001/*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License").  You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
010 * or http://forgerock.org/license/CDDLv1.0.html.
011 * See the License for the specific language governing permissions
012 * and limitations under the License.
013 *
014 * When distributing Covered Code, include this CDDL HEADER in each
015 * file and include the License file at legal-notices/CDDLv1_0.txt.
016 * If applicable, add the following below this CDDL HEADER, with the
017 * fields enclosed by brackets "[]" replaced with your own identifying
018 * information:
019 *      Portions Copyright [yyyy] [name of copyright owner]
020 *
021 * CDDL HEADER END
022 *
023 *
024 *      Copyright 2006-2008 Sun Microsystems, Inc.
025 *      Portions Copyright 2015 ForgeRock AS.
026 */
027package org.opends.server.types;
028
029
030
031/**
032 * This enumeration defines a policy that indicates how the server
033 * should deal with SSL/TLS-based client connections.  It is used to
034 * determine whether the server should request that clients provide
035 * their own certificates, and whether or not to accept client
036 * connections in which the client did not provide a certificate.
037 */
038@org.opends.server.types.PublicAPI(
039     stability=org.opends.server.types.StabilityLevel.UNCOMMITTED,
040     mayInstantiate=false,
041     mayExtend=false,
042     mayInvoke=true)
043public enum SSLClientAuthPolicy
044{
045  /**
046   * Indicates that the server will not request a certificate from the
047   * client.
048   */
049  DISABLED("Disabled"),
050
051
052
053  /**
054   * Indicates that the server will request a certificate from the
055   * client but will not require that one be provided.
056   */
057  OPTIONAL("Optional"),
058
059
060
061  /**
062   * Indicates that the server will request a certificate from the
063   * client and will reject any connection attempt in which the client
064   * did not provide one.
065   */
066  REQUIRED("Required");
067
068
069
070  /** The human-readable name for this policy. */
071  private String policyName;
072
073
074
075  /**
076   * Creates a new SSL client auth policy with the provided name.
077   *
078   * @param  policyName  The human-readable name for this policy.
079   */
080  private SSLClientAuthPolicy(String policyName)
081  {
082    this.policyName = policyName;
083  }
084
085
086
087  /**
088   * Retrieves the SSL client authentication policy for the specified
089   * name.
090   *
091   * @param  policyName  The name of the SSL client authentication
092   *                     policy to retrieve.
093   *
094   * @return  The requested SSL client authentication policy, or
095   *          <CODE>null</CODE> if the provided value is not the name
096   *          of a valid client authentication policy.
097   */
098  public static SSLClientAuthPolicy policyForName(String policyName)
099  {
100    String lowerName = policyName.toLowerCase();
101    if (lowerName.equals("disabled") || lowerName.equals("off") ||
102        lowerName.equals("never"))
103    {
104      return SSLClientAuthPolicy.DISABLED;
105    }
106    else if (lowerName.equals("optional") ||
107             lowerName.equals("allowed"))
108    {
109      return SSLClientAuthPolicy.OPTIONAL;
110    }
111    else if (lowerName.equals("required") ||
112             lowerName.equals("on") ||
113             lowerName.equals("always"))
114    {
115      return SSLClientAuthPolicy.REQUIRED;
116    }
117    else
118    {
119      return null;
120    }
121  }
122
123
124
125  /**
126   * Retrieves the human-readable name for this SSL client auth
127   * policy.
128   *
129   * @return  The human-readable name for this SSL client auth policy.
130   */
131  public String toString()
132  {
133    return policyName;
134  }
135}
136