001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions Copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2008 Sun Microsystems, Inc. 015 */ 016package org.forgerock.opendj.server.config.meta; 017 018 019 020import org.forgerock.opendj.config.AdministratorAction; 021import org.forgerock.opendj.config.AggregationPropertyDefinition; 022import org.forgerock.opendj.config.AttributeTypePropertyDefinition; 023import org.forgerock.opendj.config.BooleanPropertyDefinition; 024import org.forgerock.opendj.config.ClassPropertyDefinition; 025import org.forgerock.opendj.config.client.ConcurrentModificationException; 026import org.forgerock.opendj.config.client.ManagedObject; 027import org.forgerock.opendj.config.client.MissingMandatoryPropertiesException; 028import org.forgerock.opendj.config.client.OperationRejectedException; 029import org.forgerock.opendj.config.conditions.Conditions; 030import org.forgerock.opendj.config.DefaultBehaviorProvider; 031import org.forgerock.opendj.config.DefinedDefaultBehaviorProvider; 032import org.forgerock.opendj.config.EnumPropertyDefinition; 033import org.forgerock.opendj.config.ManagedObjectAlreadyExistsException; 034import org.forgerock.opendj.config.ManagedObjectDefinition; 035import org.forgerock.opendj.config.PropertyOption; 036import org.forgerock.opendj.config.PropertyProvider; 037import org.forgerock.opendj.config.server.ConfigurationChangeListener; 038import org.forgerock.opendj.config.server.ServerManagedObject; 039import org.forgerock.opendj.config.Tag; 040import org.forgerock.opendj.config.UndefinedDefaultBehaviorProvider; 041import org.forgerock.opendj.ldap.DN; 042import org.forgerock.opendj.ldap.LdapException; 043import org.forgerock.opendj.ldap.schema.AttributeType; 044import org.forgerock.opendj.server.config.client.CertificateMapperCfgClient; 045import org.forgerock.opendj.server.config.client.ExternalSASLMechanismHandlerCfgClient; 046import org.forgerock.opendj.server.config.server.CertificateMapperCfg; 047import org.forgerock.opendj.server.config.server.ExternalSASLMechanismHandlerCfg; 048import org.forgerock.opendj.server.config.server.SASLMechanismHandlerCfg; 049 050 051 052/** 053 * An interface for querying the External SASL Mechanism Handler 054 * managed object definition meta information. 055 * <p> 056 * The External SASL Mechanism Handler performs all processing related 057 * to SASL EXTERNAL authentication. 058 */ 059public final class ExternalSASLMechanismHandlerCfgDefn extends ManagedObjectDefinition<ExternalSASLMechanismHandlerCfgClient, ExternalSASLMechanismHandlerCfg> { 060 061 /** The singleton configuration definition instance. */ 062 private static final ExternalSASLMechanismHandlerCfgDefn INSTANCE = new ExternalSASLMechanismHandlerCfgDefn(); 063 064 065 066 /** 067 * Defines the set of permissable values for the "certificate-validation-policy" property. 068 * <p> 069 * Indicates whether to attempt to validate the peer certificate 070 * against a certificate held in the user's entry. 071 */ 072 public static enum CertificateValidationPolicy { 073 074 /** 075 * Always require the peer certificate to be present in the user's 076 * entry. 077 */ 078 ALWAYS("always"), 079 080 081 082 /** 083 * If the user's entry contains one or more certificates, require 084 * that one of them match the peer certificate. 085 */ 086 IFPRESENT("ifpresent"), 087 088 089 090 /** 091 * Do not look for the peer certificate to be present in the 092 * user's entry. 093 */ 094 NEVER("never"); 095 096 097 098 /** String representation of the value. */ 099 private final String name; 100 101 102 103 /** Private constructor. */ 104 private CertificateValidationPolicy(String name) { this.name = name; } 105 106 107 108 /** {@inheritDoc} */ 109 public String toString() { return name; } 110 111 } 112 113 114 115 /** The "certificate-attribute" property definition. */ 116 private static final AttributeTypePropertyDefinition PD_CERTIFICATE_ATTRIBUTE; 117 118 119 120 /** The "certificate-mapper" property definition. */ 121 private static final AggregationPropertyDefinition<CertificateMapperCfgClient, CertificateMapperCfg> PD_CERTIFICATE_MAPPER; 122 123 124 125 /** The "certificate-validation-policy" property definition. */ 126 private static final EnumPropertyDefinition<CertificateValidationPolicy> PD_CERTIFICATE_VALIDATION_POLICY; 127 128 129 130 /** The "java-class" property definition. */ 131 private static final ClassPropertyDefinition PD_JAVA_CLASS; 132 133 134 135 /** Build the "certificate-attribute" property definition. */ 136 static { 137 AttributeTypePropertyDefinition.Builder builder = AttributeTypePropertyDefinition.createBuilder(INSTANCE, "certificate-attribute"); 138 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "certificate-attribute")); 139 DefaultBehaviorProvider<AttributeType> provider = new DefinedDefaultBehaviorProvider<AttributeType>("userCertificate"); 140 builder.setDefaultBehaviorProvider(provider); 141 PD_CERTIFICATE_ATTRIBUTE = builder.getInstance(); 142 INSTANCE.registerPropertyDefinition(PD_CERTIFICATE_ATTRIBUTE); 143 } 144 145 146 147 /** Build the "certificate-mapper" property definition. */ 148 static { 149 AggregationPropertyDefinition.Builder<CertificateMapperCfgClient, CertificateMapperCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "certificate-mapper"); 150 builder.setOption(PropertyOption.MANDATORY); 151 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "certificate-mapper")); 152 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>()); 153 builder.setParentPath("/"); 154 builder.setRelationDefinition("certificate-mapper"); 155 builder.setTargetNeedsEnablingCondition(Conditions.contains("enabled", "true")); 156 builder.setTargetIsEnabledCondition(Conditions.contains("enabled", "true")); 157 PD_CERTIFICATE_MAPPER = builder.getInstance(); 158 INSTANCE.registerPropertyDefinition(PD_CERTIFICATE_MAPPER); 159 INSTANCE.registerConstraint(PD_CERTIFICATE_MAPPER.getSourceConstraint()); 160 } 161 162 163 164 /** Build the "certificate-validation-policy" property definition. */ 165 static { 166 EnumPropertyDefinition.Builder<CertificateValidationPolicy> builder = EnumPropertyDefinition.createBuilder(INSTANCE, "certificate-validation-policy"); 167 builder.setOption(PropertyOption.MANDATORY); 168 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "certificate-validation-policy")); 169 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<CertificateValidationPolicy>()); 170 builder.setEnumClass(CertificateValidationPolicy.class); 171 PD_CERTIFICATE_VALIDATION_POLICY = builder.getInstance(); 172 INSTANCE.registerPropertyDefinition(PD_CERTIFICATE_VALIDATION_POLICY); 173 } 174 175 176 177 /** Build the "java-class" property definition. */ 178 static { 179 ClassPropertyDefinition.Builder builder = ClassPropertyDefinition.createBuilder(INSTANCE, "java-class"); 180 builder.setOption(PropertyOption.MANDATORY); 181 builder.setOption(PropertyOption.ADVANCED); 182 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.COMPONENT_RESTART, INSTANCE, "java-class")); 183 DefaultBehaviorProvider<String> provider = new DefinedDefaultBehaviorProvider<String>("org.opends.server.extensions.ExternalSASLMechanismHandler"); 184 builder.setDefaultBehaviorProvider(provider); 185 builder.addInstanceOf("org.opends.server.api.SASLMechanismHandler"); 186 PD_JAVA_CLASS = builder.getInstance(); 187 INSTANCE.registerPropertyDefinition(PD_JAVA_CLASS); 188 } 189 190 191 192 // Register the tags associated with this managed object definition. 193 static { 194 INSTANCE.registerTag(Tag.valueOf("security")); 195 } 196 197 198 199 /** 200 * Get the External SASL Mechanism Handler configuration definition 201 * singleton. 202 * 203 * @return Returns the External SASL Mechanism Handler configuration 204 * definition singleton. 205 */ 206 public static ExternalSASLMechanismHandlerCfgDefn getInstance() { 207 return INSTANCE; 208 } 209 210 211 212 /** 213 * Private constructor. 214 */ 215 private ExternalSASLMechanismHandlerCfgDefn() { 216 super("external-sasl-mechanism-handler", SASLMechanismHandlerCfgDefn.getInstance()); 217 } 218 219 220 221 /** {@inheritDoc} */ 222 public ExternalSASLMechanismHandlerCfgClient createClientConfiguration( 223 ManagedObject<? extends ExternalSASLMechanismHandlerCfgClient> impl) { 224 return new ExternalSASLMechanismHandlerCfgClientImpl(impl); 225 } 226 227 228 229 /** {@inheritDoc} */ 230 public ExternalSASLMechanismHandlerCfg createServerConfiguration( 231 ServerManagedObject<? extends ExternalSASLMechanismHandlerCfg> impl) { 232 return new ExternalSASLMechanismHandlerCfgServerImpl(impl); 233 } 234 235 236 237 /** {@inheritDoc} */ 238 public Class<ExternalSASLMechanismHandlerCfg> getServerConfigurationClass() { 239 return ExternalSASLMechanismHandlerCfg.class; 240 } 241 242 243 244 /** 245 * Get the "certificate-attribute" property definition. 246 * <p> 247 * Specifies the name of the attribute to hold user certificates. 248 * <p> 249 * This property must specify the name of a valid attribute type 250 * defined in the server schema. 251 * 252 * @return Returns the "certificate-attribute" property definition. 253 */ 254 public AttributeTypePropertyDefinition getCertificateAttributePropertyDefinition() { 255 return PD_CERTIFICATE_ATTRIBUTE; 256 } 257 258 259 260 /** 261 * Get the "certificate-mapper" property definition. 262 * <p> 263 * Specifies the name of the certificate mapper that should be used 264 * to match client certificates to user entries. 265 * 266 * @return Returns the "certificate-mapper" property definition. 267 */ 268 public AggregationPropertyDefinition<CertificateMapperCfgClient, CertificateMapperCfg> getCertificateMapperPropertyDefinition() { 269 return PD_CERTIFICATE_MAPPER; 270 } 271 272 273 274 /** 275 * Get the "certificate-validation-policy" property definition. 276 * <p> 277 * Indicates whether to attempt to validate the peer certificate 278 * against a certificate held in the user's entry. 279 * 280 * @return Returns the "certificate-validation-policy" property definition. 281 */ 282 public EnumPropertyDefinition<CertificateValidationPolicy> getCertificateValidationPolicyPropertyDefinition() { 283 return PD_CERTIFICATE_VALIDATION_POLICY; 284 } 285 286 287 288 /** 289 * Get the "enabled" property definition. 290 * <p> 291 * Indicates whether the SASL mechanism handler is enabled for use. 292 * 293 * @return Returns the "enabled" property definition. 294 */ 295 public BooleanPropertyDefinition getEnabledPropertyDefinition() { 296 return SASLMechanismHandlerCfgDefn.getInstance().getEnabledPropertyDefinition(); 297 } 298 299 300 301 /** 302 * Get the "java-class" property definition. 303 * <p> 304 * Specifies the fully-qualified name of the Java class that 305 * provides the SASL mechanism handler implementation. 306 * 307 * @return Returns the "java-class" property definition. 308 */ 309 public ClassPropertyDefinition getJavaClassPropertyDefinition() { 310 return PD_JAVA_CLASS; 311 } 312 313 314 315 /** 316 * Managed object client implementation. 317 */ 318 private static class ExternalSASLMechanismHandlerCfgClientImpl implements 319 ExternalSASLMechanismHandlerCfgClient { 320 321 /** Private implementation. */ 322 private ManagedObject<? extends ExternalSASLMechanismHandlerCfgClient> impl; 323 324 325 326 /** Private constructor. */ 327 private ExternalSASLMechanismHandlerCfgClientImpl( 328 ManagedObject<? extends ExternalSASLMechanismHandlerCfgClient> impl) { 329 this.impl = impl; 330 } 331 332 333 334 /** {@inheritDoc} */ 335 public AttributeType getCertificateAttribute() { 336 return impl.getPropertyValue(INSTANCE.getCertificateAttributePropertyDefinition()); 337 } 338 339 340 341 /** {@inheritDoc} */ 342 public void setCertificateAttribute(AttributeType value) { 343 impl.setPropertyValue(INSTANCE.getCertificateAttributePropertyDefinition(), value); 344 } 345 346 347 348 /** {@inheritDoc} */ 349 public String getCertificateMapper() { 350 return impl.getPropertyValue(INSTANCE.getCertificateMapperPropertyDefinition()); 351 } 352 353 354 355 /** {@inheritDoc} */ 356 public void setCertificateMapper(String value) { 357 impl.setPropertyValue(INSTANCE.getCertificateMapperPropertyDefinition(), value); 358 } 359 360 361 362 /** {@inheritDoc} */ 363 public CertificateValidationPolicy getCertificateValidationPolicy() { 364 return impl.getPropertyValue(INSTANCE.getCertificateValidationPolicyPropertyDefinition()); 365 } 366 367 368 369 /** {@inheritDoc} */ 370 public void setCertificateValidationPolicy(CertificateValidationPolicy value) { 371 impl.setPropertyValue(INSTANCE.getCertificateValidationPolicyPropertyDefinition(), value); 372 } 373 374 375 376 /** {@inheritDoc} */ 377 public Boolean isEnabled() { 378 return impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition()); 379 } 380 381 382 383 /** {@inheritDoc} */ 384 public void setEnabled(boolean value) { 385 impl.setPropertyValue(INSTANCE.getEnabledPropertyDefinition(), value); 386 } 387 388 389 390 /** {@inheritDoc} */ 391 public String getJavaClass() { 392 return impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition()); 393 } 394 395 396 397 /** {@inheritDoc} */ 398 public void setJavaClass(String value) { 399 impl.setPropertyValue(INSTANCE.getJavaClassPropertyDefinition(), value); 400 } 401 402 403 404 /** {@inheritDoc} */ 405 public ManagedObjectDefinition<? extends ExternalSASLMechanismHandlerCfgClient, ? extends ExternalSASLMechanismHandlerCfg> definition() { 406 return INSTANCE; 407 } 408 409 410 411 /** {@inheritDoc} */ 412 public PropertyProvider properties() { 413 return impl; 414 } 415 416 417 418 /** {@inheritDoc} */ 419 public void commit() throws ManagedObjectAlreadyExistsException, 420 MissingMandatoryPropertiesException, ConcurrentModificationException, 421 OperationRejectedException, LdapException { 422 impl.commit(); 423 } 424 425 426 427 /** {@inheritDoc} */ 428 public String toString() { 429 return impl.toString(); 430 } 431 } 432 433 434 435 /** 436 * Managed object server implementation. 437 */ 438 private static class ExternalSASLMechanismHandlerCfgServerImpl implements 439 ExternalSASLMechanismHandlerCfg { 440 441 /** Private implementation. */ 442 private ServerManagedObject<? extends ExternalSASLMechanismHandlerCfg> impl; 443 444 /** The value of the "certificate-attribute" property. */ 445 private final AttributeType pCertificateAttribute; 446 447 /** The value of the "certificate-mapper" property. */ 448 private final String pCertificateMapper; 449 450 /** The value of the "certificate-validation-policy" property. */ 451 private final CertificateValidationPolicy pCertificateValidationPolicy; 452 453 /** The value of the "enabled" property. */ 454 private final boolean pEnabled; 455 456 /** The value of the "java-class" property. */ 457 private final String pJavaClass; 458 459 460 461 /** Private constructor. */ 462 private ExternalSASLMechanismHandlerCfgServerImpl(ServerManagedObject<? extends ExternalSASLMechanismHandlerCfg> impl) { 463 this.impl = impl; 464 this.pCertificateAttribute = impl.getPropertyValue(INSTANCE.getCertificateAttributePropertyDefinition()); 465 this.pCertificateMapper = impl.getPropertyValue(INSTANCE.getCertificateMapperPropertyDefinition()); 466 this.pCertificateValidationPolicy = impl.getPropertyValue(INSTANCE.getCertificateValidationPolicyPropertyDefinition()); 467 this.pEnabled = impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition()); 468 this.pJavaClass = impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition()); 469 } 470 471 472 473 /** {@inheritDoc} */ 474 public void addExternalChangeListener( 475 ConfigurationChangeListener<ExternalSASLMechanismHandlerCfg> listener) { 476 impl.registerChangeListener(listener); 477 } 478 479 480 481 /** {@inheritDoc} */ 482 public void removeExternalChangeListener( 483 ConfigurationChangeListener<ExternalSASLMechanismHandlerCfg> listener) { 484 impl.deregisterChangeListener(listener); 485 } 486 /** {@inheritDoc} */ 487 public void addChangeListener( 488 ConfigurationChangeListener<SASLMechanismHandlerCfg> listener) { 489 impl.registerChangeListener(listener); 490 } 491 492 493 494 /** {@inheritDoc} */ 495 public void removeChangeListener( 496 ConfigurationChangeListener<SASLMechanismHandlerCfg> listener) { 497 impl.deregisterChangeListener(listener); 498 } 499 500 501 502 /** {@inheritDoc} */ 503 public AttributeType getCertificateAttribute() { 504 return pCertificateAttribute; 505 } 506 507 508 509 /** {@inheritDoc} */ 510 public String getCertificateMapper() { 511 return pCertificateMapper; 512 } 513 514 515 516 /** 517 * {@inheritDoc} 518 */ 519 public DN getCertificateMapperDN() { 520 String value = getCertificateMapper(); 521 if (value == null) return null; 522 return INSTANCE.getCertificateMapperPropertyDefinition().getChildDN(value); 523 } 524 525 526 527 /** {@inheritDoc} */ 528 public CertificateValidationPolicy getCertificateValidationPolicy() { 529 return pCertificateValidationPolicy; 530 } 531 532 533 534 /** {@inheritDoc} */ 535 public boolean isEnabled() { 536 return pEnabled; 537 } 538 539 540 541 /** {@inheritDoc} */ 542 public String getJavaClass() { 543 return pJavaClass; 544 } 545 546 547 548 /** {@inheritDoc} */ 549 public Class<? extends ExternalSASLMechanismHandlerCfg> configurationClass() { 550 return ExternalSASLMechanismHandlerCfg.class; 551 } 552 553 554 555 /** {@inheritDoc} */ 556 public DN dn() { 557 return impl.getDN(); 558 } 559 560 561 562 /** {@inheritDoc} */ 563 public String toString() { 564 return impl.toString(); 565 } 566 } 567}