001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions Copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2008 Sun Microsystems, Inc. 015 */ 016package org.forgerock.opendj.server.config.meta; 017 018 019 020import java.util.Collection; 021import java.util.SortedSet; 022import org.forgerock.opendj.config.AdministratorAction; 023import org.forgerock.opendj.config.AliasDefaultBehaviorProvider; 024import org.forgerock.opendj.config.AttributeTypePropertyDefinition; 025import org.forgerock.opendj.config.BooleanPropertyDefinition; 026import org.forgerock.opendj.config.ClassPropertyDefinition; 027import org.forgerock.opendj.config.client.ConcurrentModificationException; 028import org.forgerock.opendj.config.client.ManagedObject; 029import org.forgerock.opendj.config.client.MissingMandatoryPropertiesException; 030import org.forgerock.opendj.config.client.OperationRejectedException; 031import org.forgerock.opendj.config.DefaultBehaviorProvider; 032import org.forgerock.opendj.config.DefinedDefaultBehaviorProvider; 033import org.forgerock.opendj.config.DNPropertyDefinition; 034import org.forgerock.opendj.config.EnumPropertyDefinition; 035import org.forgerock.opendj.config.ManagedObjectAlreadyExistsException; 036import org.forgerock.opendj.config.ManagedObjectDefinition; 037import org.forgerock.opendj.config.PropertyOption; 038import org.forgerock.opendj.config.PropertyProvider; 039import org.forgerock.opendj.config.server.ConfigurationChangeListener; 040import org.forgerock.opendj.config.server.ServerManagedObject; 041import org.forgerock.opendj.config.Tag; 042import org.forgerock.opendj.config.UndefinedDefaultBehaviorProvider; 043import org.forgerock.opendj.ldap.DN; 044import org.forgerock.opendj.ldap.LdapException; 045import org.forgerock.opendj.ldap.schema.AttributeType; 046import org.forgerock.opendj.server.config.client.FingerprintCertificateMapperCfgClient; 047import org.forgerock.opendj.server.config.server.CertificateMapperCfg; 048import org.forgerock.opendj.server.config.server.FingerprintCertificateMapperCfg; 049 050 051 052/** 053 * An interface for querying the Fingerprint Certificate Mapper 054 * managed object definition meta information. 055 * <p> 056 * The Fingerprint Certificate Mapper maps client certificates to user 057 * entries by looking for the MD5 or SHA1 fingerprint in a specified 058 * attribute of user entries. 059 */ 060public final class FingerprintCertificateMapperCfgDefn extends ManagedObjectDefinition<FingerprintCertificateMapperCfgClient, FingerprintCertificateMapperCfg> { 061 062 /** The singleton configuration definition instance. */ 063 private static final FingerprintCertificateMapperCfgDefn INSTANCE = new FingerprintCertificateMapperCfgDefn(); 064 065 066 067 /** 068 * Defines the set of permissable values for the "fingerprint-algorithm" property. 069 * <p> 070 * Specifies the name of the digest algorithm to compute the 071 * fingerprint of client certificates. 072 */ 073 public static enum FingerprintAlgorithm { 074 075 /** 076 * Use the MD5 digest algorithm to compute certificate 077 * fingerprints. 078 */ 079 MD5("md5"), 080 081 082 083 /** 084 * Use the SHA-1 digest algorithm to compute certificate 085 * fingerprints. 086 */ 087 SHA1("sha1"); 088 089 090 091 /** String representation of the value. */ 092 private final String name; 093 094 095 096 /** Private constructor. */ 097 private FingerprintAlgorithm(String name) { this.name = name; } 098 099 100 101 /** {@inheritDoc} */ 102 public String toString() { return name; } 103 104 } 105 106 107 108 /** The "fingerprint-algorithm" property definition. */ 109 private static final EnumPropertyDefinition<FingerprintAlgorithm> PD_FINGERPRINT_ALGORITHM; 110 111 112 113 /** The "fingerprint-attribute" property definition. */ 114 private static final AttributeTypePropertyDefinition PD_FINGERPRINT_ATTRIBUTE; 115 116 117 118 /** The "java-class" property definition. */ 119 private static final ClassPropertyDefinition PD_JAVA_CLASS; 120 121 122 123 /** The "user-base-dn" property definition. */ 124 private static final DNPropertyDefinition PD_USER_BASE_DN; 125 126 127 128 /** Build the "fingerprint-algorithm" property definition. */ 129 static { 130 EnumPropertyDefinition.Builder<FingerprintAlgorithm> builder = EnumPropertyDefinition.createBuilder(INSTANCE, "fingerprint-algorithm"); 131 builder.setOption(PropertyOption.MANDATORY); 132 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "fingerprint-algorithm")); 133 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<FingerprintAlgorithm>()); 134 builder.setEnumClass(FingerprintAlgorithm.class); 135 PD_FINGERPRINT_ALGORITHM = builder.getInstance(); 136 INSTANCE.registerPropertyDefinition(PD_FINGERPRINT_ALGORITHM); 137 } 138 139 140 141 /** Build the "fingerprint-attribute" property definition. */ 142 static { 143 AttributeTypePropertyDefinition.Builder builder = AttributeTypePropertyDefinition.createBuilder(INSTANCE, "fingerprint-attribute"); 144 builder.setOption(PropertyOption.MANDATORY); 145 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "fingerprint-attribute")); 146 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<AttributeType>()); 147 PD_FINGERPRINT_ATTRIBUTE = builder.getInstance(); 148 INSTANCE.registerPropertyDefinition(PD_FINGERPRINT_ATTRIBUTE); 149 } 150 151 152 153 /** Build the "java-class" property definition. */ 154 static { 155 ClassPropertyDefinition.Builder builder = ClassPropertyDefinition.createBuilder(INSTANCE, "java-class"); 156 builder.setOption(PropertyOption.MANDATORY); 157 builder.setOption(PropertyOption.ADVANCED); 158 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.COMPONENT_RESTART, INSTANCE, "java-class")); 159 DefaultBehaviorProvider<String> provider = new DefinedDefaultBehaviorProvider<String>("org.opends.server.extensions.FingerprintCertificateMapper"); 160 builder.setDefaultBehaviorProvider(provider); 161 builder.addInstanceOf("org.opends.server.api.CertificateMapper"); 162 PD_JAVA_CLASS = builder.getInstance(); 163 INSTANCE.registerPropertyDefinition(PD_JAVA_CLASS); 164 } 165 166 167 168 /** Build the "user-base-dn" property definition. */ 169 static { 170 DNPropertyDefinition.Builder builder = DNPropertyDefinition.createBuilder(INSTANCE, "user-base-dn"); 171 builder.setOption(PropertyOption.MULTI_VALUED); 172 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "user-base-dn")); 173 builder.setDefaultBehaviorProvider(new AliasDefaultBehaviorProvider<DN>(INSTANCE, "user-base-dn")); 174 PD_USER_BASE_DN = builder.getInstance(); 175 INSTANCE.registerPropertyDefinition(PD_USER_BASE_DN); 176 } 177 178 179 180 // Register the tags associated with this managed object definition. 181 static { 182 INSTANCE.registerTag(Tag.valueOf("security")); 183 INSTANCE.registerTag(Tag.valueOf("user-management")); 184 } 185 186 187 188 /** 189 * Get the Fingerprint Certificate Mapper configuration definition 190 * singleton. 191 * 192 * @return Returns the Fingerprint Certificate Mapper configuration 193 * definition singleton. 194 */ 195 public static FingerprintCertificateMapperCfgDefn getInstance() { 196 return INSTANCE; 197 } 198 199 200 201 /** 202 * Private constructor. 203 */ 204 private FingerprintCertificateMapperCfgDefn() { 205 super("fingerprint-certificate-mapper", CertificateMapperCfgDefn.getInstance()); 206 } 207 208 209 210 /** {@inheritDoc} */ 211 public FingerprintCertificateMapperCfgClient createClientConfiguration( 212 ManagedObject<? extends FingerprintCertificateMapperCfgClient> impl) { 213 return new FingerprintCertificateMapperCfgClientImpl(impl); 214 } 215 216 217 218 /** {@inheritDoc} */ 219 public FingerprintCertificateMapperCfg createServerConfiguration( 220 ServerManagedObject<? extends FingerprintCertificateMapperCfg> impl) { 221 return new FingerprintCertificateMapperCfgServerImpl(impl); 222 } 223 224 225 226 /** {@inheritDoc} */ 227 public Class<FingerprintCertificateMapperCfg> getServerConfigurationClass() { 228 return FingerprintCertificateMapperCfg.class; 229 } 230 231 232 233 /** 234 * Get the "enabled" property definition. 235 * <p> 236 * Indicates whether the Fingerprint Certificate Mapper is enabled. 237 * 238 * @return Returns the "enabled" property definition. 239 */ 240 public BooleanPropertyDefinition getEnabledPropertyDefinition() { 241 return CertificateMapperCfgDefn.getInstance().getEnabledPropertyDefinition(); 242 } 243 244 245 246 /** 247 * Get the "fingerprint-algorithm" property definition. 248 * <p> 249 * Specifies the name of the digest algorithm to compute the 250 * fingerprint of client certificates. 251 * 252 * @return Returns the "fingerprint-algorithm" property definition. 253 */ 254 public EnumPropertyDefinition<FingerprintAlgorithm> getFingerprintAlgorithmPropertyDefinition() { 255 return PD_FINGERPRINT_ALGORITHM; 256 } 257 258 259 260 /** 261 * Get the "fingerprint-attribute" property definition. 262 * <p> 263 * Specifies the attribute in which to look for the fingerprint. 264 * <p> 265 * Values of the fingerprint attribute should exactly match the MD5 266 * or SHA1 representation of the certificate fingerprint. 267 * 268 * @return Returns the "fingerprint-attribute" property definition. 269 */ 270 public AttributeTypePropertyDefinition getFingerprintAttributePropertyDefinition() { 271 return PD_FINGERPRINT_ATTRIBUTE; 272 } 273 274 275 276 /** 277 * Get the "java-class" property definition. 278 * <p> 279 * Specifies the fully-qualified name of the Java class that 280 * provides the Fingerprint Certificate Mapper implementation. 281 * 282 * @return Returns the "java-class" property definition. 283 */ 284 public ClassPropertyDefinition getJavaClassPropertyDefinition() { 285 return PD_JAVA_CLASS; 286 } 287 288 289 290 /** 291 * Get the "user-base-dn" property definition. 292 * <p> 293 * Specifies the set of base DNs below which to search for users. 294 * <p> 295 * The base DNs are used when performing searches to map the client 296 * certificates to a user entry. 297 * 298 * @return Returns the "user-base-dn" property definition. 299 */ 300 public DNPropertyDefinition getUserBaseDNPropertyDefinition() { 301 return PD_USER_BASE_DN; 302 } 303 304 305 306 /** 307 * Managed object client implementation. 308 */ 309 private static class FingerprintCertificateMapperCfgClientImpl implements 310 FingerprintCertificateMapperCfgClient { 311 312 /** Private implementation. */ 313 private ManagedObject<? extends FingerprintCertificateMapperCfgClient> impl; 314 315 316 317 /** Private constructor. */ 318 private FingerprintCertificateMapperCfgClientImpl( 319 ManagedObject<? extends FingerprintCertificateMapperCfgClient> impl) { 320 this.impl = impl; 321 } 322 323 324 325 /** {@inheritDoc} */ 326 public Boolean isEnabled() { 327 return impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition()); 328 } 329 330 331 332 /** {@inheritDoc} */ 333 public void setEnabled(boolean value) { 334 impl.setPropertyValue(INSTANCE.getEnabledPropertyDefinition(), value); 335 } 336 337 338 339 /** {@inheritDoc} */ 340 public FingerprintAlgorithm getFingerprintAlgorithm() { 341 return impl.getPropertyValue(INSTANCE.getFingerprintAlgorithmPropertyDefinition()); 342 } 343 344 345 346 /** {@inheritDoc} */ 347 public void setFingerprintAlgorithm(FingerprintAlgorithm value) { 348 impl.setPropertyValue(INSTANCE.getFingerprintAlgorithmPropertyDefinition(), value); 349 } 350 351 352 353 /** {@inheritDoc} */ 354 public AttributeType getFingerprintAttribute() { 355 return impl.getPropertyValue(INSTANCE.getFingerprintAttributePropertyDefinition()); 356 } 357 358 359 360 /** {@inheritDoc} */ 361 public void setFingerprintAttribute(AttributeType value) { 362 impl.setPropertyValue(INSTANCE.getFingerprintAttributePropertyDefinition(), value); 363 } 364 365 366 367 /** {@inheritDoc} */ 368 public String getJavaClass() { 369 return impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition()); 370 } 371 372 373 374 /** {@inheritDoc} */ 375 public void setJavaClass(String value) { 376 impl.setPropertyValue(INSTANCE.getJavaClassPropertyDefinition(), value); 377 } 378 379 380 381 /** {@inheritDoc} */ 382 public SortedSet<DN> getUserBaseDN() { 383 return impl.getPropertyValues(INSTANCE.getUserBaseDNPropertyDefinition()); 384 } 385 386 387 388 /** {@inheritDoc} */ 389 public void setUserBaseDN(Collection<DN> values) { 390 impl.setPropertyValues(INSTANCE.getUserBaseDNPropertyDefinition(), values); 391 } 392 393 394 395 /** {@inheritDoc} */ 396 public ManagedObjectDefinition<? extends FingerprintCertificateMapperCfgClient, ? extends FingerprintCertificateMapperCfg> definition() { 397 return INSTANCE; 398 } 399 400 401 402 /** {@inheritDoc} */ 403 public PropertyProvider properties() { 404 return impl; 405 } 406 407 408 409 /** {@inheritDoc} */ 410 public void commit() throws ManagedObjectAlreadyExistsException, 411 MissingMandatoryPropertiesException, ConcurrentModificationException, 412 OperationRejectedException, LdapException { 413 impl.commit(); 414 } 415 416 417 418 /** {@inheritDoc} */ 419 public String toString() { 420 return impl.toString(); 421 } 422 } 423 424 425 426 /** 427 * Managed object server implementation. 428 */ 429 private static class FingerprintCertificateMapperCfgServerImpl implements 430 FingerprintCertificateMapperCfg { 431 432 /** Private implementation. */ 433 private ServerManagedObject<? extends FingerprintCertificateMapperCfg> impl; 434 435 /** The value of the "enabled" property. */ 436 private final boolean pEnabled; 437 438 /** The value of the "fingerprint-algorithm" property. */ 439 private final FingerprintAlgorithm pFingerprintAlgorithm; 440 441 /** The value of the "fingerprint-attribute" property. */ 442 private final AttributeType pFingerprintAttribute; 443 444 /** The value of the "java-class" property. */ 445 private final String pJavaClass; 446 447 /** The value of the "user-base-dn" property. */ 448 private final SortedSet<DN> pUserBaseDN; 449 450 451 452 /** Private constructor. */ 453 private FingerprintCertificateMapperCfgServerImpl(ServerManagedObject<? extends FingerprintCertificateMapperCfg> impl) { 454 this.impl = impl; 455 this.pEnabled = impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition()); 456 this.pFingerprintAlgorithm = impl.getPropertyValue(INSTANCE.getFingerprintAlgorithmPropertyDefinition()); 457 this.pFingerprintAttribute = impl.getPropertyValue(INSTANCE.getFingerprintAttributePropertyDefinition()); 458 this.pJavaClass = impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition()); 459 this.pUserBaseDN = impl.getPropertyValues(INSTANCE.getUserBaseDNPropertyDefinition()); 460 } 461 462 463 464 /** {@inheritDoc} */ 465 public void addFingerprintChangeListener( 466 ConfigurationChangeListener<FingerprintCertificateMapperCfg> listener) { 467 impl.registerChangeListener(listener); 468 } 469 470 471 472 /** {@inheritDoc} */ 473 public void removeFingerprintChangeListener( 474 ConfigurationChangeListener<FingerprintCertificateMapperCfg> listener) { 475 impl.deregisterChangeListener(listener); 476 } 477 /** {@inheritDoc} */ 478 public void addChangeListener( 479 ConfigurationChangeListener<CertificateMapperCfg> listener) { 480 impl.registerChangeListener(listener); 481 } 482 483 484 485 /** {@inheritDoc} */ 486 public void removeChangeListener( 487 ConfigurationChangeListener<CertificateMapperCfg> listener) { 488 impl.deregisterChangeListener(listener); 489 } 490 491 492 493 /** {@inheritDoc} */ 494 public boolean isEnabled() { 495 return pEnabled; 496 } 497 498 499 500 /** {@inheritDoc} */ 501 public FingerprintAlgorithm getFingerprintAlgorithm() { 502 return pFingerprintAlgorithm; 503 } 504 505 506 507 /** {@inheritDoc} */ 508 public AttributeType getFingerprintAttribute() { 509 return pFingerprintAttribute; 510 } 511 512 513 514 /** {@inheritDoc} */ 515 public String getJavaClass() { 516 return pJavaClass; 517 } 518 519 520 521 /** {@inheritDoc} */ 522 public SortedSet<DN> getUserBaseDN() { 523 return pUserBaseDN; 524 } 525 526 527 528 /** {@inheritDoc} */ 529 public Class<? extends FingerprintCertificateMapperCfg> configurationClass() { 530 return FingerprintCertificateMapperCfg.class; 531 } 532 533 534 535 /** {@inheritDoc} */ 536 public DN dn() { 537 return impl.getDN(); 538 } 539 540 541 542 /** {@inheritDoc} */ 543 public String toString() { 544 return impl.toString(); 545 } 546 } 547}