Source code

001/*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License").  You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
010 * or http://forgerock.org/license/CDDLv1.0.html.
011 * See the License for the specific language governing permissions
012 * and limitations under the License.
013 *
014 * When distributing Covered Code, include this CDDL HEADER in each
015 * file and include the License file at legal-notices/CDDLv1_0.txt.
016 * If applicable, add the following below this CDDL HEADER, with the
017 * fields enclosed by brackets "[]" replaced with your own identifying
018 * information:
019 *      Portions Copyright [yyyy] [name of copyright owner]
020 *
021 * CDDL HEADER END
022 *
023 *
024 *      Copyright 2008 Sun Microsystems, Inc.
025 */
026package org.opends.server.admin.std.meta;
027
028
029
030import org.opends.server.admin.AdministratorAction;
031import org.opends.server.admin.AggregationPropertyDefinition;
032import org.opends.server.admin.AttributeTypePropertyDefinition;
033import org.opends.server.admin.BooleanPropertyDefinition;
034import org.opends.server.admin.ClassPropertyDefinition;
035import org.opends.server.admin.client.AuthorizationException;
036import org.opends.server.admin.client.CommunicationException;
037import org.opends.server.admin.client.ConcurrentModificationException;
038import org.opends.server.admin.client.ManagedObject;
039import org.opends.server.admin.client.MissingMandatoryPropertiesException;
040import org.opends.server.admin.client.OperationRejectedException;
041import org.opends.server.admin.condition.Conditions;
042import org.opends.server.admin.DefaultBehaviorProvider;
043import org.opends.server.admin.DefinedDefaultBehaviorProvider;
044import org.opends.server.admin.EnumPropertyDefinition;
045import org.opends.server.admin.ManagedObjectAlreadyExistsException;
046import org.opends.server.admin.ManagedObjectDefinition;
047import org.opends.server.admin.PropertyOption;
048import org.opends.server.admin.PropertyProvider;
049import org.opends.server.admin.server.ConfigurationChangeListener;
050import org.opends.server.admin.server.ServerManagedObject;
051import org.opends.server.admin.std.client.CertificateMapperCfgClient;
052import org.opends.server.admin.std.client.ExternalSASLMechanismHandlerCfgClient;
053import org.opends.server.admin.std.server.CertificateMapperCfg;
054import org.opends.server.admin.std.server.ExternalSASLMechanismHandlerCfg;
055import org.opends.server.admin.std.server.SASLMechanismHandlerCfg;
056import org.opends.server.admin.Tag;
057import org.opends.server.admin.UndefinedDefaultBehaviorProvider;
058import org.opends.server.types.AttributeType;
059import org.opends.server.types.DN;
060
061
062
063/**
064 * An interface for querying the External SASL Mechanism Handler
065 * managed object definition meta information.
066 * <p>
067 * The External SASL Mechanism Handler performs all processing related
068 * to SASL EXTERNAL authentication.
069 */
070public final class ExternalSASLMechanismHandlerCfgDefn extends ManagedObjectDefinition<ExternalSASLMechanismHandlerCfgClient, ExternalSASLMechanismHandlerCfg> {
071
072  // The singleton configuration definition instance.
073  private static final ExternalSASLMechanismHandlerCfgDefn INSTANCE = new ExternalSASLMechanismHandlerCfgDefn();
074
075
076
077  /**
078   * Defines the set of permissable values for the "certificate-validation-policy" property.
079   * <p>
080   * Indicates whether to attempt to validate the peer certificate
081   * against a certificate held in the user's entry.
082   */
083  public static enum CertificateValidationPolicy {
084
085    /**
086     * Always require the peer certificate to be present in the user's
087     * entry.
088     */
089    ALWAYS("always"),
090
091
092
093    /**
094     * If the user's entry contains one or more certificates, require
095     * that one of them match the peer certificate.
096     */
097    IFPRESENT("ifpresent"),
098
099
100
101    /**
102     * Do not look for the peer certificate to be present in the
103     * user's entry.
104     */
105    NEVER("never");
106
107
108
109    // String representation of the value.
110    private final String name;
111
112
113
114    // Private constructor.
115    private CertificateValidationPolicy(String name) { this.name = name; }
116
117
118
119    /**
120     * {@inheritDoc}
121     */
122    public String toString() { return name; }
123
124  }
125
126
127
128  // The "certificate-attribute" property definition.
129  private static final AttributeTypePropertyDefinition PD_CERTIFICATE_ATTRIBUTE;
130
131
132
133  // The "certificate-mapper" property definition.
134  private static final AggregationPropertyDefinition<CertificateMapperCfgClient, CertificateMapperCfg> PD_CERTIFICATE_MAPPER;
135
136
137
138  // The "certificate-validation-policy" property definition.
139  private static final EnumPropertyDefinition<CertificateValidationPolicy> PD_CERTIFICATE_VALIDATION_POLICY;
140
141
142
143  // The "java-class" property definition.
144  private static final ClassPropertyDefinition PD_JAVA_CLASS;
145
146
147
148  // Build the "certificate-attribute" property definition.
149  static {
150      AttributeTypePropertyDefinition.Builder builder = AttributeTypePropertyDefinition.createBuilder(INSTANCE, "certificate-attribute");
151      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "certificate-attribute"));
152      DefaultBehaviorProvider<AttributeType> provider = new DefinedDefaultBehaviorProvider<AttributeType>("userCertificate");
153      builder.setDefaultBehaviorProvider(provider);
154      PD_CERTIFICATE_ATTRIBUTE = builder.getInstance();
155      INSTANCE.registerPropertyDefinition(PD_CERTIFICATE_ATTRIBUTE);
156  }
157
158
159
160  // Build the "certificate-mapper" property definition.
161  static {
162      AggregationPropertyDefinition.Builder<CertificateMapperCfgClient, CertificateMapperCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "certificate-mapper");
163      builder.setOption(PropertyOption.MANDATORY);
164      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "certificate-mapper"));
165      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
166      builder.setParentPath("/");
167      builder.setRelationDefinition("certificate-mapper");
168      builder.setTargetNeedsEnablingCondition(Conditions.contains("enabled", "true"));
169      builder.setTargetIsEnabledCondition(Conditions.contains("enabled", "true"));
170      PD_CERTIFICATE_MAPPER = builder.getInstance();
171      INSTANCE.registerPropertyDefinition(PD_CERTIFICATE_MAPPER);
172      INSTANCE.registerConstraint(PD_CERTIFICATE_MAPPER.getSourceConstraint());
173  }
174
175
176
177  // Build the "certificate-validation-policy" property definition.
178  static {
179      EnumPropertyDefinition.Builder<CertificateValidationPolicy> builder = EnumPropertyDefinition.createBuilder(INSTANCE, "certificate-validation-policy");
180      builder.setOption(PropertyOption.MANDATORY);
181      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "certificate-validation-policy"));
182      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<CertificateValidationPolicy>());
183      builder.setEnumClass(CertificateValidationPolicy.class);
184      PD_CERTIFICATE_VALIDATION_POLICY = builder.getInstance();
185      INSTANCE.registerPropertyDefinition(PD_CERTIFICATE_VALIDATION_POLICY);
186  }
187
188
189
190  // Build the "java-class" property definition.
191  static {
192      ClassPropertyDefinition.Builder builder = ClassPropertyDefinition.createBuilder(INSTANCE, "java-class");
193      builder.setOption(PropertyOption.MANDATORY);
194      builder.setOption(PropertyOption.ADVANCED);
195      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.COMPONENT_RESTART, INSTANCE, "java-class"));
196      DefaultBehaviorProvider<String> provider = new DefinedDefaultBehaviorProvider<String>("org.opends.server.extensions.ExternalSASLMechanismHandler");
197      builder.setDefaultBehaviorProvider(provider);
198      builder.addInstanceOf("org.opends.server.api.SASLMechanismHandler");
199      PD_JAVA_CLASS = builder.getInstance();
200      INSTANCE.registerPropertyDefinition(PD_JAVA_CLASS);
201  }
202
203
204
205  // Register the tags associated with this managed object definition.
206  static {
207    INSTANCE.registerTag(Tag.valueOf("security"));
208  }
209
210
211
212  /**
213   * Get the External SASL Mechanism Handler configuration definition
214   * singleton.
215   *
216   * @return Returns the External SASL Mechanism Handler configuration
217   *         definition singleton.
218   */
219  public static ExternalSASLMechanismHandlerCfgDefn getInstance() {
220    return INSTANCE;
221  }
222
223
224
225  /**
226   * Private constructor.
227   */
228  private ExternalSASLMechanismHandlerCfgDefn() {
229    super("external-sasl-mechanism-handler", SASLMechanismHandlerCfgDefn.getInstance());
230  }
231
232
233
234  /**
235   * {@inheritDoc}
236   */
237  public ExternalSASLMechanismHandlerCfgClient createClientConfiguration(
238      ManagedObject<? extends ExternalSASLMechanismHandlerCfgClient> impl) {
239    return new ExternalSASLMechanismHandlerCfgClientImpl(impl);
240  }
241
242
243
244  /**
245   * {@inheritDoc}
246   */
247  public ExternalSASLMechanismHandlerCfg createServerConfiguration(
248      ServerManagedObject<? extends ExternalSASLMechanismHandlerCfg> impl) {
249    return new ExternalSASLMechanismHandlerCfgServerImpl(impl);
250  }
251
252
253
254  /**
255   * {@inheritDoc}
256   */
257  public Class<ExternalSASLMechanismHandlerCfg> getServerConfigurationClass() {
258    return ExternalSASLMechanismHandlerCfg.class;
259  }
260
261
262
263  /**
264   * Get the "certificate-attribute" property definition.
265   * <p>
266   * Specifies the name of the attribute to hold user certificates.
267   * <p>
268   * This property must specify the name of a valid attribute type
269   * defined in the server schema.
270   *
271   * @return Returns the "certificate-attribute" property definition.
272   */
273  public AttributeTypePropertyDefinition getCertificateAttributePropertyDefinition() {
274    return PD_CERTIFICATE_ATTRIBUTE;
275  }
276
277
278
279  /**
280   * Get the "certificate-mapper" property definition.
281   * <p>
282   * Specifies the name of the certificate mapper that should be used
283   * to match client certificates to user entries.
284   *
285   * @return Returns the "certificate-mapper" property definition.
286   */
287  public AggregationPropertyDefinition<CertificateMapperCfgClient, CertificateMapperCfg> getCertificateMapperPropertyDefinition() {
288    return PD_CERTIFICATE_MAPPER;
289  }
290
291
292
293  /**
294   * Get the "certificate-validation-policy" property definition.
295   * <p>
296   * Indicates whether to attempt to validate the peer certificate
297   * against a certificate held in the user's entry.
298   *
299   * @return Returns the "certificate-validation-policy" property definition.
300   */
301  public EnumPropertyDefinition<CertificateValidationPolicy> getCertificateValidationPolicyPropertyDefinition() {
302    return PD_CERTIFICATE_VALIDATION_POLICY;
303  }
304
305
306
307  /**
308   * Get the "enabled" property definition.
309   * <p>
310   * Indicates whether the SASL mechanism handler is enabled for use.
311   *
312   * @return Returns the "enabled" property definition.
313   */
314  public BooleanPropertyDefinition getEnabledPropertyDefinition() {
315    return SASLMechanismHandlerCfgDefn.getInstance().getEnabledPropertyDefinition();
316  }
317
318
319
320  /**
321   * Get the "java-class" property definition.
322   * <p>
323   * Specifies the fully-qualified name of the Java class that
324   * provides the SASL mechanism handler implementation.
325   *
326   * @return Returns the "java-class" property definition.
327   */
328  public ClassPropertyDefinition getJavaClassPropertyDefinition() {
329    return PD_JAVA_CLASS;
330  }
331
332
333
334  /**
335   * Managed object client implementation.
336   */
337  private static class ExternalSASLMechanismHandlerCfgClientImpl implements
338    ExternalSASLMechanismHandlerCfgClient {
339
340    // Private implementation.
341    private ManagedObject<? extends ExternalSASLMechanismHandlerCfgClient> impl;
342
343
344
345    // Private constructor.
346    private ExternalSASLMechanismHandlerCfgClientImpl(
347        ManagedObject<? extends ExternalSASLMechanismHandlerCfgClient> impl) {
348      this.impl = impl;
349    }
350
351
352
353    /**
354     * {@inheritDoc}
355     */
356    public AttributeType getCertificateAttribute() {
357      return impl.getPropertyValue(INSTANCE.getCertificateAttributePropertyDefinition());
358    }
359
360
361
362    /**
363     * {@inheritDoc}
364     */
365    public void setCertificateAttribute(AttributeType value) {
366      impl.setPropertyValue(INSTANCE.getCertificateAttributePropertyDefinition(), value);
367    }
368
369
370
371    /**
372     * {@inheritDoc}
373     */
374    public String getCertificateMapper() {
375      return impl.getPropertyValue(INSTANCE.getCertificateMapperPropertyDefinition());
376    }
377
378
379
380    /**
381     * {@inheritDoc}
382     */
383    public void setCertificateMapper(String value) {
384      impl.setPropertyValue(INSTANCE.getCertificateMapperPropertyDefinition(), value);
385    }
386
387
388
389    /**
390     * {@inheritDoc}
391     */
392    public CertificateValidationPolicy getCertificateValidationPolicy() {
393      return impl.getPropertyValue(INSTANCE.getCertificateValidationPolicyPropertyDefinition());
394    }
395
396
397
398    /**
399     * {@inheritDoc}
400     */
401    public void setCertificateValidationPolicy(CertificateValidationPolicy value) {
402      impl.setPropertyValue(INSTANCE.getCertificateValidationPolicyPropertyDefinition(), value);
403    }
404
405
406
407    /**
408     * {@inheritDoc}
409     */
410    public Boolean isEnabled() {
411      return impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition());
412    }
413
414
415
416    /**
417     * {@inheritDoc}
418     */
419    public void setEnabled(boolean value) {
420      impl.setPropertyValue(INSTANCE.getEnabledPropertyDefinition(), value);
421    }
422
423
424
425    /**
426     * {@inheritDoc}
427     */
428    public String getJavaClass() {
429      return impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition());
430    }
431
432
433
434    /**
435     * {@inheritDoc}
436     */
437    public void setJavaClass(String value) {
438      impl.setPropertyValue(INSTANCE.getJavaClassPropertyDefinition(), value);
439    }
440
441
442
443    /**
444     * {@inheritDoc}
445     */
446    public ManagedObjectDefinition<? extends ExternalSASLMechanismHandlerCfgClient, ? extends ExternalSASLMechanismHandlerCfg> definition() {
447      return INSTANCE;
448    }
449
450
451
452    /**
453     * {@inheritDoc}
454     */
455    public PropertyProvider properties() {
456      return impl;
457    }
458
459
460
461    /**
462     * {@inheritDoc}
463     */
464    public void commit() throws ManagedObjectAlreadyExistsException,
465        MissingMandatoryPropertiesException, ConcurrentModificationException,
466        OperationRejectedException, AuthorizationException,
467        CommunicationException {
468      impl.commit();
469    }
470
471
472
473    /** {@inheritDoc} */
474    public String toString() {
475      return impl.toString();
476    }
477  }
478
479
480
481  /**
482   * Managed object server implementation.
483   */
484  private static class ExternalSASLMechanismHandlerCfgServerImpl implements
485    ExternalSASLMechanismHandlerCfg {
486
487    // Private implementation.
488    private ServerManagedObject<? extends ExternalSASLMechanismHandlerCfg> impl;
489
490    // The value of the "certificate-attribute" property.
491    private final AttributeType pCertificateAttribute;
492
493    // The value of the "certificate-mapper" property.
494    private final String pCertificateMapper;
495
496    // The value of the "certificate-validation-policy" property.
497    private final CertificateValidationPolicy pCertificateValidationPolicy;
498
499    // The value of the "enabled" property.
500    private final boolean pEnabled;
501
502    // The value of the "java-class" property.
503    private final String pJavaClass;
504
505
506
507    // Private constructor.
508    private ExternalSASLMechanismHandlerCfgServerImpl(ServerManagedObject<? extends ExternalSASLMechanismHandlerCfg> impl) {
509      this.impl = impl;
510      this.pCertificateAttribute = impl.getPropertyValue(INSTANCE.getCertificateAttributePropertyDefinition());
511      this.pCertificateMapper = impl.getPropertyValue(INSTANCE.getCertificateMapperPropertyDefinition());
512      this.pCertificateValidationPolicy = impl.getPropertyValue(INSTANCE.getCertificateValidationPolicyPropertyDefinition());
513      this.pEnabled = impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition());
514      this.pJavaClass = impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition());
515    }
516
517
518
519    /**
520     * {@inheritDoc}
521     */
522    public void addExternalChangeListener(
523        ConfigurationChangeListener<ExternalSASLMechanismHandlerCfg> listener) {
524      impl.registerChangeListener(listener);
525    }
526
527
528
529    /**
530     * {@inheritDoc}
531     */
532    public void removeExternalChangeListener(
533        ConfigurationChangeListener<ExternalSASLMechanismHandlerCfg> listener) {
534      impl.deregisterChangeListener(listener);
535    }
536    /**
537     * {@inheritDoc}
538     */
539    public void addChangeListener(
540        ConfigurationChangeListener<SASLMechanismHandlerCfg> listener) {
541      impl.registerChangeListener(listener);
542    }
543
544
545
546    /**
547     * {@inheritDoc}
548     */
549    public void removeChangeListener(
550        ConfigurationChangeListener<SASLMechanismHandlerCfg> listener) {
551      impl.deregisterChangeListener(listener);
552    }
553
554
555
556    /**
557     * {@inheritDoc}
558     */
559    public AttributeType getCertificateAttribute() {
560      return pCertificateAttribute;
561    }
562
563
564
565    /**
566     * {@inheritDoc}
567     */
568    public String getCertificateMapper() {
569      return pCertificateMapper;
570    }
571
572
573
574    /**
575     * {@inheritDoc}
576     */
577    public DN getCertificateMapperDN() {
578      String value = getCertificateMapper();
579      if (value == null) return null;
580      return INSTANCE.getCertificateMapperPropertyDefinition().getChildDN(value);
581    }
582
583
584
585    /**
586     * {@inheritDoc}
587     */
588    public CertificateValidationPolicy getCertificateValidationPolicy() {
589      return pCertificateValidationPolicy;
590    }
591
592
593
594    /**
595     * {@inheritDoc}
596     */
597    public boolean isEnabled() {
598      return pEnabled;
599    }
600
601
602
603    /**
604     * {@inheritDoc}
605     */
606    public String getJavaClass() {
607      return pJavaClass;
608    }
609
610
611
612    /**
613     * {@inheritDoc}
614     */
615    public Class<? extends ExternalSASLMechanismHandlerCfg> configurationClass() {
616      return ExternalSASLMechanismHandlerCfg.class;
617    }
618
619
620
621    /**
622     * {@inheritDoc}
623     */
624    public DN dn() {
625      return impl.getDN();
626    }
627
628
629
630    /** {@inheritDoc} */
631    public String toString() {
632      return impl.toString();
633    }
634  }
635}