001/* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt 010 * or http://forgerock.org/license/CDDLv1.0.html. 011 * See the License for the specific language governing permissions 012 * and limitations under the License. 013 * 014 * When distributing Covered Code, include this CDDL HEADER in each 015 * file and include the License file at legal-notices/CDDLv1_0.txt. 016 * If applicable, add the following below this CDDL HEADER, with the 017 * fields enclosed by brackets "[]" replaced with your own identifying 018 * information: 019 * Portions Copyright [yyyy] [name of copyright owner] 020 * 021 * CDDL HEADER END 022 * 023 * 024 * Copyright 2008 Sun Microsystems, Inc. 025 */ 026package org.forgerock.opendj.server.config.meta; 027 028 029 030import java.util.Collection; 031import java.util.SortedSet; 032import org.forgerock.opendj.config.AdministratorAction; 033import org.forgerock.opendj.config.AliasDefaultBehaviorProvider; 034import org.forgerock.opendj.config.AttributeTypePropertyDefinition; 035import org.forgerock.opendj.config.BooleanPropertyDefinition; 036import org.forgerock.opendj.config.ClassPropertyDefinition; 037import org.forgerock.opendj.config.client.ConcurrentModificationException; 038import org.forgerock.opendj.config.client.ManagedObject; 039import org.forgerock.opendj.config.client.MissingMandatoryPropertiesException; 040import org.forgerock.opendj.config.client.OperationRejectedException; 041import org.forgerock.opendj.config.DefaultBehaviorProvider; 042import org.forgerock.opendj.config.DefinedDefaultBehaviorProvider; 043import org.forgerock.opendj.config.DNPropertyDefinition; 044import org.forgerock.opendj.config.EnumPropertyDefinition; 045import org.forgerock.opendj.config.ManagedObjectAlreadyExistsException; 046import org.forgerock.opendj.config.ManagedObjectDefinition; 047import org.forgerock.opendj.config.PropertyOption; 048import org.forgerock.opendj.config.PropertyProvider; 049import org.forgerock.opendj.config.server.ConfigurationChangeListener; 050import org.forgerock.opendj.config.server.ServerManagedObject; 051import org.forgerock.opendj.config.Tag; 052import org.forgerock.opendj.config.UndefinedDefaultBehaviorProvider; 053import org.forgerock.opendj.ldap.DN; 054import org.forgerock.opendj.ldap.LdapException; 055import org.forgerock.opendj.ldap.schema.AttributeType; 056import org.forgerock.opendj.server.config.client.FingerprintCertificateMapperCfgClient; 057import org.forgerock.opendj.server.config.server.CertificateMapperCfg; 058import org.forgerock.opendj.server.config.server.FingerprintCertificateMapperCfg; 059 060 061 062/** 063 * An interface for querying the Fingerprint Certificate Mapper 064 * managed object definition meta information. 065 * <p> 066 * The Fingerprint Certificate Mapper maps client certificates to user 067 * entries by looking for the MD5 or SHA1 fingerprint in a specified 068 * attribute of user entries. 069 */ 070public final class FingerprintCertificateMapperCfgDefn extends ManagedObjectDefinition<FingerprintCertificateMapperCfgClient, FingerprintCertificateMapperCfg> { 071 072 // The singleton configuration definition instance. 073 private static final FingerprintCertificateMapperCfgDefn INSTANCE = new FingerprintCertificateMapperCfgDefn(); 074 075 076 077 /** 078 * Defines the set of permissable values for the "fingerprint-algorithm" property. 079 * <p> 080 * Specifies the name of the digest algorithm to compute the 081 * fingerprint of client certificates. 082 */ 083 public static enum FingerprintAlgorithm { 084 085 /** 086 * Use the MD5 digest algorithm to compute certificate 087 * fingerprints. 088 */ 089 MD5("md5"), 090 091 092 093 /** 094 * Use the SHA-1 digest algorithm to compute certificate 095 * fingerprints. 096 */ 097 SHA1("sha1"); 098 099 100 101 // String representation of the value. 102 private final String name; 103 104 105 106 // Private constructor. 107 private FingerprintAlgorithm(String name) { this.name = name; } 108 109 110 111 /** 112 * {@inheritDoc} 113 */ 114 public String toString() { return name; } 115 116 } 117 118 119 120 // The "fingerprint-algorithm" property definition. 121 private static final EnumPropertyDefinition<FingerprintAlgorithm> PD_FINGERPRINT_ALGORITHM; 122 123 124 125 // The "fingerprint-attribute" property definition. 126 private static final AttributeTypePropertyDefinition PD_FINGERPRINT_ATTRIBUTE; 127 128 129 130 // The "java-class" property definition. 131 private static final ClassPropertyDefinition PD_JAVA_CLASS; 132 133 134 135 // The "user-base-dn" property definition. 136 private static final DNPropertyDefinition PD_USER_BASE_DN; 137 138 139 140 // Build the "fingerprint-algorithm" property definition. 141 static { 142 EnumPropertyDefinition.Builder<FingerprintAlgorithm> builder = EnumPropertyDefinition.createBuilder(INSTANCE, "fingerprint-algorithm"); 143 builder.setOption(PropertyOption.MANDATORY); 144 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "fingerprint-algorithm")); 145 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<FingerprintAlgorithm>()); 146 builder.setEnumClass(FingerprintAlgorithm.class); 147 PD_FINGERPRINT_ALGORITHM = builder.getInstance(); 148 INSTANCE.registerPropertyDefinition(PD_FINGERPRINT_ALGORITHM); 149 } 150 151 152 153 // Build the "fingerprint-attribute" property definition. 154 static { 155 AttributeTypePropertyDefinition.Builder builder = AttributeTypePropertyDefinition.createBuilder(INSTANCE, "fingerprint-attribute"); 156 builder.setOption(PropertyOption.MANDATORY); 157 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "fingerprint-attribute")); 158 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<AttributeType>()); 159 PD_FINGERPRINT_ATTRIBUTE = builder.getInstance(); 160 INSTANCE.registerPropertyDefinition(PD_FINGERPRINT_ATTRIBUTE); 161 } 162 163 164 165 // Build the "java-class" property definition. 166 static { 167 ClassPropertyDefinition.Builder builder = ClassPropertyDefinition.createBuilder(INSTANCE, "java-class"); 168 builder.setOption(PropertyOption.MANDATORY); 169 builder.setOption(PropertyOption.ADVANCED); 170 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.COMPONENT_RESTART, INSTANCE, "java-class")); 171 DefaultBehaviorProvider<String> provider = new DefinedDefaultBehaviorProvider<String>("org.opends.server.extensions.FingerprintCertificateMapper"); 172 builder.setDefaultBehaviorProvider(provider); 173 builder.addInstanceOf("org.opends.server.api.CertificateMapper"); 174 PD_JAVA_CLASS = builder.getInstance(); 175 INSTANCE.registerPropertyDefinition(PD_JAVA_CLASS); 176 } 177 178 179 180 // Build the "user-base-dn" property definition. 181 static { 182 DNPropertyDefinition.Builder builder = DNPropertyDefinition.createBuilder(INSTANCE, "user-base-dn"); 183 builder.setOption(PropertyOption.MULTI_VALUED); 184 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "user-base-dn")); 185 builder.setDefaultBehaviorProvider(new AliasDefaultBehaviorProvider<DN>(INSTANCE, "user-base-dn")); 186 PD_USER_BASE_DN = builder.getInstance(); 187 INSTANCE.registerPropertyDefinition(PD_USER_BASE_DN); 188 } 189 190 191 192 // Register the tags associated with this managed object definition. 193 static { 194 INSTANCE.registerTag(Tag.valueOf("security")); 195 INSTANCE.registerTag(Tag.valueOf("user-management")); 196 } 197 198 199 200 /** 201 * Get the Fingerprint Certificate Mapper configuration definition 202 * singleton. 203 * 204 * @return Returns the Fingerprint Certificate Mapper configuration 205 * definition singleton. 206 */ 207 public static FingerprintCertificateMapperCfgDefn getInstance() { 208 return INSTANCE; 209 } 210 211 212 213 /** 214 * Private constructor. 215 */ 216 private FingerprintCertificateMapperCfgDefn() { 217 super("fingerprint-certificate-mapper", CertificateMapperCfgDefn.getInstance()); 218 } 219 220 221 222 /** 223 * {@inheritDoc} 224 */ 225 public FingerprintCertificateMapperCfgClient createClientConfiguration( 226 ManagedObject<? extends FingerprintCertificateMapperCfgClient> impl) { 227 return new FingerprintCertificateMapperCfgClientImpl(impl); 228 } 229 230 231 232 /** 233 * {@inheritDoc} 234 */ 235 public FingerprintCertificateMapperCfg createServerConfiguration( 236 ServerManagedObject<? extends FingerprintCertificateMapperCfg> impl) { 237 return new FingerprintCertificateMapperCfgServerImpl(impl); 238 } 239 240 241 242 /** 243 * {@inheritDoc} 244 */ 245 public Class<FingerprintCertificateMapperCfg> getServerConfigurationClass() { 246 return FingerprintCertificateMapperCfg.class; 247 } 248 249 250 251 /** 252 * Get the "enabled" property definition. 253 * <p> 254 * Indicates whether the Fingerprint Certificate Mapper is enabled. 255 * 256 * @return Returns the "enabled" property definition. 257 */ 258 public BooleanPropertyDefinition getEnabledPropertyDefinition() { 259 return CertificateMapperCfgDefn.getInstance().getEnabledPropertyDefinition(); 260 } 261 262 263 264 /** 265 * Get the "fingerprint-algorithm" property definition. 266 * <p> 267 * Specifies the name of the digest algorithm to compute the 268 * fingerprint of client certificates. 269 * 270 * @return Returns the "fingerprint-algorithm" property definition. 271 */ 272 public EnumPropertyDefinition<FingerprintAlgorithm> getFingerprintAlgorithmPropertyDefinition() { 273 return PD_FINGERPRINT_ALGORITHM; 274 } 275 276 277 278 /** 279 * Get the "fingerprint-attribute" property definition. 280 * <p> 281 * Specifies the attribute in which to look for the fingerprint. 282 * <p> 283 * Values of the fingerprint attribute should exactly match the MD5 284 * or SHA1 representation of the certificate fingerprint. 285 * 286 * @return Returns the "fingerprint-attribute" property definition. 287 */ 288 public AttributeTypePropertyDefinition getFingerprintAttributePropertyDefinition() { 289 return PD_FINGERPRINT_ATTRIBUTE; 290 } 291 292 293 294 /** 295 * Get the "java-class" property definition. 296 * <p> 297 * Specifies the fully-qualified name of the Java class that 298 * provides the Fingerprint Certificate Mapper implementation. 299 * 300 * @return Returns the "java-class" property definition. 301 */ 302 public ClassPropertyDefinition getJavaClassPropertyDefinition() { 303 return PD_JAVA_CLASS; 304 } 305 306 307 308 /** 309 * Get the "user-base-dn" property definition. 310 * <p> 311 * Specifies the set of base DNs below which to search for users. 312 * <p> 313 * The base DNs are used when performing searches to map the client 314 * certificates to a user entry. 315 * 316 * @return Returns the "user-base-dn" property definition. 317 */ 318 public DNPropertyDefinition getUserBaseDNPropertyDefinition() { 319 return PD_USER_BASE_DN; 320 } 321 322 323 324 /** 325 * Managed object client implementation. 326 */ 327 private static class FingerprintCertificateMapperCfgClientImpl implements 328 FingerprintCertificateMapperCfgClient { 329 330 // Private implementation. 331 private ManagedObject<? extends FingerprintCertificateMapperCfgClient> impl; 332 333 334 335 // Private constructor. 336 private FingerprintCertificateMapperCfgClientImpl( 337 ManagedObject<? extends FingerprintCertificateMapperCfgClient> impl) { 338 this.impl = impl; 339 } 340 341 342 343 /** 344 * {@inheritDoc} 345 */ 346 public Boolean isEnabled() { 347 return impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition()); 348 } 349 350 351 352 /** 353 * {@inheritDoc} 354 */ 355 public void setEnabled(boolean value) { 356 impl.setPropertyValue(INSTANCE.getEnabledPropertyDefinition(), value); 357 } 358 359 360 361 /** 362 * {@inheritDoc} 363 */ 364 public FingerprintAlgorithm getFingerprintAlgorithm() { 365 return impl.getPropertyValue(INSTANCE.getFingerprintAlgorithmPropertyDefinition()); 366 } 367 368 369 370 /** 371 * {@inheritDoc} 372 */ 373 public void setFingerprintAlgorithm(FingerprintAlgorithm value) { 374 impl.setPropertyValue(INSTANCE.getFingerprintAlgorithmPropertyDefinition(), value); 375 } 376 377 378 379 /** 380 * {@inheritDoc} 381 */ 382 public AttributeType getFingerprintAttribute() { 383 return impl.getPropertyValue(INSTANCE.getFingerprintAttributePropertyDefinition()); 384 } 385 386 387 388 /** 389 * {@inheritDoc} 390 */ 391 public void setFingerprintAttribute(AttributeType value) { 392 impl.setPropertyValue(INSTANCE.getFingerprintAttributePropertyDefinition(), value); 393 } 394 395 396 397 /** 398 * {@inheritDoc} 399 */ 400 public String getJavaClass() { 401 return impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition()); 402 } 403 404 405 406 /** 407 * {@inheritDoc} 408 */ 409 public void setJavaClass(String value) { 410 impl.setPropertyValue(INSTANCE.getJavaClassPropertyDefinition(), value); 411 } 412 413 414 415 /** 416 * {@inheritDoc} 417 */ 418 public SortedSet<DN> getUserBaseDN() { 419 return impl.getPropertyValues(INSTANCE.getUserBaseDNPropertyDefinition()); 420 } 421 422 423 424 /** 425 * {@inheritDoc} 426 */ 427 public void setUserBaseDN(Collection<DN> values) { 428 impl.setPropertyValues(INSTANCE.getUserBaseDNPropertyDefinition(), values); 429 } 430 431 432 433 /** 434 * {@inheritDoc} 435 */ 436 public ManagedObjectDefinition<? extends FingerprintCertificateMapperCfgClient, ? extends FingerprintCertificateMapperCfg> definition() { 437 return INSTANCE; 438 } 439 440 441 442 /** 443 * {@inheritDoc} 444 */ 445 public PropertyProvider properties() { 446 return impl; 447 } 448 449 450 451 /** 452 * {@inheritDoc} 453 */ 454 public void commit() throws ManagedObjectAlreadyExistsException, 455 MissingMandatoryPropertiesException, ConcurrentModificationException, 456 OperationRejectedException, LdapException { 457 impl.commit(); 458 } 459 460 } 461 462 463 464 /** 465 * Managed object server implementation. 466 */ 467 private static class FingerprintCertificateMapperCfgServerImpl implements 468 FingerprintCertificateMapperCfg { 469 470 // Private implementation. 471 private ServerManagedObject<? extends FingerprintCertificateMapperCfg> impl; 472 473 // The value of the "enabled" property. 474 private final boolean pEnabled; 475 476 // The value of the "fingerprint-algorithm" property. 477 private final FingerprintAlgorithm pFingerprintAlgorithm; 478 479 // The value of the "fingerprint-attribute" property. 480 private final AttributeType pFingerprintAttribute; 481 482 // The value of the "java-class" property. 483 private final String pJavaClass; 484 485 // The value of the "user-base-dn" property. 486 private final SortedSet<DN> pUserBaseDN; 487 488 489 490 // Private constructor. 491 private FingerprintCertificateMapperCfgServerImpl(ServerManagedObject<? extends FingerprintCertificateMapperCfg> impl) { 492 this.impl = impl; 493 this.pEnabled = impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition()); 494 this.pFingerprintAlgorithm = impl.getPropertyValue(INSTANCE.getFingerprintAlgorithmPropertyDefinition()); 495 this.pFingerprintAttribute = impl.getPropertyValue(INSTANCE.getFingerprintAttributePropertyDefinition()); 496 this.pJavaClass = impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition()); 497 this.pUserBaseDN = impl.getPropertyValues(INSTANCE.getUserBaseDNPropertyDefinition()); 498 } 499 500 501 502 /** 503 * {@inheritDoc} 504 */ 505 public void addFingerprintChangeListener( 506 ConfigurationChangeListener<FingerprintCertificateMapperCfg> listener) { 507 impl.registerChangeListener(listener); 508 } 509 510 511 512 /** 513 * {@inheritDoc} 514 */ 515 public void removeFingerprintChangeListener( 516 ConfigurationChangeListener<FingerprintCertificateMapperCfg> listener) { 517 impl.deregisterChangeListener(listener); 518 } 519 /** 520 * {@inheritDoc} 521 */ 522 public void addChangeListener( 523 ConfigurationChangeListener<CertificateMapperCfg> listener) { 524 impl.registerChangeListener(listener); 525 } 526 527 528 529 /** 530 * {@inheritDoc} 531 */ 532 public void removeChangeListener( 533 ConfigurationChangeListener<CertificateMapperCfg> listener) { 534 impl.deregisterChangeListener(listener); 535 } 536 537 538 539 /** 540 * {@inheritDoc} 541 */ 542 public boolean isEnabled() { 543 return pEnabled; 544 } 545 546 547 548 /** 549 * {@inheritDoc} 550 */ 551 public FingerprintAlgorithm getFingerprintAlgorithm() { 552 return pFingerprintAlgorithm; 553 } 554 555 556 557 /** 558 * {@inheritDoc} 559 */ 560 public AttributeType getFingerprintAttribute() { 561 return pFingerprintAttribute; 562 } 563 564 565 566 /** 567 * {@inheritDoc} 568 */ 569 public String getJavaClass() { 570 return pJavaClass; 571 } 572 573 574 575 /** 576 * {@inheritDoc} 577 */ 578 public SortedSet<DN> getUserBaseDN() { 579 return pUserBaseDN; 580 } 581 582 583 584 /** 585 * {@inheritDoc} 586 */ 587 public Class<? extends FingerprintCertificateMapperCfg> configurationClass() { 588 return FingerprintCertificateMapperCfg.class; 589 } 590 591 592 593 /** 594 * {@inheritDoc} 595 */ 596 public DN dn() { 597 return impl.getDN(); 598 } 599 600 } 601}