Package org.opends.server.extensions

Class SubjectAttributeToUserAttributeCertificateMapper

java.lang.Object

org.opends.server.api.CertificateMapper<SubjectAttributeToUserAttributeCertificateMapperCfg>

org.opends.server.extensions.SubjectAttributeToUserAttributeCertificateMapper

All Implemented Interfaces:

ConfigurationChangeListener<SubjectAttributeToUserAttributeCertificateMapperCfg>

public final class SubjectAttributeToUserAttributeCertificateMapper
extends CertificateMapper<SubjectAttributeToUserAttributeCertificateMapperCfg>

This class implements a very simple Directory Server certificate mapper that will map a certificate to a user based on attributes contained in both the certificate subject and the user's entry. The configuration may include mappings from certificate attributes to attributes in user entries, and all of those certificate attributes that are present in the subject will be used to search for matching user entries.

Constructor Summary

Constructors

Constructor	Description
SubjectAttributeToUserAttributeCertificateMapper()	Creates a new instance of this certificate mapper.

Method Summary

Modifier and Type	Method	Description
protected ConfigChangeResult	applyConfigurationChange0(SubjectAttributeToUserAttributeCertificateMapperCfg configuration)	Implements certificate mapper specific actions when updating the configuration.
void	finalizeCertificateMapper()	Performs any finalization that may be necessary for this certificate mapper.
protected void	initializeCertificateMapper0(SubjectAttributeToUserAttributeCertificateMapperCfg configuration)	Implements certificate mapper specific actions when initializing the certificate mapper.
boolean	isConfigurationAcceptable(SubjectAttributeToUserAttributeCertificateMapperCfg configuration, List<LocalizableMessage> unacceptableReasons)	Indicates whether the provided configuration is acceptable for this certificate mapper.
boolean	isConfigurationChangeAcceptable(SubjectAttributeToUserAttributeCertificateMapperCfg configuration, List<LocalizableMessage> unacceptableReasons)	Indicates whether the proposed change to the configuration is acceptable to this change listener.
protected Entry	mapCertificateToUser0(Certificate[] certificateChain)	Implements certificate mapper specific logic for mapping the provided certificate to a user entry.

Methods inherited from class org.opends.server.api.CertificateMapper

applyConfigurationChange, getServerContext, initializeCertificateMapper, mapCertificateToUser, setServerContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SubjectAttributeToUserAttributeCertificateMapper

public SubjectAttributeToUserAttributeCertificateMapper()

Creates a new instance of this certificate mapper. Note that all actual initialization should be done in the initializeCertificateMapper method.

Method Details

initializeCertificateMapper0

protected void initializeCertificateMapper0(SubjectAttributeToUserAttributeCertificateMapperCfg configuration)
                                     throws ConfigException

Description copied from class: CertificateMapper

Implements certificate mapper specific actions when initializing the certificate mapper.

Specified by:

initializeCertificateMapper0 in class CertificateMapper<SubjectAttributeToUserAttributeCertificateMapperCfg>

Parameters:

configuration - The configuration that should be used to initialize this certificate mapper.

Throws:

ConfigException - If the provided entry does not contain a valid certificate mapper configuration.

finalizeCertificateMapper

public void finalizeCertificateMapper()

Description copied from class: CertificateMapper

Performs any finalization that may be necessary for this certificate mapper. By default, no finalization is performed.

Overrides:

finalizeCertificateMapper in class CertificateMapper<SubjectAttributeToUserAttributeCertificateMapperCfg>

mapCertificateToUser0

protected Entry mapCertificateToUser0(Certificate[] certificateChain)
                               throws LdapException

Description copied from class: CertificateMapper

Implements certificate mapper specific logic for mapping the provided certificate to a user entry.

Specified by:

mapCertificateToUser0 in class CertificateMapper<SubjectAttributeToUserAttributeCertificateMapperCfg>

Parameters:

certificateChain - The certificate chain presented by the client during SSL negotiation. The peer certificate will be listed first, followed by the ordered issuer chain as appropriate.

Returns:

The entry for the user to whom the mapping was established, or null if no mapping was established and no special message is required to send back to the client.

Throws:

LdapException - If a problem occurred while attempting to establish the mapping. This may include internal failures, a mapping which matches multiple users, or any other case in which an error message should be returned to the client.

isConfigurationAcceptable

public boolean isConfigurationAcceptable(SubjectAttributeToUserAttributeCertificateMapperCfg configuration,
 List<LocalizableMessage> unacceptableReasons)

Description copied from class: CertificateMapper

Indicates whether the provided configuration is acceptable for this certificate mapper. It should be possible to call this method on an uninitialized certificate mapper instance in order to determine whether the certificate mapper would be able to use the provided configuration.

Overrides:

isConfigurationAcceptable in class CertificateMapper<SubjectAttributeToUserAttributeCertificateMapperCfg>

Parameters:

configuration - The certificate mapper configuration for which to make the determination.

unacceptableReasons - A list that may be used to hold the reasons that the provided configuration is not acceptable.

Returns:

true if the provided configuration is acceptable for this certificate mapper, or false if not.

isConfigurationChangeAcceptable

public boolean isConfigurationChangeAcceptable(SubjectAttributeToUserAttributeCertificateMapperCfg configuration,
 List<LocalizableMessage> unacceptableReasons)

Description copied from interface: ConfigurationChangeListener

Indicates whether the proposed change to the configuration is acceptable to this change listener.

Specified by:

isConfigurationChangeAcceptable in interface ConfigurationChangeListener<SubjectAttributeToUserAttributeCertificateMapperCfg>

Overrides:

isConfigurationChangeAcceptable in class CertificateMapper<SubjectAttributeToUserAttributeCertificateMapperCfg>

Parameters:

configuration - The new configuration containing the changes.

unacceptableReasons - A list that can be used to hold messages about why the provided configuration is not acceptable.

Returns:

Returns true if the proposed change is acceptable, or false if it is not.

applyConfigurationChange0

protected ConfigChangeResult applyConfigurationChange0(SubjectAttributeToUserAttributeCertificateMapperCfg configuration)

Description copied from class: CertificateMapper

Implements certificate mapper specific actions when updating the configuration.

Specified by:

applyConfigurationChange0 in class CertificateMapper<SubjectAttributeToUserAttributeCertificateMapperCfg>

Parameters:

configuration - the new configuration to use

Returns:

the result of applying the new configuration