org.opends.server.extensions

Class SubjectDNToUserAttributeCertificateMapper

java.lang.Object

org.opends.server.api.CertificateMapper<org.forgerock.opendj.server.config.server.SubjectDNToUserAttributeCertificateMapperCfg>

org.opends.server.extensions.SubjectDNToUserAttributeCertificateMapper

All Implemented Interfaces:

org.forgerock.opendj.config.server.ConfigurationChangeListener<org.forgerock.opendj.server.config.server.SubjectDNToUserAttributeCertificateMapperCfg>

public class SubjectDNToUserAttributeCertificateMapper
extends CertificateMapper<org.forgerock.opendj.server.config.server.SubjectDNToUserAttributeCertificateMapperCfg>
implements org.forgerock.opendj.config.server.ConfigurationChangeListener<org.forgerock.opendj.server.config.server.SubjectDNToUserAttributeCertificateMapperCfg>

This class implements a very simple Directory Server certificate mapper that will map a certificate to a user only if that user's entry contains an attribute with the subject of the client certificate. There must be exactly one matching user entry for the mapping to be successful.

Constructor Summary

Constructors

Constructor and Description
SubjectDNToUserAttributeCertificateMapper() Creates a new instance of this certificate mapper.

Method Summary

Modifier and Type	Method and Description
org.forgerock.opendj.config.server.ConfigChangeResult	applyConfigurationChange(org.forgerock.opendj.server.config.server.SubjectDNToUserAttributeCertificateMapperCfg configuration)
void	finalizeCertificateMapper() Performs any finalization that may be necessary for this certificate mapper.
void	initializeCertificateMapper(org.forgerock.opendj.server.config.server.SubjectDNToUserAttributeCertificateMapperCfg configuration) Initializes this certificate mapper based on the information in the provided configuration entry.
boolean	isConfigurationAcceptable(org.forgerock.opendj.server.config.server.CertificateMapperCfg configuration, List<org.forgerock.i18n.LocalizableMessage> unacceptableReasons) Indicates whether the provided configuration is acceptable for this certificate mapper.
boolean	isConfigurationChangeAcceptable(org.forgerock.opendj.server.config.server.SubjectDNToUserAttributeCertificateMapperCfg configuration, List<org.forgerock.i18n.LocalizableMessage> unacceptableReasons)
Entry	mapCertificateToUser(Certificate[] certificateChain) Establishes a mapping between the information in the provided certificate chain and a single user entry in the Directory Server.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SubjectDNToUserAttributeCertificateMapper

public SubjectDNToUserAttributeCertificateMapper()

Creates a new instance of this certificate mapper. Note that all actual initialization should be done in the initializeCertificateMapper method.

Method Detail

initializeCertificateMapper

public void initializeCertificateMapper(org.forgerock.opendj.server.config.server.SubjectDNToUserAttributeCertificateMapperCfg configuration)
                                 throws org.forgerock.opendj.config.server.ConfigException,
                                        InitializationException

Description copied from class: CertificateMapper

Initializes this certificate mapper based on the information in the provided configuration entry.

Specified by:

initializeCertificateMapper in class CertificateMapper<org.forgerock.opendj.server.config.server.SubjectDNToUserAttributeCertificateMapperCfg>

Parameters:

configuration - The configuration that should be used to intialize this certificate mapper.

Throws:

org.forgerock.opendj.config.server.ConfigException - If the provided entry does not contain a valid certificate mapper configuration.

InitializationException - If a problem occurs during initialization that is not related to the server configuration.

finalizeCertificateMapper

public void finalizeCertificateMapper()

Description copied from class: CertificateMapper

Performs any finalization that may be necessary for this certificate mapper. By default, no finalization is performed.

Overrides:

finalizeCertificateMapper in class CertificateMapper<org.forgerock.opendj.server.config.server.SubjectDNToUserAttributeCertificateMapperCfg>

mapCertificateToUser

public Entry mapCertificateToUser(Certificate[] certificateChain)
                           throws DirectoryException

Description copied from class: CertificateMapper

Establishes a mapping between the information in the provided certificate chain and a single user entry in the Directory Server.

Specified by:

mapCertificateToUser in class CertificateMapper<org.forgerock.opendj.server.config.server.SubjectDNToUserAttributeCertificateMapperCfg>

Parameters:

certificateChain - The certificate chain presented by the client during SSL negotiation. The peer certificate will be listed first, followed by the ordered issuer chain as appropriate.

Returns:

The entry for the user to whom the mapping was established, or null if no mapping was established and no special message is required to send back to the client.

Throws:

DirectoryException - If a problem occurred while attempting to establish the mapping. This may include internal failures, a mapping which matches multiple users, or any other case in which an error message should be returned to the client.

isConfigurationAcceptable

public boolean isConfigurationAcceptable(org.forgerock.opendj.server.config.server.CertificateMapperCfg configuration,
                                         List<org.forgerock.i18n.LocalizableMessage> unacceptableReasons)

Description copied from class: CertificateMapper

Indicates whether the provided configuration is acceptable for this certificate mapper. It should be possible to call this method on an uninitialized certificate mapper instance in order to determine whether the certificate mapper would be able to use the provided configuration.

Note that implementations which use a subclass of the provided configuration class will likely need to cast the configuration to the appropriate subclass type.

Overrides:

isConfigurationAcceptable in class CertificateMapper<org.forgerock.opendj.server.config.server.SubjectDNToUserAttributeCertificateMapperCfg>

Parameters:

configuration - The certificate mapper configuration for which to make the determination.

unacceptableReasons - A list that may be used to hold the reasons that the provided configuration is not acceptable.

Returns:

true if the provided configuration is acceptable for this certificate mapper, or false if not.

isConfigurationChangeAcceptable

public boolean isConfigurationChangeAcceptable(org.forgerock.opendj.server.config.server.SubjectDNToUserAttributeCertificateMapperCfg configuration,
                                               List<org.forgerock.i18n.LocalizableMessage> unacceptableReasons)

Specified by:

isConfigurationChangeAcceptable in interface org.forgerock.opendj.config.server.ConfigurationChangeListener<org.forgerock.opendj.server.config.server.SubjectDNToUserAttributeCertificateMapperCfg>

applyConfigurationChange

public org.forgerock.opendj.config.server.ConfigChangeResult applyConfigurationChange(org.forgerock.opendj.server.config.server.SubjectDNToUserAttributeCertificateMapperCfg configuration)

Specified by:

applyConfigurationChange in interface org.forgerock.opendj.config.server.ConfigurationChangeListener<org.forgerock.opendj.server.config.server.SubjectDNToUserAttributeCertificateMapperCfg>