001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions Copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2006-2008 Sun Microsystems, Inc. 015 * Portions Copyright 2014-2016 ForgeRock AS. 016 */ 017package org.opends.server.api; 018import org.forgerock.i18n.LocalizableMessage; 019 020 021 022import java.security.cert.Certificate; 023import java.util.List; 024 025import org.forgerock.opendj.server.config.server.CertificateMapperCfg; 026import org.forgerock.opendj.config.server.ConfigException; 027import org.opends.server.types.DirectoryException; 028import org.opends.server.types.Entry; 029import org.opends.server.types.InitializationException; 030 031 032/** 033 * This class defines the set of methods and structures that must be 034 * implemented by a Directory Server module that implements the 035 * functionality required to uniquely map an SSL client certificate to 036 * a Directory Server user entry. 037 * 038 * @param <T> The type of configuration handled by this certificate 039 * mapper. 040 */ 041@org.opends.server.types.PublicAPI( 042 stability=org.opends.server.types.StabilityLevel.VOLATILE, 043 mayInstantiate=false, 044 mayExtend=true, 045 mayInvoke=false) 046public abstract class CertificateMapper 047 <T extends CertificateMapperCfg> 048{ 049 /** 050 * Initializes this certificate mapper based on the information in 051 * the provided configuration entry. 052 * 053 * @param configuration The configuration that should be used to 054 * intialize this certificate mapper. 055 * 056 * @throws ConfigException If the provided entry does not contain 057 * a valid certificate mapper 058 * configuration. 059 * 060 * @throws InitializationException If a problem occurs during 061 * initialization that is not 062 * related to the server 063 * configuration. 064 */ 065 public abstract void initializeCertificateMapper(T configuration) 066 throws ConfigException, InitializationException; 067 068 069 070 /** 071 * Indicates whether the provided configuration is acceptable for 072 * this certificate mapper. It should be possible to call this 073 * method on an uninitialized certificate mapper instance in order 074 * to determine whether the certificate mapper would be able to use 075 * the provided configuration. 076 * <BR><BR> 077 * Note that implementations which use a subclass of the provided 078 * configuration class will likely need to cast the configuration 079 * to the appropriate subclass type. 080 * 081 * @param configuration The certificate mapper configuration 082 * for which to make the determination. 083 * @param unacceptableReasons A list that may be used to hold the 084 * reasons that the provided 085 * configuration is not acceptable. 086 * 087 * @return {@code true} if the provided configuration is acceptable 088 * for this certificate mapper, or {@code false} if not. 089 */ 090 public boolean isConfigurationAcceptable( 091 CertificateMapperCfg configuration, 092 List<LocalizableMessage> unacceptableReasons) 093 { 094 // This default implementation does not perform any special 095 // validation. It should be overridden by certificate mapper 096 // implementations that wish to perform more detailed validation. 097 return true; 098 } 099 100 101 102 /** 103 * Performs any finalization that may be necessary for this 104 * certificate mapper. By default, no finalization is performed. 105 */ 106 public void finalizeCertificateMapper() 107 { 108 // No implementation is required by default. 109 } 110 111 112 113 /** 114 * Establishes a mapping between the information in the provided 115 * certificate chain and a single user entry in the Directory 116 * Server. 117 * 118 * @param certificateChain The certificate chain presented by the 119 * client during SSL negotiation. The 120 * peer certificate will be listed first, 121 * followed by the ordered issuer chain 122 * as appropriate. 123 * 124 * @return The entry for the user to whom the mapping was 125 * established, or {@code null} if no mapping was 126 * established and no special message is required to send 127 * back to the client. 128 * 129 * @throws DirectoryException If a problem occurred while 130 * attempting to establish the mapping. 131 * This may include internal failures, 132 * a mapping which matches multiple 133 * users, or any other case in which an 134 * error message should be returned to 135 * the client. 136 */ 137 public abstract Entry mapCertificateToUser(Certificate[] 138 certificateChain) 139 throws DirectoryException; 140} 141