001    /*
002     * CDDL HEADER START
003     *
004     * The contents of this file are subject to the terms of the
005     * Common Development and Distribution License, Version 1.0 only
006     * (the "License").  You may not use this file except in compliance
007     * with the License.
008     *
009     * You can obtain a copy of the license at
010     * docs/licenses/cddl.txt
011     * or http://www.opensource.org/licenses/cddl1.php.
012     * See the License for the specific language governing permissions
013     * and limitations under the License.
014     *
015     * When distributing Covered Code, include this CDDL HEADER in each
016     * file and include the License file at
017     * docs/licenses/cddl.txt.  If applicable,
018     * add the following below this CDDL HEADER, with the fields enclosed
019     * by brackets "[]" replaced with your own identifying information:
020     *      Portions Copyright [yyyy] [name of copyright owner]
021     *
022     * CDDL HEADER END
023     *
024     *
025     *      Copyright 2010-2013 UnboundID Corp.
026     */
027    package com.unboundid.directory.sdk.common.api;
028    
029    
030    
031    import java.util.Collections;
032    import java.util.List;
033    import java.util.Map;
034    import javax.net.ssl.TrustManager;
035    
036    import com.unboundid.directory.sdk.common.config.TrustManagerProviderConfig;
037    import com.unboundid.directory.sdk.common.internal.ExampleUsageProvider;
038    import com.unboundid.directory.sdk.common.internal.Reconfigurable;
039    import com.unboundid.directory.sdk.common.internal.UnboundIDExtension;
040    import com.unboundid.directory.sdk.common.types.ServerContext;
041    import com.unboundid.directory.sdk.ds.internal.DirectoryServerExtension;
042    import com.unboundid.directory.sdk.proxy.internal.DirectoryProxyServerExtension;
043    import com.unboundid.directory.sdk.sync.internal.SynchronizationServerExtension;
044    import com.unboundid.ldap.sdk.LDAPException;
045    import com.unboundid.ldap.sdk.ResultCode;
046    import com.unboundid.util.Extensible;
047    import com.unboundid.util.ThreadSafety;
048    import com.unboundid.util.ThreadSafetyLevel;
049    import com.unboundid.util.args.ArgumentException;
050    import com.unboundid.util.args.ArgumentParser;
051    
052    
053    
054    /**
055     * This class defines an API that must be implemented by extensions which
056     * provide access to trust managers which are used to determine whether to trust
057     * a certificate that has been presented to the server.  Trust managers are
058     * generally used when performing cryptographic operations, including SSL and
059     * StartTLS communication, in which a certificate is presented to the server.
060     * In such cases, the secure communication will only be allowed if the trust
061     * managers determine that the presented certificate chain is trustworthy.
062     * <BR>
063     * <H2>Configuring Trust Manager Providers</H2>
064     * In order to configure a trust manager provider created using this API, use a
065     * command like:
066     * <PRE>
067     *      dsconfig create-trust-manager-provider \
068     *           --provider-name "<I>{provider-name}</I>" \
069     *           --type third-party \
070     *           --set enabled:true \
071     *           --set "extension-class:<I>{class-name}</I>" \
072     *           --set "extension-argument:<I>{name=value}</I>"
073     * </PRE>
074     * where "<I>{provider-name}</I>" is the name to use for the trust manager
075     * provider instance, "<I>{class-name}</I>" is the fully-qualified name of the
076     * Java class that extends
077     * {@code com.unboundid.directory.sdk.common.api.TrustManagerProvider}, and
078     * "<I>{name=value}</I>" represents name-value pairs for any arguments to
079     * provide to the trust manager provider.  If multiple arguments should be
080     * provided to the trust manager provider, then the
081     * "<CODE>--set extension-argument:<I>{name=value}</I></CODE>" option should be
082     * provided multiple times.
083     */
084    @Extensible()
085    @DirectoryServerExtension()
086    @DirectoryProxyServerExtension(appliesToLocalContent=true,
087         appliesToRemoteContent=false)
088    @SynchronizationServerExtension(appliesToLocalContent=true,
089         appliesToSynchronizedContent=false)
090    @ThreadSafety(level=ThreadSafetyLevel.INTERFACE_THREADSAFE)
091    public abstract class TrustManagerProvider
092           implements UnboundIDExtension,
093                      Reconfigurable<TrustManagerProviderConfig>,
094                      ExampleUsageProvider
095    {
096      /**
097       * Creates a new instance of this trust manager provider.  All trust manager
098       * provider implementations must include a default constructor, but any
099       * initialization should generally be done in the
100       * {@code initializeTrustManagerProvider} method.
101       */
102      public TrustManagerProvider()
103      {
104        // No implementation is required.
105      }
106    
107    
108    
109      /**
110       * {@inheritDoc}
111       */
112      public abstract String getExtensionName();
113    
114    
115    
116      /**
117       * {@inheritDoc}
118       */
119      public abstract String[] getExtensionDescription();
120    
121    
122    
123      /**
124       * {@inheritDoc}
125       */
126      public void defineConfigArguments(final ArgumentParser parser)
127             throws ArgumentException
128      {
129        // No arguments will be allowed by default.
130      }
131    
132    
133    
134      /**
135       * Initializes this trust manager provider.
136       *
137       * @param  serverContext  A handle to the server context for the server in
138       *                        which this extension is running.
139       * @param  config         The general configuration for this trust manager
140       *                        provider.
141       * @param  parser         The argument parser which has been initialized from
142       *                        the configuration for this trust manager provider.
143       *
144       * @throws  LDAPException  If a problem occurs while initializing this
145       *                         trust manager provider.
146       */
147      public void initializeTrustManagerProvider(final ServerContext serverContext,
148                       final TrustManagerProviderConfig config,
149                       final ArgumentParser parser)
150             throws LDAPException
151      {
152        // No initialization will be performed by default.
153      }
154    
155    
156    
157      /**
158       * {@inheritDoc}
159       */
160      public boolean isConfigurationAcceptable(
161                          final TrustManagerProviderConfig config,
162                          final ArgumentParser parser,
163                          final List<String> unacceptableReasons)
164      {
165        // No extended validation will be performed by default.
166        return true;
167      }
168    
169    
170    
171      /**
172       * {@inheritDoc}
173       */
174      public ResultCode applyConfiguration(final TrustManagerProviderConfig config,
175                                           final ArgumentParser parser,
176                                           final List<String> adminActionsRequired,
177                                           final List<String> messages)
178      {
179        // By default, no configuration changes will be applied.  If there are any
180        // arguments, then add an admin action message indicating that the extension
181        // needs to be restarted for any changes to take effect.
182        if (! parser.getNamedArguments().isEmpty())
183        {
184          adminActionsRequired.add(
185               "No configuration change has actually been applied.  The new " +
186                    "configuration will not take effect until this trust manager " +
187                    "provider is disabled and re-enabled or until the server is " +
188                    "restarted.");
189        }
190    
191        return ResultCode.SUCCESS;
192      }
193    
194    
195    
196      /**
197       * Performs any cleanup which may be necessary when this trust manager
198       * provider is to be taken out of service.
199       */
200      public void finalizeTrustManagerProvider()
201      {
202        // No implementation is required.
203      }
204    
205    
206    
207      /**
208       * Retrieves a set of trust managers that may be used for operations within
209       * the server which may need to determine whether to trust a presented
210       * certificate chain.
211       *
212       * @return  The set of trust managers that may be used for operations within
213       *          the server which may need to determine whether to trust a
214       *          presented certificate chain.
215       *
216       * @throws  LDAPException  If a problem occurs while attempting to retrieve
217       *                         the trust managers.
218       */
219      public abstract TrustManager[] getTrustManagers()
220             throws LDAPException;
221    
222    
223    
224      /**
225       * {@inheritDoc}
226       */
227      public Map<List<String>,String> getExamplesArgumentSets()
228      {
229        return Collections.emptyMap();
230      }
231    }