org.opends.server.extensions
Class SubjectEqualsDNCertificateMapper

java.lang.Object
  extended by org.opends.server.api.CertificateMapper<SubjectEqualsDNCertificateMapperCfg>
      extended by org.opends.server.extensions.SubjectEqualsDNCertificateMapper

public class SubjectEqualsDNCertificateMapper
extends CertificateMapper<SubjectEqualsDNCertificateMapperCfg>

This class implements a very simple Directory Server certificate mapper that will map a certificate to a user only if the subject of the peer certificate exactly matches the DN of a user in the Directory Server.


Constructor Summary
SubjectEqualsDNCertificateMapper()
          Creates a new instance of this certificate mapper.
 
Method Summary
 void initializeCertificateMapper(SubjectEqualsDNCertificateMapperCfg configuration)
          Initializes this certificate mapper based on the information in the provided configuration entry.
 Entry mapCertificateToUser(java.security.cert.Certificate[] certificateChain)
          Establishes a mapping between the information in the provided certificate chain to the DN of a single user in the Directory Server.
 
Methods inherited from class org.opends.server.api.CertificateMapper
finalizeCertificateMapper, isConfigurationAcceptable
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SubjectEqualsDNCertificateMapper

public SubjectEqualsDNCertificateMapper()
Creates a new instance of this certificate mapper. Note that all actual initialization should be done in the initializeCertificateMapper method.

Method Detail

initializeCertificateMapper

public void initializeCertificateMapper(SubjectEqualsDNCertificateMapperCfg configuration)
                                 throws ConfigException,
                                        InitializationException
Initializes this certificate mapper based on the information in the provided configuration entry.

Specified by:
initializeCertificateMapper in class CertificateMapper<SubjectEqualsDNCertificateMapperCfg>
Parameters:
configuration - The configuration that should be used to intialize this certificate mapper.
Throws:
ConfigException - If the provided entry does not contain a valid certificate mapper configuration.
InitializationException - If a problem occurs during initialization that is not related to the server configuration.

mapCertificateToUser

public Entry mapCertificateToUser(java.security.cert.Certificate[] certificateChain)
                           throws DirectoryException
Establishes a mapping between the information in the provided certificate chain to the DN of a single user in the Directory Server.

Specified by:
mapCertificateToUser in class CertificateMapper<SubjectEqualsDNCertificateMapperCfg>
Parameters:
certificateChain - The certificate chain presented by the client during SSL negotiation. The peer certificate will be listed first, followed by the ordered issuer chain as appropriate.
Returns:
The DN of the one user to whom the mapping was established, or null if no mapping was established and no special message is required to send back to the client.
Throws:
DirectoryException - If a problem occurred while attempting to establish the mapping. This may include internal failures, a mapping which matches multiple users, or any other case in which an error message should be returned to the client.