Package org.opends.server.api

Class CertificateMapper<T extends CertificateMapperCfg>

java.lang.Object
org.opends.server.api.CertificateMapper<T>
Type Parameters:
T - The type of configuration handled by this certificate mapper.
All Implemented Interfaces:
ConfigurationChangeListener<T>
Direct Known Subclasses:
FingerprintCertificateMapper, SubjectAttributeToUserAttributeCertificateMapper, SubjectDNToUserAttributeCertificateMapper, SubjectEqualsDNCertificateMapper
public abstract class CertificateMapper<T extends CertificateMapperCfg> extends Object implements ConfigurationChangeListener<T>
This class defines the set of methods and structures that must be implemented by a Directory Server module that implements the functionality required to uniquely map an SSL client certificate to a Directory Server user entry.

  • Constructor Details

    • CertificateMapper

      public CertificateMapper()

  • Method Details

    • initializeCertificateMapper

      public final void initializeCertificateMapper(T configuration) throws ConfigException, InitializationException
      Initializes this certificate mapper based on the information in the provided configuration entry.
      Parameters:
      configuration - The configuration that should be used to initialize this certificate mapper.
      Throws:
      ConfigException - If the provided entry does not contain a valid certificate mapper configuration.
      InitializationException - If a problem occurs during initialization that is not related to the server configuration.

    • initializeCertificateMapper0

      protected abstract void initializeCertificateMapper0(T configuration) throws ConfigException, InitializationException
      Implements certificate mapper specific actions when initializing the certificate mapper.
      Parameters:
      configuration - The configuration that should be used to initialize this certificate mapper.
      Throws:
      ConfigException - If the provided entry does not contain a valid certificate mapper configuration.
      InitializationException - If a problem occurs during initialization that is not related to the server configuration.

    • isConfigurationAcceptable

      public boolean isConfigurationAcceptable(T configuration, List<LocalizableMessage> unacceptableReasons)
      Indicates whether the provided configuration is acceptable for this certificate mapper. It should be possible to call this method on an uninitialized certificate mapper instance in order to determine whether the certificate mapper would be able to use the provided configuration.
      Parameters:
      configuration - The certificate mapper configuration for which to make the determination.
      unacceptableReasons - A list that may be used to hold the reasons that the provided configuration is not acceptable.
      Returns:
      true if the provided configuration is acceptable for this certificate mapper, or false if not.

    • finalizeCertificateMapper

      public void finalizeCertificateMapper()
      Performs any finalization that may be necessary for this certificate mapper. By default, no finalization is performed.

    • mapCertificateToUser

      public final Entry mapCertificateToUser(Certificate[] certificateChain) throws LdapException
      Establishes a mapping between the information in the provided certificate chain and a single user entry in the Directory Server.
      Parameters:
      certificateChain - The certificate chain presented by the client during SSL negotiation. The peer certificate will be listed first, followed by the ordered issuer chain as appropriate.
      Returns:
      The entry for the user to whom the mapping was established, or null if no mapping was established and no special message is required to send back to the client.
      Throws:
      LdapException - If a problem occurred while attempting to establish the mapping. This may include internal failures, a mapping which matches multiple users, or any other case in which an error message should be returned to the client.

    • mapCertificateToUser0

      protected abstract Entry mapCertificateToUser0(Certificate[] certificateChain) throws LdapException
      Implements certificate mapper specific logic for mapping the provided certificate to a user entry.
      Parameters:
      certificateChain - The certificate chain presented by the client during SSL negotiation. The peer certificate will be listed first, followed by the ordered issuer chain as appropriate.
      Returns:
      The entry for the user to whom the mapping was established, or null if no mapping was established and no special message is required to send back to the client.
      Throws:
      LdapException - If a problem occurred while attempting to establish the mapping. This may include internal failures, a mapping which matches multiple users, or any other case in which an error message should be returned to the client.

    • isConfigurationChangeAcceptable

      public boolean isConfigurationChangeAcceptable(T configuration, List<LocalizableMessage> unacceptableReasons)
      Description copied from interface: ConfigurationChangeListener
      Indicates whether the proposed change to the configuration is acceptable to this change listener.
      Specified by:
      isConfigurationChangeAcceptable in interface ConfigurationChangeListener<T extends CertificateMapperCfg>
      Parameters:
      configuration - The new configuration containing the changes.
      unacceptableReasons - A list that can be used to hold messages about why the provided configuration is not acceptable.
      Returns:
      Returns true if the proposed change is acceptable, or false if it is not.

    • applyConfigurationChange

      public ConfigChangeResult applyConfigurationChange(T configuration)
      Description copied from interface: ConfigurationChangeListener
      Applies the configuration changes to this change listener.
      Specified by:
      applyConfigurationChange in interface ConfigurationChangeListener<T extends CertificateMapperCfg>
      Parameters:
      configuration - The new configuration containing the changes.
      Returns:
      Returns information about the result of changing the configuration.

    • applyConfigurationChange0

      protected abstract ConfigChangeResult applyConfigurationChange0(T configuration)
      Implements certificate mapper specific actions when updating the configuration.
      Parameters:
      configuration - the new configuration to use
      Returns:
      the result of applying the new configuration

    • getServerContext

      protected ServerContext getServerContext()
      Returns the server context.
      Returns:
      the server context

    • setServerContext

      public void setServerContext(ServerContext serverContext)
      Sets the server context.
      Parameters:
      serverContext - the server context