ConfigurationChangeListener<ExternalSASLMechanismHandlerCfg> listener) {
524      impl.deregisterChangeListener(listener);
525    }
526    /**
527     * {@inheritDoc}
528     */
529    public void addChangeListener(
530        ConfigurationChangeListener<SASLMechanismHandlerCfg> listener) {
531      impl.registerChangeListener(listener);
532    }
533
534
535
536    /**
537     * {@inheritDoc}
538     */
539    public void removeChangeListener(
540        ConfigurationChangeListener<SASLMechanismHandlerCfg> listener) {
541      impl.deregisterChangeListener(listener);
542    }
543
544
545
546    /**
547     * {@inheritDoc}
548     */
549    public AttributeType getCertificateAttribute() {
550      return pCertificateAttribute;
551    }
552
553
554
555    /**
556     * {@inheritDoc}
557     */
558    public String getCertificateMapper() {
559      return pCertificateMapper;
560    }
561
562
563
564    /**
565     * {@inheritDoc}
566     */
567    public DN getCertificateMapperDN() {
568      String value = getCertificateMapper();
569      if (value == null) return null;
570      return INSTANCE.getCertificateMapperPropertyDefinition().getChildDN(value);
571    }
572
573
574
575    /**
576     * {@inheritDoc}
577     */
578    public CertificateValidationPolicy getCertificateValidationPolicy() {
579      return pCertificateValidationPolicy;
580    }
581
582
583
584    /**
585     * {@inheritDoc}
586     */
587    public boolean isEnabled() {
588      return pEnabled;
589    }
590
591
592
593    /**
594     * {@inheritDoc}
595     */
596    public String getJavaClass() {
597      return pJavaClass;
598    }
599
600
601
602    /**
603     * {@inheritDoc}
604     */
605    public Class<? extends ExternalSASLMechanismHandlerCfg> configurationClass() {
606      return ExternalSASLMechanismHandlerCfg.class;
607    }
608
609
610
611    /**
612     * {@inheritDoc}
613     */
614    public DN dn() {
615      return impl.getDN();
616    }
617
618
619
620    /** {@inheritDoc} */
621    public String toString() {
622      return impl.toString();
623    }
624  }
625}