001 /* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at 010 * docs/licenses/cddl.txt 011 * or http://www.opensource.org/licenses/cddl1.php. 012 * See the License for the specific language governing permissions 013 * and limitations under the License. 014 * 015 * When distributing Covered Code, include this CDDL HEADER in each 016 * file and include the License file at 017 * docs/licenses/cddl.txt. If applicable, 018 * add the following below this CDDL HEADER, with the fields enclosed 019 * by brackets "[]" replaced with your own identifying information: 020 * Portions Copyright [yyyy] [name of copyright owner] 021 * 022 * CDDL HEADER END 023 * 024 * 025 * Copyright 2010-2013 UnboundID Corp. 026 */ 027 package com.unboundid.directory.sdk.common.api; 028 029 030 031 import java.util.Collections; 032 import java.util.List; 033 import java.util.Map; 034 import javax.net.ssl.TrustManager; 035 036 import com.unboundid.directory.sdk.common.config.TrustManagerProviderConfig; 037 import com.unboundid.directory.sdk.common.internal.ExampleUsageProvider; 038 import com.unboundid.directory.sdk.common.internal.Reconfigurable; 039 import com.unboundid.directory.sdk.common.internal.UnboundIDExtension; 040 import com.unboundid.directory.sdk.common.types.ServerContext; 041 import com.unboundid.directory.sdk.ds.internal.DirectoryServerExtension; 042 import com.unboundid.directory.sdk.proxy.internal.DirectoryProxyServerExtension; 043 import com.unboundid.directory.sdk.sync.internal.SynchronizationServerExtension; 044 import com.unboundid.ldap.sdk.LDAPException; 045 import com.unboundid.ldap.sdk.ResultCode; 046 import com.unboundid.util.Extensible; 047 import com.unboundid.util.ThreadSafety; 048 import com.unboundid.util.ThreadSafetyLevel; 049 import com.unboundid.util.args.ArgumentException; 050 import com.unboundid.util.args.ArgumentParser; 051 052 053 054 /** 055 * This class defines an API that must be implemented by extensions which 056 * provide access to trust managers which are used to determine whether to trust 057 * a certificate that has been presented to the server. Trust managers are 058 * generally used when performing cryptographic operations, including SSL and 059 * StartTLS communication, in which a certificate is presented to the server. 060 * In such cases, the secure communication will only be allowed if the trust 061 * managers determine that the presented certificate chain is trustworthy. 062 * <BR> 063 * <H2>Configuring Trust Manager Providers</H2> 064 * In order to configure a trust manager provider created using this API, use a 065 * command like: 066 * <PRE> 067 * dsconfig create-trust-manager-provider \ 068 * --provider-name "<I>{provider-name}</I>" \ 069 * --type third-party \ 070 * --set enabled:true \ 071 * --set "extension-class:<I>{class-name}</I>" \ 072 * --set "extension-argument:<I>{name=value}</I>" 073 * </PRE> 074 * where "<I>{provider-name}</I>" is the name to use for the trust manager 075 * provider instance, "<I>{class-name}</I>" is the fully-qualified name of the 076 * Java class that extends 077 * {@code com.unboundid.directory.sdk.common.api.TrustManagerProvider}, and 078 * "<I>{name=value}</I>" represents name-value pairs for any arguments to 079 * provide to the trust manager provider. If multiple arguments should be 080 * provided to the trust manager provider, then the 081 * "<CODE>--set extension-argument:<I>{name=value}</I></CODE>" option should be 082 * provided multiple times. 083 */ 084 @Extensible() 085 @DirectoryServerExtension() 086 @DirectoryProxyServerExtension(appliesToLocalContent=true, 087 appliesToRemoteContent=false) 088 @SynchronizationServerExtension(appliesToLocalContent=true, 089 appliesToSynchronizedContent=false) 090 @ThreadSafety(level=ThreadSafetyLevel.INTERFACE_THREADSAFE) 091 public abstract class TrustManagerProvider 092 implements UnboundIDExtension, 093 Reconfigurable<TrustManagerProviderConfig>, 094 ExampleUsageProvider 095 { 096 /** 097 * Creates a new instance of this trust manager provider. All trust manager 098 * provider implementations must include a default constructor, but any 099 * initialization should generally be done in the 100 * {@code initializeTrustManagerProvider} method. 101 */ 102 public TrustManagerProvider() 103 { 104 // No implementation is required. 105 } 106 107 108 109 /** 110 * {@inheritDoc} 111 */ 112 public abstract String getExtensionName(); 113 114 115 116 /** 117 * {@inheritDoc} 118 */ 119 public abstract String[] getExtensionDescription(); 120 121 122 123 /** 124 * {@inheritDoc} 125 */ 126 public void defineConfigArguments(final ArgumentParser parser) 127 throws ArgumentException 128 { 129 // No arguments will be allowed by default. 130 } 131 132 133 134 /** 135 * Initializes this trust manager provider. 136 * 137 * @param serverContext A handle to the server context for the server in 138 * which this extension is running. 139 * @param config The general configuration for this trust manager 140 * provider. 141 * @param parser The argument parser which has been initialized from 142 * the configuration for this trust manager provider. 143 * 144 * @throws LDAPException If a problem occurs while initializing this 145 * trust manager provider. 146 */ 147 public void initializeTrustManagerProvider(final ServerContext serverContext, 148 final TrustManagerProviderConfig config, 149 final ArgumentParser parser) 150 throws LDAPException 151 { 152 // No initialization will be performed by default. 153 } 154 155 156 157 /** 158 * {@inheritDoc} 159 */ 160 public boolean isConfigurationAcceptable( 161 final TrustManagerProviderConfig config, 162 final ArgumentParser parser, 163 final List<String> unacceptableReasons) 164 { 165 // No extended validation will be performed by default. 166 return true; 167 } 168 169 170 171 /** 172 * {@inheritDoc} 173 */ 174 public ResultCode applyConfiguration(final TrustManagerProviderConfig config, 175 final ArgumentParser parser, 176 final List<String> adminActionsRequired, 177 final List<String> messages) 178 { 179 // By default, no configuration changes will be applied. If there are any 180 // arguments, then add an admin action message indicating that the extension 181 // needs to be restarted for any changes to take effect. 182 if (! parser.getNamedArguments().isEmpty()) 183 { 184 adminActionsRequired.add( 185 "No configuration change has actually been applied. The new " + 186 "configuration will not take effect until this trust manager " + 187 "provider is disabled and re-enabled or until the server is " + 188 "restarted."); 189 } 190 191 return ResultCode.SUCCESS; 192 } 193 194 195 196 /** 197 * Performs any cleanup which may be necessary when this trust manager 198 * provider is to be taken out of service. 199 */ 200 public void finalizeTrustManagerProvider() 201 { 202 // No implementation is required. 203 } 204 205 206 207 /** 208 * Retrieves a set of trust managers that may be used for operations within 209 * the server which may need to determine whether to trust a presented 210 * certificate chain. 211 * 212 * @return The set of trust managers that may be used for operations within 213 * the server which may need to determine whether to trust a 214 * presented certificate chain. 215 * 216 * @throws LDAPException If a problem occurs while attempting to retrieve 217 * the trust managers. 218 */ 219 public abstract TrustManager[] getTrustManagers() 220 throws LDAPException; 221 222 223 224 /** 225 * {@inheritDoc} 226 */ 227 public Map<List<String>,String> getExamplesArgumentSets() 228 { 229 return Collections.emptyMap(); 230 } 231 }