001 /* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at 010 * trunk/opends/resource/legal-notices/OpenDS.LICENSE 011 * or https://OpenDS.dev.java.net/OpenDS.LICENSE. 012 * See the License for the specific language governing permissions 013 * and limitations under the License. 014 * 015 * When distributing Covered Code, include this CDDL HEADER in each 016 * file and include the License file at 017 * trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable, 018 * add the following below this CDDL HEADER, with the fields enclosed 019 * by brackets "[]" replaced with your own identifying information: 020 * Portions Copyright [yyyy] [name of copyright owner] 021 * 022 * CDDL HEADER END 023 * 024 * 025 * Copyright 2006-2008 Sun Microsystems, Inc. 026 */ 027 package org.opends.server.api; 028 import org.opends.messages.Message; 029 030 031 032 import java.security.cert.Certificate; 033 import java.util.List; 034 035 import org.opends.server.admin.std.server.CertificateMapperCfg; 036 import org.opends.server.config.ConfigException; 037 import org.opends.server.types.DirectoryException; 038 import org.opends.server.types.Entry; 039 import org.opends.server.types.InitializationException; 040 041 042 /** 043 * This class defines the set of methods and structures that must be 044 * implemented by a Directory Server module that implements the 045 * functionality required to uniquely map an SSL client certificate to 046 * a Directory Server user entry. 047 * 048 * @param <T> The type of configuration handled by this certificate 049 * mapper. 050 */ 051 @org.opends.server.types.PublicAPI( 052 stability=org.opends.server.types.StabilityLevel.VOLATILE, 053 mayInstantiate=false, 054 mayExtend=true, 055 mayInvoke=false) 056 public abstract class CertificateMapper 057 <T extends CertificateMapperCfg> 058 { 059 /** 060 * Initializes this certificate mapper based on the information in 061 * the provided configuration entry. 062 * 063 * @param configuration The configuration that should be used to 064 * intialize this certificate mapper. 065 * 066 * @throws ConfigException If the provided entry does not contain 067 * a valid certificate mapper 068 * configuration. 069 * 070 * @throws InitializationException If a problem occurs during 071 * initialization that is not 072 * related to the server 073 * configuration. 074 */ 075 public abstract void initializeCertificateMapper(T configuration) 076 throws ConfigException, InitializationException; 077 078 079 080 /** 081 * Indicates whether the provided configuration is acceptable for 082 * this certificate mapper. It should be possible to call this 083 * method on an uninitialized certificate mapper instance in order 084 * to determine whether the certificate mapper would be able to use 085 * the provided configuration. 086 * <BR><BR> 087 * Note that implementations which use a subclass of the provided 088 * configuration class will likely need to cast the configuration 089 * to the appropriate subclass type. 090 * 091 * @param configuration The certificate mapper configuration 092 * for which to make the determination. 093 * @param unacceptableReasons A list that may be used to hold the 094 * reasons that the provided 095 * configuration is not acceptable. 096 * 097 * @return {@code true} if the provided configuration is acceptable 098 * for this certificate mapper, or {@code false} if not. 099 */ 100 public boolean isConfigurationAcceptable( 101 CertificateMapperCfg configuration, 102 List<Message> unacceptableReasons) 103 { 104 // This default implementation does not perform any special 105 // validation. It should be overridden by certificate mapper 106 // implementations that wish to perform more detailed validation. 107 return true; 108 } 109 110 111 112 /** 113 * Performs any finalization that may be necessary for this 114 * certificate mapper. By default, no finalization is performed. 115 */ 116 public void finalizeCertificateMapper() 117 { 118 // No implementation is required by default. 119 } 120 121 122 123 /** 124 * Establishes a mapping between the information in the provided 125 * certificate chain and a single user entry in the Directory 126 * Server. 127 * 128 * @param certificateChain The certificate chain presented by the 129 * client during SSL negotiation. The 130 * peer certificate will be listed first, 131 * followed by the ordered issuer chain 132 * as appropriate. 133 * 134 * @return The entry for the user to whom the mapping was 135 * established, or {@code null} if no mapping was 136 * established and no special message is required to send 137 * back to the client. 138 * 139 * @throws DirectoryException If a problem occurred while 140 * attempting to establish the mapping. 141 * This may include internal failures, 142 * a mapping which matches multiple 143 * users, or any other case in which an 144 * error message should be returned to 145 * the client. 146 */ 147 public abstract Entry mapCertificateToUser(Certificate[] 148 certificateChain) 149 throws DirectoryException; 150 } 151