001 /* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at 010 * trunk/opends/resource/legal-notices/OpenDS.LICENSE 011 * or https://OpenDS.dev.java.net/OpenDS.LICENSE. 012 * See the License for the specific language governing permissions 013 * and limitations under the License. 014 * 015 * When distributing Covered Code, include this CDDL HEADER in each 016 * file and include the License file at 017 * trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable, 018 * add the following below this CDDL HEADER, with the fields enclosed 019 * by brackets "[]" replaced with your own identifying information: 020 * Portions Copyright [yyyy] [name of copyright owner] 021 * 022 * CDDL HEADER END 023 * 024 * 025 * Copyright 2008 Sun Microsystems, Inc. 026 */ 027 package org.opends.server.admin.std.meta; 028 029 030 031 import java.util.Collection; 032 import java.util.SortedSet; 033 import org.opends.server.admin.AdministratorAction; 034 import org.opends.server.admin.AliasDefaultBehaviorProvider; 035 import org.opends.server.admin.AttributeTypePropertyDefinition; 036 import org.opends.server.admin.BooleanPropertyDefinition; 037 import org.opends.server.admin.ClassPropertyDefinition; 038 import org.opends.server.admin.client.AuthorizationException; 039 import org.opends.server.admin.client.CommunicationException; 040 import org.opends.server.admin.client.ConcurrentModificationException; 041 import org.opends.server.admin.client.ManagedObject; 042 import org.opends.server.admin.client.MissingMandatoryPropertiesException; 043 import org.opends.server.admin.client.OperationRejectedException; 044 import org.opends.server.admin.DefaultBehaviorProvider; 045 import org.opends.server.admin.DefinedDefaultBehaviorProvider; 046 import org.opends.server.admin.DNPropertyDefinition; 047 import org.opends.server.admin.EnumPropertyDefinition; 048 import org.opends.server.admin.ManagedObjectAlreadyExistsException; 049 import org.opends.server.admin.ManagedObjectDefinition; 050 import org.opends.server.admin.PropertyOption; 051 import org.opends.server.admin.PropertyProvider; 052 import org.opends.server.admin.server.ConfigurationChangeListener; 053 import org.opends.server.admin.server.ServerManagedObject; 054 import org.opends.server.admin.std.client.FingerprintCertificateMapperCfgClient; 055 import org.opends.server.admin.std.server.CertificateMapperCfg; 056 import org.opends.server.admin.std.server.FingerprintCertificateMapperCfg; 057 import org.opends.server.admin.Tag; 058 import org.opends.server.admin.UndefinedDefaultBehaviorProvider; 059 import org.opends.server.types.AttributeType; 060 import org.opends.server.types.DN; 061 062 063 064 /** 065 * An interface for querying the Fingerprint Certificate Mapper 066 * managed object definition meta information. 067 * <p> 068 * The Fingerprint Certificate Mapper maps client certificates to user 069 * entries by looking for the MD5 or SHA1 fingerprint in a specified 070 * attribute of user entries. 071 */ 072 public final class FingerprintCertificateMapperCfgDefn extends ManagedObjectDefinition<FingerprintCertificateMapperCfgClient, FingerprintCertificateMapperCfg> { 073 074 // The singleton configuration definition instance. 075 private static final FingerprintCertificateMapperCfgDefn INSTANCE = new FingerprintCertificateMapperCfgDefn(); 076 077 078 079 /** 080 * Defines the set of permissable values for the "fingerprint-algorithm" property. 081 * <p> 082 * Specifies the name of the digest algorithm to compute the 083 * fingerprint of client certificates. 084 */ 085 public static enum FingerprintAlgorithm { 086 087 /** 088 * Use the MD5 digest algorithm to compute certificate 089 * fingerprints. 090 */ 091 MD5("md5"), 092 093 094 095 /** 096 * Use the SHA-1 digest algorithm to compute certificate 097 * fingerprints. 098 */ 099 SHA1("sha1"); 100 101 102 103 // String representation of the value. 104 private final String name; 105 106 107 108 // Private constructor. 109 private FingerprintAlgorithm(String name) { this.name = name; } 110 111 112 113 /** 114 * {@inheritDoc} 115 */ 116 public String toString() { return name; } 117 118 } 119 120 121 122 // The "fingerprint-algorithm" property definition. 123 private static final EnumPropertyDefinition<FingerprintAlgorithm> PD_FINGERPRINT_ALGORITHM; 124 125 126 127 // The "fingerprint-attribute" property definition. 128 private static final AttributeTypePropertyDefinition PD_FINGERPRINT_ATTRIBUTE; 129 130 131 132 // The "java-class" property definition. 133 private static final ClassPropertyDefinition PD_JAVA_CLASS; 134 135 136 137 // The "user-base-dn" property definition. 138 private static final DNPropertyDefinition PD_USER_BASE_DN; 139 140 141 142 // Build the "fingerprint-algorithm" property definition. 143 static { 144 EnumPropertyDefinition.Builder<FingerprintAlgorithm> builder = EnumPropertyDefinition.createBuilder(INSTANCE, "fingerprint-algorithm"); 145 builder.setOption(PropertyOption.MANDATORY); 146 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "fingerprint-algorithm")); 147 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<FingerprintAlgorithm>()); 148 builder.setEnumClass(FingerprintAlgorithm.class); 149 PD_FINGERPRINT_ALGORITHM = builder.getInstance(); 150 INSTANCE.registerPropertyDefinition(PD_FINGERPRINT_ALGORITHM); 151 } 152 153 154 155 // Build the "fingerprint-attribute" property definition. 156 static { 157 AttributeTypePropertyDefinition.Builder builder = AttributeTypePropertyDefinition.createBuilder(INSTANCE, "fingerprint-attribute"); 158 builder.setOption(PropertyOption.MANDATORY); 159 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "fingerprint-attribute")); 160 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<AttributeType>()); 161 PD_FINGERPRINT_ATTRIBUTE = builder.getInstance(); 162 INSTANCE.registerPropertyDefinition(PD_FINGERPRINT_ATTRIBUTE); 163 } 164 165 166 167 // Build the "java-class" property definition. 168 static { 169 ClassPropertyDefinition.Builder builder = ClassPropertyDefinition.createBuilder(INSTANCE, "java-class"); 170 builder.setOption(PropertyOption.MANDATORY); 171 builder.setOption(PropertyOption.ADVANCED); 172 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.COMPONENT_RESTART, INSTANCE, "java-class")); 173 DefaultBehaviorProvider<String> provider = new DefinedDefaultBehaviorProvider<String>("org.opends.server.extensions.FingerprintCertificateMapper"); 174 builder.setDefaultBehaviorProvider(provider); 175 builder.addInstanceOf("org.opends.server.api.CertificateMapper"); 176 PD_JAVA_CLASS = builder.getInstance(); 177 INSTANCE.registerPropertyDefinition(PD_JAVA_CLASS); 178 } 179 180 181 182 // Build the "user-base-dn" property definition. 183 static { 184 DNPropertyDefinition.Builder builder = DNPropertyDefinition.createBuilder(INSTANCE, "user-base-dn"); 185 builder.setOption(PropertyOption.MULTI_VALUED); 186 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "user-base-dn")); 187 builder.setDefaultBehaviorProvider(new AliasDefaultBehaviorProvider<DN>(INSTANCE, "user-base-dn")); 188 PD_USER_BASE_DN = builder.getInstance(); 189 INSTANCE.registerPropertyDefinition(PD_USER_BASE_DN); 190 } 191 192 193 194 // Register the tags associated with this managed object definition. 195 static { 196 INSTANCE.registerTag(Tag.valueOf("security")); 197 INSTANCE.registerTag(Tag.valueOf("user-management")); 198 } 199 200 201 202 /** 203 * Get the Fingerprint Certificate Mapper configuration definition 204 * singleton. 205 * 206 * @return Returns the Fingerprint Certificate Mapper configuration 207 * definition singleton. 208 */ 209 public static FingerprintCertificateMapperCfgDefn getInstance() { 210 return INSTANCE; 211 } 212 213 214 215 /** 216 * Private constructor. 217 */ 218 private FingerprintCertificateMapperCfgDefn() { 219 super("fingerprint-certificate-mapper", CertificateMapperCfgDefn.getInstance()); 220 } 221 222 223 224 /** 225 * {@inheritDoc} 226 */ 227 public FingerprintCertificateMapperCfgClient createClientConfiguration( 228 ManagedObject<? extends FingerprintCertificateMapperCfgClient> impl) { 229 return new FingerprintCertificateMapperCfgClientImpl(impl); 230 } 231 232 233 234 /** 235 * {@inheritDoc} 236 */ 237 public FingerprintCertificateMapperCfg createServerConfiguration( 238 ServerManagedObject<? extends FingerprintCertificateMapperCfg> impl) { 239 return new FingerprintCertificateMapperCfgServerImpl(impl); 240 } 241 242 243 244 /** 245 * {@inheritDoc} 246 */ 247 public Class<FingerprintCertificateMapperCfg> getServerConfigurationClass() { 248 return FingerprintCertificateMapperCfg.class; 249 } 250 251 252 253 /** 254 * Get the "enabled" property definition. 255 * <p> 256 * Indicates whether the Fingerprint Certificate Mapper is enabled. 257 * 258 * @return Returns the "enabled" property definition. 259 */ 260 public BooleanPropertyDefinition getEnabledPropertyDefinition() { 261 return CertificateMapperCfgDefn.getInstance().getEnabledPropertyDefinition(); 262 } 263 264 265 266 /** 267 * Get the "fingerprint-algorithm" property definition. 268 * <p> 269 * Specifies the name of the digest algorithm to compute the 270 * fingerprint of client certificates. 271 * 272 * @return Returns the "fingerprint-algorithm" property definition. 273 */ 274 public EnumPropertyDefinition<FingerprintAlgorithm> getFingerprintAlgorithmPropertyDefinition() { 275 return PD_FINGERPRINT_ALGORITHM; 276 } 277 278 279 280 /** 281 * Get the "fingerprint-attribute" property definition. 282 * <p> 283 * Specifies the attribute in which to look for the fingerprint. 284 * <p> 285 * Values of the fingerprint attribute should exactly match the MD5 286 * or SHA1 representation of the certificate fingerprint. 287 * 288 * @return Returns the "fingerprint-attribute" property definition. 289 */ 290 public AttributeTypePropertyDefinition getFingerprintAttributePropertyDefinition() { 291 return PD_FINGERPRINT_ATTRIBUTE; 292 } 293 294 295 296 /** 297 * Get the "java-class" property definition. 298 * <p> 299 * Specifies the fully-qualified name of the Java class that 300 * provides the Fingerprint Certificate Mapper implementation. 301 * 302 * @return Returns the "java-class" property definition. 303 */ 304 public ClassPropertyDefinition getJavaClassPropertyDefinition() { 305 return PD_JAVA_CLASS; 306 } 307 308 309 310 /** 311 * Get the "user-base-dn" property definition. 312 * <p> 313 * Specifies the set of base DNs below which to search for users. 314 * <p> 315 * The base DNs are used when performing searches to map the client 316 * certificates to a user entry. 317 * 318 * @return Returns the "user-base-dn" property definition. 319 */ 320 public DNPropertyDefinition getUserBaseDNPropertyDefinition() { 321 return PD_USER_BASE_DN; 322 } 323 324 325 326 /** 327 * Managed object client implementation. 328 */ 329 private static class FingerprintCertificateMapperCfgClientImpl implements 330 FingerprintCertificateMapperCfgClient { 331 332 // Private implementation. 333 private ManagedObject<? extends FingerprintCertificateMapperCfgClient> impl; 334 335 336 337 // Private constructor. 338 private FingerprintCertificateMapperCfgClientImpl( 339 ManagedObject<? extends FingerprintCertificateMapperCfgClient> impl) { 340 this.impl = impl; 341 } 342 343 344 345 /** 346 * {@inheritDoc} 347 */ 348 public Boolean isEnabled() { 349 return impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition()); 350 } 351 352 353 354 /** 355 * {@inheritDoc} 356 */ 357 public void setEnabled(boolean value) { 358 impl.setPropertyValue(INSTANCE.getEnabledPropertyDefinition(), value); 359 } 360 361 362 363 /** 364 * {@inheritDoc} 365 */ 366 public FingerprintAlgorithm getFingerprintAlgorithm() { 367 return impl.getPropertyValue(INSTANCE.getFingerprintAlgorithmPropertyDefinition()); 368 } 369 370 371 372 /** 373 * {@inheritDoc} 374 */ 375 public void setFingerprintAlgorithm(FingerprintAlgorithm value) { 376 impl.setPropertyValue(INSTANCE.getFingerprintAlgorithmPropertyDefinition(), value); 377 } 378 379 380 381 /** 382 * {@inheritDoc} 383 */ 384 public AttributeType getFingerprintAttribute() { 385 return impl.getPropertyValue(INSTANCE.getFingerprintAttributePropertyDefinition()); 386 } 387 388 389 390 /** 391 * {@inheritDoc} 392 */ 393 public void setFingerprintAttribute(AttributeType value) { 394 impl.setPropertyValue(INSTANCE.getFingerprintAttributePropertyDefinition(), value); 395 } 396 397 398 399 /** 400 * {@inheritDoc} 401 */ 402 public String getJavaClass() { 403 return impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition()); 404 } 405 406 407 408 /** 409 * {@inheritDoc} 410 */ 411 public void setJavaClass(String value) { 412 impl.setPropertyValue(INSTANCE.getJavaClassPropertyDefinition(), value); 413 } 414 415 416 417 /** 418 * {@inheritDoc} 419 */ 420 public SortedSet<DN> getUserBaseDN() { 421 return impl.getPropertyValues(INSTANCE.getUserBaseDNPropertyDefinition()); 422 } 423 424 425 426 /** 427 * {@inheritDoc} 428 */ 429 public void setUserBaseDN(Collection<DN> values) { 430 impl.setPropertyValues(INSTANCE.getUserBaseDNPropertyDefinition(), values); 431 } 432 433 434 435 /** 436 * {@inheritDoc} 437 */ 438 public ManagedObjectDefinition<? extends FingerprintCertificateMapperCfgClient, ? extends FingerprintCertificateMapperCfg> definition() { 439 return INSTANCE; 440 } 441 442 443 444 /** 445 * {@inheritDoc} 446 */ 447 public PropertyProvider properties() { 448 return impl; 449 } 450 451 452 453 /** 454 * {@inheritDoc} 455 */ 456 public void commit() throws ManagedObjectAlreadyExistsException, 457 MissingMandatoryPropertiesException, ConcurrentModificationException, 458 OperationRejectedException, AuthorizationException, 459 CommunicationException { 460 impl.commit(); 461 } 462 463 } 464 465 466 467 /** 468 * Managed object server implementation. 469 */ 470 private static class FingerprintCertificateMapperCfgServerImpl implements 471 FingerprintCertificateMapperCfg { 472 473 // Private implementation. 474 private ServerManagedObject<? extends FingerprintCertificateMapperCfg> impl; 475 476 // The value of the "enabled" property. 477 private final boolean pEnabled; 478 479 // The value of the "fingerprint-algorithm" property. 480 private final FingerprintAlgorithm pFingerprintAlgorithm; 481 482 // The value of the "fingerprint-attribute" property. 483 private final AttributeType pFingerprintAttribute; 484 485 // The value of the "java-class" property. 486 private final String pJavaClass; 487 488 // The value of the "user-base-dn" property. 489 private final SortedSet<DN> pUserBaseDN; 490 491 492 493 // Private constructor. 494 private FingerprintCertificateMapperCfgServerImpl(ServerManagedObject<? extends FingerprintCertificateMapperCfg> impl) { 495 this.impl = impl; 496 this.pEnabled = impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition()); 497 this.pFingerprintAlgorithm = impl.getPropertyValue(INSTANCE.getFingerprintAlgorithmPropertyDefinition()); 498 this.pFingerprintAttribute = impl.getPropertyValue(INSTANCE.getFingerprintAttributePropertyDefinition()); 499 this.pJavaClass = impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition()); 500 this.pUserBaseDN = impl.getPropertyValues(INSTANCE.getUserBaseDNPropertyDefinition()); 501 } 502 503 504 505 /** 506 * {@inheritDoc} 507 */ 508 public void addFingerprintChangeListener( 509 ConfigurationChangeListener<FingerprintCertificateMapperCfg> listener) { 510 impl.registerChangeListener(listener); 511 } 512 513 514 515 /** 516 * {@inheritDoc} 517 */ 518 public void removeFingerprintChangeListener( 519 ConfigurationChangeListener<FingerprintCertificateMapperCfg> listener) { 520 impl.deregisterChangeListener(listener); 521 } 522 /** 523 * {@inheritDoc} 524 */ 525 public void addChangeListener( 526 ConfigurationChangeListener<CertificateMapperCfg> listener) { 527 impl.registerChangeListener(listener); 528 } 529 530 531 532 /** 533 * {@inheritDoc} 534 */ 535 public void removeChangeListener( 536 ConfigurationChangeListener<CertificateMapperCfg> listener) { 537 impl.deregisterChangeListener(listener); 538 } 539 540 541 542 /** 543 * {@inheritDoc} 544 */ 545 public boolean isEnabled() { 546 return pEnabled; 547 } 548 549 550 551 /** 552 * {@inheritDoc} 553 */ 554 public FingerprintAlgorithm getFingerprintAlgorithm() { 555 return pFingerprintAlgorithm; 556 } 557 558 559 560 /** 561 * {@inheritDoc} 562 */ 563 public AttributeType getFingerprintAttribute() { 564 return pFingerprintAttribute; 565 } 566 567 568 569 /** 570 * {@inheritDoc} 571 */ 572 public String getJavaClass() { 573 return pJavaClass; 574 } 575 576 577 578 /** 579 * {@inheritDoc} 580 */ 581 public SortedSet<DN> getUserBaseDN() { 582 return pUserBaseDN; 583 } 584 585 586 587 /** 588 * {@inheritDoc} 589 */ 590 public Class<? extends FingerprintCertificateMapperCfg> configurationClass() { 591 return FingerprintCertificateMapperCfg.class; 592 } 593 594 595 596 /** 597 * {@inheritDoc} 598 */ 599 public DN dn() { 600 return impl.getDN(); 601 } 602 603 } 604 }