001 /* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at 010 * trunk/opends/resource/legal-notices/OpenDS.LICENSE 011 * or https://OpenDS.dev.java.net/OpenDS.LICENSE. 012 * See the License for the specific language governing permissions 013 * and limitations under the License. 014 * 015 * When distributing Covered Code, include this CDDL HEADER in each 016 * file and include the License file at 017 * trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable, 018 * add the following below this CDDL HEADER, with the fields enclosed 019 * by brackets "[]" replaced with your own identifying information: 020 * Portions Copyright [yyyy] [name of copyright owner] 021 * 022 * CDDL HEADER END 023 * 024 * 025 * Copyright 2008 Sun Microsystems, Inc. 026 */ 027 package org.opends.server.admin.std.meta; 028 029 030 031 import org.opends.server.admin.AdministratorAction; 032 import org.opends.server.admin.AggregationPropertyDefinition; 033 import org.opends.server.admin.AttributeTypePropertyDefinition; 034 import org.opends.server.admin.BooleanPropertyDefinition; 035 import org.opends.server.admin.ClassPropertyDefinition; 036 import org.opends.server.admin.client.AuthorizationException; 037 import org.opends.server.admin.client.CommunicationException; 038 import org.opends.server.admin.client.ConcurrentModificationException; 039 import org.opends.server.admin.client.ManagedObject; 040 import org.opends.server.admin.client.MissingMandatoryPropertiesException; 041 import org.opends.server.admin.client.OperationRejectedException; 042 import org.opends.server.admin.DefaultBehaviorProvider; 043 import org.opends.server.admin.DefinedDefaultBehaviorProvider; 044 import org.opends.server.admin.EnumPropertyDefinition; 045 import org.opends.server.admin.ManagedObjectAlreadyExistsException; 046 import org.opends.server.admin.ManagedObjectDefinition; 047 import org.opends.server.admin.PropertyOption; 048 import org.opends.server.admin.PropertyProvider; 049 import org.opends.server.admin.server.ConfigurationChangeListener; 050 import org.opends.server.admin.server.ServerManagedObject; 051 import org.opends.server.admin.std.client.CertificateMapperCfgClient; 052 import org.opends.server.admin.std.client.ExternalSASLMechanismHandlerCfgClient; 053 import org.opends.server.admin.std.server.CertificateMapperCfg; 054 import org.opends.server.admin.std.server.ExternalSASLMechanismHandlerCfg; 055 import org.opends.server.admin.std.server.SASLMechanismHandlerCfg; 056 import org.opends.server.admin.Tag; 057 import org.opends.server.admin.UndefinedDefaultBehaviorProvider; 058 import org.opends.server.types.AttributeType; 059 import org.opends.server.types.DN; 060 061 062 063 /** 064 * An interface for querying the External SASL Mechanism Handler 065 * managed object definition meta information. 066 * <p> 067 * The External SASL Mechanism Handler performs all processing related 068 * to SASL EXTERNAL authentication. 069 */ 070 public final class ExternalSASLMechanismHandlerCfgDefn extends ManagedObjectDefinition<ExternalSASLMechanismHandlerCfgClient, ExternalSASLMechanismHandlerCfg> { 071 072 // The singleton configuration definition instance. 073 private static final ExternalSASLMechanismHandlerCfgDefn INSTANCE = new ExternalSASLMechanismHandlerCfgDefn(); 074 075 076 077 /** 078 * Defines the set of permissable values for the "certificate-validation-policy" property. 079 * <p> 080 * Indicates whether to attempt to validate the peer certificate 081 * against a certificate held in the user's entry. 082 */ 083 public static enum CertificateValidationPolicy { 084 085 /** 086 * Always require the peer certificate to be present in the user's 087 * entry. 088 */ 089 ALWAYS("always"), 090 091 092 093 /** 094 * If the user's entry contains one or more certificates, require 095 * that one of them match the peer certificate. 096 */ 097 IFPRESENT("ifpresent"), 098 099 100 101 /** 102 * Do not look for the peer certificate to be present in the 103 * user's entry. 104 */ 105 NEVER("never"); 106 107 108 109 // String representation of the value. 110 private final String name; 111 112 113 114 // Private constructor. 115 private CertificateValidationPolicy(String name) { this.name = name; } 116 117 118 119 /** 120 * {@inheritDoc} 121 */ 122 public String toString() { return name; } 123 124 } 125 126 127 128 // The "certificate-attribute" property definition. 129 private static final AttributeTypePropertyDefinition PD_CERTIFICATE_ATTRIBUTE; 130 131 132 133 // The "certificate-mapper" property definition. 134 private static final AggregationPropertyDefinition<CertificateMapperCfgClient, CertificateMapperCfg> PD_CERTIFICATE_MAPPER; 135 136 137 138 // The "certificate-validation-policy" property definition. 139 private static final EnumPropertyDefinition<CertificateValidationPolicy> PD_CERTIFICATE_VALIDATION_POLICY; 140 141 142 143 // The "java-class" property definition. 144 private static final ClassPropertyDefinition PD_JAVA_CLASS; 145 146 147 148 // Build the "certificate-attribute" property definition. 149 static { 150 AttributeTypePropertyDefinition.Builder builder = AttributeTypePropertyDefinition.createBuilder(INSTANCE, "certificate-attribute"); 151 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "certificate-attribute")); 152 DefaultBehaviorProvider<AttributeType> provider = new DefinedDefaultBehaviorProvider<AttributeType>("userCertificate"); 153 builder.setDefaultBehaviorProvider(provider); 154 PD_CERTIFICATE_ATTRIBUTE = builder.getInstance(); 155 INSTANCE.registerPropertyDefinition(PD_CERTIFICATE_ATTRIBUTE); 156 } 157 158 159 160 // Build the "certificate-mapper" property definition. 161 static { 162 AggregationPropertyDefinition.Builder<CertificateMapperCfgClient, CertificateMapperCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "certificate-mapper"); 163 builder.setOption(PropertyOption.MANDATORY); 164 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "certificate-mapper")); 165 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>()); 166 builder.setParentPath("/"); 167 builder.setRelationDefinition("certificate-mapper"); 168 PD_CERTIFICATE_MAPPER = builder.getInstance(); 169 INSTANCE.registerPropertyDefinition(PD_CERTIFICATE_MAPPER); 170 INSTANCE.registerConstraint(PD_CERTIFICATE_MAPPER.getSourceConstraint()); 171 } 172 173 174 175 // Build the "certificate-validation-policy" property definition. 176 static { 177 EnumPropertyDefinition.Builder<CertificateValidationPolicy> builder = EnumPropertyDefinition.createBuilder(INSTANCE, "certificate-validation-policy"); 178 builder.setOption(PropertyOption.MANDATORY); 179 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "certificate-validation-policy")); 180 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<CertificateValidationPolicy>()); 181 builder.setEnumClass(CertificateValidationPolicy.class); 182 PD_CERTIFICATE_VALIDATION_POLICY = builder.getInstance(); 183 INSTANCE.registerPropertyDefinition(PD_CERTIFICATE_VALIDATION_POLICY); 184 } 185 186 187 188 // Build the "java-class" property definition. 189 static { 190 ClassPropertyDefinition.Builder builder = ClassPropertyDefinition.createBuilder(INSTANCE, "java-class"); 191 builder.setOption(PropertyOption.MANDATORY); 192 builder.setOption(PropertyOption.ADVANCED); 193 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.COMPONENT_RESTART, INSTANCE, "java-class")); 194 DefaultBehaviorProvider<String> provider = new DefinedDefaultBehaviorProvider<String>("org.opends.server.extensions.ExternalSASLMechanismHandler"); 195 builder.setDefaultBehaviorProvider(provider); 196 builder.addInstanceOf("org.opends.server.api.SASLMechanismHandler"); 197 PD_JAVA_CLASS = builder.getInstance(); 198 INSTANCE.registerPropertyDefinition(PD_JAVA_CLASS); 199 } 200 201 202 203 // Register the tags associated with this managed object definition. 204 static { 205 INSTANCE.registerTag(Tag.valueOf("security")); 206 } 207 208 209 210 /** 211 * Get the External SASL Mechanism Handler configuration definition 212 * singleton. 213 * 214 * @return Returns the External SASL Mechanism Handler configuration 215 * definition singleton. 216 */ 217 public static ExternalSASLMechanismHandlerCfgDefn getInstance() { 218 return INSTANCE; 219 } 220 221 222 223 /** 224 * Private constructor. 225 */ 226 private ExternalSASLMechanismHandlerCfgDefn() { 227 super("external-sasl-mechanism-handler", SASLMechanismHandlerCfgDefn.getInstance()); 228 } 229 230 231 232 /** 233 * {@inheritDoc} 234 */ 235 public ExternalSASLMechanismHandlerCfgClient createClientConfiguration( 236 ManagedObject<? extends ExternalSASLMechanismHandlerCfgClient> impl) { 237 return new ExternalSASLMechanismHandlerCfgClientImpl(impl); 238 } 239 240 241 242 /** 243 * {@inheritDoc} 244 */ 245 public ExternalSASLMechanismHandlerCfg createServerConfiguration( 246 ServerManagedObject<? extends ExternalSASLMechanismHandlerCfg> impl) { 247 return new ExternalSASLMechanismHandlerCfgServerImpl(impl); 248 } 249 250 251 252 /** 253 * {@inheritDoc} 254 */ 255 public Class<ExternalSASLMechanismHandlerCfg> getServerConfigurationClass() { 256 return ExternalSASLMechanismHandlerCfg.class; 257 } 258 259 260 261 /** 262 * Get the "certificate-attribute" property definition. 263 * <p> 264 * Specifies the name of the attribute to hold user certificates. 265 * <p> 266 * This property must specify the name of a valid attribute type 267 * defined in the server schema. 268 * 269 * @return Returns the "certificate-attribute" property definition. 270 */ 271 public AttributeTypePropertyDefinition getCertificateAttributePropertyDefinition() { 272 return PD_CERTIFICATE_ATTRIBUTE; 273 } 274 275 276 277 /** 278 * Get the "certificate-mapper" property definition. 279 * <p> 280 * Specifies the name of the certificate mapper that should be used 281 * to match client certificates to user entries. 282 * 283 * @return Returns the "certificate-mapper" property definition. 284 */ 285 public AggregationPropertyDefinition<CertificateMapperCfgClient, CertificateMapperCfg> getCertificateMapperPropertyDefinition() { 286 return PD_CERTIFICATE_MAPPER; 287 } 288 289 290 291 /** 292 * Get the "certificate-validation-policy" property definition. 293 * <p> 294 * Indicates whether to attempt to validate the peer certificate 295 * against a certificate held in the user's entry. 296 * 297 * @return Returns the "certificate-validation-policy" property definition. 298 */ 299 public EnumPropertyDefinition<CertificateValidationPolicy> getCertificateValidationPolicyPropertyDefinition() { 300 return PD_CERTIFICATE_VALIDATION_POLICY; 301 } 302 303 304 305 /** 306 * Get the "enabled" property definition. 307 * <p> 308 * Indicates whether the SASL mechanism handler is enabled for use. 309 * 310 * @return Returns the "enabled" property definition. 311 */ 312 public BooleanPropertyDefinition getEnabledPropertyDefinition() { 313 return SASLMechanismHandlerCfgDefn.getInstance().getEnabledPropertyDefinition(); 314 } 315 316 317 318 /** 319 * Get the "java-class" property definition. 320 * <p> 321 * Specifies the fully-qualified name of the Java class that 322 * provides the SASL mechanism handler implementation. 323 * 324 * @return Returns the "java-class" property definition. 325 */ 326 public ClassPropertyDefinition getJavaClassPropertyDefinition() { 327 return PD_JAVA_CLASS; 328 } 329 330 331 332 /** 333 * Managed object client implementation. 334 */ 335 private static class ExternalSASLMechanismHandlerCfgClientImpl implements 336 ExternalSASLMechanismHandlerCfgClient { 337 338 // Private implementation. 339 private ManagedObject<? extends ExternalSASLMechanismHandlerCfgClient> impl; 340 341 342 343 // Private constructor. 344 private ExternalSASLMechanismHandlerCfgClientImpl( 345 ManagedObject<? extends ExternalSASLMechanismHandlerCfgClient> impl) { 346 this.impl = impl; 347 } 348 349 350 351 /** 352 * {@inheritDoc} 353 */ 354 public AttributeType getCertificateAttribute() { 355 return impl.getPropertyValue(INSTANCE.getCertificateAttributePropertyDefinition()); 356 } 357 358 359 360 /** 361 * {@inheritDoc} 362 */ 363 public void setCertificateAttribute(AttributeType value) { 364 impl.setPropertyValue(INSTANCE.getCertificateAttributePropertyDefinition(), value); 365 } 366 367 368 369 /** 370 * {@inheritDoc} 371 */ 372 public String getCertificateMapper() { 373 return impl.getPropertyValue(INSTANCE.getCertificateMapperPropertyDefinition()); 374 } 375 376 377 378 /** 379 * {@inheritDoc} 380 */ 381 public void setCertificateMapper(String value) { 382 impl.setPropertyValue(INSTANCE.getCertificateMapperPropertyDefinition(), value); 383 } 384 385 386 387 /** 388 * {@inheritDoc} 389 */ 390 public CertificateValidationPolicy getCertificateValidationPolicy() { 391 return impl.getPropertyValue(INSTANCE.getCertificateValidationPolicyPropertyDefinition()); 392 } 393 394 395 396 /** 397 * {@inheritDoc} 398 */ 399 public void setCertificateValidationPolicy(CertificateValidationPolicy value) { 400 impl.setPropertyValue(INSTANCE.getCertificateValidationPolicyPropertyDefinition(), value); 401 } 402 403 404 405 /** 406 * {@inheritDoc} 407 */ 408 public Boolean isEnabled() { 409 return impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition()); 410 } 411 412 413 414 /** 415 * {@inheritDoc} 416 */ 417 public void setEnabled(boolean value) { 418 impl.setPropertyValue(INSTANCE.getEnabledPropertyDefinition(), value); 419 } 420 421 422 423 /** 424 * {@inheritDoc} 425 */ 426 public String getJavaClass() { 427 return impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition()); 428 } 429 430 431 432 /** 433 * {@inheritDoc} 434 */ 435 public void setJavaClass(String value) { 436 impl.setPropertyValue(INSTANCE.getJavaClassPropertyDefinition(), value); 437 } 438 439 440 441 /** 442 * {@inheritDoc} 443 */ 444 public ManagedObjectDefinition<? extends ExternalSASLMechanismHandlerCfgClient, ? extends ExternalSASLMechanismHandlerCfg> definition() { 445 return INSTANCE; 446 } 447 448 449 450 /** 451 * {@inheritDoc} 452 */ 453 public PropertyProvider properties() { 454 return impl; 455 } 456 457 458 459 /** 460 * {@inheritDoc} 461 */ 462 public void commit() throws ManagedObjectAlreadyExistsException, 463 MissingMandatoryPropertiesException, ConcurrentModificationException, 464 OperationRejectedException, AuthorizationException, 465 CommunicationException { 466 impl.commit(); 467 } 468 469 } 470 471 472 473 /** 474 * Managed object server implementation. 475 */ 476 private static class ExternalSASLMechanismHandlerCfgServerImpl implements 477 ExternalSASLMechanismHandlerCfg { 478 479 // Private implementation. 480 private ServerManagedObject<? extends ExternalSASLMechanismHandlerCfg> impl; 481 482 // The value of the "certificate-attribute" property. 483 private final AttributeType pCertificateAttribute; 484 485 // The value of the "certificate-mapper" property. 486 private final String pCertificateMapper; 487 488 // The value of the "certificate-validation-policy" property. 489 private final CertificateValidationPolicy pCertificateValidationPolicy; 490 491 // The value of the "enabled" property. 492 private final boolean pEnabled; 493 494 // The value of the "java-class" property. 495 private final String pJavaClass; 496 497 498 499 // Private constructor. 500 private ExternalSASLMechanismHandlerCfgServerImpl(ServerManagedObject<? extends ExternalSASLMechanismHandlerCfg> impl) { 501 this.impl = impl; 502 this.pCertificateAttribute = impl.getPropertyValue(INSTANCE.getCertificateAttributePropertyDefinition()); 503 this.pCertificateMapper = impl.getPropertyValue(INSTANCE.getCertificateMapperPropertyDefinition()); 504 this.pCertificateValidationPolicy = impl.getPropertyValue(INSTANCE.getCertificateValidationPolicyPropertyDefinition()); 505 this.pEnabled = impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition()); 506 this.pJavaClass = impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition()); 507 } 508 509 510 511 /** 512 * {@inheritDoc} 513 */ 514 public void addExternalChangeListener( 515 ConfigurationChangeListener<ExternalSASLMechanismHandlerCfg> listener) { 516 impl.registerChangeListener(listener); 517 } 518 519 520 521 /** 522 * {@inheritDoc} 523 */ 524 public void removeExternalChangeListener( 525 ConfigurationChangeListener<ExternalSASLMechanismHandlerCfg> listener) { 526 impl.deregisterChangeListener(listener); 527 } 528 /** 529 * {@inheritDoc} 530 */ 531 public void addChangeListener( 532 ConfigurationChangeListener<SASLMechanismHandlerCfg> listener) { 533 impl.registerChangeListener(listener); 534 } 535 536 537 538 /** 539 * {@inheritDoc} 540 */ 541 public void removeChangeListener( 542 ConfigurationChangeListener<SASLMechanismHandlerCfg> listener) { 543 impl.deregisterChangeListener(listener); 544 } 545 546 547 548 /** 549 * {@inheritDoc} 550 */ 551 public AttributeType getCertificateAttribute() { 552 return pCertificateAttribute; 553 } 554 555 556 557 /** 558 * {@inheritDoc} 559 */ 560 public String getCertificateMapper() { 561 return pCertificateMapper; 562 } 563 564 565 566 /** 567 * {@inheritDoc} 568 */ 569 public DN getCertificateMapperDN() { 570 String value = getCertificateMapper(); 571 if (value == null) return null; 572 return INSTANCE.getCertificateMapperPropertyDefinition().getChildDN(value); 573 } 574 575 576 577 /** 578 * {@inheritDoc} 579 */ 580 public CertificateValidationPolicy getCertificateValidationPolicy() { 581 return pCertificateValidationPolicy; 582 } 583 584 585 586 /** 587 * {@inheritDoc} 588 */ 589 public boolean isEnabled() { 590 return pEnabled; 591 } 592 593 594 595 /** 596 * {@inheritDoc} 597 */ 598 public String getJavaClass() { 599 return pJavaClass; 600 } 601 602 603 604 /** 605 * {@inheritDoc} 606 */ 607 public Class<? extends ExternalSASLMechanismHandlerCfg> configurationClass() { 608 return ExternalSASLMechanismHandlerCfg.class; 609 } 610 611 612 613 /** 614 * {@inheritDoc} 615 */ 616 public DN dn() { 617 return impl.getDN(); 618 } 619 620 } 621 }