001    /*
002     * CDDL HEADER START
003     *
004     * The contents of this file are subject to the terms of the
005     * Common Development and Distribution License, Version 1.0 only
006     * (the "License").  You may not use this file except in compliance
007     * with the License.
008     *
009     * You can obtain a copy of the license at
010     * trunk/opends/resource/legal-notices/OpenDS.LICENSE
011     * or https://OpenDS.dev.java.net/OpenDS.LICENSE.
012     * See the License for the specific language governing permissions
013     * and limitations under the License.
014     *
015     * When distributing Covered Code, include this CDDL HEADER in each
016     * file and include the License file at
017     * trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
018     * add the following below this CDDL HEADER, with the fields enclosed
019     * by brackets "[]" replaced with your own identifying information:
020     *      Portions Copyright [yyyy] [name of copyright owner]
021     *
022     * CDDL HEADER END
023     *
024     *
025     *      Copyright 2008 Sun Microsystems, Inc.
026     */
027    package org.opends.server.admin.std.meta;
028    
029    
030    
031    import org.opends.server.admin.AdministratorAction;
032    import org.opends.server.admin.AggregationPropertyDefinition;
033    import org.opends.server.admin.AttributeTypePropertyDefinition;
034    import org.opends.server.admin.BooleanPropertyDefinition;
035    import org.opends.server.admin.ClassPropertyDefinition;
036    import org.opends.server.admin.client.AuthorizationException;
037    import org.opends.server.admin.client.CommunicationException;
038    import org.opends.server.admin.client.ConcurrentModificationException;
039    import org.opends.server.admin.client.ManagedObject;
040    import org.opends.server.admin.client.MissingMandatoryPropertiesException;
041    import org.opends.server.admin.client.OperationRejectedException;
042    import org.opends.server.admin.DefaultBehaviorProvider;
043    import org.opends.server.admin.DefinedDefaultBehaviorProvider;
044    import org.opends.server.admin.EnumPropertyDefinition;
045    import org.opends.server.admin.ManagedObjectAlreadyExistsException;
046    import org.opends.server.admin.ManagedObjectDefinition;
047    import org.opends.server.admin.PropertyOption;
048    import org.opends.server.admin.PropertyProvider;
049    import org.opends.server.admin.server.ConfigurationChangeListener;
050    import org.opends.server.admin.server.ServerManagedObject;
051    import org.opends.server.admin.std.client.CertificateMapperCfgClient;
052    import org.opends.server.admin.std.client.ExternalSASLMechanismHandlerCfgClient;
053    import org.opends.server.admin.std.server.CertificateMapperCfg;
054    import org.opends.server.admin.std.server.ExternalSASLMechanismHandlerCfg;
055    import org.opends.server.admin.std.server.SASLMechanismHandlerCfg;
056    import org.opends.server.admin.Tag;
057    import org.opends.server.admin.UndefinedDefaultBehaviorProvider;
058    import org.opends.server.types.AttributeType;
059    import org.opends.server.types.DN;
060    
061    
062    
063    /**
064     * An interface for querying the External SASL Mechanism Handler
065     * managed object definition meta information.
066     * <p>
067     * The External SASL Mechanism Handler performs all processing related
068     * to SASL EXTERNAL authentication.
069     */
070    public final class ExternalSASLMechanismHandlerCfgDefn extends ManagedObjectDefinition<ExternalSASLMechanismHandlerCfgClient, ExternalSASLMechanismHandlerCfg> {
071    
072      // The singleton configuration definition instance.
073      private static final ExternalSASLMechanismHandlerCfgDefn INSTANCE = new ExternalSASLMechanismHandlerCfgDefn();
074    
075    
076    
077      /**
078       * Defines the set of permissable values for the "certificate-validation-policy" property.
079       * <p>
080       * Indicates whether to attempt to validate the peer certificate
081       * against a certificate held in the user's entry.
082       */
083      public static enum CertificateValidationPolicy {
084    
085        /**
086         * Always require the peer certificate to be present in the user's
087         * entry.
088         */
089        ALWAYS("always"),
090    
091    
092    
093        /**
094         * If the user's entry contains one or more certificates, require
095         * that one of them match the peer certificate.
096         */
097        IFPRESENT("ifpresent"),
098    
099    
100    
101        /**
102         * Do not look for the peer certificate to be present in the
103         * user's entry.
104         */
105        NEVER("never");
106    
107    
108    
109        // String representation of the value.
110        private final String name;
111    
112    
113    
114        // Private constructor.
115        private CertificateValidationPolicy(String name) { this.name = name; }
116    
117    
118    
119        /**
120         * {@inheritDoc}
121         */
122        public String toString() { return name; }
123    
124      }
125    
126    
127    
128      // The "certificate-attribute" property definition.
129      private static final AttributeTypePropertyDefinition PD_CERTIFICATE_ATTRIBUTE;
130    
131    
132    
133      // The "certificate-mapper" property definition.
134      private static final AggregationPropertyDefinition<CertificateMapperCfgClient, CertificateMapperCfg> PD_CERTIFICATE_MAPPER;
135    
136    
137    
138      // The "certificate-validation-policy" property definition.
139      private static final EnumPropertyDefinition<CertificateValidationPolicy> PD_CERTIFICATE_VALIDATION_POLICY;
140    
141    
142    
143      // The "java-class" property definition.
144      private static final ClassPropertyDefinition PD_JAVA_CLASS;
145    
146    
147    
148      // Build the "certificate-attribute" property definition.
149      static {
150          AttributeTypePropertyDefinition.Builder builder = AttributeTypePropertyDefinition.createBuilder(INSTANCE, "certificate-attribute");
151          builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "certificate-attribute"));
152          DefaultBehaviorProvider<AttributeType> provider = new DefinedDefaultBehaviorProvider<AttributeType>("userCertificate");
153          builder.setDefaultBehaviorProvider(provider);
154          PD_CERTIFICATE_ATTRIBUTE = builder.getInstance();
155          INSTANCE.registerPropertyDefinition(PD_CERTIFICATE_ATTRIBUTE);
156      }
157    
158    
159    
160      // Build the "certificate-mapper" property definition.
161      static {
162          AggregationPropertyDefinition.Builder<CertificateMapperCfgClient, CertificateMapperCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "certificate-mapper");
163          builder.setOption(PropertyOption.MANDATORY);
164          builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "certificate-mapper"));
165          builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
166          builder.setParentPath("/");
167          builder.setRelationDefinition("certificate-mapper");
168          PD_CERTIFICATE_MAPPER = builder.getInstance();
169          INSTANCE.registerPropertyDefinition(PD_CERTIFICATE_MAPPER);
170          INSTANCE.registerConstraint(PD_CERTIFICATE_MAPPER.getSourceConstraint());
171      }
172    
173    
174    
175      // Build the "certificate-validation-policy" property definition.
176      static {
177          EnumPropertyDefinition.Builder<CertificateValidationPolicy> builder = EnumPropertyDefinition.createBuilder(INSTANCE, "certificate-validation-policy");
178          builder.setOption(PropertyOption.MANDATORY);
179          builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "certificate-validation-policy"));
180          builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<CertificateValidationPolicy>());
181          builder.setEnumClass(CertificateValidationPolicy.class);
182          PD_CERTIFICATE_VALIDATION_POLICY = builder.getInstance();
183          INSTANCE.registerPropertyDefinition(PD_CERTIFICATE_VALIDATION_POLICY);
184      }
185    
186    
187    
188      // Build the "java-class" property definition.
189      static {
190          ClassPropertyDefinition.Builder builder = ClassPropertyDefinition.createBuilder(INSTANCE, "java-class");
191          builder.setOption(PropertyOption.MANDATORY);
192          builder.setOption(PropertyOption.ADVANCED);
193          builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.COMPONENT_RESTART, INSTANCE, "java-class"));
194          DefaultBehaviorProvider<String> provider = new DefinedDefaultBehaviorProvider<String>("org.opends.server.extensions.ExternalSASLMechanismHandler");
195          builder.setDefaultBehaviorProvider(provider);
196          builder.addInstanceOf("org.opends.server.api.SASLMechanismHandler");
197          PD_JAVA_CLASS = builder.getInstance();
198          INSTANCE.registerPropertyDefinition(PD_JAVA_CLASS);
199      }
200    
201    
202    
203      // Register the tags associated with this managed object definition.
204      static {
205        INSTANCE.registerTag(Tag.valueOf("security"));
206      }
207    
208    
209    
210      /**
211       * Get the External SASL Mechanism Handler configuration definition
212       * singleton.
213       *
214       * @return Returns the External SASL Mechanism Handler configuration
215       *         definition singleton.
216       */
217      public static ExternalSASLMechanismHandlerCfgDefn getInstance() {
218        return INSTANCE;
219      }
220    
221    
222    
223      /**
224       * Private constructor.
225       */
226      private ExternalSASLMechanismHandlerCfgDefn() {
227        super("external-sasl-mechanism-handler", SASLMechanismHandlerCfgDefn.getInstance());
228      }
229    
230    
231    
232      /**
233       * {@inheritDoc}
234       */
235      public ExternalSASLMechanismHandlerCfgClient createClientConfiguration(
236          ManagedObject<? extends ExternalSASLMechanismHandlerCfgClient> impl) {
237        return new ExternalSASLMechanismHandlerCfgClientImpl(impl);
238      }
239    
240    
241    
242      /**
243       * {@inheritDoc}
244       */
245      public ExternalSASLMechanismHandlerCfg createServerConfiguration(
246          ServerManagedObject<? extends ExternalSASLMechanismHandlerCfg> impl) {
247        return new ExternalSASLMechanismHandlerCfgServerImpl(impl);
248      }
249    
250    
251    
252      /**
253       * {@inheritDoc}
254       */
255      public Class<ExternalSASLMechanismHandlerCfg> getServerConfigurationClass() {
256        return ExternalSASLMechanismHandlerCfg.class;
257      }
258    
259    
260    
261      /**
262       * Get the "certificate-attribute" property definition.
263       * <p>
264       * Specifies the name of the attribute to hold user certificates.
265       * <p>
266       * This property must specify the name of a valid attribute type
267       * defined in the server schema.
268       *
269       * @return Returns the "certificate-attribute" property definition.
270       */
271      public AttributeTypePropertyDefinition getCertificateAttributePropertyDefinition() {
272        return PD_CERTIFICATE_ATTRIBUTE;
273      }
274    
275    
276    
277      /**
278       * Get the "certificate-mapper" property definition.
279       * <p>
280       * Specifies the name of the certificate mapper that should be used
281       * to match client certificates to user entries.
282       *
283       * @return Returns the "certificate-mapper" property definition.
284       */
285      public AggregationPropertyDefinition<CertificateMapperCfgClient, CertificateMapperCfg> getCertificateMapperPropertyDefinition() {
286        return PD_CERTIFICATE_MAPPER;
287      }
288    
289    
290    
291      /**
292       * Get the "certificate-validation-policy" property definition.
293       * <p>
294       * Indicates whether to attempt to validate the peer certificate
295       * against a certificate held in the user's entry.
296       *
297       * @return Returns the "certificate-validation-policy" property definition.
298       */
299      public EnumPropertyDefinition<CertificateValidationPolicy> getCertificateValidationPolicyPropertyDefinition() {
300        return PD_CERTIFICATE_VALIDATION_POLICY;
301      }
302    
303    
304    
305      /**
306       * Get the "enabled" property definition.
307       * <p>
308       * Indicates whether the SASL mechanism handler is enabled for use.
309       *
310       * @return Returns the "enabled" property definition.
311       */
312      public BooleanPropertyDefinition getEnabledPropertyDefinition() {
313        return SASLMechanismHandlerCfgDefn.getInstance().getEnabledPropertyDefinition();
314      }
315    
316    
317    
318      /**
319       * Get the "java-class" property definition.
320       * <p>
321       * Specifies the fully-qualified name of the Java class that
322       * provides the SASL mechanism handler implementation.
323       *
324       * @return Returns the "java-class" property definition.
325       */
326      public ClassPropertyDefinition getJavaClassPropertyDefinition() {
327        return PD_JAVA_CLASS;
328      }
329    
330    
331    
332      /**
333       * Managed object client implementation.
334       */
335      private static class ExternalSASLMechanismHandlerCfgClientImpl implements
336        ExternalSASLMechanismHandlerCfgClient {
337    
338        // Private implementation.
339        private ManagedObject<? extends ExternalSASLMechanismHandlerCfgClient> impl;
340    
341    
342    
343        // Private constructor.
344        private ExternalSASLMechanismHandlerCfgClientImpl(
345            ManagedObject<? extends ExternalSASLMechanismHandlerCfgClient> impl) {
346          this.impl = impl;
347        }
348    
349    
350    
351        /**
352         * {@inheritDoc}
353         */
354        public AttributeType getCertificateAttribute() {
355          return impl.getPropertyValue(INSTANCE.getCertificateAttributePropertyDefinition());
356        }
357    
358    
359    
360        /**
361         * {@inheritDoc}
362         */
363        public void setCertificateAttribute(AttributeType value) {
364          impl.setPropertyValue(INSTANCE.getCertificateAttributePropertyDefinition(), value);
365        }
366    
367    
368    
369        /**
370         * {@inheritDoc}
371         */
372        public String getCertificateMapper() {
373          return impl.getPropertyValue(INSTANCE.getCertificateMapperPropertyDefinition());
374        }
375    
376    
377    
378        /**
379         * {@inheritDoc}
380         */
381        public void setCertificateMapper(String value) {
382          impl.setPropertyValue(INSTANCE.getCertificateMapperPropertyDefinition(), value);
383        }
384    
385    
386    
387        /**
388         * {@inheritDoc}
389         */
390        public CertificateValidationPolicy getCertificateValidationPolicy() {
391          return impl.getPropertyValue(INSTANCE.getCertificateValidationPolicyPropertyDefinition());
392        }
393    
394    
395    
396        /**
397         * {@inheritDoc}
398         */
399        public void setCertificateValidationPolicy(CertificateValidationPolicy value) {
400          impl.setPropertyValue(INSTANCE.getCertificateValidationPolicyPropertyDefinition(), value);
401        }
402    
403    
404    
405        /**
406         * {@inheritDoc}
407         */
408        public Boolean isEnabled() {
409          return impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition());
410        }
411    
412    
413    
414        /**
415         * {@inheritDoc}
416         */
417        public void setEnabled(boolean value) {
418          impl.setPropertyValue(INSTANCE.getEnabledPropertyDefinition(), value);
419        }
420    
421    
422    
423        /**
424         * {@inheritDoc}
425         */
426        public String getJavaClass() {
427          return impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition());
428        }
429    
430    
431    
432        /**
433         * {@inheritDoc}
434         */
435        public void setJavaClass(String value) {
436          impl.setPropertyValue(INSTANCE.getJavaClassPropertyDefinition(), value);
437        }
438    
439    
440    
441        /**
442         * {@inheritDoc}
443         */
444        public ManagedObjectDefinition<? extends ExternalSASLMechanismHandlerCfgClient, ? extends ExternalSASLMechanismHandlerCfg> definition() {
445          return INSTANCE;
446        }
447    
448    
449    
450        /**
451         * {@inheritDoc}
452         */
453        public PropertyProvider properties() {
454          return impl;
455        }
456    
457    
458    
459        /**
460         * {@inheritDoc}
461         */
462        public void commit() throws ManagedObjectAlreadyExistsException,
463            MissingMandatoryPropertiesException, ConcurrentModificationException,
464            OperationRejectedException, AuthorizationException,
465            CommunicationException {
466          impl.commit();
467        }
468    
469      }
470    
471    
472    
473      /**
474       * Managed object server implementation.
475       */
476      private static class ExternalSASLMechanismHandlerCfgServerImpl implements
477        ExternalSASLMechanismHandlerCfg {
478    
479        // Private implementation.
480        private ServerManagedObject<? extends ExternalSASLMechanismHandlerCfg> impl;
481    
482        // The value of the "certificate-attribute" property.
483        private final AttributeType pCertificateAttribute;
484    
485        // The value of the "certificate-mapper" property.
486        private final String pCertificateMapper;
487    
488        // The value of the "certificate-validation-policy" property.
489        private final CertificateValidationPolicy pCertificateValidationPolicy;
490    
491        // The value of the "enabled" property.
492        private final boolean pEnabled;
493    
494        // The value of the "java-class" property.
495        private final String pJavaClass;
496    
497    
498    
499        // Private constructor.
500        private ExternalSASLMechanismHandlerCfgServerImpl(ServerManagedObject<? extends ExternalSASLMechanismHandlerCfg> impl) {
501          this.impl = impl;
502          this.pCertificateAttribute = impl.getPropertyValue(INSTANCE.getCertificateAttributePropertyDefinition());
503          this.pCertificateMapper = impl.getPropertyValue(INSTANCE.getCertificateMapperPropertyDefinition());
504          this.pCertificateValidationPolicy = impl.getPropertyValue(INSTANCE.getCertificateValidationPolicyPropertyDefinition());
505          this.pEnabled = impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition());
506          this.pJavaClass = impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition());
507        }
508    
509    
510    
511        /**
512         * {@inheritDoc}
513         */
514        public void addExternalChangeListener(
515            ConfigurationChangeListener<ExternalSASLMechanismHandlerCfg> listener) {
516          impl.registerChangeListener(listener);
517        }
518    
519    
520    
521        /**
522         * {@inheritDoc}
523         */
524        public void removeExternalChangeListener(
525            ConfigurationChangeListener<ExternalSASLMechanismHandlerCfg> listener) {
526          impl.deregisterChangeListener(listener);
527        }
528        /**
529         * {@inheritDoc}
530         */
531        public void addChangeListener(
532            ConfigurationChangeListener<SASLMechanismHandlerCfg> listener) {
533          impl.registerChangeListener(listener);
534        }
535    
536    
537    
538        /**
539         * {@inheritDoc}
540         */
541        public void removeChangeListener(
542            ConfigurationChangeListener<SASLMechanismHandlerCfg> listener) {
543          impl.deregisterChangeListener(listener);
544        }
545    
546    
547    
548        /**
549         * {@inheritDoc}
550         */
551        public AttributeType getCertificateAttribute() {
552          return pCertificateAttribute;
553        }
554    
555    
556    
557        /**
558         * {@inheritDoc}
559         */
560        public String getCertificateMapper() {
561          return pCertificateMapper;
562        }
563    
564    
565    
566        /**
567         * {@inheritDoc}
568         */
569        public DN getCertificateMapperDN() {
570          String value = getCertificateMapper();
571          if (value == null) return null;
572          return INSTANCE.getCertificateMapperPropertyDefinition().getChildDN(value);
573        }
574    
575    
576    
577        /**
578         * {@inheritDoc}
579         */
580        public CertificateValidationPolicy getCertificateValidationPolicy() {
581          return pCertificateValidationPolicy;
582        }
583    
584    
585    
586        /**
587         * {@inheritDoc}
588         */
589        public boolean isEnabled() {
590          return pEnabled;
591        }
592    
593    
594    
595        /**
596         * {@inheritDoc}
597         */
598        public String getJavaClass() {
599          return pJavaClass;
600        }
601    
602    
603    
604        /**
605         * {@inheritDoc}
606         */
607        public Class<? extends ExternalSASLMechanismHandlerCfg> configurationClass() {
608          return ExternalSASLMechanismHandlerCfg.class;
609        }
610    
611    
612    
613        /**
614         * {@inheritDoc}
615         */
616        public DN dn() {
617          return impl.getDN();
618        }
619    
620      }
621    }