org.opends.server.api
Class CertificateMapper<T extends CertificateMapperCfg>

java.lang.Object
  extended by org.opends.server.api.CertificateMapper<T>
Type Parameters:
T - The type of configuration handled by this certificate mapper.
Direct Known Subclasses:
FingerprintCertificateMapper, SubjectAttributeToUserAttributeCertificateMapper, SubjectDNToUserAttributeCertificateMapper, SubjectEqualsDNCertificateMapper

@PublicAPI(stability=VOLATILE,
           mayInstantiate=false,
           mayExtend=true,
           mayInvoke=false)
public abstract class CertificateMapper<T extends CertificateMapperCfg>
extends java.lang.Object

This class defines the set of methods and structures that must be implemented by a Directory Server module that implements the functionality required to uniquely map an SSL client certificate to a Directory Server user entry.


Constructor Summary
CertificateMapper()
           
 
Method Summary
 void finalizeCertificateMapper()
          Performs any finalization that may be necessary for this certificate mapper.
abstract  void initializeCertificateMapper(T configuration)
          Initializes this certificate mapper based on the information in the provided configuration entry.
 boolean isConfigurationAcceptable(CertificateMapperCfg configuration, java.util.List<Message> unacceptableReasons)
          Indicates whether the provided configuration is acceptable for this certificate mapper.
abstract  Entry mapCertificateToUser(java.security.cert.Certificate[] certificateChain)
          Establishes a mapping between the information in the provided certificate chain and a single user entry in the Directory Server.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

CertificateMapper

public CertificateMapper()
Method Detail

initializeCertificateMapper

public abstract void initializeCertificateMapper(T configuration)
                                          throws ConfigException,
                                                 InitializationException
Initializes this certificate mapper based on the information in the provided configuration entry.

Parameters:
configuration - The configuration that should be used to intialize this certificate mapper.
Throws:
ConfigException - If the provided entry does not contain a valid certificate mapper configuration.
InitializationException - If a problem occurs during initialization that is not related to the server configuration.

isConfigurationAcceptable

public boolean isConfigurationAcceptable(CertificateMapperCfg configuration,
                                         java.util.List<Message> unacceptableReasons)
Indicates whether the provided configuration is acceptable for this certificate mapper. It should be possible to call this method on an uninitialized certificate mapper instance in order to determine whether the certificate mapper would be able to use the provided configuration.

Note that implementations which use a subclass of the provided configuration class will likely need to cast the configuration to the appropriate subclass type.

Parameters:
configuration - The certificate mapper configuration for which to make the determination.
unacceptableReasons - A list that may be used to hold the reasons that the provided configuration is not acceptable.
Returns:
true if the provided configuration is acceptable for this certificate mapper, or false if not.

finalizeCertificateMapper

public void finalizeCertificateMapper()
Performs any finalization that may be necessary for this certificate mapper. By default, no finalization is performed.


mapCertificateToUser

public abstract Entry mapCertificateToUser(java.security.cert.Certificate[] certificateChain)
                                    throws DirectoryException
Establishes a mapping between the information in the provided certificate chain and a single user entry in the Directory Server.

Parameters:
certificateChain - The certificate chain presented by the client during SSL negotiation. The peer certificate will be listed first, followed by the ordered issuer chain as appropriate.
Returns:
The entry for the user to whom the mapping was established, or null if no mapping was established and no special message is required to send back to the client.
Throws:
DirectoryException - If a problem occurred while attempting to establish the mapping. This may include internal failures, a mapping which matches multiple users, or any other case in which an error message should be returned to the client.