001/*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License").  You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
010 * or http://forgerock.org/license/CDDLv1.0.html.
011 * See the License for the specific language governing permissions
012 * and limitations under the License.
013 *
014 * When distributing Covered Code, include this CDDL HEADER in each
015 * file and include the License file at legal-notices/CDDLv1_0.txt.
016 * If applicable, add the following below this CDDL HEADER, with the
017 * fields enclosed by brackets "[]" replaced with your own identifying
018 * information:
019 *      Portions Copyright [yyyy] [name of copyright owner]
020 *
021 * CDDL HEADER END
022 *
023 *
024 *      Copyright 2008 Sun Microsystems, Inc.
025 */
026package org.opends.server.admin.std.meta;
027
028
029
030import java.util.Collection;
031import java.util.SortedSet;
032import org.opends.server.admin.AdministratorAction;
033import org.opends.server.admin.AliasDefaultBehaviorProvider;
034import org.opends.server.admin.AttributeTypePropertyDefinition;
035import org.opends.server.admin.BooleanPropertyDefinition;
036import org.opends.server.admin.ClassPropertyDefinition;
037import org.opends.server.admin.client.AuthorizationException;
038import org.opends.server.admin.client.CommunicationException;
039import org.opends.server.admin.client.ConcurrentModificationException;
040import org.opends.server.admin.client.ManagedObject;
041import org.opends.server.admin.client.MissingMandatoryPropertiesException;
042import org.opends.server.admin.client.OperationRejectedException;
043import org.opends.server.admin.DefaultBehaviorProvider;
044import org.opends.server.admin.DefinedDefaultBehaviorProvider;
045import org.opends.server.admin.DNPropertyDefinition;
046import org.opends.server.admin.EnumPropertyDefinition;
047import org.opends.server.admin.ManagedObjectAlreadyExistsException;
048import org.opends.server.admin.ManagedObjectDefinition;
049import org.opends.server.admin.PropertyOption;
050import org.opends.server.admin.PropertyProvider;
051import org.opends.server.admin.server.ConfigurationChangeListener;
052import org.opends.server.admin.server.ServerManagedObject;
053import org.opends.server.admin.std.client.FingerprintCertificateMapperCfgClient;
054import org.opends.server.admin.std.server.CertificateMapperCfg;
055import org.opends.server.admin.std.server.FingerprintCertificateMapperCfg;
056import org.opends.server.admin.Tag;
057import org.opends.server.admin.UndefinedDefaultBehaviorProvider;
058import org.opends.server.types.AttributeType;
059import org.opends.server.types.DN;
060
061
062
063/**
064 * An interface for querying the Fingerprint Certificate Mapper
065 * managed object definition meta information.
066 * <p>
067 * The Fingerprint Certificate Mapper maps client certificates to user
068 * entries by looking for the MD5 or SHA1 fingerprint in a specified
069 * attribute of user entries.
070 */
071public final class FingerprintCertificateMapperCfgDefn extends ManagedObjectDefinition<FingerprintCertificateMapperCfgClient, FingerprintCertificateMapperCfg> {
072
073  // The singleton configuration definition instance.
074  private static final FingerprintCertificateMapperCfgDefn INSTANCE = new FingerprintCertificateMapperCfgDefn();
075
076
077
078  /**
079   * Defines the set of permissable values for the "fingerprint-algorithm" property.
080   * <p>
081   * Specifies the name of the digest algorithm to compute the
082   * fingerprint of client certificates.
083   */
084  public static enum FingerprintAlgorithm {
085
086    /**
087     * Use the MD5 digest algorithm to compute certificate
088     * fingerprints.
089     */
090    MD5("md5"),
091
092
093
094    /**
095     * Use the SHA-1 digest algorithm to compute certificate
096     * fingerprints.
097     */
098    SHA1("sha1");
099
100
101
102    // String representation of the value.
103    private final String name;
104
105
106
107    // Private constructor.
108    private FingerprintAlgorithm(String name) { this.name = name; }
109
110
111
112    /**
113     * {@inheritDoc}
114     */
115    public String toString() { return name; }
116
117  }
118
119
120
121  // The "fingerprint-algorithm" property definition.
122  private static final EnumPropertyDefinition<FingerprintAlgorithm> PD_FINGERPRINT_ALGORITHM;
123
124
125
126  // The "fingerprint-attribute" property definition.
127  private static final AttributeTypePropertyDefinition PD_FINGERPRINT_ATTRIBUTE;
128
129
130
131  // The "java-class" property definition.
132  private static final ClassPropertyDefinition PD_JAVA_CLASS;
133
134
135
136  // The "user-base-dn" property definition.
137  private static final DNPropertyDefinition PD_USER_BASE_DN;
138
139
140
141  // Build the "fingerprint-algorithm" property definition.
142  static {
143      EnumPropertyDefinition.Builder<FingerprintAlgorithm> builder = EnumPropertyDefinition.createBuilder(INSTANCE, "fingerprint-algorithm");
144      builder.setOption(PropertyOption.MANDATORY);
145      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "fingerprint-algorithm"));
146      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<FingerprintAlgorithm>());
147      builder.setEnumClass(FingerprintAlgorithm.class);
148      PD_FINGERPRINT_ALGORITHM = builder.getInstance();
149      INSTANCE.registerPropertyDefinition(PD_FINGERPRINT_ALGORITHM);
150  }
151
152
153
154  // Build the "fingerprint-attribute" property definition.
155  static {
156      AttributeTypePropertyDefinition.Builder builder = AttributeTypePropertyDefinition.createBuilder(INSTANCE, "fingerprint-attribute");
157      builder.setOption(PropertyOption.MANDATORY);
158      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "fingerprint-attribute"));
159      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<AttributeType>());
160      PD_FINGERPRINT_ATTRIBUTE = builder.getInstance();
161      INSTANCE.registerPropertyDefinition(PD_FINGERPRINT_ATTRIBUTE);
162  }
163
164
165
166  // Build the "java-class" property definition.
167  static {
168      ClassPropertyDefinition.Builder builder = ClassPropertyDefinition.createBuilder(INSTANCE, "java-class");
169      builder.setOption(PropertyOption.MANDATORY);
170      builder.setOption(PropertyOption.ADVANCED);
171      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.COMPONENT_RESTART, INSTANCE, "java-class"));
172      DefaultBehaviorProvider<String> provider = new DefinedDefaultBehaviorProvider<String>("org.opends.server.extensions.FingerprintCertificateMapper");
173      builder.setDefaultBehaviorProvider(provider);
174      builder.addInstanceOf("org.opends.server.api.CertificateMapper");
175      PD_JAVA_CLASS = builder.getInstance();
176      INSTANCE.registerPropertyDefinition(PD_JAVA_CLASS);
177  }
178
179
180
181  // Build the "user-base-dn" property definition.
182  static {
183      DNPropertyDefinition.Builder builder = DNPropertyDefinition.createBuilder(INSTANCE, "user-base-dn");
184      builder.setOption(PropertyOption.MULTI_VALUED);
185      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "user-base-dn"));
186      builder.setDefaultBehaviorProvider(new AliasDefaultBehaviorProvider<DN>(INSTANCE, "user-base-dn"));
187      PD_USER_BASE_DN = builder.getInstance();
188      INSTANCE.registerPropertyDefinition(PD_USER_BASE_DN);
189  }
190
191
192
193  // Register the tags associated with this managed object definition.
194  static {
195    INSTANCE.registerTag(Tag.valueOf("security"));
196    INSTANCE.registerTag(Tag.valueOf("user-management"));
197  }
198
199
200
201  /**
202   * Get the Fingerprint Certificate Mapper configuration definition
203   * singleton.
204   *
205   * @return Returns the Fingerprint Certificate Mapper configuration
206   *         definition singleton.
207   */
208  public static FingerprintCertificateMapperCfgDefn getInstance() {
209    return INSTANCE;
210  }
211
212
213
214  /**
215   * Private constructor.
216   */
217  private FingerprintCertificateMapperCfgDefn() {
218    super("fingerprint-certificate-mapper", CertificateMapperCfgDefn.getInstance());
219  }
220
221
222
223  /**
224   * {@inheritDoc}
225   */
226  public FingerprintCertificateMapperCfgClient createClientConfiguration(
227      ManagedObject<? extends FingerprintCertificateMapperCfgClient> impl) {
228    return new FingerprintCertificateMapperCfgClientImpl(impl);
229  }
230
231
232
233  /**
234   * {@inheritDoc}
235   */
236  public FingerprintCertificateMapperCfg createServerConfiguration(
237      ServerManagedObject<? extends FingerprintCertificateMapperCfg> impl) {
238    return new FingerprintCertificateMapperCfgServerImpl(impl);
239  }
240
241
242
243  /**
244   * {@inheritDoc}
245   */
246  public Class<FingerprintCertificateMapperCfg> getServerConfigurationClass() {
247    return FingerprintCertificateMapperCfg.class;
248  }
249
250
251
252  /**
253   * Get the "enabled" property definition.
254   * <p>
255   * Indicates whether the Fingerprint Certificate Mapper is enabled.
256   *
257   * @return Returns the "enabled" property definition.
258   */
259  public BooleanPropertyDefinition getEnabledPropertyDefinition() {
260    return CertificateMapperCfgDefn.getInstance().getEnabledPropertyDefinition();
261  }
262
263
264
265  /**
266   * Get the "fingerprint-algorithm" property definition.
267   * <p>
268   * Specifies the name of the digest algorithm to compute the
269   * fingerprint of client certificates.
270   *
271   * @return Returns the "fingerprint-algorithm" property definition.
272   */
273  public EnumPropertyDefinition<FingerprintAlgorithm> getFingerprintAlgorithmPropertyDefinition() {
274    return PD_FINGERPRINT_ALGORITHM;
275  }
276
277
278
279  /**
280   * Get the "fingerprint-attribute" property definition.
281   * <p>
282   * Specifies the attribute in which to look for the fingerprint.
283   * <p>
284   * Values of the fingerprint attribute should exactly match the MD5
285   * or SHA1 representation of the certificate fingerprint.
286   *
287   * @return Returns the "fingerprint-attribute" property definition.
288   */
289  public AttributeTypePropertyDefinition getFingerprintAttributePropertyDefinition() {
290    return PD_FINGERPRINT_ATTRIBUTE;
291  }
292
293
294
295  /**
296   * Get the "java-class" property definition.
297   * <p>
298   * Specifies the fully-qualified name of the Java class that
299   * provides the Fingerprint Certificate Mapper implementation.
300   *
301   * @return Returns the "java-class" property definition.
302   */
303  public ClassPropertyDefinition getJavaClassPropertyDefinition() {
304    return PD_JAVA_CLASS;
305  }
306
307
308
309  /**
310   * Get the "user-base-dn" property definition.
311   * <p>
312   * Specifies the set of base DNs below which to search for users.
313   * <p>
314   * The base DNs are used when performing searches to map the client
315   * certificates to a user entry.
316   *
317   * @return Returns the "user-base-dn" property definition.
318   */
319  public DNPropertyDefinition getUserBaseDNPropertyDefinition() {
320    return PD_USER_BASE_DN;
321  }
322
323
324
325  /**
326   * Managed object client implementation.
327   */
328  private static class FingerprintCertificateMapperCfgClientImpl implements
329    FingerprintCertificateMapperCfgClient {
330
331    // Private implementation.
332    private ManagedObject<? extends FingerprintCertificateMapperCfgClient> impl;
333
334
335
336    // Private constructor.
337    private FingerprintCertificateMapperCfgClientImpl(
338        ManagedObject<? extends FingerprintCertificateMapperCfgClient> impl) {
339      this.impl = impl;
340    }
341
342
343
344    /**
345     * {@inheritDoc}
346     */
347    public Boolean isEnabled() {
348      return impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition());
349    }
350
351
352
353    /**
354     * {@inheritDoc}
355     */
356    public void setEnabled(boolean value) {
357      impl.setPropertyValue(INSTANCE.getEnabledPropertyDefinition(), value);
358    }
359
360
361
362    /**
363     * {@inheritDoc}
364     */
365    public FingerprintAlgorithm getFingerprintAlgorithm() {
366      return impl.getPropertyValue(INSTANCE.getFingerprintAlgorithmPropertyDefinition());
367    }
368
369
370
371    /**
372     * {@inheritDoc}
373     */
374    public void setFingerprintAlgorithm(FingerprintAlgorithm value) {
375      impl.setPropertyValue(INSTANCE.getFingerprintAlgorithmPropertyDefinition(), value);
376    }
377
378
379
380    /**
381     * {@inheritDoc}
382     */
383    public AttributeType getFingerprintAttribute() {
384      return impl.getPropertyValue(INSTANCE.getFingerprintAttributePropertyDefinition());
385    }
386
387
388
389    /**
390     * {@inheritDoc}
391     */
392    public void setFingerprintAttribute(AttributeType value) {
393      impl.setPropertyValue(INSTANCE.getFingerprintAttributePropertyDefinition(), value);
394    }
395
396
397
398    /**
399     * {@inheritDoc}
400     */
401    public String getJavaClass() {
402      return impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition());
403    }
404
405
406
407    /**
408     * {@inheritDoc}
409     */
410    public void setJavaClass(String value) {
411      impl.setPropertyValue(INSTANCE.getJavaClassPropertyDefinition(), value);
412    }
413
414
415
416    /**
417     * {@inheritDoc}
418     */
419    public SortedSet<DN> getUserBaseDN() {
420      return impl.getPropertyValues(INSTANCE.getUserBaseDNPropertyDefinition());
421    }
422
423
424
425    /**
426     * {@inheritDoc}
427     */
428    public void setUserBaseDN(Collection<DN> values) {
429      impl.setPropertyValues(INSTANCE.getUserBaseDNPropertyDefinition(), values);
430    }
431
432
433
434    /**
435     * {@inheritDoc}
436     */
437    public ManagedObjectDefinition<? extends FingerprintCertificateMapperCfgClient, ? extends FingerprintCertificateMapperCfg> definition() {
438      return INSTANCE;
439    }
440
441
442
443    /**
444     * {@inheritDoc}
445     */
446    public PropertyProvider properties() {
447      return impl;
448    }
449
450
451
452    /**
453     * {@inheritDoc}
454     */
455    public void commit() throws ManagedObjectAlreadyExistsException,
456        MissingMandatoryPropertiesException, ConcurrentModificationException,
457        OperationRejectedException, AuthorizationException,
458        CommunicationException {
459      impl.commit();
460    }
461
462  }
463
464
465
466  /**
467   * Managed object server implementation.
468   */
469  private static class FingerprintCertificateMapperCfgServerImpl implements
470    FingerprintCertificateMapperCfg {
471
472    // Private implementation.
473    private ServerManagedObject<? extends FingerprintCertificateMapperCfg> impl;
474
475    // The value of the "enabled" property.
476    private final boolean pEnabled;
477
478    // The value of the "fingerprint-algorithm" property.
479    private final FingerprintAlgorithm pFingerprintAlgorithm;
480
481    // The value of the "fingerprint-attribute" property.
482    private final AttributeType pFingerprintAttribute;
483
484    // The value of the "java-class" property.
485    private final String pJavaClass;
486
487    // The value of the "user-base-dn" property.
488    private final SortedSet<DN> pUserBaseDN;
489
490
491
492    // Private constructor.
493    private FingerprintCertificateMapperCfgServerImpl(ServerManagedObject<? extends FingerprintCertificateMapperCfg> impl) {
494      this.impl = impl;
495      this.pEnabled = impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition());
496      this.pFingerprintAlgorithm = impl.getPropertyValue(INSTANCE.getFingerprintAlgorithmPropertyDefinition());
497      this.pFingerprintAttribute = impl.getPropertyValue(INSTANCE.getFingerprintAttributePropertyDefinition());
498      this.pJavaClass = impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition());
499      this.pUserBaseDN = impl.getPropertyValues(INSTANCE.getUserBaseDNPropertyDefinition());
500    }
501
502
503
504    /**
505     * {@inheritDoc}
506     */
507    public void addFingerprintChangeListener(
508        ConfigurationChangeListener<FingerprintCertificateMapperCfg> listener) {
509      impl.registerChangeListener(listener);
510    }
511
512
513
514    /**
515     * {@inheritDoc}
516     */
517    public void removeFingerprintChangeListener(
518        ConfigurationChangeListener<FingerprintCertificateMapperCfg> listener) {
519      impl.deregisterChangeListener(listener);
520    }
521    /**
522     * {@inheritDoc}
523     */
524    public void addChangeListener(
525        ConfigurationChangeListener<CertificateMapperCfg> listener) {
526      impl.registerChangeListener(listener);
527    }
528
529
530
531    /**
532     * {@inheritDoc}
533     */
534    public void removeChangeListener(
535        ConfigurationChangeListener<CertificateMapperCfg> listener) {
536      impl.deregisterChangeListener(listener);
537    }
538
539
540
541    /**
542     * {@inheritDoc}
543     */
544    public boolean isEnabled() {
545      return pEnabled;
546    }
547
548
549
550    /**
551     * {@inheritDoc}
552     */
553    public FingerprintAlgorithm getFingerprintAlgorithm() {
554      return pFingerprintAlgorithm;
555    }
556
557
558
559    /**
560     * {@inheritDoc}
561     */
562    public AttributeType getFingerprintAttribute() {
563      return pFingerprintAttribute;
564    }
565
566
567
568    /**
569     * {@inheritDoc}
570     */
571    public String getJavaClass() {
572      return pJavaClass;
573    }
574
575
576
577    /**
578     * {@inheritDoc}
579     */
580    public SortedSet<DN> getUserBaseDN() {
581      return pUserBaseDN;
582    }
583
584
585
586    /**
587     * {@inheritDoc}
588     */
589    public Class<? extends FingerprintCertificateMapperCfg> configurationClass() {
590      return FingerprintCertificateMapperCfg.class;
591    }
592
593
594
595    /**
596     * {@inheritDoc}
597     */
598    public DN dn() {
599      return impl.getDN();
600    }
601
602  }
603}