001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions Copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2008 Sun Microsystems, Inc.
015 */
016package org.forgerock.opendj.server.config.meta;
017
018
019
020import org.forgerock.opendj.config.AdministratorAction;
021import org.forgerock.opendj.config.AggregationPropertyDefinition;
022import org.forgerock.opendj.config.AttributeTypePropertyDefinition;
023import org.forgerock.opendj.config.BooleanPropertyDefinition;
024import org.forgerock.opendj.config.ClassPropertyDefinition;
025import org.forgerock.opendj.config.client.ConcurrentModificationException;
026import org.forgerock.opendj.config.client.ManagedObject;
027import org.forgerock.opendj.config.client.MissingMandatoryPropertiesException;
028import org.forgerock.opendj.config.client.OperationRejectedException;
029import org.forgerock.opendj.config.conditions.Conditions;
030import org.forgerock.opendj.config.DefaultBehaviorProvider;
031import org.forgerock.opendj.config.DefinedDefaultBehaviorProvider;
032import org.forgerock.opendj.config.EnumPropertyDefinition;
033import org.forgerock.opendj.config.ManagedObjectAlreadyExistsException;
034import org.forgerock.opendj.config.ManagedObjectDefinition;
035import org.forgerock.opendj.config.PropertyOption;
036import org.forgerock.opendj.config.PropertyProvider;
037import org.forgerock.opendj.config.server.ConfigurationChangeListener;
038import org.forgerock.opendj.config.server.ServerManagedObject;
039import org.forgerock.opendj.config.Tag;
040import org.forgerock.opendj.config.UndefinedDefaultBehaviorProvider;
041import org.forgerock.opendj.ldap.DN;
042import org.forgerock.opendj.ldap.LdapException;
043import org.forgerock.opendj.ldap.schema.AttributeType;
044import org.forgerock.opendj.server.config.client.CertificateMapperCfgClient;
045import org.forgerock.opendj.server.config.client.ExternalSASLMechanismHandlerCfgClient;
046import org.forgerock.opendj.server.config.server.CertificateMapperCfg;
047import org.forgerock.opendj.server.config.server.ExternalSASLMechanismHandlerCfg;
048import org.forgerock.opendj.server.config.server.SASLMechanismHandlerCfg;
049
050
051
052/**
053 * An interface for querying the External SASL Mechanism Handler
054 * managed object definition meta information.
055 * <p>
056 * The External SASL Mechanism Handler performs all processing related
057 * to SASL EXTERNAL authentication.
058 */
059public final class ExternalSASLMechanismHandlerCfgDefn extends ManagedObjectDefinition<ExternalSASLMechanismHandlerCfgClient, ExternalSASLMechanismHandlerCfg> {
060
061  /** The singleton configuration definition instance. */
062  private static final ExternalSASLMechanismHandlerCfgDefn INSTANCE = new ExternalSASLMechanismHandlerCfgDefn();
063
064
065
066  /**
067   * Defines the set of permissable values for the "certificate-validation-policy" property.
068   * <p>
069   * Indicates whether to attempt to validate the peer certificate
070   * against a certificate held in the user's entry.
071   */
072  public static enum CertificateValidationPolicy {
073
074    /**
075     * Always require the peer certificate to be present in the user's
076     * entry.
077     */
078    ALWAYS("always"),
079
080
081
082    /**
083     * If the user's entry contains one or more certificates, require
084     * that one of them match the peer certificate.
085     */
086    IFPRESENT("ifpresent"),
087
088
089
090    /**
091     * Do not look for the peer certificate to be present in the
092     * user's entry.
093     */
094    NEVER("never");
095
096
097
098    /** String representation of the value. */
099    private final String name;
100
101
102
103    /** Private constructor. */
104    private CertificateValidationPolicy(String name) { this.name = name; }
105
106
107
108    /** {@inheritDoc} */
109    public String toString() { return name; }
110
111  }
112
113
114
115  /** The "certificate-attribute" property definition. */
116  private static final AttributeTypePropertyDefinition PD_CERTIFICATE_ATTRIBUTE;
117
118
119
120  /** The "certificate-mapper" property definition. */
121  private static final AggregationPropertyDefinition<CertificateMapperCfgClient, CertificateMapperCfg> PD_CERTIFICATE_MAPPER;
122
123
124
125  /** The "certificate-validation-policy" property definition. */
126  private static final EnumPropertyDefinition<CertificateValidationPolicy> PD_CERTIFICATE_VALIDATION_POLICY;
127
128
129
130  /** The "java-class" property definition. */
131  private static final ClassPropertyDefinition PD_JAVA_CLASS;
132
133
134
135  /** Build the "certificate-attribute" property definition. */
136  static {
137      AttributeTypePropertyDefinition.Builder builder = AttributeTypePropertyDefinition.createBuilder(INSTANCE, "certificate-attribute");
138      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "certificate-attribute"));
139      DefaultBehaviorProvider<AttributeType> provider = new DefinedDefaultBehaviorProvider<AttributeType>("userCertificate");
140      builder.setDefaultBehaviorProvider(provider);
141      PD_CERTIFICATE_ATTRIBUTE = builder.getInstance();
142      INSTANCE.registerPropertyDefinition(PD_CERTIFICATE_ATTRIBUTE);
143  }
144
145
146
147  /** Build the "certificate-mapper" property definition. */
148  static {
149      AggregationPropertyDefinition.Builder<CertificateMapperCfgClient, CertificateMapperCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "certificate-mapper");
150      builder.setOption(PropertyOption.MANDATORY);
151      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "certificate-mapper"));
152      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
153      builder.setParentPath("/");
154      builder.setRelationDefinition("certificate-mapper");
155      builder.setTargetNeedsEnablingCondition(Conditions.contains("enabled", "true"));
156      builder.setTargetIsEnabledCondition(Conditions.contains("enabled", "true"));
157      PD_CERTIFICATE_MAPPER = builder.getInstance();
158      INSTANCE.registerPropertyDefinition(PD_CERTIFICATE_MAPPER);
159      INSTANCE.registerConstraint(PD_CERTIFICATE_MAPPER.getSourceConstraint());
160  }
161
162
163
164  /** Build the "certificate-validation-policy" property definition. */
165  static {
166      EnumPropertyDefinition.Builder<CertificateValidationPolicy> builder = EnumPropertyDefinition.createBuilder(INSTANCE, "certificate-validation-policy");
167      builder.setOption(PropertyOption.MANDATORY);
168      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "certificate-validation-policy"));
169      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<CertificateValidationPolicy>());
170      builder.setEnumClass(CertificateValidationPolicy.class);
171      PD_CERTIFICATE_VALIDATION_POLICY = builder.getInstance();
172      INSTANCE.registerPropertyDefinition(PD_CERTIFICATE_VALIDATION_POLICY);
173  }
174
175
176
177  /** Build the "java-class" property definition. */
178  static {
179      ClassPropertyDefinition.Builder builder = ClassPropertyDefinition.createBuilder(INSTANCE, "java-class");
180      builder.setOption(PropertyOption.MANDATORY);
181      builder.setOption(PropertyOption.ADVANCED);
182      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.COMPONENT_RESTART, INSTANCE, "java-class"));
183      DefaultBehaviorProvider<String> provider = new DefinedDefaultBehaviorProvider<String>("org.opends.server.extensions.ExternalSASLMechanismHandler");
184      builder.setDefaultBehaviorProvider(provider);
185      builder.addInstanceOf("org.opends.server.api.SASLMechanismHandler");
186      PD_JAVA_CLASS = builder.getInstance();
187      INSTANCE.registerPropertyDefinition(PD_JAVA_CLASS);
188  }
189
190
191
192  // Register the tags associated with this managed object definition.
193  static {
194    INSTANCE.registerTag(Tag.valueOf("security"));
195  }
196
197
198
199  /**
200   * Get the External SASL Mechanism Handler configuration definition
201   * singleton.
202   *
203   * @return Returns the External SASL Mechanism Handler configuration
204   *         definition singleton.
205   */
206  public static ExternalSASLMechanismHandlerCfgDefn getInstance() {
207    return INSTANCE;
208  }
209
210
211
212  /**
213   * Private constructor.
214   */
215  private ExternalSASLMechanismHandlerCfgDefn() {
216    super("external-sasl-mechanism-handler", SASLMechanismHandlerCfgDefn.getInstance());
217  }
218
219
220
221  /** {@inheritDoc} */
222  public ExternalSASLMechanismHandlerCfgClient createClientConfiguration(
223      ManagedObject<? extends ExternalSASLMechanismHandlerCfgClient> impl) {
224    return new ExternalSASLMechanismHandlerCfgClientImpl(impl);
225  }
226
227
228
229  /** {@inheritDoc} */
230  public ExternalSASLMechanismHandlerCfg createServerConfiguration(
231      ServerManagedObject<? extends ExternalSASLMechanismHandlerCfg> impl) {
232    return new ExternalSASLMechanismHandlerCfgServerImpl(impl);
233  }
234
235
236
237  /** {@inheritDoc} */
238  public Class<ExternalSASLMechanismHandlerCfg> getServerConfigurationClass() {
239    return ExternalSASLMechanismHandlerCfg.class;
240  }
241
242
243
244  /**
245   * Get the "certificate-attribute" property definition.
246   * <p>
247   * Specifies the name of the attribute to hold user certificates.
248   * <p>
249   * This property must specify the name of a valid attribute type
250   * defined in the server schema.
251   *
252   * @return Returns the "certificate-attribute" property definition.
253   */
254  public AttributeTypePropertyDefinition getCertificateAttributePropertyDefinition() {
255    return PD_CERTIFICATE_ATTRIBUTE;
256  }
257
258
259
260  /**
261   * Get the "certificate-mapper" property definition.
262   * <p>
263   * Specifies the name of the certificate mapper that should be used
264   * to match client certificates to user entries.
265   *
266   * @return Returns the "certificate-mapper" property definition.
267   */
268  public AggregationPropertyDefinition<CertificateMapperCfgClient, CertificateMapperCfg> getCertificateMapperPropertyDefinition() {
269    return PD_CERTIFICATE_MAPPER;
270  }
271
272
273
274  /**
275   * Get the "certificate-validation-policy" property definition.
276   * <p>
277   * Indicates whether to attempt to validate the peer certificate
278   * against a certificate held in the user's entry.
279   *
280   * @return Returns the "certificate-validation-policy" property definition.
281   */
282  public EnumPropertyDefinition<CertificateValidationPolicy> getCertificateValidationPolicyPropertyDefinition() {
283    return PD_CERTIFICATE_VALIDATION_POLICY;
284  }
285
286
287
288  /**
289   * Get the "enabled" property definition.
290   * <p>
291   * Indicates whether the SASL mechanism handler is enabled for use.
292   *
293   * @return Returns the "enabled" property definition.
294   */
295  public BooleanPropertyDefinition getEnabledPropertyDefinition() {
296    return SASLMechanismHandlerCfgDefn.getInstance().getEnabledPropertyDefinition();
297  }
298
299
300
301  /**
302   * Get the "java-class" property definition.
303   * <p>
304   * Specifies the fully-qualified name of the Java class that
305   * provides the SASL mechanism handler implementation.
306   *
307   * @return Returns the "java-class" property definition.
308   */
309  public ClassPropertyDefinition getJavaClassPropertyDefinition() {
310    return PD_JAVA_CLASS;
311  }
312
313
314
315  /**
316   * Managed object client implementation.
317   */
318  private static class ExternalSASLMechanismHandlerCfgClientImpl implements
319    ExternalSASLMechanismHandlerCfgClient {
320
321    /** Private implementation. */
322    private ManagedObject<? extends ExternalSASLMechanismHandlerCfgClient> impl;
323
324
325
326    /** Private constructor. */
327    private ExternalSASLMechanismHandlerCfgClientImpl(
328        ManagedObject<? extends ExternalSASLMechanismHandlerCfgClient> impl) {
329      this.impl = impl;
330    }
331
332
333
334    /** {@inheritDoc} */
335    public AttributeType getCertificateAttribute() {
336      return impl.getPropertyValue(INSTANCE.getCertificateAttributePropertyDefinition());
337    }
338
339
340
341    /** {@inheritDoc} */
342    public void setCertificateAttribute(AttributeType value) {
343      impl.setPropertyValue(INSTANCE.getCertificateAttributePropertyDefinition(), value);
344    }
345
346
347
348    /** {@inheritDoc} */
349    public String getCertificateMapper() {
350      return impl.getPropertyValue(INSTANCE.getCertificateMapperPropertyDefinition());
351    }
352
353
354
355    /** {@inheritDoc} */
356    public void setCertificateMapper(String value) {
357      impl.setPropertyValue(INSTANCE.getCertificateMapperPropertyDefinition(), value);
358    }
359
360
361
362    /** {@inheritDoc} */
363    public CertificateValidationPolicy getCertificateValidationPolicy() {
364      return impl.getPropertyValue(INSTANCE.getCertificateValidationPolicyPropertyDefinition());
365    }
366
367
368
369    /** {@inheritDoc} */
370    public void setCertificateValidationPolicy(CertificateValidationPolicy value) {
371      impl.setPropertyValue(INSTANCE.getCertificateValidationPolicyPropertyDefinition(), value);
372    }
373
374
375
376    /** {@inheritDoc} */
377    public Boolean isEnabled() {
378      return impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition());
379    }
380
381
382
383    /** {@inheritDoc} */
384    public void setEnabled(boolean value) {
385      impl.setPropertyValue(INSTANCE.getEnabledPropertyDefinition(), value);
386    }
387
388
389
390    /** {@inheritDoc} */
391    public String getJavaClass() {
392      return impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition());
393    }
394
395
396
397    /** {@inheritDoc} */
398    public void setJavaClass(String value) {
399      impl.setPropertyValue(INSTANCE.getJavaClassPropertyDefinition(), value);
400    }
401
402
403
404    /** {@inheritDoc} */
405    public ManagedObjectDefinition<? extends ExternalSASLMechanismHandlerCfgClient, ? extends ExternalSASLMechanismHandlerCfg> definition() {
406      return INSTANCE;
407    }
408
409
410
411    /** {@inheritDoc} */
412    public PropertyProvider properties() {
413      return impl;
414    }
415
416
417
418    /** {@inheritDoc} */
419    public void commit() throws ManagedObjectAlreadyExistsException,
420        MissingMandatoryPropertiesException, ConcurrentModificationException,
421        OperationRejectedException, LdapException {
422      impl.commit();
423    }
424
425
426
427    /** {@inheritDoc} */
428    public String toString() {
429      return impl.toString();
430    }
431  }
432
433
434
435  /**
436   * Managed object server implementation.
437   */
438  private static class ExternalSASLMechanismHandlerCfgServerImpl implements
439    ExternalSASLMechanismHandlerCfg {
440
441    /** Private implementation. */
442    private ServerManagedObject<? extends ExternalSASLMechanismHandlerCfg> impl;
443
444    /** The value of the "certificate-attribute" property. */
445    private final AttributeType pCertificateAttribute;
446
447    /** The value of the "certificate-mapper" property. */
448    private final String pCertificateMapper;
449
450    /** The value of the "certificate-validation-policy" property. */
451    private final CertificateValidationPolicy pCertificateValidationPolicy;
452
453    /** The value of the "enabled" property. */
454    private final boolean pEnabled;
455
456    /** The value of the "java-class" property. */
457    private final String pJavaClass;
458
459
460
461    /** Private constructor. */
462    private ExternalSASLMechanismHandlerCfgServerImpl(ServerManagedObject<? extends ExternalSASLMechanismHandlerCfg> impl) {
463      this.impl = impl;
464      this.pCertificateAttribute = impl.getPropertyValue(INSTANCE.getCertificateAttributePropertyDefinition());
465      this.pCertificateMapper = impl.getPropertyValue(INSTANCE.getCertificateMapperPropertyDefinition());
466      this.pCertificateValidationPolicy = impl.getPropertyValue(INSTANCE.getCertificateValidationPolicyPropertyDefinition());
467      this.pEnabled = impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition());
468      this.pJavaClass = impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition());
469    }
470
471
472
473    /** {@inheritDoc} */
474    public void addExternalChangeListener(
475        ConfigurationChangeListener<ExternalSASLMechanismHandlerCfg> listener) {
476      impl.registerChangeListener(listener);
477    }
478
479
480
481    /** {@inheritDoc} */
482    public void removeExternalChangeListener(
483        ConfigurationChangeListener<ExternalSASLMechanismHandlerCfg> listener) {
484      impl.deregisterChangeListener(listener);
485    }
486    /** {@inheritDoc} */
487    public void addChangeListener(
488        ConfigurationChangeListener<SASLMechanismHandlerCfg> listener) {
489      impl.registerChangeListener(listener);
490    }
491
492
493
494    /** {@inheritDoc} */
495    public void removeChangeListener(
496        ConfigurationChangeListener<SASLMechanismHandlerCfg> listener) {
497      impl.deregisterChangeListener(listener);
498    }
499
500
501
502    /** {@inheritDoc} */
503    public AttributeType getCertificateAttribute() {
504      return pCertificateAttribute;
505    }
506
507
508
509    /** {@inheritDoc} */
510    public String getCertificateMapper() {
511      return pCertificateMapper;
512    }
513
514
515
516    /**
517     * {@inheritDoc}
518     */
519    public DN getCertificateMapperDN() {
520      String value = getCertificateMapper();
521      if (value == null) return null;
522      return INSTANCE.getCertificateMapperPropertyDefinition().getChildDN(value);
523    }
524
525
526
527    /** {@inheritDoc} */
528    public CertificateValidationPolicy getCertificateValidationPolicy() {
529      return pCertificateValidationPolicy;
530    }
531
532
533
534    /** {@inheritDoc} */
535    public boolean isEnabled() {
536      return pEnabled;
537    }
538
539
540
541    /** {@inheritDoc} */
542    public String getJavaClass() {
543      return pJavaClass;
544    }
545
546
547
548    /** {@inheritDoc} */
549    public Class<? extends ExternalSASLMechanismHandlerCfg> configurationClass() {
550      return ExternalSASLMechanismHandlerCfg.class;
551    }
552
553
554
555    /** {@inheritDoc} */
556    public DN dn() {
557      return impl.getDN();
558    }
559
560
561
562    /** {@inheritDoc} */
563    public String toString() {
564      return impl.toString();
565    }
566  }
567}