org.opends.server.extensions
Class SubjectDNToUserAttributeCertificateMapper

java.lang.Object
  extended by org.opends.server.api.CertificateMapper<SubjectDNToUserAttributeCertificateMapperCfg>
      extended by org.opends.server.extensions.SubjectDNToUserAttributeCertificateMapper
All Implemented Interfaces:
ConfigurationChangeListener<SubjectDNToUserAttributeCertificateMapperCfg>

public class SubjectDNToUserAttributeCertificateMapper
extends CertificateMapper<SubjectDNToUserAttributeCertificateMapperCfg>
implements ConfigurationChangeListener<SubjectDNToUserAttributeCertificateMapperCfg>

This class implements a very simple Directory Server certificate mapper that will map a certificate to a user only if that user's entry contains an attribute with the subject of the client certificate. There must be exactly one matching user entry for the mapping to be successful.


Constructor Summary
SubjectDNToUserAttributeCertificateMapper()
          Creates a new instance of this certificate mapper.
 
Method Summary
 ConfigChangeResult applyConfigurationChange(SubjectDNToUserAttributeCertificateMapperCfg configuration)
          Applies the configuration changes to this change listener.
 void finalizeCertificateMapper()
          Performs any finalization that may be necessary for this certificate mapper.
 void initializeCertificateMapper(SubjectDNToUserAttributeCertificateMapperCfg configuration)
          Initializes this certificate mapper based on the information in the provided configuration entry.
 boolean isConfigurationAcceptable(CertificateMapperCfg configuration, java.util.List<Message> unacceptableReasons)
          Indicates whether the provided configuration is acceptable for this certificate mapper.
 boolean isConfigurationChangeAcceptable(SubjectDNToUserAttributeCertificateMapperCfg configuration, java.util.List<Message> unacceptableReasons)
          Indicates whether the proposed change to the configuration is acceptable to this change listener.
 Entry mapCertificateToUser(java.security.cert.Certificate[] certificateChain)
          Establishes a mapping between the information in the provided certificate chain and a single user entry in the Directory Server.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SubjectDNToUserAttributeCertificateMapper

public SubjectDNToUserAttributeCertificateMapper()
Creates a new instance of this certificate mapper. Note that all actual initialization should be done in the initializeCertificateMapper method.

Method Detail

initializeCertificateMapper

public void initializeCertificateMapper(SubjectDNToUserAttributeCertificateMapperCfg configuration)
                                 throws ConfigException,
                                        InitializationException
Initializes this certificate mapper based on the information in the provided configuration entry.

Specified by:
initializeCertificateMapper in class CertificateMapper<SubjectDNToUserAttributeCertificateMapperCfg>
Parameters:
configuration - The configuration that should be used to intialize this certificate mapper.
Throws:
ConfigException - If the provided entry does not contain a valid certificate mapper configuration.
InitializationException - If a problem occurs during initialization that is not related to the server configuration.

finalizeCertificateMapper

public void finalizeCertificateMapper()
Performs any finalization that may be necessary for this certificate mapper. By default, no finalization is performed.

Overrides:
finalizeCertificateMapper in class CertificateMapper<SubjectDNToUserAttributeCertificateMapperCfg>

mapCertificateToUser

public Entry mapCertificateToUser(java.security.cert.Certificate[] certificateChain)
                           throws DirectoryException
Establishes a mapping between the information in the provided certificate chain and a single user entry in the Directory Server.

Specified by:
mapCertificateToUser in class CertificateMapper<SubjectDNToUserAttributeCertificateMapperCfg>
Parameters:
certificateChain - The certificate chain presented by the client during SSL negotiation. The peer certificate will be listed first, followed by the ordered issuer chain as appropriate.
Returns:
The entry for the user to whom the mapping was established, or null if no mapping was established and no special message is required to send back to the client.
Throws:
DirectoryException - If a problem occurred while attempting to establish the mapping. This may include internal failures, a mapping which matches multiple users, or any other case in which an error message should be returned to the client.

isConfigurationAcceptable

public boolean isConfigurationAcceptable(CertificateMapperCfg configuration,
                                         java.util.List<Message> unacceptableReasons)
Indicates whether the provided configuration is acceptable for this certificate mapper. It should be possible to call this method on an uninitialized certificate mapper instance in order to determine whether the certificate mapper would be able to use the provided configuration.

Note that implementations which use a subclass of the provided configuration class will likely need to cast the configuration to the appropriate subclass type.

Overrides:
isConfigurationAcceptable in class CertificateMapper<SubjectDNToUserAttributeCertificateMapperCfg>
Parameters:
configuration - The certificate mapper configuration for which to make the determination.
unacceptableReasons - A list that may be used to hold the reasons that the provided configuration is not acceptable.
Returns:
true if the provided configuration is acceptable for this certificate mapper, or false if not.

isConfigurationChangeAcceptable

public boolean isConfigurationChangeAcceptable(SubjectDNToUserAttributeCertificateMapperCfg configuration,
                                               java.util.List<Message> unacceptableReasons)
Indicates whether the proposed change to the configuration is acceptable to this change listener.

Specified by:
isConfigurationChangeAcceptable in interface ConfigurationChangeListener<SubjectDNToUserAttributeCertificateMapperCfg>
Parameters:
configuration - The new configuration containing the changes.
unacceptableReasons - A list that can be used to hold messages about why the provided configuration is not acceptable.
Returns:
Returns true if the proposed change is acceptable, or false if it is not.

applyConfigurationChange

public ConfigChangeResult applyConfigurationChange(SubjectDNToUserAttributeCertificateMapperCfg configuration)
Applies the configuration changes to this change listener.

Specified by:
applyConfigurationChange in interface ConfigurationChangeListener<SubjectDNToUserAttributeCertificateMapperCfg>
Parameters:
configuration - The new configuration containing the changes.
Returns:
Returns information about the result of changing the configuration.