001/* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt 010 * or http://forgerock.org/license/CDDLv1.0.html. 011 * See the License for the specific language governing permissions 012 * and limitations under the License. 013 * 014 * When distributing Covered Code, include this CDDL HEADER in each 015 * file and include the License file at legal-notices/CDDLv1_0.txt. 016 * If applicable, add the following below this CDDL HEADER, with the 017 * fields enclosed by brackets "[]" replaced with your own identifying 018 * information: 019 * Portions Copyright [yyyy] [name of copyright owner] 020 * 021 * CDDL HEADER END 022 * 023 * 024 * Copyright 2008 Sun Microsystems, Inc. 025 */ 026package org.forgerock.opendj.server.config.meta; 027 028 029 030import org.forgerock.opendj.config.AdministratorAction; 031import org.forgerock.opendj.config.AggregationPropertyDefinition; 032import org.forgerock.opendj.config.AliasDefaultBehaviorProvider; 033import org.forgerock.opendj.config.BooleanPropertyDefinition; 034import org.forgerock.opendj.config.ClassPropertyDefinition; 035import org.forgerock.opendj.config.client.ConcurrentModificationException; 036import org.forgerock.opendj.config.client.ManagedObject; 037import org.forgerock.opendj.config.client.MissingMandatoryPropertiesException; 038import org.forgerock.opendj.config.client.OperationRejectedException; 039import org.forgerock.opendj.config.conditions.Conditions; 040import org.forgerock.opendj.config.DefaultBehaviorProvider; 041import org.forgerock.opendj.config.DefinedDefaultBehaviorProvider; 042import org.forgerock.opendj.config.EnumPropertyDefinition; 043import org.forgerock.opendj.config.ManagedObjectAlreadyExistsException; 044import org.forgerock.opendj.config.ManagedObjectDefinition; 045import org.forgerock.opendj.config.PropertyOption; 046import org.forgerock.opendj.config.PropertyProvider; 047import org.forgerock.opendj.config.server.ConfigurationChangeListener; 048import org.forgerock.opendj.config.server.ServerManagedObject; 049import org.forgerock.opendj.config.StringPropertyDefinition; 050import org.forgerock.opendj.config.Tag; 051import org.forgerock.opendj.config.UndefinedDefaultBehaviorProvider; 052import org.forgerock.opendj.ldap.DN; 053import org.forgerock.opendj.ldap.LdapException; 054import org.forgerock.opendj.server.config.client.DigestMD5SASLMechanismHandlerCfgClient; 055import org.forgerock.opendj.server.config.client.IdentityMapperCfgClient; 056import org.forgerock.opendj.server.config.server.DigestMD5SASLMechanismHandlerCfg; 057import org.forgerock.opendj.server.config.server.IdentityMapperCfg; 058import org.forgerock.opendj.server.config.server.SASLMechanismHandlerCfg; 059 060 061 062/** 063 * An interface for querying the Digest MD5 SASL Mechanism Handler 064 * managed object definition meta information. 065 * <p> 066 * The DIGEST-MD5 SASL mechanism is used to perform all processing 067 * related to SASL DIGEST-MD5 authentication. 068 */ 069public final class DigestMD5SASLMechanismHandlerCfgDefn extends ManagedObjectDefinition<DigestMD5SASLMechanismHandlerCfgClient, DigestMD5SASLMechanismHandlerCfg> { 070 071 // The singleton configuration definition instance. 072 private static final DigestMD5SASLMechanismHandlerCfgDefn INSTANCE = new DigestMD5SASLMechanismHandlerCfgDefn(); 073 074 075 076 /** 077 * Defines the set of permissable values for the "quality-of-protection" property. 078 * <p> 079 * The name of a property that specifies the quality of protection 080 * the server will support. 081 */ 082 public static enum QualityOfProtection { 083 084 /** 085 * Quality of protection equals authentication with integrity and 086 * confidentiality protection. 087 */ 088 CONFIDENTIALITY("confidentiality"), 089 090 091 092 /** 093 * Quality of protection equals authentication with integrity 094 * protection. 095 */ 096 INTEGRITY("integrity"), 097 098 099 100 /** 101 * QOP equals authentication only. 102 */ 103 NONE("none"); 104 105 106 107 // String representation of the value. 108 private final String name; 109 110 111 112 // Private constructor. 113 private QualityOfProtection(String name) { this.name = name; } 114 115 116 117 /** 118 * {@inheritDoc} 119 */ 120 public String toString() { return name; } 121 122 } 123 124 125 126 // The "identity-mapper" property definition. 127 private static final AggregationPropertyDefinition<IdentityMapperCfgClient, IdentityMapperCfg> PD_IDENTITY_MAPPER; 128 129 130 131 // The "java-class" property definition. 132 private static final ClassPropertyDefinition PD_JAVA_CLASS; 133 134 135 136 // The "quality-of-protection" property definition. 137 private static final EnumPropertyDefinition<QualityOfProtection> PD_QUALITY_OF_PROTECTION; 138 139 140 141 // The "realm" property definition. 142 private static final StringPropertyDefinition PD_REALM; 143 144 145 146 // The "server-fqdn" property definition. 147 private static final StringPropertyDefinition PD_SERVER_FQDN; 148 149 150 151 // Build the "identity-mapper" property definition. 152 static { 153 AggregationPropertyDefinition.Builder<IdentityMapperCfgClient, IdentityMapperCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "identity-mapper"); 154 builder.setOption(PropertyOption.MANDATORY); 155 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "identity-mapper")); 156 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>()); 157 builder.setParentPath("/"); 158 builder.setRelationDefinition("identity-mapper"); 159 builder.setTargetNeedsEnablingCondition(Conditions.contains("enabled", "true")); 160 builder.setTargetIsEnabledCondition(Conditions.contains("enabled", "true")); 161 PD_IDENTITY_MAPPER = builder.getInstance(); 162 INSTANCE.registerPropertyDefinition(PD_IDENTITY_MAPPER); 163 INSTANCE.registerConstraint(PD_IDENTITY_MAPPER.getSourceConstraint()); 164 } 165 166 167 168 // Build the "java-class" property definition. 169 static { 170 ClassPropertyDefinition.Builder builder = ClassPropertyDefinition.createBuilder(INSTANCE, "java-class"); 171 builder.setOption(PropertyOption.MANDATORY); 172 builder.setOption(PropertyOption.ADVANCED); 173 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.COMPONENT_RESTART, INSTANCE, "java-class")); 174 DefaultBehaviorProvider<String> provider = new DefinedDefaultBehaviorProvider<String>("org.opends.server.extensions.DigestMD5SASLMechanismHandler"); 175 builder.setDefaultBehaviorProvider(provider); 176 builder.addInstanceOf("org.opends.server.api.SASLMechanismHandler"); 177 PD_JAVA_CLASS = builder.getInstance(); 178 INSTANCE.registerPropertyDefinition(PD_JAVA_CLASS); 179 } 180 181 182 183 // Build the "quality-of-protection" property definition. 184 static { 185 EnumPropertyDefinition.Builder<QualityOfProtection> builder = EnumPropertyDefinition.createBuilder(INSTANCE, "quality-of-protection"); 186 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "quality-of-protection")); 187 DefaultBehaviorProvider<QualityOfProtection> provider = new DefinedDefaultBehaviorProvider<QualityOfProtection>("none"); 188 builder.setDefaultBehaviorProvider(provider); 189 builder.setEnumClass(QualityOfProtection.class); 190 PD_QUALITY_OF_PROTECTION = builder.getInstance(); 191 INSTANCE.registerPropertyDefinition(PD_QUALITY_OF_PROTECTION); 192 } 193 194 195 196 // Build the "realm" property definition. 197 static { 198 StringPropertyDefinition.Builder builder = StringPropertyDefinition.createBuilder(INSTANCE, "realm"); 199 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "realm")); 200 builder.setDefaultBehaviorProvider(new AliasDefaultBehaviorProvider<String>(INSTANCE, "realm")); 201 builder.setPattern(".*", "STRING"); 202 PD_REALM = builder.getInstance(); 203 INSTANCE.registerPropertyDefinition(PD_REALM); 204 } 205 206 207 208 // Build the "server-fqdn" property definition. 209 static { 210 StringPropertyDefinition.Builder builder = StringPropertyDefinition.createBuilder(INSTANCE, "server-fqdn"); 211 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "server-fqdn")); 212 builder.setDefaultBehaviorProvider(new AliasDefaultBehaviorProvider<String>(INSTANCE, "server-fqdn")); 213 builder.setPattern(".*", "STRING"); 214 PD_SERVER_FQDN = builder.getInstance(); 215 INSTANCE.registerPropertyDefinition(PD_SERVER_FQDN); 216 } 217 218 219 220 // Register the tags associated with this managed object definition. 221 static { 222 INSTANCE.registerTag(Tag.valueOf("security")); 223 } 224 225 226 227 /** 228 * Get the Digest MD5 SASL Mechanism Handler configuration 229 * definition singleton. 230 * 231 * @return Returns the Digest MD5 SASL Mechanism Handler 232 * configuration definition singleton. 233 */ 234 public static DigestMD5SASLMechanismHandlerCfgDefn getInstance() { 235 return INSTANCE; 236 } 237 238 239 240 /** 241 * Private constructor. 242 */ 243 private DigestMD5SASLMechanismHandlerCfgDefn() { 244 super("digest-md5-sasl-mechanism-handler", SASLMechanismHandlerCfgDefn.getInstance()); 245 } 246 247 248 249 /** 250 * {@inheritDoc} 251 */ 252 public DigestMD5SASLMechanismHandlerCfgClient createClientConfiguration( 253 ManagedObject<? extends DigestMD5SASLMechanismHandlerCfgClient> impl) { 254 return new DigestMD5SASLMechanismHandlerCfgClientImpl(impl); 255 } 256 257 258 259 /** 260 * {@inheritDoc} 261 */ 262 public DigestMD5SASLMechanismHandlerCfg createServerConfiguration( 263 ServerManagedObject<? extends DigestMD5SASLMechanismHandlerCfg> impl) { 264 return new DigestMD5SASLMechanismHandlerCfgServerImpl(impl); 265 } 266 267 268 269 /** 270 * {@inheritDoc} 271 */ 272 public Class<DigestMD5SASLMechanismHandlerCfg> getServerConfigurationClass() { 273 return DigestMD5SASLMechanismHandlerCfg.class; 274 } 275 276 277 278 /** 279 * Get the "enabled" property definition. 280 * <p> 281 * Indicates whether the SASL mechanism handler is enabled for use. 282 * 283 * @return Returns the "enabled" property definition. 284 */ 285 public BooleanPropertyDefinition getEnabledPropertyDefinition() { 286 return SASLMechanismHandlerCfgDefn.getInstance().getEnabledPropertyDefinition(); 287 } 288 289 290 291 /** 292 * Get the "identity-mapper" property definition. 293 * <p> 294 * Specifies the name of the identity mapper that is to be used with 295 * this SASL mechanism handler to match the authentication or 296 * authorization ID included in the SASL bind request to the 297 * corresponding user in the directory. 298 * 299 * @return Returns the "identity-mapper" property definition. 300 */ 301 public AggregationPropertyDefinition<IdentityMapperCfgClient, IdentityMapperCfg> getIdentityMapperPropertyDefinition() { 302 return PD_IDENTITY_MAPPER; 303 } 304 305 306 307 /** 308 * Get the "java-class" property definition. 309 * <p> 310 * Specifies the fully-qualified name of the Java class that 311 * provides the SASL mechanism handler implementation. 312 * 313 * @return Returns the "java-class" property definition. 314 */ 315 public ClassPropertyDefinition getJavaClassPropertyDefinition() { 316 return PD_JAVA_CLASS; 317 } 318 319 320 321 /** 322 * Get the "quality-of-protection" property definition. 323 * <p> 324 * The name of a property that specifies the quality of protection 325 * the server will support. 326 * 327 * @return Returns the "quality-of-protection" property definition. 328 */ 329 public EnumPropertyDefinition<QualityOfProtection> getQualityOfProtectionPropertyDefinition() { 330 return PD_QUALITY_OF_PROTECTION; 331 } 332 333 334 335 /** 336 * Get the "realm" property definition. 337 * <p> 338 * Specifies the realms that is to be used by the server for 339 * DIGEST-MD5 authentication. 340 * <p> 341 * If this value is not provided, then the server defaults to use 342 * the fully qualified hostname of the machine. 343 * 344 * @return Returns the "realm" property definition. 345 */ 346 public StringPropertyDefinition getRealmPropertyDefinition() { 347 return PD_REALM; 348 } 349 350 351 352 /** 353 * Get the "server-fqdn" property definition. 354 * <p> 355 * Specifies the DNS-resolvable fully-qualified domain name for the 356 * server that is used when validating the digest-uri parameter 357 * during the authentication process. 358 * <p> 359 * If this configuration attribute is present, then the server 360 * expects that clients use a digest-uri equal to "ldap/" followed by 361 * the value of this attribute. For example, if the attribute has a 362 * value of "directory.example.com", then the server expects clients 363 * to use a digest-uri of "ldap/directory.example.com". If no value 364 * is provided, then the server does not attempt to validate the 365 * digest-uri provided by the client and accepts any value. 366 * 367 * @return Returns the "server-fqdn" property definition. 368 */ 369 public StringPropertyDefinition getServerFqdnPropertyDefinition() { 370 return PD_SERVER_FQDN; 371 } 372 373 374 375 /** 376 * Managed object client implementation. 377 */ 378 private static class DigestMD5SASLMechanismHandlerCfgClientImpl implements 379 DigestMD5SASLMechanismHandlerCfgClient { 380 381 // Private implementation. 382 private ManagedObject<? extends DigestMD5SASLMechanismHandlerCfgClient> impl; 383 384 385 386 // Private constructor. 387 private DigestMD5SASLMechanismHandlerCfgClientImpl( 388 ManagedObject<? extends DigestMD5SASLMechanismHandlerCfgClient> impl) { 389 this.impl = impl; 390 } 391 392 393 394 /** 395 * {@inheritDoc} 396 */ 397 public Boolean isEnabled() { 398 return impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition()); 399 } 400 401 402 403 /** 404 * {@inheritDoc} 405 */ 406 public void setEnabled(boolean value) { 407 impl.setPropertyValue(INSTANCE.getEnabledPropertyDefinition(), value); 408 } 409 410 411 412 /** 413 * {@inheritDoc} 414 */ 415 public String getIdentityMapper() { 416 return impl.getPropertyValue(INSTANCE.getIdentityMapperPropertyDefinition()); 417 } 418 419 420 421 /** 422 * {@inheritDoc} 423 */ 424 public void setIdentityMapper(String value) { 425 impl.setPropertyValue(INSTANCE.getIdentityMapperPropertyDefinition(), value); 426 } 427 428 429 430 /** 431 * {@inheritDoc} 432 */ 433 public String getJavaClass() { 434 return impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition()); 435 } 436 437 438 439 /** 440 * {@inheritDoc} 441 */ 442 public void setJavaClass(String value) { 443 impl.setPropertyValue(INSTANCE.getJavaClassPropertyDefinition(), value); 444 } 445 446 447 448 /** 449 * {@inheritDoc} 450 */ 451 public QualityOfProtection getQualityOfProtection() { 452 return impl.getPropertyValue(INSTANCE.getQualityOfProtectionPropertyDefinition()); 453 } 454 455 456 457 /** 458 * {@inheritDoc} 459 */ 460 public void setQualityOfProtection(QualityOfProtection value) { 461 impl.setPropertyValue(INSTANCE.getQualityOfProtectionPropertyDefinition(), value); 462 } 463 464 465 466 /** 467 * {@inheritDoc} 468 */ 469 public String getRealm() { 470 return impl.getPropertyValue(INSTANCE.getRealmPropertyDefinition()); 471 } 472 473 474 475 /** 476 * {@inheritDoc} 477 */ 478 public void setRealm(String value) { 479 impl.setPropertyValue(INSTANCE.getRealmPropertyDefinition(), value); 480 } 481 482 483 484 /** 485 * {@inheritDoc} 486 */ 487 public String getServerFqdn() { 488 return impl.getPropertyValue(INSTANCE.getServerFqdnPropertyDefinition()); 489 } 490 491 492 493 /** 494 * {@inheritDoc} 495 */ 496 public void setServerFqdn(String value) { 497 impl.setPropertyValue(INSTANCE.getServerFqdnPropertyDefinition(), value); 498 } 499 500 501 502 /** 503 * {@inheritDoc} 504 */ 505 public ManagedObjectDefinition<? extends DigestMD5SASLMechanismHandlerCfgClient, ? extends DigestMD5SASLMechanismHandlerCfg> definition() { 506 return INSTANCE; 507 } 508 509 510 511 /** 512 * {@inheritDoc} 513 */ 514 public PropertyProvider properties() { 515 return impl; 516 } 517 518 519 520 /** 521 * {@inheritDoc} 522 */ 523 public void commit() throws ManagedObjectAlreadyExistsException, 524 MissingMandatoryPropertiesException, ConcurrentModificationException, 525 OperationRejectedException, LdapException { 526 impl.commit(); 527 } 528 529 } 530 531 532 533 /** 534 * Managed object server implementation. 535 */ 536 private static class DigestMD5SASLMechanismHandlerCfgServerImpl implements 537 DigestMD5SASLMechanismHandlerCfg { 538 539 // Private implementation. 540 private ServerManagedObject<? extends DigestMD5SASLMechanismHandlerCfg> impl; 541 542 // The value of the "enabled" property. 543 private final boolean pEnabled; 544 545 // The value of the "identity-mapper" property. 546 private final String pIdentityMapper; 547 548 // The value of the "java-class" property. 549 private final String pJavaClass; 550 551 // The value of the "quality-of-protection" property. 552 private final QualityOfProtection pQualityOfProtection; 553 554 // The value of the "realm" property. 555 private final String pRealm; 556 557 // The value of the "server-fqdn" property. 558 private final String pServerFqdn; 559 560 561 562 // Private constructor. 563 private DigestMD5SASLMechanismHandlerCfgServerImpl(ServerManagedObject<? extends DigestMD5SASLMechanismHandlerCfg> impl) { 564 this.impl = impl; 565 this.pEnabled = impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition()); 566 this.pIdentityMapper = impl.getPropertyValue(INSTANCE.getIdentityMapperPropertyDefinition()); 567 this.pJavaClass = impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition()); 568 this.pQualityOfProtection = impl.getPropertyValue(INSTANCE.getQualityOfProtectionPropertyDefinition()); 569 this.pRealm = impl.getPropertyValue(INSTANCE.getRealmPropertyDefinition()); 570 this.pServerFqdn = impl.getPropertyValue(INSTANCE.getServerFqdnPropertyDefinition()); 571 } 572 573 574 575 /** 576 * {@inheritDoc} 577 */ 578 public void addDigestMD5ChangeListener( 579 ConfigurationChangeListener<DigestMD5SASLMechanismHandlerCfg> listener) { 580 impl.registerChangeListener(listener); 581 } 582 583 584 585 /** 586 * {@inheritDoc} 587 */ 588 public void removeDigestMD5ChangeListener( 589 ConfigurationChangeListener<DigestMD5SASLMechanismHandlerCfg> listener) { 590 impl.deregisterChangeListener(listener); 591 } 592 /** 593 * {@inheritDoc} 594 */ 595 public void addChangeListener( 596 ConfigurationChangeListener<SASLMechanismHandlerCfg> listener) { 597 impl.registerChangeListener(listener); 598 } 599 600 601 602 /** 603 * {@inheritDoc} 604 */ 605 public void removeChangeListener( 606 ConfigurationChangeListener<SASLMechanismHandlerCfg> listener) { 607 impl.deregisterChangeListener(listener); 608 } 609 610 611 612 /** 613 * {@inheritDoc} 614 */ 615 public boolean isEnabled() { 616 return pEnabled; 617 } 618 619 620 621 /** 622 * {@inheritDoc} 623 */ 624 public String getIdentityMapper() { 625 return pIdentityMapper; 626 } 627 628 629 630 /** 631 * {@inheritDoc} 632 */ 633 public DN getIdentityMapperDN() { 634 String value = getIdentityMapper(); 635 if (value == null) return null; 636 return INSTANCE.getIdentityMapperPropertyDefinition().getChildDN(value); 637 } 638 639 640 641 /** 642 * {@inheritDoc} 643 */ 644 public String getJavaClass() { 645 return pJavaClass; 646 } 647 648 649 650 /** 651 * {@inheritDoc} 652 */ 653 public QualityOfProtection getQualityOfProtection() { 654 return pQualityOfProtection; 655 } 656 657 658 659 /** 660 * {@inheritDoc} 661 */ 662 public String getRealm() { 663 return pRealm; 664 } 665 666 667 668 /** 669 * {@inheritDoc} 670 */ 671 public String getServerFqdn() { 672 return pServerFqdn; 673 } 674 675 676 677 /** 678 * {@inheritDoc} 679 */ 680 public Class<? extends DigestMD5SASLMechanismHandlerCfg> configurationClass() { 681 return DigestMD5SASLMechanismHandlerCfg.class; 682 } 683 684 685 686 /** 687 * {@inheritDoc} 688 */ 689 public DN dn() { 690 return impl.getDN(); 691 } 692 693 } 694}