001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions Copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2008 Sun Microsystems, Inc.
015 */
016package org.forgerock.opendj.server.config.meta;
017
018
019
020import java.util.Collection;
021import java.util.SortedSet;
022import org.forgerock.opendj.config.AdministratorAction;
023import org.forgerock.opendj.config.AliasDefaultBehaviorProvider;
024import org.forgerock.opendj.config.AttributeTypePropertyDefinition;
025import org.forgerock.opendj.config.BooleanPropertyDefinition;
026import org.forgerock.opendj.config.ClassPropertyDefinition;
027import org.forgerock.opendj.config.client.ConcurrentModificationException;
028import org.forgerock.opendj.config.client.ManagedObject;
029import org.forgerock.opendj.config.client.MissingMandatoryPropertiesException;
030import org.forgerock.opendj.config.client.OperationRejectedException;
031import org.forgerock.opendj.config.DefaultBehaviorProvider;
032import org.forgerock.opendj.config.DefinedDefaultBehaviorProvider;
033import org.forgerock.opendj.config.DNPropertyDefinition;
034import org.forgerock.opendj.config.EnumPropertyDefinition;
035import org.forgerock.opendj.config.ManagedObjectAlreadyExistsException;
036import org.forgerock.opendj.config.ManagedObjectDefinition;
037import org.forgerock.opendj.config.PropertyOption;
038import org.forgerock.opendj.config.PropertyProvider;
039import org.forgerock.opendj.config.server.ConfigurationChangeListener;
040import org.forgerock.opendj.config.server.ServerManagedObject;
041import org.forgerock.opendj.config.Tag;
042import org.forgerock.opendj.config.UndefinedDefaultBehaviorProvider;
043import org.forgerock.opendj.ldap.DN;
044import org.forgerock.opendj.ldap.LdapException;
045import org.forgerock.opendj.ldap.schema.AttributeType;
046import org.forgerock.opendj.server.config.client.FingerprintCertificateMapperCfgClient;
047import org.forgerock.opendj.server.config.server.CertificateMapperCfg;
048import org.forgerock.opendj.server.config.server.FingerprintCertificateMapperCfg;
049
050
051
052/**
053 * An interface for querying the Fingerprint Certificate Mapper
054 * managed object definition meta information.
055 * <p>
056 * The Fingerprint Certificate Mapper maps client certificates to user
057 * entries by looking for the MD5 or SHA1 fingerprint in a specified
058 * attribute of user entries.
059 */
060public final class FingerprintCertificateMapperCfgDefn extends ManagedObjectDefinition<FingerprintCertificateMapperCfgClient, FingerprintCertificateMapperCfg> {
061
062  /** The singleton configuration definition instance. */
063  private static final FingerprintCertificateMapperCfgDefn INSTANCE = new FingerprintCertificateMapperCfgDefn();
064
065
066
067  /**
068   * Defines the set of permissable values for the "fingerprint-algorithm" property.
069   * <p>
070   * Specifies the name of the digest algorithm to compute the
071   * fingerprint of client certificates.
072   */
073  public static enum FingerprintAlgorithm {
074
075    /**
076     * Use the MD5 digest algorithm to compute certificate
077     * fingerprints.
078     */
079    MD5("md5"),
080
081
082
083    /**
084     * Use the SHA-1 digest algorithm to compute certificate
085     * fingerprints.
086     */
087    SHA1("sha1");
088
089
090
091    /** String representation of the value. */
092    private final String name;
093
094
095
096    /** Private constructor. */
097    private FingerprintAlgorithm(String name) { this.name = name; }
098
099
100
101    /** {@inheritDoc} */
102    public String toString() { return name; }
103
104  }
105
106
107
108  /** The "fingerprint-algorithm" property definition. */
109  private static final EnumPropertyDefinition<FingerprintAlgorithm> PD_FINGERPRINT_ALGORITHM;
110
111
112
113  /** The "fingerprint-attribute" property definition. */
114  private static final AttributeTypePropertyDefinition PD_FINGERPRINT_ATTRIBUTE;
115
116
117
118  /** The "java-class" property definition. */
119  private static final ClassPropertyDefinition PD_JAVA_CLASS;
120
121
122
123  /** The "user-base-dn" property definition. */
124  private static final DNPropertyDefinition PD_USER_BASE_DN;
125
126
127
128  /** Build the "fingerprint-algorithm" property definition. */
129  static {
130      EnumPropertyDefinition.Builder<FingerprintAlgorithm> builder = EnumPropertyDefinition.createBuilder(INSTANCE, "fingerprint-algorithm");
131      builder.setOption(PropertyOption.MANDATORY);
132      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "fingerprint-algorithm"));
133      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<FingerprintAlgorithm>());
134      builder.setEnumClass(FingerprintAlgorithm.class);
135      PD_FINGERPRINT_ALGORITHM = builder.getInstance();
136      INSTANCE.registerPropertyDefinition(PD_FINGERPRINT_ALGORITHM);
137  }
138
139
140
141  /** Build the "fingerprint-attribute" property definition. */
142  static {
143      AttributeTypePropertyDefinition.Builder builder = AttributeTypePropertyDefinition.createBuilder(INSTANCE, "fingerprint-attribute");
144      builder.setOption(PropertyOption.MANDATORY);
145      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "fingerprint-attribute"));
146      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<AttributeType>());
147      PD_FINGERPRINT_ATTRIBUTE = builder.getInstance();
148      INSTANCE.registerPropertyDefinition(PD_FINGERPRINT_ATTRIBUTE);
149  }
150
151
152
153  /** Build the "java-class" property definition. */
154  static {
155      ClassPropertyDefinition.Builder builder = ClassPropertyDefinition.createBuilder(INSTANCE, "java-class");
156      builder.setOption(PropertyOption.MANDATORY);
157      builder.setOption(PropertyOption.ADVANCED);
158      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.COMPONENT_RESTART, INSTANCE, "java-class"));
159      DefaultBehaviorProvider<String> provider = new DefinedDefaultBehaviorProvider<String>("org.opends.server.extensions.FingerprintCertificateMapper");
160      builder.setDefaultBehaviorProvider(provider);
161      builder.addInstanceOf("org.opends.server.api.CertificateMapper");
162      PD_JAVA_CLASS = builder.getInstance();
163      INSTANCE.registerPropertyDefinition(PD_JAVA_CLASS);
164  }
165
166
167
168  /** Build the "user-base-dn" property definition. */
169  static {
170      DNPropertyDefinition.Builder builder = DNPropertyDefinition.createBuilder(INSTANCE, "user-base-dn");
171      builder.setOption(PropertyOption.MULTI_VALUED);
172      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "user-base-dn"));
173      builder.setDefaultBehaviorProvider(new AliasDefaultBehaviorProvider<DN>(INSTANCE, "user-base-dn"));
174      PD_USER_BASE_DN = builder.getInstance();
175      INSTANCE.registerPropertyDefinition(PD_USER_BASE_DN);
176  }
177
178
179
180  // Register the tags associated with this managed object definition.
181  static {
182    INSTANCE.registerTag(Tag.valueOf("security"));
183    INSTANCE.registerTag(Tag.valueOf("user-management"));
184  }
185
186
187
188  /**
189   * Get the Fingerprint Certificate Mapper configuration definition
190   * singleton.
191   *
192   * @return Returns the Fingerprint Certificate Mapper configuration
193   *         definition singleton.
194   */
195  public static FingerprintCertificateMapperCfgDefn getInstance() {
196    return INSTANCE;
197  }
198
199
200
201  /**
202   * Private constructor.
203   */
204  private FingerprintCertificateMapperCfgDefn() {
205    super("fingerprint-certificate-mapper", CertificateMapperCfgDefn.getInstance());
206  }
207
208
209
210  /** {@inheritDoc} */
211  public FingerprintCertificateMapperCfgClient createClientConfiguration(
212      ManagedObject<? extends FingerprintCertificateMapperCfgClient> impl) {
213    return new FingerprintCertificateMapperCfgClientImpl(impl);
214  }
215
216
217
218  /** {@inheritDoc} */
219  public FingerprintCertificateMapperCfg createServerConfiguration(
220      ServerManagedObject<? extends FingerprintCertificateMapperCfg> impl) {
221    return new FingerprintCertificateMapperCfgServerImpl(impl);
222  }
223
224
225
226  /** {@inheritDoc} */
227  public Class<FingerprintCertificateMapperCfg> getServerConfigurationClass() {
228    return FingerprintCertificateMapperCfg.class;
229  }
230
231
232
233  /**
234   * Get the "enabled" property definition.
235   * <p>
236   * Indicates whether the Fingerprint Certificate Mapper is enabled.
237   *
238   * @return Returns the "enabled" property definition.
239   */
240  public BooleanPropertyDefinition getEnabledPropertyDefinition() {
241    return CertificateMapperCfgDefn.getInstance().getEnabledPropertyDefinition();
242  }
243
244
245
246  /**
247   * Get the "fingerprint-algorithm" property definition.
248   * <p>
249   * Specifies the name of the digest algorithm to compute the
250   * fingerprint of client certificates.
251   *
252   * @return Returns the "fingerprint-algorithm" property definition.
253   */
254  public EnumPropertyDefinition<FingerprintAlgorithm> getFingerprintAlgorithmPropertyDefinition() {
255    return PD_FINGERPRINT_ALGORITHM;
256  }
257
258
259
260  /**
261   * Get the "fingerprint-attribute" property definition.
262   * <p>
263   * Specifies the attribute in which to look for the fingerprint.
264   * <p>
265   * Values of the fingerprint attribute should exactly match the MD5
266   * or SHA1 representation of the certificate fingerprint.
267   *
268   * @return Returns the "fingerprint-attribute" property definition.
269   */
270  public AttributeTypePropertyDefinition getFingerprintAttributePropertyDefinition() {
271    return PD_FINGERPRINT_ATTRIBUTE;
272  }
273
274
275
276  /**
277   * Get the "java-class" property definition.
278   * <p>
279   * Specifies the fully-qualified name of the Java class that
280   * provides the Fingerprint Certificate Mapper implementation.
281   *
282   * @return Returns the "java-class" property definition.
283   */
284  public ClassPropertyDefinition getJavaClassPropertyDefinition() {
285    return PD_JAVA_CLASS;
286  }
287
288
289
290  /**
291   * Get the "user-base-dn" property definition.
292   * <p>
293   * Specifies the set of base DNs below which to search for users.
294   * <p>
295   * The base DNs are used when performing searches to map the client
296   * certificates to a user entry.
297   *
298   * @return Returns the "user-base-dn" property definition.
299   */
300  public DNPropertyDefinition getUserBaseDNPropertyDefinition() {
301    return PD_USER_BASE_DN;
302  }
303
304
305
306  /**
307   * Managed object client implementation.
308   */
309  private static class FingerprintCertificateMapperCfgClientImpl implements
310    FingerprintCertificateMapperCfgClient {
311
312    /** Private implementation. */
313    private ManagedObject<? extends FingerprintCertificateMapperCfgClient> impl;
314
315
316
317    /** Private constructor. */
318    private FingerprintCertificateMapperCfgClientImpl(
319        ManagedObject<? extends FingerprintCertificateMapperCfgClient> impl) {
320      this.impl = impl;
321    }
322
323
324
325    /** {@inheritDoc} */
326    public Boolean isEnabled() {
327      return impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition());
328    }
329
330
331
332    /** {@inheritDoc} */
333    public void setEnabled(boolean value) {
334      impl.setPropertyValue(INSTANCE.getEnabledPropertyDefinition(), value);
335    }
336
337
338
339    /** {@inheritDoc} */
340    public FingerprintAlgorithm getFingerprintAlgorithm() {
341      return impl.getPropertyValue(INSTANCE.getFingerprintAlgorithmPropertyDefinition());
342    }
343
344
345
346    /** {@inheritDoc} */
347    public void setFingerprintAlgorithm(FingerprintAlgorithm value) {
348      impl.setPropertyValue(INSTANCE.getFingerprintAlgorithmPropertyDefinition(), value);
349    }
350
351
352
353    /** {@inheritDoc} */
354    public AttributeType getFingerprintAttribute() {
355      return impl.getPropertyValue(INSTANCE.getFingerprintAttributePropertyDefinition());
356    }
357
358
359
360    /** {@inheritDoc} */
361    public void setFingerprintAttribute(AttributeType value) {
362      impl.setPropertyValue(INSTANCE.getFingerprintAttributePropertyDefinition(), value);
363    }
364
365
366
367    /** {@inheritDoc} */
368    public String getJavaClass() {
369      return impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition());
370    }
371
372
373
374    /** {@inheritDoc} */
375    public void setJavaClass(String value) {
376      impl.setPropertyValue(INSTANCE.getJavaClassPropertyDefinition(), value);
377    }
378
379
380
381    /** {@inheritDoc} */
382    public SortedSet<DN> getUserBaseDN() {
383      return impl.getPropertyValues(INSTANCE.getUserBaseDNPropertyDefinition());
384    }
385
386
387
388    /** {@inheritDoc} */
389    public void setUserBaseDN(Collection<DN> values) {
390      impl.setPropertyValues(INSTANCE.getUserBaseDNPropertyDefinition(), values);
391    }
392
393
394
395    /** {@inheritDoc} */
396    public ManagedObjectDefinition<? extends FingerprintCertificateMapperCfgClient, ? extends FingerprintCertificateMapperCfg> definition() {
397      return INSTANCE;
398    }
399
400
401
402    /** {@inheritDoc} */
403    public PropertyProvider properties() {
404      return impl;
405    }
406
407
408
409    /** {@inheritDoc} */
410    public void commit() throws ManagedObjectAlreadyExistsException,
411        MissingMandatoryPropertiesException, ConcurrentModificationException,
412        OperationRejectedException, LdapException {
413      impl.commit();
414    }
415
416
417
418    /** {@inheritDoc} */
419    public String toString() {
420      return impl.toString();
421    }
422  }
423
424
425
426  /**
427   * Managed object server implementation.
428   */
429  private static class FingerprintCertificateMapperCfgServerImpl implements
430    FingerprintCertificateMapperCfg {
431
432    /** Private implementation. */
433    private ServerManagedObject<? extends FingerprintCertificateMapperCfg> impl;
434
435    /** The value of the "enabled" property. */
436    private final boolean pEnabled;
437
438    /** The value of the "fingerprint-algorithm" property. */
439    private final FingerprintAlgorithm pFingerprintAlgorithm;
440
441    /** The value of the "fingerprint-attribute" property. */
442    private final AttributeType pFingerprintAttribute;
443
444    /** The value of the "java-class" property. */
445    private final String pJavaClass;
446
447    /** The value of the "user-base-dn" property. */
448    private final SortedSet<DN> pUserBaseDN;
449
450
451
452    /** Private constructor. */
453    private FingerprintCertificateMapperCfgServerImpl(ServerManagedObject<? extends FingerprintCertificateMapperCfg> impl) {
454      this.impl = impl;
455      this.pEnabled = impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition());
456      this.pFingerprintAlgorithm = impl.getPropertyValue(INSTANCE.getFingerprintAlgorithmPropertyDefinition());
457      this.pFingerprintAttribute = impl.getPropertyValue(INSTANCE.getFingerprintAttributePropertyDefinition());
458      this.pJavaClass = impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition());
459      this.pUserBaseDN = impl.getPropertyValues(INSTANCE.getUserBaseDNPropertyDefinition());
460    }
461
462
463
464    /** {@inheritDoc} */
465    public void addFingerprintChangeListener(
466        ConfigurationChangeListener<FingerprintCertificateMapperCfg> listener) {
467      impl.registerChangeListener(listener);
468    }
469
470
471
472    /** {@inheritDoc} */
473    public void removeFingerprintChangeListener(
474        ConfigurationChangeListener<FingerprintCertificateMapperCfg> listener) {
475      impl.deregisterChangeListener(listener);
476    }
477    /** {@inheritDoc} */
478    public void addChangeListener(
479        ConfigurationChangeListener<CertificateMapperCfg> listener) {
480      impl.registerChangeListener(listener);
481    }
482
483
484
485    /** {@inheritDoc} */
486    public void removeChangeListener(
487        ConfigurationChangeListener<CertificateMapperCfg> listener) {
488      impl.deregisterChangeListener(listener);
489    }
490
491
492
493    /** {@inheritDoc} */
494    public boolean isEnabled() {
495      return pEnabled;
496    }
497
498
499
500    /** {@inheritDoc} */
501    public FingerprintAlgorithm getFingerprintAlgorithm() {
502      return pFingerprintAlgorithm;
503    }
504
505
506
507    /** {@inheritDoc} */
508    public AttributeType getFingerprintAttribute() {
509      return pFingerprintAttribute;
510    }
511
512
513
514    /** {@inheritDoc} */
515    public String getJavaClass() {
516      return pJavaClass;
517    }
518
519
520
521    /** {@inheritDoc} */
522    public SortedSet<DN> getUserBaseDN() {
523      return pUserBaseDN;
524    }
525
526
527
528    /** {@inheritDoc} */
529    public Class<? extends FingerprintCertificateMapperCfg> configurationClass() {
530      return FingerprintCertificateMapperCfg.class;
531    }
532
533
534
535    /** {@inheritDoc} */
536    public DN dn() {
537      return impl.getDN();
538    }
539
540
541
542    /** {@inheritDoc} */
543    public String toString() {
544      return impl.toString();
545    }
546  }
547}