001 /*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License"). You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at
010 * docs/licenses/cddl.txt
011 * or http://www.opensource.org/licenses/cddl1.php.
012 * See the License for the specific language governing permissions
013 * and limitations under the License.
014 *
015 * When distributing Covered Code, include this CDDL HEADER in each
016 * file and include the License file at
017 * docs/licenses/cddl.txt. If applicable,
018 * add the following below this CDDL HEADER, with the fields enclosed
019 * by brackets "[]" replaced with your own identifying information:
020 * Portions Copyright [yyyy] [name of copyright owner]
021 *
022 * CDDL HEADER END
023 *
024 *
025 * Copyright 2010-2012 UnboundID Corp.
026 */
027 package com.unboundid.directory.sdk.common.api;
028
029
030
031 import java.util.Collections;
032 import java.util.List;
033 import java.util.Map;
034 import javax.net.ssl.TrustManager;
035
036 import com.unboundid.directory.sdk.common.config.TrustManagerProviderConfig;
037 import com.unboundid.directory.sdk.common.internal.ExampleUsageProvider;
038 import com.unboundid.directory.sdk.common.internal.Reconfigurable;
039 import com.unboundid.directory.sdk.common.internal.UnboundIDExtension;
040 import com.unboundid.directory.sdk.common.types.ServerContext;
041 import com.unboundid.directory.sdk.ds.internal.DirectoryServerExtension;
042 import com.unboundid.directory.sdk.proxy.internal.DirectoryProxyServerExtension;
043 import com.unboundid.directory.sdk.sync.internal.SynchronizationServerExtension;
044 import com.unboundid.ldap.sdk.LDAPException;
045 import com.unboundid.ldap.sdk.ResultCode;
046 import com.unboundid.util.Extensible;
047 import com.unboundid.util.ThreadSafety;
048 import com.unboundid.util.ThreadSafetyLevel;
049 import com.unboundid.util.args.ArgumentException;
050 import com.unboundid.util.args.ArgumentParser;
051
052
053
054 /**
055 * This class defines an API that must be implemented by extensions which
056 * provide access to trust managers which are used to determine whether to trust
057 * a certificate that has been presented to the server. Trust managers are
058 * generally used when performing cryptographic operations, including SSL and
059 * StartTLS communication, in which a certificate is presented to the server.
060 * In such cases, the secure communication will only be allowed if the trust
061 * managers determine that the presented certificate chain is trustworthy.
062 * <BR>
063 * <H2>Configuring Trust Manager Providers</H2>
064 * In order to configure a trust manager provider created using this API, use a
065 * command like:
066 * <PRE>
067 * dsconfig create-trust-manager-provider \
068 * --provider-name "<I>{provider-name}</I>" \
069 * --type third-party \
070 * --set enabled:true \
071 * --set "extension-class:<I>{class-name}</I>" \
072 * --set "extension-argument:<I>{name=value}</I>"
073 * </PRE>
074 * where "<I>{provider-name}</I>" is the name to use for the trust manager
075 * provider instance, "<I>{class-name}</I>" is the fully-qualified name of the
076 * Java class that extends
077 * {@code com.unboundid.directory.sdk.common.api.TrustManagerProvider}, and
078 * "<I>{name=value}</I>" represents name-value pairs for any arguments to
079 * provide to the trust manager provider. If multiple arguments should be
080 * provided to the trust manager provider, then the
081 * "<CODE>--set extension-argument:<I>{name=value}</I></CODE>" option should be
082 * provided multiple times.
083 */
084 @Extensible()
085 @DirectoryServerExtension()
086 @DirectoryProxyServerExtension(appliesToLocalContent=true,
087 appliesToRemoteContent=false)
088 @SynchronizationServerExtension(appliesToLocalContent=true,
089 appliesToSynchronizedContent=false)
090 @ThreadSafety(level=ThreadSafetyLevel.INTERFACE_THREADSAFE)
091 public abstract class TrustManagerProvider
092 implements UnboundIDExtension,
093 Reconfigurable<TrustManagerProviderConfig>,
094 ExampleUsageProvider
095 {
096 /**
097 * Creates a new instance of this trust manager provider. All trust manager
098 * provider implementations must include a default constructor, but any
099 * initialization should generally be done in the
100 * {@code initializeTrustManagerProvider} method.
101 */
102 public TrustManagerProvider()
103 {
104 // No implementation is required.
105 }
106
107
108
109 /**
110 * {@inheritDoc}
111 */
112 public abstract String getExtensionName();
113
114
115
116 /**
117 * {@inheritDoc}
118 */
119 public abstract String[] getExtensionDescription();
120
121
122
123 /**
124 * {@inheritDoc}
125 */
126 public void defineConfigArguments(final ArgumentParser parser)
127 throws ArgumentException
128 {
129 // No arguments will be allowed by default.
130 }
131
132
133
134 /**
135 * Initializes this trust manager provider.
136 *
137 * @param serverContext A handle to the server context for the server in
138 * which this extension is running.
139 * @param config The general configuration for this trust manager
140 * provider.
141 * @param parser The argument parser which has been initialized from
142 * the configuration for this trust manager provider.
143 *
144 * @throws LDAPException If a problem occurs while initializing this
145 * trust manager provider.
146 */
147 public void initializeTrustManagerProvider(final ServerContext serverContext,
148 final TrustManagerProviderConfig config,
149 final ArgumentParser parser)
150 throws LDAPException
151 {
152 // No initialization will be performed by default.
153 }
154
155
156
157 /**
158 * {@inheritDoc}
159 */
160 public boolean isConfigurationAcceptable(
161 final TrustManagerProviderConfig config,
162 final ArgumentParser parser,
163 final List<String> unacceptableReasons)
164 {
165 // No extended validation will be performed by default.
166 return true;
167 }
168
169
170
171 /**
172 * {@inheritDoc}
173 */
174 public ResultCode applyConfiguration(final TrustManagerProviderConfig config,
175 final ArgumentParser parser,
176 final List<String> adminActionsRequired,
177 final List<String> messages)
178 {
179 // By default, no configuration changes will be applied. If there are any
180 // arguments, then add an admin action message indicating that the extension
181 // needs to be restarted for any changes to take effect.
182 if (! parser.getNamedArguments().isEmpty())
183 {
184 adminActionsRequired.add(
185 "No configuration change has actually been applied. The new " +
186 "configuration will not take effect until this trust manager " +
187 "provider is disabled and re-enabled or until the server is " +
188 "restarted.");
189 }
190
191 return ResultCode.SUCCESS;
192 }
193
194
195
196 /**
197 * Performs any cleanup which may be necessary when this trust manager
198 * provider is to be taken out of service.
199 */
200 public void finalizeTrustManagerProvider()
201 {
202 // No implementation is required.
203 }
204
205
206
207 /**
208 * Retrieves a set of trust managers that may be used for operations within
209 * the server which may need to determine whether to trust a presented
210 * certificate chain.
211 *
212 * @return The set of trust managers that may be used for operations within
213 * the server which may need to determine whether to trust a
214 * presented certificate chain.
215 *
216 * @throws LDAPException If a problem occurs while attempting to retrieve
217 * the trust managers.
218 */
219 public abstract TrustManager[] getTrustManagers()
220 throws LDAPException;
221
222
223
224 /**
225 * {@inheritDoc}
226 */
227 public Map<List<String>,String> getExamplesArgumentSets()
228 {
229 return Collections.emptyMap();
230 }
231 }