From 7369ecc8296a0329e424596ff71c60629add3ce2 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Wed, 21 Feb 2007 19:44:18 +0000
Subject: [PATCH] Redesign the server to support multiple key manager providers, trust manager providers, and certificate mappers, and update the components which need access to those elements so that they can specify which one they want to use.  Among other things, this will provide the ability to use different certificates for different listeners, and provide template configuration entries that make it easier for users to enable SSL and/or StartTLS.

---
 opends/src/server/org/opends/server/config/ConfigConstants.java |   84 ++++++++++++++++++++++++++++++++---------
 1 files changed, 65 insertions(+), 19 deletions(-)

diff --git a/opends/src/server/org/opends/server/config/ConfigConstants.java b/opends/src/server/org/opends/server/config/ConfigConstants.java
index ee1f4cc..87d3575 100644
--- a/opends/src/server/org/opends/server/config/ConfigConstants.java
+++ b/opends/src/server/org/opends/server/config/ConfigConstants.java
@@ -489,6 +489,15 @@
 
 
   /**
+   * The name of the configuration attribute that holds the DN of a certificate
+   * mapper configuration entry.
+   */
+  public static final String ATTR_CERTMAPPER_DN =
+       NAME_PREFIX_CFG + "certificate-mapper-dn";
+
+
+
+  /**
    * The name of the configuration attribute that indicates whether the
    * certificate mapper is enabled.
    */
@@ -842,6 +851,15 @@
 
 
   /**
+   * The name of the configuration attribute that specifies the DN of the
+   * configuration entry for the key manager provider.
+   */
+  public static final String ATTR_KEYMANAGER_DN =
+       NAME_PREFIX_CFG + "key-manager-provider-dn";
+
+
+
+  /**
    * The name of the configuration attribute that indicates whether the key
    * manager provider should be enabled.
    */
@@ -914,6 +932,15 @@
 
 
   /**
+   * The name of the configuration attribute that specifies the DN of the
+   * configuration entry for the trust manager provider.
+   */
+  public static final String ATTR_TRUSTMANAGER_DN =
+       NAME_PREFIX_CFG + "trust-manager-provider-dn";
+
+
+
+  /**
    * The name of the configuration attribute that indicates whether the trust
    * manager provider should be enabled.
    */
@@ -2582,36 +2609,28 @@
 
   /**
    * The DN of the entry that will be the base of the configuration information
-   * for the Directory Server SSL provider.
+   * for the Directory Server certificate mappers.
    */
-  public static final String DN_SSL_CONFIG_ROOT = "cn=SSL," + DN_CONFIG_ROOT;
+  public static final String DN_CERTMAPPER_CONFIG_BASE =
+       "cn=Certificate Mappers," + DN_CONFIG_ROOT;
 
 
 
   /**
-   * The DN of the entry that will hold the configuration for the Directory
-   * Server certificate mapper used for SASL EXTERNAL authentication.
+   * The DN of the entry that be the base of the configuration information for
+   * the Directory Server key manager providers.
    */
-  public static final String DN_CERTMAPPER_CONFIG =
-       "cn=Certificate Mapper," + DN_SSL_CONFIG_ROOT;
+  public static final String DN_KEYMANAGER_PROVIDER_CONFIG_BASE =
+       "cn=Key Manager Providers," + DN_CONFIG_ROOT;
 
 
 
   /**
-   * The DN of the entry that will hold the configuration for the Directory
-   * Server key manager provider used for SSL communication.
+   * The DN of the entry that be the base of the configuration information for
+   * the Directory Server trust manager providers.
    */
-  public static final String DN_KEYMANAGER_PROVIDER_CONFIG =
-       "cn=Key Manager Provider," + DN_SSL_CONFIG_ROOT;
-
-
-
-  /**
-   * The DN of the entry that will hold the configuration for the Directory
-   * Server trust manager provider used for SSL communication.
-   */
-  public static final String DN_TRUSTMANAGER_PROVIDER_CONFIG =
-       "cn=Trust Manager Provider," + DN_SSL_CONFIG_ROOT;
+  public static final String DN_TRUSTMANAGER_PROVIDER_CONFIG_BASE =
+       "cn=Trust Manager Providers," + DN_CONFIG_ROOT;
 
 
 
@@ -2906,6 +2925,15 @@
 
   /**
    * The name of the objectclass that will be used for a Directory Server
+   * certificate mapper.
+   */
+  public static final String OC_CERTIFICATE_MAPPER =
+       NAME_PREFIX_CFG + "certificate-mapper";
+
+
+
+  /**
+   * The name of the objectclass that will be used for a Directory Server
    * connection handler.
    */
   public static final String OC_CONNECTION_HANDLER =
@@ -2957,6 +2985,15 @@
 
 
   /**
+   * The name of the objectclass that will be used for a Directory Server key
+   * manager provider.
+   */
+  public static final String OC_KEY_MANAGER_PROVIDER =
+       NAME_PREFIX_CFG + "key-manager-provider";
+
+
+
+  /**
    * The name of the objectclass that will be used for a Directory Server
    * matching rules.
    */
@@ -3070,6 +3107,15 @@
 
 
   /**
+   * The name of the objectclass that will be used for a Directory Server trust
+   * manager provider.
+   */
+  public static final String OC_TRUST_MANAGER_PROVIDER =
+       NAME_PREFIX_CFG + "trust-manager-provider";
+
+
+
+  /**
    * The name of the operational attribute that will appear in a user's entry to
    * indicate whether the account has been disabled.
    */

--
Gitblit v1.10.0