001 /*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License"). You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at
010 * trunk/opends/resource/legal-notices/OpenDS.LICENSE
011 * or https://OpenDS.dev.java.net/OpenDS.LICENSE.
012 * See the License for the specific language governing permissions
013 * and limitations under the License.
014 *
015 * When distributing Covered Code, include this CDDL HEADER in each
016 * file and include the License file at
017 * trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
018 * add the following below this CDDL HEADER, with the fields enclosed
019 * by brackets "[]" replaced with your own identifying information:
020 * Portions Copyright [yyyy] [name of copyright owner]
021 *
022 * CDDL HEADER END
023 *
024 *
025 * Copyright 2008 Sun Microsystems, Inc.
026 */
027 package org.opends.server.admin.std.meta;
028
029
030
031 import org.opends.server.admin.AdministratorAction;
032 import org.opends.server.admin.AggregationPropertyDefinition;
033 import org.opends.server.admin.AttributeTypePropertyDefinition;
034 import org.opends.server.admin.BooleanPropertyDefinition;
035 import org.opends.server.admin.ClassPropertyDefinition;
036 import org.opends.server.admin.client.AuthorizationException;
037 import org.opends.server.admin.client.CommunicationException;
038 import org.opends.server.admin.client.ConcurrentModificationException;
039 import org.opends.server.admin.client.ManagedObject;
040 import org.opends.server.admin.client.MissingMandatoryPropertiesException;
041 import org.opends.server.admin.client.OperationRejectedException;
042 import org.opends.server.admin.DefaultBehaviorProvider;
043 import org.opends.server.admin.DefinedDefaultBehaviorProvider;
044 import org.opends.server.admin.EnumPropertyDefinition;
045 import org.opends.server.admin.ManagedObjectAlreadyExistsException;
046 import org.opends.server.admin.ManagedObjectDefinition;
047 import org.opends.server.admin.PropertyOption;
048 import org.opends.server.admin.PropertyProvider;
049 import org.opends.server.admin.server.ConfigurationChangeListener;
050 import org.opends.server.admin.server.ServerManagedObject;
051 import org.opends.server.admin.std.client.CertificateMapperCfgClient;
052 import org.opends.server.admin.std.client.ExternalSASLMechanismHandlerCfgClient;
053 import org.opends.server.admin.std.server.CertificateMapperCfg;
054 import org.opends.server.admin.std.server.ExternalSASLMechanismHandlerCfg;
055 import org.opends.server.admin.std.server.SASLMechanismHandlerCfg;
056 import org.opends.server.admin.Tag;
057 import org.opends.server.admin.UndefinedDefaultBehaviorProvider;
058 import org.opends.server.types.AttributeType;
059 import org.opends.server.types.DN;
060
061
062
063 /**
064 * An interface for querying the External SASL Mechanism Handler
065 * managed object definition meta information.
066 * <p>
067 * The External SASL Mechanism Handler performs all processing related
068 * to SASL EXTERNAL authentication.
069 */
070 public final class ExternalSASLMechanismHandlerCfgDefn extends ManagedObjectDefinition<ExternalSASLMechanismHandlerCfgClient, ExternalSASLMechanismHandlerCfg> {
071
072 // The singleton configuration definition instance.
073 private static final ExternalSASLMechanismHandlerCfgDefn INSTANCE = new ExternalSASLMechanismHandlerCfgDefn();
074
075
076
077 /**
078 * Defines the set of permissable values for the "certificate-validation-policy" property.
079 * <p>
080 * Indicates whether to attempt to validate the peer certificate
081 * against a certificate held in the user's entry.
082 */
083 public static enum CertificateValidationPolicy {
084
085 /**
086 * Always require the peer certificate to be present in the user's
087 * entry.
088 */
089 ALWAYS("always"),
090
091
092
093 /**
094 * If the user's entry contains one or more certificates, require
095 * that one of them match the peer certificate.
096 */
097 IFPRESENT("ifpresent"),
098
099
100
101 /**
102 * Do not look for the peer certificate to be present in the
103 * user's entry.
104 */
105 NEVER("never");
106
107
108
109 // String representation of the value.
110 private final String name;
111
112
113
114 // Private constructor.
115 private CertificateValidationPolicy(String name) { this.name = name; }
116
117
118
119 /**
120 * {@inheritDoc}
121 */
122 public String toString() { return name; }
123
124 }
125
126
127
128 // The "certificate-attribute" property definition.
129 private static final AttributeTypePropertyDefinition PD_CERTIFICATE_ATTRIBUTE;
130
131
132
133 // The "certificate-mapper" property definition.
134 private static final AggregationPropertyDefinition<CertificateMapperCfgClient, CertificateMapperCfg> PD_CERTIFICATE_MAPPER;
135
136
137
138 // The "certificate-validation-policy" property definition.
139 private static final EnumPropertyDefinition<CertificateValidationPolicy> PD_CERTIFICATE_VALIDATION_POLICY;
140
141
142
143 // The "java-class" property definition.
144 private static final ClassPropertyDefinition PD_JAVA_CLASS;
145
146
147
148 // Build the "certificate-attribute" property definition.
149 static {
150 AttributeTypePropertyDefinition.Builder builder = AttributeTypePropertyDefinition.createBuilder(INSTANCE, "certificate-attribute");
151 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "certificate-attribute"));
152 DefaultBehaviorProvider<AttributeType> provider = new DefinedDefaultBehaviorProvider<AttributeType>("userCertificate");
153 builder.setDefaultBehaviorProvider(provider);
154 PD_CERTIFICATE_ATTRIBUTE = builder.getInstance();
155 INSTANCE.registerPropertyDefinition(PD_CERTIFICATE_ATTRIBUTE);
156 }
157
158
159
160 // Build the "certificate-mapper" property definition.
161 static {
162 AggregationPropertyDefinition.Builder<CertificateMapperCfgClient, CertificateMapperCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "certificate-mapper");
163 builder.setOption(PropertyOption.MANDATORY);
164 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "certificate-mapper"));
165 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
166 builder.setParentPath("/");
167 builder.setRelationDefinition("certificate-mapper");
168 PD_CERTIFICATE_MAPPER = builder.getInstance();
169 INSTANCE.registerPropertyDefinition(PD_CERTIFICATE_MAPPER);
170 INSTANCE.registerConstraint(PD_CERTIFICATE_MAPPER.getSourceConstraint());
171 }
172
173
174
175 // Build the "certificate-validation-policy" property definition.
176 static {
177 EnumPropertyDefinition.Builder<CertificateValidationPolicy> builder = EnumPropertyDefinition.createBuilder(INSTANCE, "certificate-validation-policy");
178 builder.setOption(PropertyOption.MANDATORY);
179 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "certificate-validation-policy"));
180 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<CertificateValidationPolicy>());
181 builder.setEnumClass(CertificateValidationPolicy.class);
182 PD_CERTIFICATE_VALIDATION_POLICY = builder.getInstance();
183 INSTANCE.registerPropertyDefinition(PD_CERTIFICATE_VALIDATION_POLICY);
184 }
185
186
187
188 // Build the "java-class" property definition.
189 static {
190 ClassPropertyDefinition.Builder builder = ClassPropertyDefinition.createBuilder(INSTANCE, "java-class");
191 builder.setOption(PropertyOption.MANDATORY);
192 builder.setOption(PropertyOption.ADVANCED);
193 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.COMPONENT_RESTART, INSTANCE, "java-class"));
194 DefaultBehaviorProvider<String> provider = new DefinedDefaultBehaviorProvider<String>("org.opends.server.extensions.ExternalSASLMechanismHandler");
195 builder.setDefaultBehaviorProvider(provider);
196 builder.addInstanceOf("org.opends.server.api.SASLMechanismHandler");
197 PD_JAVA_CLASS = builder.getInstance();
198 INSTANCE.registerPropertyDefinition(PD_JAVA_CLASS);
199 }
200
201
202
203 // Register the tags associated with this managed object definition.
204 static {
205 INSTANCE.registerTag(Tag.valueOf("security"));
206 }
207
208
209
210 /**
211 * Get the External SASL Mechanism Handler configuration definition
212 * singleton.
213 *
214 * @return Returns the External SASL Mechanism Handler configuration
215 * definition singleton.
216 */
217 public static ExternalSASLMechanismHandlerCfgDefn getInstance() {
218 return INSTANCE;
219 }
220
221
222
223 /**
224 * Private constructor.
225 */
226 private ExternalSASLMechanismHandlerCfgDefn() {
227 super("external-sasl-mechanism-handler", SASLMechanismHandlerCfgDefn.getInstance());
228 }
229
230
231
232 /**
233 * {@inheritDoc}
234 */
235 public ExternalSASLMechanismHandlerCfgClient createClientConfiguration(
236 ManagedObject<? extends ExternalSASLMechanismHandlerCfgClient> impl) {
237 return new ExternalSASLMechanismHandlerCfgClientImpl(impl);
238 }
239
240
241
242 /**
243 * {@inheritDoc}
244 */
245 public ExternalSASLMechanismHandlerCfg createServerConfiguration(
246 ServerManagedObject<? extends ExternalSASLMechanismHandlerCfg> impl) {
247 return new ExternalSASLMechanismHandlerCfgServerImpl(impl);
248 }
249
250
251
252 /**
253 * {@inheritDoc}
254 */
255 public Class<ExternalSASLMechanismHandlerCfg> getServerConfigurationClass() {
256 return ExternalSASLMechanismHandlerCfg.class;
257 }
258
259
260
261 /**
262 * Get the "certificate-attribute" property definition.
263 * <p>
264 * Specifies the name of the attribute to hold user certificates.
265 * <p>
266 * This property must specify the name of a valid attribute type
267 * defined in the server schema.
268 *
269 * @return Returns the "certificate-attribute" property definition.
270 */
271 public AttributeTypePropertyDefinition getCertificateAttributePropertyDefinition() {
272 return PD_CERTIFICATE_ATTRIBUTE;
273 }
274
275
276
277 /**
278 * Get the "certificate-mapper" property definition.
279 * <p>
280 * Specifies the name of the certificate mapper that should be used
281 * to match client certificates to user entries.
282 *
283 * @return Returns the "certificate-mapper" property definition.
284 */
285 public AggregationPropertyDefinition<CertificateMapperCfgClient, CertificateMapperCfg> getCertificateMapperPropertyDefinition() {
286 return PD_CERTIFICATE_MAPPER;
287 }
288
289
290
291 /**
292 * Get the "certificate-validation-policy" property definition.
293 * <p>
294 * Indicates whether to attempt to validate the peer certificate
295 * against a certificate held in the user's entry.
296 *
297 * @return Returns the "certificate-validation-policy" property definition.
298 */
299 public EnumPropertyDefinition<CertificateValidationPolicy> getCertificateValidationPolicyPropertyDefinition() {
300 return PD_CERTIFICATE_VALIDATION_POLICY;
301 }
302
303
304
305 /**
306 * Get the "enabled" property definition.
307 * <p>
308 * Indicates whether the SASL mechanism handler is enabled for use.
309 *
310 * @return Returns the "enabled" property definition.
311 */
312 public BooleanPropertyDefinition getEnabledPropertyDefinition() {
313 return SASLMechanismHandlerCfgDefn.getInstance().getEnabledPropertyDefinition();
314 }
315
316
317
318 /**
319 * Get the "java-class" property definition.
320 * <p>
321 * Specifies the fully-qualified name of the Java class that
322 * provides the SASL mechanism handler implementation.
323 *
324 * @return Returns the "java-class" property definition.
325 */
326 public ClassPropertyDefinition getJavaClassPropertyDefinition() {
327 return PD_JAVA_CLASS;
328 }
329
330
331
332 /**
333 * Managed object client implementation.
334 */
335 private static class ExternalSASLMechanismHandlerCfgClientImpl implements
336 ExternalSASLMechanismHandlerCfgClient {
337
338 // Private implementation.
339 private ManagedObject<? extends ExternalSASLMechanismHandlerCfgClient> impl;
340
341
342
343 // Private constructor.
344 private ExternalSASLMechanismHandlerCfgClientImpl(
345 ManagedObject<? extends ExternalSASLMechanismHandlerCfgClient> impl) {
346 this.impl = impl;
347 }
348
349
350
351 /**
352 * {@inheritDoc}
353 */
354 public AttributeType getCertificateAttribute() {
355 return impl.getPropertyValue(INSTANCE.getCertificateAttributePropertyDefinition());
356 }
357
358
359
360 /**
361 * {@inheritDoc}
362 */
363 public void setCertificateAttribute(AttributeType value) {
364 impl.setPropertyValue(INSTANCE.getCertificateAttributePropertyDefinition(), value);
365 }
366
367
368
369 /**
370 * {@inheritDoc}
371 */
372 public String getCertificateMapper() {
373 return impl.getPropertyValue(INSTANCE.getCertificateMapperPropertyDefinition());
374 }
375
376
377
378 /**
379 * {@inheritDoc}
380 */
381 public void setCertificateMapper(String value) {
382 impl.setPropertyValue(INSTANCE.getCertificateMapperPropertyDefinition(), value);
383 }
384
385
386
387 /**
388 * {@inheritDoc}
389 */
390 public CertificateValidationPolicy getCertificateValidationPolicy() {
391 return impl.getPropertyValue(INSTANCE.getCertificateValidationPolicyPropertyDefinition());
392 }
393
394
395
396 /**
397 * {@inheritDoc}
398 */
399 public void setCertificateValidationPolicy(CertificateValidationPolicy value) {
400 impl.setPropertyValue(INSTANCE.getCertificateValidationPolicyPropertyDefinition(), value);
401 }
402
403
404
405 /**
406 * {@inheritDoc}
407 */
408 public Boolean isEnabled() {
409 return impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition());
410 }
411
412
413
414 /**
415 * {@inheritDoc}
416 */
417 public void setEnabled(boolean value) {
418 impl.setPropertyValue(INSTANCE.getEnabledPropertyDefinition(), value);
419 }
420
421
422
423 /**
424 * {@inheritDoc}
425 */
426 public String getJavaClass() {
427 return impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition());
428 }
429
430
431
432 /**
433 * {@inheritDoc}
434 */
435 public void setJavaClass(String value) {
436 impl.setPropertyValue(INSTANCE.getJavaClassPropertyDefinition(), value);
437 }
438
439
440
441 /**
442 * {@inheritDoc}
443 */
444 public ManagedObjectDefinition<? extends ExternalSASLMechanismHandlerCfgClient, ? extends ExternalSASLMechanismHandlerCfg> definition() {
445 return INSTANCE;
446 }
447
448
449
450 /**
451 * {@inheritDoc}
452 */
453 public PropertyProvider properties() {
454 return impl;
455 }
456
457
458
459 /**
460 * {@inheritDoc}
461 */
462 public void commit() throws ManagedObjectAlreadyExistsException,
463 MissingMandatoryPropertiesException, ConcurrentModificationException,
464 OperationRejectedException, AuthorizationException,
465 CommunicationException {
466 impl.commit();
467 }
468
469 }
470
471
472
473 /**
474 * Managed object server implementation.
475 */
476 private static class ExternalSASLMechanismHandlerCfgServerImpl implements
477 ExternalSASLMechanismHandlerCfg {
478
479 // Private implementation.
480 private ServerManagedObject<? extends ExternalSASLMechanismHandlerCfg> impl;
481
482 // The value of the "certificate-attribute" property.
483 private final AttributeType pCertificateAttribute;
484
485 // The value of the "certificate-mapper" property.
486 private final String pCertificateMapper;
487
488 // The value of the "certificate-validation-policy" property.
489 private final CertificateValidationPolicy pCertificateValidationPolicy;
490
491 // The value of the "enabled" property.
492 private final boolean pEnabled;
493
494 // The value of the "java-class" property.
495 private final String pJavaClass;
496
497
498
499 // Private constructor.
500 private ExternalSASLMechanismHandlerCfgServerImpl(ServerManagedObject<? extends ExternalSASLMechanismHandlerCfg> impl) {
501 this.impl = impl;
502 this.pCertificateAttribute = impl.getPropertyValue(INSTANCE.getCertificateAttributePropertyDefinition());
503 this.pCertificateMapper = impl.getPropertyValue(INSTANCE.getCertificateMapperPropertyDefinition());
504 this.pCertificateValidationPolicy = impl.getPropertyValue(INSTANCE.getCertificateValidationPolicyPropertyDefinition());
505 this.pEnabled = impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition());
506 this.pJavaClass = impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition());
507 }
508
509
510
511 /**
512 * {@inheritDoc}
513 */
514 public void addExternalChangeListener(
515 ConfigurationChangeListener<ExternalSASLMechanismHandlerCfg> listener) {
516 impl.registerChangeListener(listener);
517 }
518
519
520
521 /**
522 * {@inheritDoc}
523 */
524 public void removeExternalChangeListener(
525 ConfigurationChangeListener<ExternalSASLMechanismHandlerCfg> listener) {
526 impl.deregisterChangeListener(listener);
527 }
528 /**
529 * {@inheritDoc}
530 */
531 public void addChangeListener(
532 ConfigurationChangeListener<SASLMechanismHandlerCfg> listener) {
533 impl.registerChangeListener(listener);
534 }
535
536
537
538 /**
539 * {@inheritDoc}
540 */
541 public void removeChangeListener(
542 ConfigurationChangeListener<SASLMechanismHandlerCfg> listener) {
543 impl.deregisterChangeListener(listener);
544 }
545
546
547
548 /**
549 * {@inheritDoc}
550 */
551 public AttributeType getCertificateAttribute() {
552 return pCertificateAttribute;
553 }
554
555
556
557 /**
558 * {@inheritDoc}
559 */
560 public String getCertificateMapper() {
561 return pCertificateMapper;
562 }
563
564
565
566 /**
567 * {@inheritDoc}
568 */
569 public DN getCertificateMapperDN() {
570 String value = getCertificateMapper();
571 if (value == null) return null;
572 return INSTANCE.getCertificateMapperPropertyDefinition().getChildDN(value);
573 }
574
575
576
577 /**
578 * {@inheritDoc}
579 */
580 public CertificateValidationPolicy getCertificateValidationPolicy() {
581 return pCertificateValidationPolicy;
582 }
583
584
585
586 /**
587 * {@inheritDoc}
588 */
589 public boolean isEnabled() {
590 return pEnabled;
591 }
592
593
594
595 /**
596 * {@inheritDoc}
597 */
598 public String getJavaClass() {
599 return pJavaClass;
600 }
601
602
603
604 /**
605 * {@inheritDoc}
606 */
607 public Class<? extends ExternalSASLMechanismHandlerCfg> configurationClass() {
608 return ExternalSASLMechanismHandlerCfg.class;
609 }
610
611
612
613 /**
614 * {@inheritDoc}
615 */
616 public DN dn() {
617 return impl.getDN();
618 }
619
620 }
621 }