001/* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt 010 * or http://forgerock.org/license/CDDLv1.0.html. 011 * See the License for the specific language governing permissions 012 * and limitations under the License. 013 * 014 * When distributing Covered Code, include this CDDL HEADER in each 015 * file and include the License file at legal-notices/CDDLv1_0.txt. 016 * If applicable, add the following below this CDDL HEADER, with the 017 * fields enclosed by brackets "[]" replaced with your own identifying 018 * information: 019 * Portions Copyright [yyyy] [name of copyright owner] 020 * 021 * CDDL HEADER END 022 * 023 * 024 * Copyright 2008 Sun Microsystems, Inc. 025 */ 026package org.forgerock.opendj.server.config.meta; 027 028 029 030import java.util.Collection; 031import java.util.SortedSet; 032import org.forgerock.opendj.config.AdministratorAction; 033import org.forgerock.opendj.config.AliasDefaultBehaviorProvider; 034import org.forgerock.opendj.config.AttributeTypePropertyDefinition; 035import org.forgerock.opendj.config.BooleanPropertyDefinition; 036import org.forgerock.opendj.config.ClassPropertyDefinition; 037import org.forgerock.opendj.config.client.ConcurrentModificationException; 038import org.forgerock.opendj.config.client.ManagedObject; 039import org.forgerock.opendj.config.client.MissingMandatoryPropertiesException; 040import org.forgerock.opendj.config.client.OperationRejectedException; 041import org.forgerock.opendj.config.DefaultBehaviorProvider; 042import org.forgerock.opendj.config.DefinedDefaultBehaviorProvider; 043import org.forgerock.opendj.config.DNPropertyDefinition; 044import org.forgerock.opendj.config.ManagedObjectAlreadyExistsException; 045import org.forgerock.opendj.config.ManagedObjectDefinition; 046import org.forgerock.opendj.config.PropertyOption; 047import org.forgerock.opendj.config.PropertyProvider; 048import org.forgerock.opendj.config.server.ConfigurationChangeListener; 049import org.forgerock.opendj.config.server.ServerManagedObject; 050import org.forgerock.opendj.config.Tag; 051import org.forgerock.opendj.config.UndefinedDefaultBehaviorProvider; 052import org.forgerock.opendj.ldap.DN; 053import org.forgerock.opendj.ldap.LdapException; 054import org.forgerock.opendj.ldap.schema.AttributeType; 055import org.forgerock.opendj.server.config.client.SubjectDNToUserAttributeCertificateMapperCfgClient; 056import org.forgerock.opendj.server.config.server.CertificateMapperCfg; 057import org.forgerock.opendj.server.config.server.SubjectDNToUserAttributeCertificateMapperCfg; 058 059 060 061/** 062 * An interface for querying the Subject DN To User Attribute 063 * Certificate Mapper managed object definition meta information. 064 * <p> 065 * The Subject DN To User Attribute Certificate Mapper maps client 066 * certificates to user entries by looking for the certificate subject 067 * DN in a specified attribute of user entries. 068 */ 069public final class SubjectDNToUserAttributeCertificateMapperCfgDefn extends ManagedObjectDefinition<SubjectDNToUserAttributeCertificateMapperCfgClient, SubjectDNToUserAttributeCertificateMapperCfg> { 070 071 // The singleton configuration definition instance. 072 private static final SubjectDNToUserAttributeCertificateMapperCfgDefn INSTANCE = new SubjectDNToUserAttributeCertificateMapperCfgDefn(); 073 074 075 076 // The "java-class" property definition. 077 private static final ClassPropertyDefinition PD_JAVA_CLASS; 078 079 080 081 // The "subject-attribute" property definition. 082 private static final AttributeTypePropertyDefinition PD_SUBJECT_ATTRIBUTE; 083 084 085 086 // The "user-base-dn" property definition. 087 private static final DNPropertyDefinition PD_USER_BASE_DN; 088 089 090 091 // Build the "java-class" property definition. 092 static { 093 ClassPropertyDefinition.Builder builder = ClassPropertyDefinition.createBuilder(INSTANCE, "java-class"); 094 builder.setOption(PropertyOption.MANDATORY); 095 builder.setOption(PropertyOption.ADVANCED); 096 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.COMPONENT_RESTART, INSTANCE, "java-class")); 097 DefaultBehaviorProvider<String> provider = new DefinedDefaultBehaviorProvider<String>("org.opends.server.extensions.SubjectDNToUserAttributeCertificateMapper"); 098 builder.setDefaultBehaviorProvider(provider); 099 builder.addInstanceOf("org.opends.server.api.CertificateMapper"); 100 PD_JAVA_CLASS = builder.getInstance(); 101 INSTANCE.registerPropertyDefinition(PD_JAVA_CLASS); 102 } 103 104 105 106 // Build the "subject-attribute" property definition. 107 static { 108 AttributeTypePropertyDefinition.Builder builder = AttributeTypePropertyDefinition.createBuilder(INSTANCE, "subject-attribute"); 109 builder.setOption(PropertyOption.MANDATORY); 110 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "subject-attribute")); 111 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<AttributeType>()); 112 PD_SUBJECT_ATTRIBUTE = builder.getInstance(); 113 INSTANCE.registerPropertyDefinition(PD_SUBJECT_ATTRIBUTE); 114 } 115 116 117 118 // Build the "user-base-dn" property definition. 119 static { 120 DNPropertyDefinition.Builder builder = DNPropertyDefinition.createBuilder(INSTANCE, "user-base-dn"); 121 builder.setOption(PropertyOption.MULTI_VALUED); 122 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "user-base-dn")); 123 builder.setDefaultBehaviorProvider(new AliasDefaultBehaviorProvider<DN>(INSTANCE, "user-base-dn")); 124 PD_USER_BASE_DN = builder.getInstance(); 125 INSTANCE.registerPropertyDefinition(PD_USER_BASE_DN); 126 } 127 128 129 130 // Register the tags associated with this managed object definition. 131 static { 132 INSTANCE.registerTag(Tag.valueOf("security")); 133 INSTANCE.registerTag(Tag.valueOf("user-management")); 134 } 135 136 137 138 /** 139 * Get the Subject DN To User Attribute Certificate Mapper 140 * configuration definition singleton. 141 * 142 * @return Returns the Subject DN To User Attribute Certificate 143 * Mapper configuration definition singleton. 144 */ 145 public static SubjectDNToUserAttributeCertificateMapperCfgDefn getInstance() { 146 return INSTANCE; 147 } 148 149 150 151 /** 152 * Private constructor. 153 */ 154 private SubjectDNToUserAttributeCertificateMapperCfgDefn() { 155 super("subject-dn-to-user-attribute-certificate-mapper", CertificateMapperCfgDefn.getInstance()); 156 } 157 158 159 160 /** 161 * {@inheritDoc} 162 */ 163 public SubjectDNToUserAttributeCertificateMapperCfgClient createClientConfiguration( 164 ManagedObject<? extends SubjectDNToUserAttributeCertificateMapperCfgClient> impl) { 165 return new SubjectDNToUserAttributeCertificateMapperCfgClientImpl(impl); 166 } 167 168 169 170 /** 171 * {@inheritDoc} 172 */ 173 public SubjectDNToUserAttributeCertificateMapperCfg createServerConfiguration( 174 ServerManagedObject<? extends SubjectDNToUserAttributeCertificateMapperCfg> impl) { 175 return new SubjectDNToUserAttributeCertificateMapperCfgServerImpl(impl); 176 } 177 178 179 180 /** 181 * {@inheritDoc} 182 */ 183 public Class<SubjectDNToUserAttributeCertificateMapperCfg> getServerConfigurationClass() { 184 return SubjectDNToUserAttributeCertificateMapperCfg.class; 185 } 186 187 188 189 /** 190 * Get the "enabled" property definition. 191 * <p> 192 * Indicates whether the Subject DN To User Attribute Certificate 193 * Mapper is enabled. 194 * 195 * @return Returns the "enabled" property definition. 196 */ 197 public BooleanPropertyDefinition getEnabledPropertyDefinition() { 198 return CertificateMapperCfgDefn.getInstance().getEnabledPropertyDefinition(); 199 } 200 201 202 203 /** 204 * Get the "java-class" property definition. 205 * <p> 206 * Specifies the fully-qualified name of the Java class that 207 * provides the Subject DN To User Attribute Certificate Mapper 208 * implementation. 209 * 210 * @return Returns the "java-class" property definition. 211 */ 212 public ClassPropertyDefinition getJavaClassPropertyDefinition() { 213 return PD_JAVA_CLASS; 214 } 215 216 217 218 /** 219 * Get the "subject-attribute" property definition. 220 * <p> 221 * Specifies the name or OID of the attribute whose value should 222 * exactly match the certificate subject DN. 223 * 224 * @return Returns the "subject-attribute" property definition. 225 */ 226 public AttributeTypePropertyDefinition getSubjectAttributePropertyDefinition() { 227 return PD_SUBJECT_ATTRIBUTE; 228 } 229 230 231 232 /** 233 * Get the "user-base-dn" property definition. 234 * <p> 235 * Specifies the base DNs that should be used when performing 236 * searches to map the client certificate to a user entry. 237 * 238 * @return Returns the "user-base-dn" property definition. 239 */ 240 public DNPropertyDefinition getUserBaseDNPropertyDefinition() { 241 return PD_USER_BASE_DN; 242 } 243 244 245 246 /** 247 * Managed object client implementation. 248 */ 249 private static class SubjectDNToUserAttributeCertificateMapperCfgClientImpl implements 250 SubjectDNToUserAttributeCertificateMapperCfgClient { 251 252 // Private implementation. 253 private ManagedObject<? extends SubjectDNToUserAttributeCertificateMapperCfgClient> impl; 254 255 256 257 // Private constructor. 258 private SubjectDNToUserAttributeCertificateMapperCfgClientImpl( 259 ManagedObject<? extends SubjectDNToUserAttributeCertificateMapperCfgClient> impl) { 260 this.impl = impl; 261 } 262 263 264 265 /** 266 * {@inheritDoc} 267 */ 268 public Boolean isEnabled() { 269 return impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition()); 270 } 271 272 273 274 /** 275 * {@inheritDoc} 276 */ 277 public void setEnabled(boolean value) { 278 impl.setPropertyValue(INSTANCE.getEnabledPropertyDefinition(), value); 279 } 280 281 282 283 /** 284 * {@inheritDoc} 285 */ 286 public String getJavaClass() { 287 return impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition()); 288 } 289 290 291 292 /** 293 * {@inheritDoc} 294 */ 295 public void setJavaClass(String value) { 296 impl.setPropertyValue(INSTANCE.getJavaClassPropertyDefinition(), value); 297 } 298 299 300 301 /** 302 * {@inheritDoc} 303 */ 304 public AttributeType getSubjectAttribute() { 305 return impl.getPropertyValue(INSTANCE.getSubjectAttributePropertyDefinition()); 306 } 307 308 309 310 /** 311 * {@inheritDoc} 312 */ 313 public void setSubjectAttribute(AttributeType value) { 314 impl.setPropertyValue(INSTANCE.getSubjectAttributePropertyDefinition(), value); 315 } 316 317 318 319 /** 320 * {@inheritDoc} 321 */ 322 public SortedSet<DN> getUserBaseDN() { 323 return impl.getPropertyValues(INSTANCE.getUserBaseDNPropertyDefinition()); 324 } 325 326 327 328 /** 329 * {@inheritDoc} 330 */ 331 public void setUserBaseDN(Collection<DN> values) { 332 impl.setPropertyValues(INSTANCE.getUserBaseDNPropertyDefinition(), values); 333 } 334 335 336 337 /** 338 * {@inheritDoc} 339 */ 340 public ManagedObjectDefinition<? extends SubjectDNToUserAttributeCertificateMapperCfgClient, ? extends SubjectDNToUserAttributeCertificateMapperCfg> definition() { 341 return INSTANCE; 342 } 343 344 345 346 /** 347 * {@inheritDoc} 348 */ 349 public PropertyProvider properties() { 350 return impl; 351 } 352 353 354 355 /** 356 * {@inheritDoc} 357 */ 358 public void commit() throws ManagedObjectAlreadyExistsException, 359 MissingMandatoryPropertiesException, ConcurrentModificationException, 360 OperationRejectedException, LdapException { 361 impl.commit(); 362 } 363 364 } 365 366 367 368 /** 369 * Managed object server implementation. 370 */ 371 private static class SubjectDNToUserAttributeCertificateMapperCfgServerImpl implements 372 SubjectDNToUserAttributeCertificateMapperCfg { 373 374 // Private implementation. 375 private ServerManagedObject<? extends SubjectDNToUserAttributeCertificateMapperCfg> impl; 376 377 // The value of the "enabled" property. 378 private final boolean pEnabled; 379 380 // The value of the "java-class" property. 381 private final String pJavaClass; 382 383 // The value of the "subject-attribute" property. 384 private final AttributeType pSubjectAttribute; 385 386 // The value of the "user-base-dn" property. 387 private final SortedSet<DN> pUserBaseDN; 388 389 390 391 // Private constructor. 392 private SubjectDNToUserAttributeCertificateMapperCfgServerImpl(ServerManagedObject<? extends SubjectDNToUserAttributeCertificateMapperCfg> impl) { 393 this.impl = impl; 394 this.pEnabled = impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition()); 395 this.pJavaClass = impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition()); 396 this.pSubjectAttribute = impl.getPropertyValue(INSTANCE.getSubjectAttributePropertyDefinition()); 397 this.pUserBaseDN = impl.getPropertyValues(INSTANCE.getUserBaseDNPropertyDefinition()); 398 } 399 400 401 402 /** 403 * {@inheritDoc} 404 */ 405 public void addSubjectDNToUserAttributeChangeListener( 406 ConfigurationChangeListener<SubjectDNToUserAttributeCertificateMapperCfg> listener) { 407 impl.registerChangeListener(listener); 408 } 409 410 411 412 /** 413 * {@inheritDoc} 414 */ 415 public void removeSubjectDNToUserAttributeChangeListener( 416 ConfigurationChangeListener<SubjectDNToUserAttributeCertificateMapperCfg> listener) { 417 impl.deregisterChangeListener(listener); 418 } 419 /** 420 * {@inheritDoc} 421 */ 422 public void addChangeListener( 423 ConfigurationChangeListener<CertificateMapperCfg> listener) { 424 impl.registerChangeListener(listener); 425 } 426 427 428 429 /** 430 * {@inheritDoc} 431 */ 432 public void removeChangeListener( 433 ConfigurationChangeListener<CertificateMapperCfg> listener) { 434 impl.deregisterChangeListener(listener); 435 } 436 437 438 439 /** 440 * {@inheritDoc} 441 */ 442 public boolean isEnabled() { 443 return pEnabled; 444 } 445 446 447 448 /** 449 * {@inheritDoc} 450 */ 451 public String getJavaClass() { 452 return pJavaClass; 453 } 454 455 456 457 /** 458 * {@inheritDoc} 459 */ 460 public AttributeType getSubjectAttribute() { 461 return pSubjectAttribute; 462 } 463 464 465 466 /** 467 * {@inheritDoc} 468 */ 469 public SortedSet<DN> getUserBaseDN() { 470 return pUserBaseDN; 471 } 472 473 474 475 /** 476 * {@inheritDoc} 477 */ 478 public Class<? extends SubjectDNToUserAttributeCertificateMapperCfg> configurationClass() { 479 return SubjectDNToUserAttributeCertificateMapperCfg.class; 480 } 481 482 483 484 /** 485 * {@inheritDoc} 486 */ 487 public DN dn() { 488 return impl.getDN(); 489 } 490 491 } 492}