001/*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License").  You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
010 * or http://forgerock.org/license/CDDLv1.0.html.
011 * See the License for the specific language governing permissions
012 * and limitations under the License.
013 *
014 * When distributing Covered Code, include this CDDL HEADER in each
015 * file and include the License file at legal-notices/CDDLv1_0.txt.
016 * If applicable, add the following below this CDDL HEADER, with the
017 * fields enclosed by brackets "[]" replaced with your own identifying
018 * information:
019 *      Portions Copyright [yyyy] [name of copyright owner]
020 *
021 * CDDL HEADER END
022 *
023 *
024 *      Copyright 2008 Sun Microsystems, Inc.
025 */
026package org.forgerock.opendj.server.config.meta;
027
028
029
030import org.forgerock.opendj.config.AdministratorAction;
031import org.forgerock.opendj.config.AggregationPropertyDefinition;
032import org.forgerock.opendj.config.AttributeTypePropertyDefinition;
033import org.forgerock.opendj.config.BooleanPropertyDefinition;
034import org.forgerock.opendj.config.ClassPropertyDefinition;
035import org.forgerock.opendj.config.client.ConcurrentModificationException;
036import org.forgerock.opendj.config.client.ManagedObject;
037import org.forgerock.opendj.config.client.MissingMandatoryPropertiesException;
038import org.forgerock.opendj.config.client.OperationRejectedException;
039import org.forgerock.opendj.config.conditions.Conditions;
040import org.forgerock.opendj.config.DefaultBehaviorProvider;
041import org.forgerock.opendj.config.DefinedDefaultBehaviorProvider;
042import org.forgerock.opendj.config.EnumPropertyDefinition;
043import org.forgerock.opendj.config.ManagedObjectAlreadyExistsException;
044import org.forgerock.opendj.config.ManagedObjectDefinition;
045import org.forgerock.opendj.config.PropertyOption;
046import org.forgerock.opendj.config.PropertyProvider;
047import org.forgerock.opendj.config.server.ConfigurationChangeListener;
048import org.forgerock.opendj.config.server.ServerManagedObject;
049import org.forgerock.opendj.config.Tag;
050import org.forgerock.opendj.config.UndefinedDefaultBehaviorProvider;
051import org.forgerock.opendj.ldap.DN;
052import org.forgerock.opendj.ldap.LdapException;
053import org.forgerock.opendj.ldap.schema.AttributeType;
054import org.forgerock.opendj.server.config.client.CertificateMapperCfgClient;
055import org.forgerock.opendj.server.config.client.ExternalSASLMechanismHandlerCfgClient;
056import org.forgerock.opendj.server.config.server.CertificateMapperCfg;
057import org.forgerock.opendj.server.config.server.ExternalSASLMechanismHandlerCfg;
058import org.forgerock.opendj.server.config.server.SASLMechanismHandlerCfg;
059
060
061
062/**
063 * An interface for querying the External SASL Mechanism Handler
064 * managed object definition meta information.
065 * <p>
066 * The External SASL Mechanism Handler performs all processing related
067 * to SASL EXTERNAL authentication.
068 */
069public final class ExternalSASLMechanismHandlerCfgDefn extends ManagedObjectDefinition<ExternalSASLMechanismHandlerCfgClient, ExternalSASLMechanismHandlerCfg> {
070
071  // The singleton configuration definition instance.
072  private static final ExternalSASLMechanismHandlerCfgDefn INSTANCE = new ExternalSASLMechanismHandlerCfgDefn();
073
074
075
076  /**
077   * Defines the set of permissable values for the "certificate-validation-policy" property.
078   * <p>
079   * Indicates whether to attempt to validate the peer certificate
080   * against a certificate held in the user's entry.
081   */
082  public static enum CertificateValidationPolicy {
083
084    /**
085     * Always require the peer certificate to be present in the user's
086     * entry.
087     */
088    ALWAYS("always"),
089
090
091
092    /**
093     * If the user's entry contains one or more certificates, require
094     * that one of them match the peer certificate.
095     */
096    IFPRESENT("ifpresent"),
097
098
099
100    /**
101     * Do not look for the peer certificate to be present in the
102     * user's entry.
103     */
104    NEVER("never");
105
106
107
108    // String representation of the value.
109    private final String name;
110
111
112
113    // Private constructor.
114    private CertificateValidationPolicy(String name) { this.name = name; }
115
116
117
118    /**
119     * {@inheritDoc}
120     */
121    public String toString() { return name; }
122
123  }
124
125
126
127  // The "certificate-attribute" property definition.
128  private static final AttributeTypePropertyDefinition PD_CERTIFICATE_ATTRIBUTE;
129
130
131
132  // The "certificate-mapper" property definition.
133  private static final AggregationPropertyDefinition<CertificateMapperCfgClient, CertificateMapperCfg> PD_CERTIFICATE_MAPPER;
134
135
136
137  // The "certificate-validation-policy" property definition.
138  private static final EnumPropertyDefinition<CertificateValidationPolicy> PD_CERTIFICATE_VALIDATION_POLICY;
139
140
141
142  // The "java-class" property definition.
143  private static final ClassPropertyDefinition PD_JAVA_CLASS;
144
145
146
147  // Build the "certificate-attribute" property definition.
148  static {
149      AttributeTypePropertyDefinition.Builder builder = AttributeTypePropertyDefinition.createBuilder(INSTANCE, "certificate-attribute");
150      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "certificate-attribute"));
151      DefaultBehaviorProvider<AttributeType> provider = new DefinedDefaultBehaviorProvider<AttributeType>("userCertificate");
152      builder.setDefaultBehaviorProvider(provider);
153      PD_CERTIFICATE_ATTRIBUTE = builder.getInstance();
154      INSTANCE.registerPropertyDefinition(PD_CERTIFICATE_ATTRIBUTE);
155  }
156
157
158
159  // Build the "certificate-mapper" property definition.
160  static {
161      AggregationPropertyDefinition.Builder<CertificateMapperCfgClient, CertificateMapperCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "certificate-mapper");
162      builder.setOption(PropertyOption.MANDATORY);
163      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "certificate-mapper"));
164      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
165      builder.setParentPath("/");
166      builder.setRelationDefinition("certificate-mapper");
167      builder.setTargetNeedsEnablingCondition(Conditions.contains("enabled", "true"));
168      builder.setTargetIsEnabledCondition(Conditions.contains("enabled", "true"));
169      PD_CERTIFICATE_MAPPER = builder.getInstance();
170      INSTANCE.registerPropertyDefinition(PD_CERTIFICATE_MAPPER);
171      INSTANCE.registerConstraint(PD_CERTIFICATE_MAPPER.getSourceConstraint());
172  }
173
174
175
176  // Build the "certificate-validation-policy" property definition.
177  static {
178      EnumPropertyDefinition.Builder<CertificateValidationPolicy> builder = EnumPropertyDefinition.createBuilder(INSTANCE, "certificate-validation-policy");
179      builder.setOption(PropertyOption.MANDATORY);
180      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "certificate-validation-policy"));
181      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<CertificateValidationPolicy>());
182      builder.setEnumClass(CertificateValidationPolicy.class);
183      PD_CERTIFICATE_VALIDATION_POLICY = builder.getInstance();
184      INSTANCE.registerPropertyDefinition(PD_CERTIFICATE_VALIDATION_POLICY);
185  }
186
187
188
189  // Build the "java-class" property definition.
190  static {
191      ClassPropertyDefinition.Builder builder = ClassPropertyDefinition.createBuilder(INSTANCE, "java-class");
192      builder.setOption(PropertyOption.MANDATORY);
193      builder.setOption(PropertyOption.ADVANCED);
194      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.COMPONENT_RESTART, INSTANCE, "java-class"));
195      DefaultBehaviorProvider<String> provider = new DefinedDefaultBehaviorProvider<String>("org.opends.server.extensions.ExternalSASLMechanismHandler");
196      builder.setDefaultBehaviorProvider(provider);
197      builder.addInstanceOf("org.opends.server.api.SASLMechanismHandler");
198      PD_JAVA_CLASS = builder.getInstance();
199      INSTANCE.registerPropertyDefinition(PD_JAVA_CLASS);
200  }
201
202
203
204  // Register the tags associated with this managed object definition.
205  static {
206    INSTANCE.registerTag(Tag.valueOf("security"));
207  }
208
209
210
211  /**
212   * Get the External SASL Mechanism Handler configuration definition
213   * singleton.
214   *
215   * @return Returns the External SASL Mechanism Handler configuration
216   *         definition singleton.
217   */
218  public static ExternalSASLMechanismHandlerCfgDefn getInstance() {
219    return INSTANCE;
220  }
221
222
223
224  /**
225   * Private constructor.
226   */
227  private ExternalSASLMechanismHandlerCfgDefn() {
228    super("external-sasl-mechanism-handler", SASLMechanismHandlerCfgDefn.getInstance());
229  }
230
231
232
233  /**
234   * {@inheritDoc}
235   */
236  public ExternalSASLMechanismHandlerCfgClient createClientConfiguration(
237      ManagedObject<? extends ExternalSASLMechanismHandlerCfgClient> impl) {
238    return new ExternalSASLMechanismHandlerCfgClientImpl(impl);
239  }
240
241
242
243  /**
244   * {@inheritDoc}
245   */
246  public ExternalSASLMechanismHandlerCfg createServerConfiguration(
247      ServerManagedObject<? extends ExternalSASLMechanismHandlerCfg> impl) {
248    return new ExternalSASLMechanismHandlerCfgServerImpl(impl);
249  }
250
251
252
253  /**
254   * {@inheritDoc}
255   */
256  public Class<ExternalSASLMechanismHandlerCfg> getServerConfigurationClass() {
257    return ExternalSASLMechanismHandlerCfg.class;
258  }
259
260
261
262  /**
263   * Get the "certificate-attribute" property definition.
264   * <p>
265   * Specifies the name of the attribute to hold user certificates.
266   * <p>
267   * This property must specify the name of a valid attribute type
268   * defined in the server schema.
269   *
270   * @return Returns the "certificate-attribute" property definition.
271   */
272  public AttributeTypePropertyDefinition getCertificateAttributePropertyDefinition() {
273    return PD_CERTIFICATE_ATTRIBUTE;
274  }
275
276
277
278  /**
279   * Get the "certificate-mapper" property definition.
280   * <p>
281   * Specifies the name of the certificate mapper that should be used
282   * to match client certificates to user entries.
283   *
284   * @return Returns the "certificate-mapper" property definition.
285   */
286  public AggregationPropertyDefinition<CertificateMapperCfgClient, CertificateMapperCfg> getCertificateMapperPropertyDefinition() {
287    return PD_CERTIFICATE_MAPPER;
288  }
289
290
291
292  /**
293   * Get the "certificate-validation-policy" property definition.
294   * <p>
295   * Indicates whether to attempt to validate the peer certificate
296   * against a certificate held in the user's entry.
297   *
298   * @return Returns the "certificate-validation-policy" property definition.
299   */
300  public EnumPropertyDefinition<CertificateValidationPolicy> getCertificateValidationPolicyPropertyDefinition() {
301    return PD_CERTIFICATE_VALIDATION_POLICY;
302  }
303
304
305
306  /**
307   * Get the "enabled" property definition.
308   * <p>
309   * Indicates whether the SASL mechanism handler is enabled for use.
310   *
311   * @return Returns the "enabled" property definition.
312   */
313  public BooleanPropertyDefinition getEnabledPropertyDefinition() {
314    return SASLMechanismHandlerCfgDefn.getInstance().getEnabledPropertyDefinition();
315  }
316
317
318
319  /**
320   * Get the "java-class" property definition.
321   * <p>
322   * Specifies the fully-qualified name of the Java class that
323   * provides the SASL mechanism handler implementation.
324   *
325   * @return Returns the "java-class" property definition.
326   */
327  public ClassPropertyDefinition getJavaClassPropertyDefinition() {
328    return PD_JAVA_CLASS;
329  }
330
331
332
333  /**
334   * Managed object client implementation.
335   */
336  private static class ExternalSASLMechanismHandlerCfgClientImpl implements
337    ExternalSASLMechanismHandlerCfgClient {
338
339    // Private implementation.
340    private ManagedObject<? extends ExternalSASLMechanismHandlerCfgClient> impl;
341
342
343
344    // Private constructor.
345    private ExternalSASLMechanismHandlerCfgClientImpl(
346        ManagedObject<? extends ExternalSASLMechanismHandlerCfgClient> impl) {
347      this.impl = impl;
348    }
349
350
351
352    /**
353     * {@inheritDoc}
354     */
355    public AttributeType getCertificateAttribute() {
356      return impl.getPropertyValue(INSTANCE.getCertificateAttributePropertyDefinition());
357    }
358
359
360
361    /**
362     * {@inheritDoc}
363     */
364    public void setCertificateAttribute(AttributeType value) {
365      impl.setPropertyValue(INSTANCE.getCertificateAttributePropertyDefinition(), value);
366    }
367
368
369
370    /**
371     * {@inheritDoc}
372     */
373    public String getCertificateMapper() {
374      return impl.getPropertyValue(INSTANCE.getCertificateMapperPropertyDefinition());
375    }
376
377
378
379    /**
380     * {@inheritDoc}
381     */
382    public void setCertificateMapper(String value) {
383      impl.setPropertyValue(INSTANCE.getCertificateMapperPropertyDefinition(), value);
384    }
385
386
387
388    /**
389     * {@inheritDoc}
390     */
391    public CertificateValidationPolicy getCertificateValidationPolicy() {
392      return impl.getPropertyValue(INSTANCE.getCertificateValidationPolicyPropertyDefinition());
393    }
394
395
396
397    /**
398     * {@inheritDoc}
399     */
400    public void setCertificateValidationPolicy(CertificateValidationPolicy value) {
401      impl.setPropertyValue(INSTANCE.getCertificateValidationPolicyPropertyDefinition(), value);
402    }
403
404
405
406    /**
407     * {@inheritDoc}
408     */
409    public Boolean isEnabled() {
410      return impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition());
411    }
412
413
414
415    /**
416     * {@inheritDoc}
417     */
418    public void setEnabled(boolean value) {
419      impl.setPropertyValue(INSTANCE.getEnabledPropertyDefinition(), value);
420    }
421
422
423
424    /**
425     * {@inheritDoc}
426     */
427    public String getJavaClass() {
428      return impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition());
429    }
430
431
432
433    /**
434     * {@inheritDoc}
435     */
436    public void setJavaClass(String value) {
437      impl.setPropertyValue(INSTANCE.getJavaClassPropertyDefinition(), value);
438    }
439
440
441
442    /**
443     * {@inheritDoc}
444     */
445    public ManagedObjectDefinition<? extends ExternalSASLMechanismHandlerCfgClient, ? extends ExternalSASLMechanismHandlerCfg> definition() {
446      return INSTANCE;
447    }
448
449
450
451    /**
452     * {@inheritDoc}
453     */
454    public PropertyProvider properties() {
455      return impl;
456    }
457
458
459
460    /**
461     * {@inheritDoc}
462     */
463    public void commit() throws ManagedObjectAlreadyExistsException,
464        MissingMandatoryPropertiesException, ConcurrentModificationException,
465        OperationRejectedException, LdapException {
466      impl.commit();
467    }
468
469  }
470
471
472
473  /**
474   * Managed object server implementation.
475   */
476  private static class ExternalSASLMechanismHandlerCfgServerImpl implements
477    ExternalSASLMechanismHandlerCfg {
478
479    // Private implementation.
480    private ServerManagedObject<? extends ExternalSASLMechanismHandlerCfg> impl;
481
482    // The value of the "certificate-attribute" property.
483    private final AttributeType pCertificateAttribute;
484
485    // The value of the "certificate-mapper" property.
486    private final String pCertificateMapper;
487
488    // The value of the "certificate-validation-policy" property.
489    private final CertificateValidationPolicy pCertificateValidationPolicy;
490
491    // The value of the "enabled" property.
492    private final boolean pEnabled;
493
494    // The value of the "java-class" property.
495    private final String pJavaClass;
496
497
498
499    // Private constructor.
500    private ExternalSASLMechanismHandlerCfgServerImpl(ServerManagedObject<? extends ExternalSASLMechanismHandlerCfg> impl) {
501      this.impl = impl;
502      this.pCertificateAttribute = impl.getPropertyValue(INSTANCE.getCertificateAttributePropertyDefinition());
503      this.pCertificateMapper = impl.getPropertyValue(INSTANCE.getCertificateMapperPropertyDefinition());
504      this.pCertificateValidationPolicy = impl.getPropertyValue(INSTANCE.getCertificateValidationPolicyPropertyDefinition());
505      this.pEnabled = impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition());
506      this.pJavaClass = impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition());
507    }
508
509
510
511    /**
512     * {@inheritDoc}
513     */
514    public void addExternalChangeListener(
515        ConfigurationChangeListener<ExternalSASLMechanismHandlerCfg> listener) {
516      impl.registerChangeListener(listener);
517    }
518
519
520
521    /**
522     * {@inheritDoc}
523     */
524    public void removeExternalChangeListener(
525        ConfigurationChangeListener<ExternalSASLMechanismHandlerCfg> listener) {
526      impl.deregisterChangeListener(listener);
527    }
528    /**
529     * {@inheritDoc}
530     */
531    public void addChangeListener(
532        ConfigurationChangeListener<SASLMechanismHandlerCfg> listener) {
533      impl.registerChangeListener(listener);
534    }
535
536
537
538    /**
539     * {@inheritDoc}
540     */
541    public void removeChangeListener(
542        ConfigurationChangeListener<SASLMechanismHandlerCfg> listener) {
543      impl.deregisterChangeListener(listener);
544    }
545
546
547
548    /**
549     * {@inheritDoc}
550     */
551    public AttributeType getCertificateAttribute() {
552      return pCertificateAttribute;
553    }
554
555
556
557    /**
558     * {@inheritDoc}
559     */
560    public String getCertificateMapper() {
561      return pCertificateMapper;
562    }
563
564
565
566    /**
567     * {@inheritDoc}
568     */
569    public DN getCertificateMapperDN() {
570      String value = getCertificateMapper();
571      if (value == null) return null;
572      return INSTANCE.getCertificateMapperPropertyDefinition().getChildDN(value);
573    }
574
575
576
577    /**
578     * {@inheritDoc}
579     */
580    public CertificateValidationPolicy getCertificateValidationPolicy() {
581      return pCertificateValidationPolicy;
582    }
583
584
585
586    /**
587     * {@inheritDoc}
588     */
589    public boolean isEnabled() {
590      return pEnabled;
591    }
592
593
594
595    /**
596     * {@inheritDoc}
597     */
598    public String getJavaClass() {
599      return pJavaClass;
600    }
601
602
603
604    /**
605     * {@inheritDoc}
606     */
607    public Class<? extends ExternalSASLMechanismHandlerCfg> configurationClass() {
608      return ExternalSASLMechanismHandlerCfg.class;
609    }
610
611
612
613    /**
614     * {@inheritDoc}
615     */
616    public DN dn() {
617      return impl.getDN();
618    }
619
620  }
621}