001/* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt 010 * or http://forgerock.org/license/CDDLv1.0.html. 011 * See the License for the specific language governing permissions 012 * and limitations under the License. 013 * 014 * When distributing Covered Code, include this CDDL HEADER in each 015 * file and include the License file at legal-notices/CDDLv1_0.txt. 016 * If applicable, add the following below this CDDL HEADER, with the 017 * fields enclosed by brackets "[]" replaced with your own identifying 018 * information: 019 * Portions Copyright [yyyy] [name of copyright owner] 020 * 021 * CDDL HEADER END 022 * 023 * 024 * Copyright 2008 Sun Microsystems, Inc. 025 */ 026package org.forgerock.opendj.server.config.meta; 027 028 029 030import org.forgerock.opendj.config.AdministratorAction; 031import org.forgerock.opendj.config.AggregationPropertyDefinition; 032import org.forgerock.opendj.config.AttributeTypePropertyDefinition; 033import org.forgerock.opendj.config.BooleanPropertyDefinition; 034import org.forgerock.opendj.config.ClassPropertyDefinition; 035import org.forgerock.opendj.config.client.ConcurrentModificationException; 036import org.forgerock.opendj.config.client.ManagedObject; 037import org.forgerock.opendj.config.client.MissingMandatoryPropertiesException; 038import org.forgerock.opendj.config.client.OperationRejectedException; 039import org.forgerock.opendj.config.conditions.Conditions; 040import org.forgerock.opendj.config.DefaultBehaviorProvider; 041import org.forgerock.opendj.config.DefinedDefaultBehaviorProvider; 042import org.forgerock.opendj.config.EnumPropertyDefinition; 043import org.forgerock.opendj.config.ManagedObjectAlreadyExistsException; 044import org.forgerock.opendj.config.ManagedObjectDefinition; 045import org.forgerock.opendj.config.PropertyOption; 046import org.forgerock.opendj.config.PropertyProvider; 047import org.forgerock.opendj.config.server.ConfigurationChangeListener; 048import org.forgerock.opendj.config.server.ServerManagedObject; 049import org.forgerock.opendj.config.Tag; 050import org.forgerock.opendj.config.UndefinedDefaultBehaviorProvider; 051import org.forgerock.opendj.ldap.DN; 052import org.forgerock.opendj.ldap.LdapException; 053import org.forgerock.opendj.ldap.schema.AttributeType; 054import org.forgerock.opendj.server.config.client.CertificateMapperCfgClient; 055import org.forgerock.opendj.server.config.client.ExternalSASLMechanismHandlerCfgClient; 056import org.forgerock.opendj.server.config.server.CertificateMapperCfg; 057import org.forgerock.opendj.server.config.server.ExternalSASLMechanismHandlerCfg; 058import org.forgerock.opendj.server.config.server.SASLMechanismHandlerCfg; 059 060 061 062/** 063 * An interface for querying the External SASL Mechanism Handler 064 * managed object definition meta information. 065 * <p> 066 * The External SASL Mechanism Handler performs all processing related 067 * to SASL EXTERNAL authentication. 068 */ 069public final class ExternalSASLMechanismHandlerCfgDefn extends ManagedObjectDefinition<ExternalSASLMechanismHandlerCfgClient, ExternalSASLMechanismHandlerCfg> { 070 071 // The singleton configuration definition instance. 072 private static final ExternalSASLMechanismHandlerCfgDefn INSTANCE = new ExternalSASLMechanismHandlerCfgDefn(); 073 074 075 076 /** 077 * Defines the set of permissable values for the "certificate-validation-policy" property. 078 * <p> 079 * Indicates whether to attempt to validate the peer certificate 080 * against a certificate held in the user's entry. 081 */ 082 public static enum CertificateValidationPolicy { 083 084 /** 085 * Always require the peer certificate to be present in the user's 086 * entry. 087 */ 088 ALWAYS("always"), 089 090 091 092 /** 093 * If the user's entry contains one or more certificates, require 094 * that one of them match the peer certificate. 095 */ 096 IFPRESENT("ifpresent"), 097 098 099 100 /** 101 * Do not look for the peer certificate to be present in the 102 * user's entry. 103 */ 104 NEVER("never"); 105 106 107 108 // String representation of the value. 109 private final String name; 110 111 112 113 // Private constructor. 114 private CertificateValidationPolicy(String name) { this.name = name; } 115 116 117 118 /** 119 * {@inheritDoc} 120 */ 121 public String toString() { return name; } 122 123 } 124 125 126 127 // The "certificate-attribute" property definition. 128 private static final AttributeTypePropertyDefinition PD_CERTIFICATE_ATTRIBUTE; 129 130 131 132 // The "certificate-mapper" property definition. 133 private static final AggregationPropertyDefinition<CertificateMapperCfgClient, CertificateMapperCfg> PD_CERTIFICATE_MAPPER; 134 135 136 137 // The "certificate-validation-policy" property definition. 138 private static final EnumPropertyDefinition<CertificateValidationPolicy> PD_CERTIFICATE_VALIDATION_POLICY; 139 140 141 142 // The "java-class" property definition. 143 private static final ClassPropertyDefinition PD_JAVA_CLASS; 144 145 146 147 // Build the "certificate-attribute" property definition. 148 static { 149 AttributeTypePropertyDefinition.Builder builder = AttributeTypePropertyDefinition.createBuilder(INSTANCE, "certificate-attribute"); 150 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "certificate-attribute")); 151 DefaultBehaviorProvider<AttributeType> provider = new DefinedDefaultBehaviorProvider<AttributeType>("userCertificate"); 152 builder.setDefaultBehaviorProvider(provider); 153 PD_CERTIFICATE_ATTRIBUTE = builder.getInstance(); 154 INSTANCE.registerPropertyDefinition(PD_CERTIFICATE_ATTRIBUTE); 155 } 156 157 158 159 // Build the "certificate-mapper" property definition. 160 static { 161 AggregationPropertyDefinition.Builder<CertificateMapperCfgClient, CertificateMapperCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "certificate-mapper"); 162 builder.setOption(PropertyOption.MANDATORY); 163 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "certificate-mapper")); 164 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>()); 165 builder.setParentPath("/"); 166 builder.setRelationDefinition("certificate-mapper"); 167 builder.setTargetNeedsEnablingCondition(Conditions.contains("enabled", "true")); 168 builder.setTargetIsEnabledCondition(Conditions.contains("enabled", "true")); 169 PD_CERTIFICATE_MAPPER = builder.getInstance(); 170 INSTANCE.registerPropertyDefinition(PD_CERTIFICATE_MAPPER); 171 INSTANCE.registerConstraint(PD_CERTIFICATE_MAPPER.getSourceConstraint()); 172 } 173 174 175 176 // Build the "certificate-validation-policy" property definition. 177 static { 178 EnumPropertyDefinition.Builder<CertificateValidationPolicy> builder = EnumPropertyDefinition.createBuilder(INSTANCE, "certificate-validation-policy"); 179 builder.setOption(PropertyOption.MANDATORY); 180 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "certificate-validation-policy")); 181 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<CertificateValidationPolicy>()); 182 builder.setEnumClass(CertificateValidationPolicy.class); 183 PD_CERTIFICATE_VALIDATION_POLICY = builder.getInstance(); 184 INSTANCE.registerPropertyDefinition(PD_CERTIFICATE_VALIDATION_POLICY); 185 } 186 187 188 189 // Build the "java-class" property definition. 190 static { 191 ClassPropertyDefinition.Builder builder = ClassPropertyDefinition.createBuilder(INSTANCE, "java-class"); 192 builder.setOption(PropertyOption.MANDATORY); 193 builder.setOption(PropertyOption.ADVANCED); 194 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.COMPONENT_RESTART, INSTANCE, "java-class")); 195 DefaultBehaviorProvider<String> provider = new DefinedDefaultBehaviorProvider<String>("org.opends.server.extensions.ExternalSASLMechanismHandler"); 196 builder.setDefaultBehaviorProvider(provider); 197 builder.addInstanceOf("org.opends.server.api.SASLMechanismHandler"); 198 PD_JAVA_CLASS = builder.getInstance(); 199 INSTANCE.registerPropertyDefinition(PD_JAVA_CLASS); 200 } 201 202 203 204 // Register the tags associated with this managed object definition. 205 static { 206 INSTANCE.registerTag(Tag.valueOf("security")); 207 } 208 209 210 211 /** 212 * Get the External SASL Mechanism Handler configuration definition 213 * singleton. 214 * 215 * @return Returns the External SASL Mechanism Handler configuration 216 * definition singleton. 217 */ 218 public static ExternalSASLMechanismHandlerCfgDefn getInstance() { 219 return INSTANCE; 220 } 221 222 223 224 /** 225 * Private constructor. 226 */ 227 private ExternalSASLMechanismHandlerCfgDefn() { 228 super("external-sasl-mechanism-handler", SASLMechanismHandlerCfgDefn.getInstance()); 229 } 230 231 232 233 /** 234 * {@inheritDoc} 235 */ 236 public ExternalSASLMechanismHandlerCfgClient createClientConfiguration( 237 ManagedObject<? extends ExternalSASLMechanismHandlerCfgClient> impl) { 238 return new ExternalSASLMechanismHandlerCfgClientImpl(impl); 239 } 240 241 242 243 /** 244 * {@inheritDoc} 245 */ 246 public ExternalSASLMechanismHandlerCfg createServerConfiguration( 247 ServerManagedObject<? extends ExternalSASLMechanismHandlerCfg> impl) { 248 return new ExternalSASLMechanismHandlerCfgServerImpl(impl); 249 } 250 251 252 253 /** 254 * {@inheritDoc} 255 */ 256 public Class<ExternalSASLMechanismHandlerCfg> getServerConfigurationClass() { 257 return ExternalSASLMechanismHandlerCfg.class; 258 } 259 260 261 262 /** 263 * Get the "certificate-attribute" property definition. 264 * <p> 265 * Specifies the name of the attribute to hold user certificates. 266 * <p> 267 * This property must specify the name of a valid attribute type 268 * defined in the server schema. 269 * 270 * @return Returns the "certificate-attribute" property definition. 271 */ 272 public AttributeTypePropertyDefinition getCertificateAttributePropertyDefinition() { 273 return PD_CERTIFICATE_ATTRIBUTE; 274 } 275 276 277 278 /** 279 * Get the "certificate-mapper" property definition. 280 * <p> 281 * Specifies the name of the certificate mapper that should be used 282 * to match client certificates to user entries. 283 * 284 * @return Returns the "certificate-mapper" property definition. 285 */ 286 public AggregationPropertyDefinition<CertificateMapperCfgClient, CertificateMapperCfg> getCertificateMapperPropertyDefinition() { 287 return PD_CERTIFICATE_MAPPER; 288 } 289 290 291 292 /** 293 * Get the "certificate-validation-policy" property definition. 294 * <p> 295 * Indicates whether to attempt to validate the peer certificate 296 * against a certificate held in the user's entry. 297 * 298 * @return Returns the "certificate-validation-policy" property definition. 299 */ 300 public EnumPropertyDefinition<CertificateValidationPolicy> getCertificateValidationPolicyPropertyDefinition() { 301 return PD_CERTIFICATE_VALIDATION_POLICY; 302 } 303 304 305 306 /** 307 * Get the "enabled" property definition. 308 * <p> 309 * Indicates whether the SASL mechanism handler is enabled for use. 310 * 311 * @return Returns the "enabled" property definition. 312 */ 313 public BooleanPropertyDefinition getEnabledPropertyDefinition() { 314 return SASLMechanismHandlerCfgDefn.getInstance().getEnabledPropertyDefinition(); 315 } 316 317 318 319 /** 320 * Get the "java-class" property definition. 321 * <p> 322 * Specifies the fully-qualified name of the Java class that 323 * provides the SASL mechanism handler implementation. 324 * 325 * @return Returns the "java-class" property definition. 326 */ 327 public ClassPropertyDefinition getJavaClassPropertyDefinition() { 328 return PD_JAVA_CLASS; 329 } 330 331 332 333 /** 334 * Managed object client implementation. 335 */ 336 private static class ExternalSASLMechanismHandlerCfgClientImpl implements 337 ExternalSASLMechanismHandlerCfgClient { 338 339 // Private implementation. 340 private ManagedObject<? extends ExternalSASLMechanismHandlerCfgClient> impl; 341 342 343 344 // Private constructor. 345 private ExternalSASLMechanismHandlerCfgClientImpl( 346 ManagedObject<? extends ExternalSASLMechanismHandlerCfgClient> impl) { 347 this.impl = impl; 348 } 349 350 351 352 /** 353 * {@inheritDoc} 354 */ 355 public AttributeType getCertificateAttribute() { 356 return impl.getPropertyValue(INSTANCE.getCertificateAttributePropertyDefinition()); 357 } 358 359 360 361 /** 362 * {@inheritDoc} 363 */ 364 public void setCertificateAttribute(AttributeType value) { 365 impl.setPropertyValue(INSTANCE.getCertificateAttributePropertyDefinition(), value); 366 } 367 368 369 370 /** 371 * {@inheritDoc} 372 */ 373 public String getCertificateMapper() { 374 return impl.getPropertyValue(INSTANCE.getCertificateMapperPropertyDefinition()); 375 } 376 377 378 379 /** 380 * {@inheritDoc} 381 */ 382 public void setCertificateMapper(String value) { 383 impl.setPropertyValue(INSTANCE.getCertificateMapperPropertyDefinition(), value); 384 } 385 386 387 388 /** 389 * {@inheritDoc} 390 */ 391 public CertificateValidationPolicy getCertificateValidationPolicy() { 392 return impl.getPropertyValue(INSTANCE.getCertificateValidationPolicyPropertyDefinition()); 393 } 394 395 396 397 /** 398 * {@inheritDoc} 399 */ 400 public void setCertificateValidationPolicy(CertificateValidationPolicy value) { 401 impl.setPropertyValue(INSTANCE.getCertificateValidationPolicyPropertyDefinition(), value); 402 } 403 404 405 406 /** 407 * {@inheritDoc} 408 */ 409 public Boolean isEnabled() { 410 return impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition()); 411 } 412 413 414 415 /** 416 * {@inheritDoc} 417 */ 418 public void setEnabled(boolean value) { 419 impl.setPropertyValue(INSTANCE.getEnabledPropertyDefinition(), value); 420 } 421 422 423 424 /** 425 * {@inheritDoc} 426 */ 427 public String getJavaClass() { 428 return impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition()); 429 } 430 431 432 433 /** 434 * {@inheritDoc} 435 */ 436 public void setJavaClass(String value) { 437 impl.setPropertyValue(INSTANCE.getJavaClassPropertyDefinition(), value); 438 } 439 440 441 442 /** 443 * {@inheritDoc} 444 */ 445 public ManagedObjectDefinition<? extends ExternalSASLMechanismHandlerCfgClient, ? extends ExternalSASLMechanismHandlerCfg> definition() { 446 return INSTANCE; 447 } 448 449 450 451 /** 452 * {@inheritDoc} 453 */ 454 public PropertyProvider properties() { 455 return impl; 456 } 457 458 459 460 /** 461 * {@inheritDoc} 462 */ 463 public void commit() throws ManagedObjectAlreadyExistsException, 464 MissingMandatoryPropertiesException, ConcurrentModificationException, 465 OperationRejectedException, LdapException { 466 impl.commit(); 467 } 468 469 } 470 471 472 473 /** 474 * Managed object server implementation. 475 */ 476 private static class ExternalSASLMechanismHandlerCfgServerImpl implements 477 ExternalSASLMechanismHandlerCfg { 478 479 // Private implementation. 480 private ServerManagedObject<? extends ExternalSASLMechanismHandlerCfg> impl; 481 482 // The value of the "certificate-attribute" property. 483 private final AttributeType pCertificateAttribute; 484 485 // The value of the "certificate-mapper" property. 486 private final String pCertificateMapper; 487 488 // The value of the "certificate-validation-policy" property. 489 private final CertificateValidationPolicy pCertificateValidationPolicy; 490 491 // The value of the "enabled" property. 492 private final boolean pEnabled; 493 494 // The value of the "java-class" property. 495 private final String pJavaClass; 496 497 498 499 // Private constructor. 500 private ExternalSASLMechanismHandlerCfgServerImpl(ServerManagedObject<? extends ExternalSASLMechanismHandlerCfg> impl) { 501 this.impl = impl; 502 this.pCertificateAttribute = impl.getPropertyValue(INSTANCE.getCertificateAttributePropertyDefinition()); 503 this.pCertificateMapper = impl.getPropertyValue(INSTANCE.getCertificateMapperPropertyDefinition()); 504 this.pCertificateValidationPolicy = impl.getPropertyValue(INSTANCE.getCertificateValidationPolicyPropertyDefinition()); 505 this.pEnabled = impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition()); 506 this.pJavaClass = impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition()); 507 } 508 509 510 511 /** 512 * {@inheritDoc} 513 */ 514 public void addExternalChangeListener( 515 ConfigurationChangeListener<ExternalSASLMechanismHandlerCfg> listener) { 516 impl.registerChangeListener(listener); 517 } 518 519 520 521 /** 522 * {@inheritDoc} 523 */ 524 public void removeExternalChangeListener( 525 ConfigurationChangeListener<ExternalSASLMechanismHandlerCfg> listener) { 526 impl.deregisterChangeListener(listener); 527 } 528 /** 529 * {@inheritDoc} 530 */ 531 public void addChangeListener( 532 ConfigurationChangeListener<SASLMechanismHandlerCfg> listener) { 533 impl.registerChangeListener(listener); 534 } 535 536 537 538 /** 539 * {@inheritDoc} 540 */ 541 public void removeChangeListener( 542 ConfigurationChangeListener<SASLMechanismHandlerCfg> listener) { 543 impl.deregisterChangeListener(listener); 544 } 545 546 547 548 /** 549 * {@inheritDoc} 550 */ 551 public AttributeType getCertificateAttribute() { 552 return pCertificateAttribute; 553 } 554 555 556 557 /** 558 * {@inheritDoc} 559 */ 560 public String getCertificateMapper() { 561 return pCertificateMapper; 562 } 563 564 565 566 /** 567 * {@inheritDoc} 568 */ 569 public DN getCertificateMapperDN() { 570 String value = getCertificateMapper(); 571 if (value == null) return null; 572 return INSTANCE.getCertificateMapperPropertyDefinition().getChildDN(value); 573 } 574 575 576 577 /** 578 * {@inheritDoc} 579 */ 580 public CertificateValidationPolicy getCertificateValidationPolicy() { 581 return pCertificateValidationPolicy; 582 } 583 584 585 586 /** 587 * {@inheritDoc} 588 */ 589 public boolean isEnabled() { 590 return pEnabled; 591 } 592 593 594 595 /** 596 * {@inheritDoc} 597 */ 598 public String getJavaClass() { 599 return pJavaClass; 600 } 601 602 603 604 /** 605 * {@inheritDoc} 606 */ 607 public Class<? extends ExternalSASLMechanismHandlerCfg> configurationClass() { 608 return ExternalSASLMechanismHandlerCfg.class; 609 } 610 611 612 613 /** 614 * {@inheritDoc} 615 */ 616 public DN dn() { 617 return impl.getDN(); 618 } 619 620 } 621}