001 /*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License"). You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at
010 * docs/licenses/cddl.txt
011 * or http://www.opensource.org/licenses/cddl1.php.
012 * See the License for the specific language governing permissions
013 * and limitations under the License.
014 *
015 * When distributing Covered Code, include this CDDL HEADER in each
016 * file and include the License file at
017 * docs/licenses/cddl.txt. If applicable,
018 * add the following below this CDDL HEADER, with the fields enclosed
019 * by brackets "[]" replaced with your own identifying information:
020 * Portions Copyright [yyyy] [name of copyright owner]
021 *
022 * CDDL HEADER END
023 *
024 *
025 * Copyright 2010-2013 UnboundID Corp.
026 */
027 package com.unboundid.directory.sdk.common.api;
028
029
030
031 import java.util.Collections;
032 import java.util.List;
033 import java.util.Map;
034 import javax.net.ssl.KeyManager;
035
036 import com.unboundid.directory.sdk.common.config.KeyManagerProviderConfig;
037 import com.unboundid.directory.sdk.common.internal.ExampleUsageProvider;
038 import com.unboundid.directory.sdk.common.internal.Reconfigurable;
039 import com.unboundid.directory.sdk.common.internal.UnboundIDExtension;
040 import com.unboundid.directory.sdk.common.types.ServerContext;
041 import com.unboundid.directory.sdk.ds.internal.DirectoryServerExtension;
042 import com.unboundid.directory.sdk.metrics.internal.MetricsEngineExtension;
043 import com.unboundid.directory.sdk.proxy.internal.DirectoryProxyServerExtension;
044 import com.unboundid.directory.sdk.sync.internal.SynchronizationServerExtension;
045 import com.unboundid.ldap.sdk.LDAPException;
046 import com.unboundid.ldap.sdk.ResultCode;
047 import com.unboundid.util.Extensible;
048 import com.unboundid.util.ThreadSafety;
049 import com.unboundid.util.ThreadSafetyLevel;
050 import com.unboundid.util.args.ArgumentException;
051 import com.unboundid.util.args.ArgumentParser;
052
053
054
055 /**
056 * This class defines an API that must be implemented by extensions which
057 * provide access to key managers. Key managers allow the server to access
058 * certificates in a form that can be presented to another system during SSL or
059 * StartTLS negotiation. If the server is configured to accept secure
060 * communication from clients, then a key manager provider will be used to
061 * access the certificate that the server presents to the client. If the server
062 * needs to establish a secure connection to another system (e.g., the Directory
063 * Proxy Server connecting to a backend Directory Server instance), then the
064 * key manager provider may also be used to obtain a client certificate that may
065 * be used for authentication.
066 * <BR>
067 * <H2>Configuring Key Manager Providers</H2>
068 * In order to configure a key manager provider created using this API, use a
069 * command like:
070 * <PRE>
071 * dsconfig create-key-manager-provider \
072 * --provider-name "<I>{provider-name}</I>" \
073 * --type third-party \
074 * --set enabled:true \
075 * --set "extension-class:<I>{class-name}</I>" \
076 * --set "extension-argument:<I>{name=value}</I>"
077 * </PRE>
078 * where "<I>{provider-name}</I>" is the name to use for the key manager
079 * provider instance, "<I>{class-name}</I>" is the fully-qualified name of the
080 * Java class that extends
081 * {@code com.unboundid.directory.sdk.common.api.KeyManagerProvider}, and
082 * "<I>{name=value}</I>" represents name-value pairs for any arguments to
083 * provide to the key manager provider. If multiple arguments should be
084 * provided to the key manager provider, then the
085 * "<CODE>--set extension-argument:<I>{name=value}</I></CODE>" option should be
086 * provided multiple times.
087 */
088 @Extensible()
089 @DirectoryServerExtension()
090 @DirectoryProxyServerExtension(appliesToLocalContent=true,
091 appliesToRemoteContent=false)
092 @SynchronizationServerExtension(appliesToLocalContent=true,
093 appliesToSynchronizedContent=false)
094 @MetricsEngineExtension()
095 @ThreadSafety(level=ThreadSafetyLevel.INTERFACE_THREADSAFE)
096 public abstract class KeyManagerProvider
097 implements UnboundIDExtension, Reconfigurable<KeyManagerProviderConfig>,
098 ExampleUsageProvider
099 {
100 /**
101 * Creates a new instance of this key manager provider. All key manager
102 * provider implementations must include a default constructor, but any
103 * initialization should generally be done in the
104 * {@code initializeKeyManagerProvider} method.
105 */
106 public KeyManagerProvider()
107 {
108 // No implementation is required.
109 }
110
111
112
113 /**
114 * {@inheritDoc}
115 */
116 public abstract String getExtensionName();
117
118
119
120 /**
121 * {@inheritDoc}
122 */
123 public abstract String[] getExtensionDescription();
124
125
126
127 /**
128 * {@inheritDoc}
129 */
130 public void defineConfigArguments(final ArgumentParser parser)
131 throws ArgumentException
132 {
133 // No arguments will be allowed by default.
134 }
135
136
137
138 /**
139 * Initializes this key manager provider.
140 *
141 * @param serverContext A handle to the server context for the server in
142 * which this extension is running.
143 * @param config The general configuration for this key manager
144 * provider.
145 * @param parser The argument parser which has been initialized from
146 * the configuration for this key manager provider.
147 *
148 * @throws LDAPException If a problem occurs while initializing this
149 * key manager provider.
150 */
151 public void initializeKeyManagerProvider(final ServerContext serverContext,
152 final KeyManagerProviderConfig config,
153 final ArgumentParser parser)
154 throws LDAPException
155 {
156 // No initialization will be performed by default.
157 }
158
159
160
161 /**
162 * {@inheritDoc}
163 */
164 public boolean isConfigurationAcceptable(
165 final KeyManagerProviderConfig config,
166 final ArgumentParser parser,
167 final List<String> unacceptableReasons)
168 {
169 // No extended validation will be performed by default.
170 return true;
171 }
172
173
174
175 /**
176 * {@inheritDoc}
177 */
178 public ResultCode applyConfiguration(final KeyManagerProviderConfig config,
179 final ArgumentParser parser,
180 final List<String> adminActionsRequired,
181 final List<String> messages)
182 {
183 // By default, no configuration changes will be applied. If there are any
184 // arguments, then add an admin action message indicating that the extension
185 // needs to be restarted for any changes to take effect.
186 if (! parser.getNamedArguments().isEmpty())
187 {
188 adminActionsRequired.add(
189 "No configuration change has actually been applied. The new " +
190 "configuration will not take effect until this key manager " +
191 "provider is disabled and re-enabled or until the server is " +
192 "restarted.");
193 }
194
195 return ResultCode.SUCCESS;
196 }
197
198
199
200 /**
201 * Performs any cleanup which may be necessary when this key manager provider
202 * is to be taken out of service.
203 */
204 public void finalizeKeyManagerProvider()
205 {
206 // No implementation is required.
207 }
208
209
210
211 /**
212 * Retrieves a set of key managers that may be used for operations within
213 * the server which may require access to certificates.
214 *
215 * @return The set of key managers that may be used for operations within the
216 * server which may require access to certificates.
217 *
218 * @throws LDAPException If a problem occurs while attempting to retrieve
219 * the key managers.
220 */
221 public abstract KeyManager[] getKeyManagers()
222 throws LDAPException;
223
224
225
226 /**
227 * {@inheritDoc}
228 */
229 public Map<List<String>,String> getExamplesArgumentSets()
230 {
231 return Collections.emptyMap();
232 }
233 }