001/*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License").  You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
010 * or http://forgerock.org/license/CDDLv1.0.html.
011 * See the License for the specific language governing permissions
012 * and limitations under the License.
013 *
014 * When distributing Covered Code, include this CDDL HEADER in each
015 * file and include the License file at legal-notices/CDDLv1_0.txt.
016 * If applicable, add the following below this CDDL HEADER, with the
017 * fields enclosed by brackets "[]" replaced with your own identifying
018 * information:
019 *      Portions Copyright [yyyy] [name of copyright owner]
020 *
021 * CDDL HEADER END
022 *
023 *
024 *      Copyright 2008 Sun Microsystems, Inc.
025 */
026package org.forgerock.opendj.server.config.meta;
027
028
029
030import java.util.Collection;
031import java.util.SortedSet;
032import org.forgerock.opendj.config.AdministratorAction;
033import org.forgerock.opendj.config.AliasDefaultBehaviorProvider;
034import org.forgerock.opendj.config.AttributeTypePropertyDefinition;
035import org.forgerock.opendj.config.BooleanPropertyDefinition;
036import org.forgerock.opendj.config.ClassPropertyDefinition;
037import org.forgerock.opendj.config.client.ConcurrentModificationException;
038import org.forgerock.opendj.config.client.ManagedObject;
039import org.forgerock.opendj.config.client.MissingMandatoryPropertiesException;
040import org.forgerock.opendj.config.client.OperationRejectedException;
041import org.forgerock.opendj.config.DefaultBehaviorProvider;
042import org.forgerock.opendj.config.DefinedDefaultBehaviorProvider;
043import org.forgerock.opendj.config.DNPropertyDefinition;
044import org.forgerock.opendj.config.EnumPropertyDefinition;
045import org.forgerock.opendj.config.ManagedObjectAlreadyExistsException;
046import org.forgerock.opendj.config.ManagedObjectDefinition;
047import org.forgerock.opendj.config.PropertyOption;
048import org.forgerock.opendj.config.PropertyProvider;
049import org.forgerock.opendj.config.server.ConfigurationChangeListener;
050import org.forgerock.opendj.config.server.ServerManagedObject;
051import org.forgerock.opendj.config.Tag;
052import org.forgerock.opendj.config.UndefinedDefaultBehaviorProvider;
053import org.forgerock.opendj.ldap.DN;
054import org.forgerock.opendj.ldap.LdapException;
055import org.forgerock.opendj.ldap.schema.AttributeType;
056import org.forgerock.opendj.server.config.client.FingerprintCertificateMapperCfgClient;
057import org.forgerock.opendj.server.config.server.CertificateMapperCfg;
058import org.forgerock.opendj.server.config.server.FingerprintCertificateMapperCfg;
059
060
061
062/**
063 * An interface for querying the Fingerprint Certificate Mapper
064 * managed object definition meta information.
065 * <p>
066 * The Fingerprint Certificate Mapper maps client certificates to user
067 * entries by looking for the MD5 or SHA1 fingerprint in a specified
068 * attribute of user entries.
069 */
070public final class FingerprintCertificateMapperCfgDefn extends ManagedObjectDefinition<FingerprintCertificateMapperCfgClient, FingerprintCertificateMapperCfg> {
071
072  // The singleton configuration definition instance.
073  private static final FingerprintCertificateMapperCfgDefn INSTANCE = new FingerprintCertificateMapperCfgDefn();
074
075
076
077  /**
078   * Defines the set of permissable values for the "fingerprint-algorithm" property.
079   * <p>
080   * Specifies the name of the digest algorithm to compute the
081   * fingerprint of client certificates.
082   */
083  public static enum FingerprintAlgorithm {
084
085    /**
086     * Use the MD5 digest algorithm to compute certificate
087     * fingerprints.
088     */
089    MD5("md5"),
090
091
092
093    /**
094     * Use the SHA-1 digest algorithm to compute certificate
095     * fingerprints.
096     */
097    SHA1("sha1");
098
099
100
101    // String representation of the value.
102    private final String name;
103
104
105
106    // Private constructor.
107    private FingerprintAlgorithm(String name) { this.name = name; }
108
109
110
111    /**
112     * {@inheritDoc}
113     */
114    public String toString() { return name; }
115
116  }
117
118
119
120  // The "fingerprint-algorithm" property definition.
121  private static final EnumPropertyDefinition<FingerprintAlgorithm> PD_FINGERPRINT_ALGORITHM;
122
123
124
125  // The "fingerprint-attribute" property definition.
126  private static final AttributeTypePropertyDefinition PD_FINGERPRINT_ATTRIBUTE;
127
128
129
130  // The "java-class" property definition.
131  private static final ClassPropertyDefinition PD_JAVA_CLASS;
132
133
134
135  // The "user-base-dn" property definition.
136  private static final DNPropertyDefinition PD_USER_BASE_DN;
137
138
139
140  // Build the "fingerprint-algorithm" property definition.
141  static {
142      EnumPropertyDefinition.Builder<FingerprintAlgorithm> builder = EnumPropertyDefinition.createBuilder(INSTANCE, "fingerprint-algorithm");
143      builder.setOption(PropertyOption.MANDATORY);
144      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "fingerprint-algorithm"));
145      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<FingerprintAlgorithm>());
146      builder.setEnumClass(FingerprintAlgorithm.class);
147      PD_FINGERPRINT_ALGORITHM = builder.getInstance();
148      INSTANCE.registerPropertyDefinition(PD_FINGERPRINT_ALGORITHM);
149  }
150
151
152
153  // Build the "fingerprint-attribute" property definition.
154  static {
155      AttributeTypePropertyDefinition.Builder builder = AttributeTypePropertyDefinition.createBuilder(INSTANCE, "fingerprint-attribute");
156      builder.setOption(PropertyOption.MANDATORY);
157      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "fingerprint-attribute"));
158      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<AttributeType>());
159      PD_FINGERPRINT_ATTRIBUTE = builder.getInstance();
160      INSTANCE.registerPropertyDefinition(PD_FINGERPRINT_ATTRIBUTE);
161  }
162
163
164
165  // Build the "java-class" property definition.
166  static {
167      ClassPropertyDefinition.Builder builder = ClassPropertyDefinition.createBuilder(INSTANCE, "java-class");
168      builder.setOption(PropertyOption.MANDATORY);
169      builder.setOption(PropertyOption.ADVANCED);
170      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.COMPONENT_RESTART, INSTANCE, "java-class"));
171      DefaultBehaviorProvider<String> provider = new DefinedDefaultBehaviorProvider<String>("org.opends.server.extensions.FingerprintCertificateMapper");
172      builder.setDefaultBehaviorProvider(provider);
173      builder.addInstanceOf("org.opends.server.api.CertificateMapper");
174      PD_JAVA_CLASS = builder.getInstance();
175      INSTANCE.registerPropertyDefinition(PD_JAVA_CLASS);
176  }
177
178
179
180  // Build the "user-base-dn" property definition.
181  static {
182      DNPropertyDefinition.Builder builder = DNPropertyDefinition.createBuilder(INSTANCE, "user-base-dn");
183      builder.setOption(PropertyOption.MULTI_VALUED);
184      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "user-base-dn"));
185      builder.setDefaultBehaviorProvider(new AliasDefaultBehaviorProvider<DN>(INSTANCE, "user-base-dn"));
186      PD_USER_BASE_DN = builder.getInstance();
187      INSTANCE.registerPropertyDefinition(PD_USER_BASE_DN);
188  }
189
190
191
192  // Register the tags associated with this managed object definition.
193  static {
194    INSTANCE.registerTag(Tag.valueOf("security"));
195    INSTANCE.registerTag(Tag.valueOf("user-management"));
196  }
197
198
199
200  /**
201   * Get the Fingerprint Certificate Mapper configuration definition
202   * singleton.
203   *
204   * @return Returns the Fingerprint Certificate Mapper configuration
205   *         definition singleton.
206   */
207  public static FingerprintCertificateMapperCfgDefn getInstance() {
208    return INSTANCE;
209  }
210
211
212
213  /**
214   * Private constructor.
215   */
216  private FingerprintCertificateMapperCfgDefn() {
217    super("fingerprint-certificate-mapper", CertificateMapperCfgDefn.getInstance());
218  }
219
220
221
222  /**
223   * {@inheritDoc}
224   */
225  public FingerprintCertificateMapperCfgClient createClientConfiguration(
226      ManagedObject<? extends FingerprintCertificateMapperCfgClient> impl) {
227    return new FingerprintCertificateMapperCfgClientImpl(impl);
228  }
229
230
231
232  /**
233   * {@inheritDoc}
234   */
235  public FingerprintCertificateMapperCfg createServerConfiguration(
236      ServerManagedObject<? extends FingerprintCertificateMapperCfg> impl) {
237    return new FingerprintCertificateMapperCfgServerImpl(impl);
238  }
239
240
241
242  /**
243   * {@inheritDoc}
244   */
245  public Class<FingerprintCertificateMapperCfg> getServerConfigurationClass() {
246    return FingerprintCertificateMapperCfg.class;
247  }
248
249
250
251  /**
252   * Get the "enabled" property definition.
253   * <p>
254   * Indicates whether the Fingerprint Certificate Mapper is enabled.
255   *
256   * @return Returns the "enabled" property definition.
257   */
258  public BooleanPropertyDefinition getEnabledPropertyDefinition() {
259    return CertificateMapperCfgDefn.getInstance().getEnabledPropertyDefinition();
260  }
261
262
263
264  /**
265   * Get the "fingerprint-algorithm" property definition.
266   * <p>
267   * Specifies the name of the digest algorithm to compute the
268   * fingerprint of client certificates.
269   *
270   * @return Returns the "fingerprint-algorithm" property definition.
271   */
272  public EnumPropertyDefinition<FingerprintAlgorithm> getFingerprintAlgorithmPropertyDefinition() {
273    return PD_FINGERPRINT_ALGORITHM;
274  }
275
276
277
278  /**
279   * Get the "fingerprint-attribute" property definition.
280   * <p>
281   * Specifies the attribute in which to look for the fingerprint.
282   * <p>
283   * Values of the fingerprint attribute should exactly match the MD5
284   * or SHA1 representation of the certificate fingerprint.
285   *
286   * @return Returns the "fingerprint-attribute" property definition.
287   */
288  public AttributeTypePropertyDefinition getFingerprintAttributePropertyDefinition() {
289    return PD_FINGERPRINT_ATTRIBUTE;
290  }
291
292
293
294  /**
295   * Get the "java-class" property definition.
296   * <p>
297   * Specifies the fully-qualified name of the Java class that
298   * provides the Fingerprint Certificate Mapper implementation.
299   *
300   * @return Returns the "java-class" property definition.
301   */
302  public ClassPropertyDefinition getJavaClassPropertyDefinition() {
303    return PD_JAVA_CLASS;
304  }
305
306
307
308  /**
309   * Get the "user-base-dn" property definition.
310   * <p>
311   * Specifies the set of base DNs below which to search for users.
312   * <p>
313   * The base DNs are used when performing searches to map the client
314   * certificates to a user entry.
315   *
316   * @return Returns the "user-base-dn" property definition.
317   */
318  public DNPropertyDefinition getUserBaseDNPropertyDefinition() {
319    return PD_USER_BASE_DN;
320  }
321
322
323
324  /**
325   * Managed object client implementation.
326   */
327  private static class FingerprintCertificateMapperCfgClientImpl implements
328    FingerprintCertificateMapperCfgClient {
329
330    // Private implementation.
331    private ManagedObject<? extends FingerprintCertificateMapperCfgClient> impl;
332
333
334
335    // Private constructor.
336    private FingerprintCertificateMapperCfgClientImpl(
337        ManagedObject<? extends FingerprintCertificateMapperCfgClient> impl) {
338      this.impl = impl;
339    }
340
341
342
343    /**
344     * {@inheritDoc}
345     */
346    public Boolean isEnabled() {
347      return impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition());
348    }
349
350
351
352    /**
353     * {@inheritDoc}
354     */
355    public void setEnabled(boolean value) {
356      impl.setPropertyValue(INSTANCE.getEnabledPropertyDefinition(), value);
357    }
358
359
360
361    /**
362     * {@inheritDoc}
363     */
364    public FingerprintAlgorithm getFingerprintAlgorithm() {
365      return impl.getPropertyValue(INSTANCE.getFingerprintAlgorithmPropertyDefinition());
366    }
367
368
369
370    /**
371     * {@inheritDoc}
372     */
373    public void setFingerprintAlgorithm(FingerprintAlgorithm value) {
374      impl.setPropertyValue(INSTANCE.getFingerprintAlgorithmPropertyDefinition(), value);
375    }
376
377
378
379    /**
380     * {@inheritDoc}
381     */
382    public AttributeType getFingerprintAttribute() {
383      return impl.getPropertyValue(INSTANCE.getFingerprintAttributePropertyDefinition());
384    }
385
386
387
388    /**
389     * {@inheritDoc}
390     */
391    public void setFingerprintAttribute(AttributeType value) {
392      impl.setPropertyValue(INSTANCE.getFingerprintAttributePropertyDefinition(), value);
393    }
394
395
396
397    /**
398     * {@inheritDoc}
399     */
400    public String getJavaClass() {
401      return impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition());
402    }
403
404
405
406    /**
407     * {@inheritDoc}
408     */
409    public void setJavaClass(String value) {
410      impl.setPropertyValue(INSTANCE.getJavaClassPropertyDefinition(), value);
411    }
412
413
414
415    /**
416     * {@inheritDoc}
417     */
418    public SortedSet<DN> getUserBaseDN() {
419      return impl.getPropertyValues(INSTANCE.getUserBaseDNPropertyDefinition());
420    }
421
422
423
424    /**
425     * {@inheritDoc}
426     */
427    public void setUserBaseDN(Collection<DN> values) {
428      impl.setPropertyValues(INSTANCE.getUserBaseDNPropertyDefinition(), values);
429    }
430
431
432
433    /**
434     * {@inheritDoc}
435     */
436    public ManagedObjectDefinition<? extends FingerprintCertificateMapperCfgClient, ? extends FingerprintCertificateMapperCfg> definition() {
437      return INSTANCE;
438    }
439
440
441
442    /**
443     * {@inheritDoc}
444     */
445    public PropertyProvider properties() {
446      return impl;
447    }
448
449
450
451    /**
452     * {@inheritDoc}
453     */
454    public void commit() throws ManagedObjectAlreadyExistsException,
455        MissingMandatoryPropertiesException, ConcurrentModificationException,
456        OperationRejectedException, LdapException {
457      impl.commit();
458    }
459
460  }
461
462
463
464  /**
465   * Managed object server implementation.
466   */
467  private static class FingerprintCertificateMapperCfgServerImpl implements
468    FingerprintCertificateMapperCfg {
469
470    // Private implementation.
471    private ServerManagedObject<? extends FingerprintCertificateMapperCfg> impl;
472
473    // The value of the "enabled" property.
474    private final boolean pEnabled;
475
476    // The value of the "fingerprint-algorithm" property.
477    private final FingerprintAlgorithm pFingerprintAlgorithm;
478
479    // The value of the "fingerprint-attribute" property.
480    private final AttributeType pFingerprintAttribute;
481
482    // The value of the "java-class" property.
483    private final String pJavaClass;
484
485    // The value of the "user-base-dn" property.
486    private final SortedSet<DN> pUserBaseDN;
487
488
489
490    // Private constructor.
491    private FingerprintCertificateMapperCfgServerImpl(ServerManagedObject<? extends FingerprintCertificateMapperCfg> impl) {
492      this.impl = impl;
493      this.pEnabled = impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition());
494      this.pFingerprintAlgorithm = impl.getPropertyValue(INSTANCE.getFingerprintAlgorithmPropertyDefinition());
495      this.pFingerprintAttribute = impl.getPropertyValue(INSTANCE.getFingerprintAttributePropertyDefinition());
496      this.pJavaClass = impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition());
497      this.pUserBaseDN = impl.getPropertyValues(INSTANCE.getUserBaseDNPropertyDefinition());
498    }
499
500
501
502    /**
503     * {@inheritDoc}
504     */
505    public void addFingerprintChangeListener(
506        ConfigurationChangeListener<FingerprintCertificateMapperCfg> listener) {
507      impl.registerChangeListener(listener);
508    }
509
510
511
512    /**
513     * {@inheritDoc}
514     */
515    public void removeFingerprintChangeListener(
516        ConfigurationChangeListener<FingerprintCertificateMapperCfg> listener) {
517      impl.deregisterChangeListener(listener);
518    }
519    /**
520     * {@inheritDoc}
521     */
522    public void addChangeListener(
523        ConfigurationChangeListener<CertificateMapperCfg> listener) {
524      impl.registerChangeListener(listener);
525    }
526
527
528
529    /**
530     * {@inheritDoc}
531     */
532    public void removeChangeListener(
533        ConfigurationChangeListener<CertificateMapperCfg> listener) {
534      impl.deregisterChangeListener(listener);
535    }
536
537
538
539    /**
540     * {@inheritDoc}
541     */
542    public boolean isEnabled() {
543      return pEnabled;
544    }
545
546
547
548    /**
549     * {@inheritDoc}
550     */
551    public FingerprintAlgorithm getFingerprintAlgorithm() {
552      return pFingerprintAlgorithm;
553    }
554
555
556
557    /**
558     * {@inheritDoc}
559     */
560    public AttributeType getFingerprintAttribute() {
561      return pFingerprintAttribute;
562    }
563
564
565
566    /**
567     * {@inheritDoc}
568     */
569    public String getJavaClass() {
570      return pJavaClass;
571    }
572
573
574
575    /**
576     * {@inheritDoc}
577     */
578    public SortedSet<DN> getUserBaseDN() {
579      return pUserBaseDN;
580    }
581
582
583
584    /**
585     * {@inheritDoc}
586     */
587    public Class<? extends FingerprintCertificateMapperCfg> configurationClass() {
588      return FingerprintCertificateMapperCfg.class;
589    }
590
591
592
593    /**
594     * {@inheritDoc}
595     */
596    public DN dn() {
597      return impl.getDN();
598    }
599
600  }
601}