From 68ceb8ea8c8d2c2745f1c2449635764f4a51a993 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Thu, 28 Jun 2007 23:54:43 +0000
Subject: [PATCH] Migrate the key and trust manager provider configuration to the admin framework.
---
opends/src/server/org/opends/server/core/TrustManagerProviderConfigManager.java | 1067 ++++++++++++++---------------------------------------------
1 files changed, 255 insertions(+), 812 deletions(-)
diff --git a/opends/src/server/org/opends/server/core/TrustManagerProviderConfigManager.java b/opends/src/server/org/opends/server/core/TrustManagerProviderConfigManager.java
index 5c75551..3ffc9ea 100644
--- a/opends/src/server/org/opends/server/core/TrustManagerProviderConfigManager.java
+++ b/opends/src/server/org/opends/server/core/TrustManagerProviderConfigManager.java
@@ -28,22 +28,21 @@
+import java.lang.reflect.Method;
import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.LinkedList;
import java.util.List;
import java.util.concurrent.ConcurrentHashMap;
-import org.opends.server.api.ConfigAddListener;
-import org.opends.server.api.ConfigChangeListener;
-import org.opends.server.api.ConfigDeleteListener;
-import org.opends.server.api.ConfigHandler;
-import org.opends.server.api.ConfigurableComponent;
+import org.opends.server.admin.ClassPropertyDefinition;
+import org.opends.server.admin.server.ConfigurationAddListener;
+import org.opends.server.admin.server.ConfigurationChangeListener;
+import org.opends.server.admin.server.ConfigurationDeleteListener;
+import org.opends.server.admin.std.meta.TrustManagerCfgDefn;
+import org.opends.server.admin.std.server.TrustManagerCfg;
+import org.opends.server.admin.std.server.RootCfg;
+import org.opends.server.admin.server.ServerManagementContext;
import org.opends.server.api.TrustManagerProvider;
-import org.opends.server.config.BooleanConfigAttribute;
-import org.opends.server.config.ConfigEntry;
import org.opends.server.config.ConfigException;
-import org.opends.server.config.StringConfigAttribute;
import org.opends.server.types.ConfigChangeResult;
import org.opends.server.types.DN;
import org.opends.server.types.ErrorLogCategory;
@@ -51,42 +50,30 @@
import org.opends.server.types.InitializationException;
import org.opends.server.types.ResultCode;
-import static org.opends.server.config.ConfigConstants.*;
-import org.opends.server.types.DebugLogLevel;
import static org.opends.server.loggers.ErrorLogger.*;
-import static org.opends.server.loggers.debug.DebugLogger.*;
-import org.opends.server.loggers.debug.DebugTracer;
import static org.opends.server.messages.ConfigMessages.*;
import static org.opends.server.messages.MessageHandler.*;
-import static org.opends.server.util.ServerConstants.*;
+import static org.opends.server.util.StaticUtils.*;
/**
- * This class defines a utility that will be used to manage the set of
- * trust manager providers defined in the Directory Server. It will initialize
- * the providers when the server starts, and then will manage any additions,
- * removals, or modifications of any trust manager providers while the server is
- * running.
+ * This class defines a utility that will be used to manage the set of trust
+ * manager providers defined in the Directory Server. It will initialize the
+ * trust manager providers when the server starts, and then will manage any
+ * additions, removals, or modifications to any trust manager providers while
+ * the server is running.
*/
public class TrustManagerProviderConfigManager
- implements ConfigChangeListener, ConfigAddListener, ConfigDeleteListener
+ implements ConfigurationChangeListener<TrustManagerCfg>,
+ ConfigurationAddListener<TrustManagerCfg>,
+ ConfigurationDeleteListener<TrustManagerCfg>
+
{
- /**
- * The tracer object for the debug logger.
- */
- private static final DebugTracer TRACER = getTracer();
-
-
-
-
- // A mapping between the DNs of the config entries and the associated
- // trust manager providers.
+ // A mapping between the DNs of the config entries and the associated trust
+ // manager providers.
private ConcurrentHashMap<DN,TrustManagerProvider> providers;
- // The configuration handler for the Directory Server.
- private ConfigHandler configHandler;
-
/**
@@ -94,8 +81,7 @@
*/
public TrustManagerProviderConfigManager()
{
- configHandler = DirectoryServer.getConfigHandler();
- providers = new ConcurrentHashMap<DN,TrustManagerProvider>();
+ providers = new ConcurrentHashMap<DN,TrustManagerProvider>();
}
@@ -115,855 +101,312 @@
public void initializeTrustManagerProviders()
throws ConfigException, InitializationException
{
- // First, get the configuration base entry.
- ConfigEntry baseEntry;
- try
+ // Get the root configuration object.
+ ServerManagementContext managementContext =
+ ServerManagementContext.getInstance();
+ RootCfg rootConfiguration =
+ managementContext.getRootConfiguration();
+
+
+ // Register as an add and delete listener with the root configuration so we
+ // can be notified if any trust manager provider entries are added or
+ // removed.
+ rootConfiguration.addTrustManagerAddListener(this);
+ rootConfiguration.addTrustManagerDeleteListener(this);
+
+
+ //Initialize the existing trust manager providers.
+ for (String name : rootConfiguration.listTrustManagers())
{
- DN providerBase = DN.decode(DN_TRUSTMANAGER_PROVIDER_CONFIG_BASE);
- baseEntry = configHandler.getConfigEntry(providerBase);
- }
- catch (Exception e)
- {
- if (debugEnabled())
+ TrustManagerCfg providerConfig = rootConfiguration.getTrustManager(name);
+ providerConfig.addChangeListener(this);
+
+ if (providerConfig.isEnabled())
{
- TRACER.debugCaught(DebugLogLevel.ERROR, e);
- }
-
- int msgID = MSGID_CONFIG_TRUSTMANAGER_CANNOT_GET_BASE;
- String message = getMessage(msgID, String.valueOf(e));
- throw new ConfigException(msgID, message, e);
- }
-
- if (baseEntry == null)
- {
- // The trust manager provider base entry does not exist. This is not
- // acceptable, so throw an exception.
- int msgID = MSGID_CONFIG_TRUSTMANAGER_BASE_DOES_NOT_EXIST;
- String message = getMessage(msgID);
- throw new ConfigException(msgID, message);
- }
-
-
- // Register add and delete listeners with the trust manager provider base
- // entry. We don't care about modifications to it.
- baseEntry.registerAddListener(this);
- baseEntry.registerDeleteListener(this);
-
-
- // See if the base entry has any children. If not, then we don't need to do
- // anything else.
- if (! baseEntry.hasChildren())
- {
- return;
- }
-
-
- // Iterate through the child entries and process them as trust manager
- // provider configuration entries.
- for (ConfigEntry childEntry : baseEntry.getChildren().values())
- {
- childEntry.registerChangeListener(this);
-
- StringBuilder unacceptableReason = new StringBuilder();
- if (! configAddIsAcceptable(childEntry, unacceptableReason))
- {
- logError(ErrorLogCategory.CONFIGURATION, ErrorLogSeverity.SEVERE_ERROR,
- MSGID_CONFIG_TRUSTMANAGER_ENTRY_UNACCEPTABLE,
- childEntry.getDN().toString(), unacceptableReason.toString());
- continue;
- }
-
- try
- {
- ConfigChangeResult result = applyConfigurationAdd(childEntry);
- if (result.getResultCode() != ResultCode.SUCCESS)
+ String className = providerConfig.getJavaImplementationClass();
+ try
{
- StringBuilder buffer = new StringBuilder();
-
- List<String> resultMessages = result.getMessages();
- if ((resultMessages == null) || (resultMessages.isEmpty()))
- {
- buffer.append(getMessage(MSGID_CONFIG_UNKNOWN_UNACCEPTABLE_REASON));
- }
- else
- {
- Iterator<String> iterator = resultMessages.iterator();
-
- buffer.append(iterator.next());
- while (iterator.hasNext())
- {
- buffer.append(EOL);
- buffer.append(iterator.next());
- }
- }
-
+ TrustManagerProvider provider =
+ loadProvider(className, providerConfig);
+ providers.put(providerConfig.dn(), provider);
+ DirectoryServer.registerTrustManagerProvider(providerConfig.dn(),
+ provider);
+ }
+ catch (InitializationException ie)
+ {
logError(ErrorLogCategory.CONFIGURATION,
ErrorLogSeverity.SEVERE_ERROR,
- MSGID_CONFIG_TRUSTMANAGER_CANNOT_CREATE_PROVIDER,
- childEntry.getDN().toString(), buffer.toString());
+ ie.getMessage(), ie.getMessageID());
+ continue;
}
}
- catch (Exception e)
- {
- logError(ErrorLogCategory.CONFIGURATION, ErrorLogSeverity.SEVERE_ERROR,
- MSGID_CONFIG_TRUSTMANAGER_CANNOT_CREATE_PROVIDER,
- childEntry.getDN().toString(), String.valueOf(e));
- }
}
}
/**
- * Indicates whether the configuration entry that will result from a proposed
- * modification is acceptable to this change listener.
- *
- * @param configEntry The configuration entry that will result from
- * the requested update.
- * @param unacceptableReason A buffer to which this method can append a
- * human-readable message explaining why the
- * proposed change is not acceptable.
- *
- * @return <CODE>true</CODE> if the proposed entry contains an acceptable
- * configuration, or <CODE>false</CODE> if it does not.
+ * {@inheritDoc}
*/
- public boolean configChangeIsAcceptable(ConfigEntry configEntry,
- StringBuilder unacceptableReason)
+ public boolean isConfigurationAddAcceptable(TrustManagerCfg configuration,
+ List<String> unacceptableReasons)
{
- // Make sure that the entry has an appropriate objectclass for a trust
- // manager provider.
- if (! configEntry.hasObjectClass(OC_TRUST_MANAGER_PROVIDER))
+ if (configuration.isEnabled())
{
- int msgID = MSGID_CONFIG_TRUSTMANAGER_INVALID_OBJECTCLASS;
- String message = getMessage(msgID, configEntry.getDN().toString());
- unacceptableReason.append(message);
- return false;
- }
-
-
- // Make sure that the entry specifies the provider class name.
- StringConfigAttribute classNameAttr;
- try
- {
- StringConfigAttribute classStub =
- new StringConfigAttribute(ATTR_TRUSTMANAGER_CLASS,
- getMessage(MSGID_CONFIG_TRUSTMANAGER_DESCRIPTION_CLASS),
- true, false, true);
- classNameAttr = (StringConfigAttribute)
- configEntry.getConfigAttribute(classStub);
-
- if (classNameAttr == null)
+ // Get the name of the class and make sure we can instantiate it as a
+ // trust manager provider.
+ String className = configuration.getJavaImplementationClass();
+ try
{
- int msgID = MSGID_CONFIG_TRUSTMANAGER_NO_CLASS_NAME;
- String message = getMessage(msgID, configEntry.getDN().toString());
- unacceptableReason.append(message);
+ loadProvider(className, null);
+ }
+ catch (InitializationException ie)
+ {
+ unacceptableReasons.add(ie.getMessage());
return false;
}
}
- catch (Exception e)
- {
- if (debugEnabled())
- {
- TRACER.debugCaught(DebugLogLevel.ERROR, e);
- }
- int msgID = MSGID_CONFIG_TRUSTMANAGER_INVALID_CLASS_NAME;
- String message = getMessage(msgID, configEntry.getDN().toString(),
- String.valueOf(e));
- unacceptableReason.append(message);
- return false;
- }
-
- Class providerClass;
- try
- {
- providerClass = DirectoryServer.loadClass(classNameAttr.pendingValue());
- }
- catch (Exception e)
- {
- if (debugEnabled())
- {
- TRACER.debugCaught(DebugLogLevel.ERROR, e);
- }
-
- int msgID = MSGID_CONFIG_TRUSTMANAGER_INVALID_CLASS_NAME;
- String message = getMessage(msgID, configEntry.getDN().toString(),
- String.valueOf(e));
- unacceptableReason.append(message);
- return false;
- }
-
- try
- {
- TrustManagerProvider provider =
- (TrustManagerProvider) providerClass.newInstance();
- }
- catch(Exception e)
- {
- if (debugEnabled())
- {
- TRACER.debugCaught(DebugLogLevel.ERROR, e);
- }
-
- int msgID = MSGID_CONFIG_TRUSTMANAGER_INVALID_CLASS;
- String message = getMessage(msgID, providerClass.getName(),
- String.valueOf(configEntry.getDN()),
- String.valueOf(e));
- unacceptableReason.append(message);
- return false;
- }
-
-
- // See if this trust manager provider should be enabled.
- BooleanConfigAttribute enabledAttr;
- try
- {
- BooleanConfigAttribute enabledStub =
- new BooleanConfigAttribute(ATTR_TRUSTMANAGER_ENABLED,
- getMessage(MSGID_CONFIG_TRUSTMANAGER_DESCRIPTION_ENABLED),
- false);
- enabledAttr = (BooleanConfigAttribute)
- configEntry.getConfigAttribute(enabledStub);
-
- if (enabledAttr == null)
- {
- int msgID = MSGID_CONFIG_TRUSTMANAGER_NO_ENABLED_ATTR;
- String message = getMessage(msgID, configEntry.getDN().toString());
- unacceptableReason.append(message);
- return false;
- }
- }
- catch (Exception e)
- {
- if (debugEnabled())
- {
- TRACER.debugCaught(DebugLogLevel.ERROR, e);
- }
-
- int msgID = MSGID_CONFIG_TRUSTMANAGER_INVALID_ENABLED_VALUE;
- String message = getMessage(msgID, configEntry.getDN().toString(),
- String.valueOf(e));
- unacceptableReason.append(message);
- return false;
- }
-
-
- // If we've gotten here then the trust manager provider entry appears to be
- // acceptable.
+ // If we've gotten here, then it's fine.
return true;
}
/**
- * Attempts to apply a new configuration to this Directory Server component
- * based on the provided changed entry.
- *
- * @param configEntry The configuration entry that containing the updated
- * configuration for this component.
- *
- * @return Information about the result of processing the configuration
- * change.
+ * {@inheritDoc}
*/
- public ConfigChangeResult applyConfigurationChange(ConfigEntry configEntry)
+ public ConfigChangeResult applyConfigurationAdd(TrustManagerCfg configuration)
{
- DN configEntryDN = configEntry.getDN();
ResultCode resultCode = ResultCode.SUCCESS;
boolean adminActionRequired = false;
ArrayList<String> messages = new ArrayList<String>();
+ configuration.addChangeListener(this);
- // Make sure that the entry has an appropriate objectclass for a trust
+ if (! configuration.isEnabled())
+ {
+ return new ConfigChangeResult(resultCode, adminActionRequired, messages);
+ }
+
+ TrustManagerProvider provider = null;
+
+ // Get the name of the class and make sure we can instantiate it as a trust
// manager provider.
- if (! configEntry.hasObjectClass(OC_TRUST_MANAGER_PROVIDER))
- {
- int msgID = MSGID_CONFIG_TRUSTMANAGER_INVALID_CLASS;
- messages.add(getMessage(msgID, String.valueOf(configEntryDN)));
- resultCode = ResultCode.UNWILLING_TO_PERFORM;
- return new ConfigChangeResult(resultCode, adminActionRequired, messages);
- }
-
-
- // Get the corresponding trust manager provider if it is active.
- TrustManagerProvider provider = providers.get(configEntryDN);
-
-
- // See if this provider should be enabled or disabled.
- boolean needsEnabled = false;
- BooleanConfigAttribute enabledAttr;
+ String className = configuration.getJavaImplementationClass();
try
{
- BooleanConfigAttribute enabledStub =
- new BooleanConfigAttribute(ATTR_TRUSTMANAGER_ENABLED,
- getMessage(MSGID_CONFIG_TRUSTMANAGER_DESCRIPTION_ENABLED),
- false);
- enabledAttr = (BooleanConfigAttribute)
- configEntry.getConfigAttribute(enabledStub);
-
- if (enabledAttr == null)
- {
- int msgID = MSGID_CONFIG_TRUSTMANAGER_NO_ENABLED_ATTR;
- messages.add(getMessage(msgID, String.valueOf(configEntryDN)));
- resultCode = ResultCode.UNWILLING_TO_PERFORM;
- return new ConfigChangeResult(resultCode, adminActionRequired,
- messages);
- }
-
- if (enabledAttr.activeValue())
- {
- if (provider == null)
- {
- needsEnabled = true;
- }
- else
- {
- // The provider is already active, so no action is required.
- }
- }
- else
- {
- if (provider == null)
- {
- // The provider is already disabled, so no action is required and we
- // can short-circuit out of this processing.
- return new ConfigChangeResult(resultCode, adminActionRequired,
- messages);
- }
- else
- {
- // The provider is active, so it needs to be disabled. Do this and
- // return that we were successful.
- providers.remove(configEntryDN);
- DirectoryServer.deregisterTrustManagerProvider(configEntryDN);
- provider.finalizeTrustManagerProvider();
- return new ConfigChangeResult(resultCode, adminActionRequired,
- messages);
- }
- }
+ provider = loadProvider(className, configuration);
}
- catch (Exception e)
+ catch (InitializationException ie)
{
- if (debugEnabled())
+ if (resultCode == ResultCode.SUCCESS)
{
- TRACER.debugCaught(DebugLogLevel.ERROR, e);
- }
-
- int msgID = MSGID_CONFIG_TRUSTMANAGER_INVALID_ENABLED_VALUE;
- messages.add(getMessage(msgID, String.valueOf(configEntryDN),
- String.valueOf(e)));
- resultCode = DirectoryServer.getServerErrorResultCode();
- return new ConfigChangeResult(resultCode, adminActionRequired, messages);
- }
-
-
- // Make sure that the entry specifies the provider class name. If it has
- // changed, then we will not try to dynamically apply it.
- String className;
- try
- {
- StringConfigAttribute classStub =
- new StringConfigAttribute(ATTR_TRUSTMANAGER_CLASS,
- getMessage(MSGID_CONFIG_TRUSTMANAGER_DESCRIPTION_CLASS),
- true, false, true);
- StringConfigAttribute classNameAttr =
- (StringConfigAttribute) configEntry.getConfigAttribute(classStub);
-
- if (classNameAttr == null)
- {
- int msgID = MSGID_CONFIG_TRUSTMANAGER_NO_CLASS_NAME;
- messages.add(getMessage(msgID, String.valueOf(configEntryDN)));
- resultCode = ResultCode.OBJECTCLASS_VIOLATION;
- return new ConfigChangeResult(resultCode, adminActionRequired,
- messages);
- }
-
- className = classNameAttr.pendingValue();
- }
- catch (Exception e)
- {
- if (debugEnabled())
- {
- TRACER.debugCaught(DebugLogLevel.ERROR, e);
- }
-
- int msgID = MSGID_CONFIG_TRUSTMANAGER_INVALID_CLASS_NAME;
- messages.add(getMessage(msgID, String.valueOf(configEntryDN),
- String.valueOf(e)));
- resultCode = DirectoryServer.getServerErrorResultCode();
- return new ConfigChangeResult(resultCode, adminActionRequired, messages);
- }
-
-
- boolean classChanged = false;
- String oldClassName = null;
- if (provider != null)
- {
- oldClassName = provider.getClass().getName();
- classChanged = (! className.equals(oldClassName));
- }
-
-
- if (classChanged)
- {
- // This will not be applied dynamically. Add a message to the response
- // and indicate that admin action is required.
- adminActionRequired = true;
- messages.add(getMessage(MSGID_CONFIG_TRUSTMANAGER_CLASS_ACTION_REQUIRED,
- String.valueOf(oldClassName),
- String.valueOf(className),
- String.valueOf(configEntryDN)));
- return new ConfigChangeResult(resultCode, adminActionRequired, messages);
- }
-
-
- if (needsEnabled)
- {
- try
- {
- Class providerClass = DirectoryServer.loadClass(className);
- provider = (TrustManagerProvider) providerClass.newInstance();
- }
- catch (Exception e)
- {
- if (debugEnabled())
- {
- TRACER.debugCaught(DebugLogLevel.ERROR, e);
- }
-
- int msgID = MSGID_CONFIG_TRUSTMANAGER_INVALID_CLASS;
- messages.add(getMessage(msgID, className,
- String.valueOf(configEntryDN),
- String.valueOf(e)));
resultCode = DirectoryServer.getServerErrorResultCode();
- return new ConfigChangeResult(resultCode, adminActionRequired,
- messages);
}
- try
- {
- provider.initializeTrustManagerProvider(configEntry);
- }
- catch (Exception e)
- {
- if (debugEnabled())
- {
- TRACER.debugCaught(DebugLogLevel.ERROR, e);
- }
-
- int msgID = MSGID_CONFIG_TRUSTMANAGER_INITIALIZATION_FAILED;
- messages.add(getMessage(msgID, className,
- String.valueOf(configEntryDN),
- String.valueOf(e)));
- resultCode = DirectoryServer.getServerErrorResultCode();
- return new ConfigChangeResult(resultCode, adminActionRequired,
- messages);
- }
-
-
- providers.put(configEntryDN, provider);
- DirectoryServer.registerTrustManagerProvider(configEntryDN, provider);
- return new ConfigChangeResult(resultCode, adminActionRequired, messages);
+ messages.add(ie.getMessage());
}
+ if (resultCode == ResultCode.SUCCESS)
+ {
+ providers.put(configuration.dn(), provider);
+ DirectoryServer.registerTrustManagerProvider(configuration.dn(),
+ provider);
+ }
- // If we've gotten here, then there haven't been any changes to anything
- // that we care about.
return new ConfigChangeResult(resultCode, adminActionRequired, messages);
}
/**
- * Indicates whether the configuration entry that will result from a proposed
- * add is acceptable to this add listener.
- *
- * @param configEntry The configuration entry that will result from
- * the requested add.
- * @param unacceptableReason A buffer to which this method can append a
- * human-readable message explaining why the
- * proposed entry is not acceptable.
- *
- * @return <CODE>true</CODE> if the proposed entry contains an acceptable
- * configuration, or <CODE>false</CODE> if it does not.
+ * {@inheritDoc}
*/
- public boolean configAddIsAcceptable(ConfigEntry configEntry,
- StringBuilder unacceptableReason)
+ public boolean isConfigurationDeleteAcceptable(TrustManagerCfg configuration,
+ List<String> unacceptableReasons)
{
- // Make sure that no entry already exists with the specified DN.
- DN configEntryDN = configEntry.getDN();
- if (providers.containsKey(configEntryDN))
- {
- int msgID = MSGID_CONFIG_TRUSTMANAGER_EXISTS;
- String message = getMessage(msgID, String.valueOf(configEntryDN));
- unacceptableReason.append(message);
- return false;
- }
-
-
- // Make sure that the entry has an appropriate objectclass for a trust
- // manager provider.
- if (! configEntry.hasObjectClass(OC_TRUST_MANAGER_PROVIDER))
- {
- int msgID = MSGID_CONFIG_TRUSTMANAGER_INVALID_OBJECTCLASS;
- String message = getMessage(msgID, configEntry.getDN().toString());
- unacceptableReason.append(message);
- return false;
- }
-
-
- // Make sure that the entry specifies the trust manager provider class.
- StringConfigAttribute classNameAttr;
- try
- {
- StringConfigAttribute classStub =
- new StringConfigAttribute(ATTR_TRUSTMANAGER_CLASS,
- getMessage(MSGID_CONFIG_TRUSTMANAGER_DESCRIPTION_CLASS),
- true, false, true);
- classNameAttr = (StringConfigAttribute)
- configEntry.getConfigAttribute(classStub);
-
- if (classNameAttr == null)
- {
- int msgID = MSGID_CONFIG_TRUSTMANAGER_NO_CLASS_NAME;
- String message = getMessage(msgID, configEntry.getDN().toString());
- unacceptableReason.append(message);
- return false;
- }
- }
- catch (Exception e)
- {
- if (debugEnabled())
- {
- TRACER.debugCaught(DebugLogLevel.ERROR, e);
- }
-
- int msgID = MSGID_CONFIG_TRUSTMANAGER_INVALID_CLASS_NAME;
- String message = getMessage(msgID, configEntry.getDN().toString(),
- String.valueOf(e));
- unacceptableReason.append(message);
- return false;
- }
-
- Class providerClass;
- try
- {
- providerClass = DirectoryServer.loadClass(classNameAttr.pendingValue());
- }
- catch (Exception e)
- {
- if (debugEnabled())
- {
- TRACER.debugCaught(DebugLogLevel.ERROR, e);
- }
-
- int msgID = MSGID_CONFIG_TRUSTMANAGER_INVALID_CLASS_NAME;
- String message = getMessage(msgID, configEntry.getDN().toString(),
- String.valueOf(e));
- unacceptableReason.append(message);
- return false;
- }
-
- TrustManagerProvider provider;
- try
- {
- provider = (TrustManagerProvider) providerClass.newInstance();
- }
- catch (Exception e)
- {
- if (debugEnabled())
- {
- TRACER.debugCaught(DebugLogLevel.ERROR, e);
- }
-
- int msgID = MSGID_CONFIG_TRUSTMANAGER_INVALID_CLASS;
- String message = getMessage(msgID, providerClass.getName(),
- String.valueOf(configEntryDN),
- String.valueOf(e));
- unacceptableReason.append(message);
- return false;
- }
-
-
- // See if this provider should be enabled.
- BooleanConfigAttribute enabledAttr;
- try
- {
- BooleanConfigAttribute enabledStub =
- new BooleanConfigAttribute(ATTR_TRUSTMANAGER_ENABLED,
- getMessage(MSGID_CONFIG_TRUSTMANAGER_DESCRIPTION_ENABLED),
- false);
- enabledAttr = (BooleanConfigAttribute)
- configEntry.getConfigAttribute(enabledStub);
-
- if (enabledAttr == null)
- {
- int msgID = MSGID_CONFIG_TRUSTMANAGER_NO_ENABLED_ATTR;
- String message = getMessage(msgID, configEntry.getDN().toString());
- unacceptableReason.append(message);
- return false;
- }
- else if (! enabledAttr.pendingValue())
- {
- // The trust manager provider is not enabled, so we don't need to do any
- // further validation.
- return true;
- }
- }
- catch (Exception e)
- {
- if (debugEnabled())
- {
- TRACER.debugCaught(DebugLogLevel.ERROR, e);
- }
-
- int msgID = MSGID_CONFIG_TRUSTMANAGER_INVALID_ENABLED_VALUE;
- String message = getMessage(msgID, configEntry.getDN().toString(),
- String.valueOf(e));
- unacceptableReason.append(message);
- return false;
- }
-
-
- // If the provider is a configurable component, then make sure that its
- // configuration is valid.
- if (provider instanceof ConfigurableComponent)
- {
- ConfigurableComponent cc = (ConfigurableComponent) provider;
- LinkedList<String> errorMessages = new LinkedList<String>();
- if (! cc.hasAcceptableConfiguration(configEntry, errorMessages))
- {
- if (errorMessages.isEmpty())
- {
- int msgID = MSGID_CONFIG_TRUSTMANAGER_UNACCEPTABLE_CONFIG;
- unacceptableReason.append(getMessage(msgID,
- String.valueOf(configEntryDN)));
- }
- else
- {
- Iterator<String> iterator = errorMessages.iterator();
- unacceptableReason.append(iterator.next());
- while (iterator.hasNext())
- {
- unacceptableReason.append(" ");
- unacceptableReason.append(iterator.next());
- }
- }
-
- return false;
- }
- }
-
-
- // If we've gotten here then the provider entry appears to be acceptable.
+ // FIXME -- We should try to perform some check to determine whether the
+ // provider is in use.
return true;
}
/**
- * Attempts to apply a new configuration based on the provided added entry.
- *
- * @param configEntry The new configuration entry that contains the
- * configuration to apply.
- *
- * @return Information about the result of processing the configuration
- * change.
+ * {@inheritDoc}
*/
- public ConfigChangeResult applyConfigurationAdd(ConfigEntry configEntry)
+ public ConfigChangeResult applyConfigurationDelete(
+ TrustManagerCfg configuration)
{
- DN configEntryDN = configEntry.getDN();
ResultCode resultCode = ResultCode.SUCCESS;
boolean adminActionRequired = false;
ArrayList<String> messages = new ArrayList<String>();
+ DirectoryServer.deregisterTrustManagerProvider(configuration.dn());
- // Make sure that the entry has an appropriate objectclass for a trust
- // manager provider.
- if (! configEntry.hasObjectClass(OC_TRUST_MANAGER_PROVIDER))
- {
- int msgID = MSGID_CONFIG_TRUSTMANAGER_INVALID_OBJECTCLASS;
- messages.add(getMessage(msgID, String.valueOf(configEntryDN)));
- resultCode = ResultCode.UNWILLING_TO_PERFORM;
- return new ConfigChangeResult(resultCode, adminActionRequired, messages);
- }
-
-
- // See if this provider should be enabled or disabled.
- BooleanConfigAttribute enabledAttr;
- try
- {
- BooleanConfigAttribute enabledStub =
- new BooleanConfigAttribute(ATTR_TRUSTMANAGER_ENABLED,
- getMessage(MSGID_CONFIG_TRUSTMANAGER_DESCRIPTION_ENABLED),
- false);
- enabledAttr = (BooleanConfigAttribute)
- configEntry.getConfigAttribute(enabledStub);
-
- if (enabledAttr == null)
- {
- // The attribute doesn't exist, so it will be disabled by default.
- int msgID = MSGID_CONFIG_TRUSTMANAGER_NO_ENABLED_ATTR;
- messages.add(getMessage(msgID, String.valueOf(configEntryDN)));
- resultCode = ResultCode.SUCCESS;
- return new ConfigChangeResult(resultCode, adminActionRequired,
- messages);
- }
- else if (! enabledAttr.activeValue())
- {
- // It is explicitly configured as disabled, so we don't need to do
- // anything.
- return new ConfigChangeResult(resultCode, adminActionRequired,
- messages);
- }
- }
- catch (Exception e)
- {
- if (debugEnabled())
- {
- TRACER.debugCaught(DebugLogLevel.ERROR, e);
- }
-
- int msgID = MSGID_CONFIG_TRUSTMANAGER_INVALID_ENABLED_VALUE;
- messages.add(getMessage(msgID, String.valueOf(configEntryDN),
- String.valueOf(e)));
- resultCode = DirectoryServer.getServerErrorResultCode();
- return new ConfigChangeResult(resultCode, adminActionRequired, messages);
- }
-
-
- // Make sure that the entry specifies the provider class name.
- String className;
- try
- {
- StringConfigAttribute classStub =
- new StringConfigAttribute(ATTR_TRUSTMANAGER_CLASS,
- getMessage(MSGID_CONFIG_TRUSTMANAGER_DESCRIPTION_CLASS),
- true, false, true);
- StringConfigAttribute classNameAttr =
- (StringConfigAttribute) configEntry.getConfigAttribute(classStub);
-
- if (classNameAttr == null)
- {
- int msgID = MSGID_CONFIG_TRUSTMANAGER_NO_CLASS_NAME;
- messages.add(getMessage(msgID, String.valueOf(configEntryDN)));
- resultCode = ResultCode.OBJECTCLASS_VIOLATION;
- return new ConfigChangeResult(resultCode, adminActionRequired,
- messages);
- }
-
- className = classNameAttr.pendingValue();
- }
- catch (Exception e)
- {
- if (debugEnabled())
- {
- TRACER.debugCaught(DebugLogLevel.ERROR, e);
- }
-
- int msgID = MSGID_CONFIG_TRUSTMANAGER_INVALID_CLASS_NAME;
- messages.add(getMessage(msgID, String.valueOf(configEntryDN),
- String.valueOf(e)));
- resultCode = DirectoryServer.getServerErrorResultCode();
- return new ConfigChangeResult(resultCode, adminActionRequired, messages);
- }
-
-
- // Load and initialize the provider class, and register it with the
- // Directory Server.
- TrustManagerProvider provider;
- try
- {
- Class providerClass = DirectoryServer.loadClass(className);
- provider = (TrustManagerProvider) providerClass.newInstance();
- }
- catch (Exception e)
- {
- if (debugEnabled())
- {
- TRACER.debugCaught(DebugLogLevel.ERROR, e);
- }
-
- int msgID = MSGID_CONFIG_TRUSTMANAGER_INVALID_CLASS;
- messages.add(getMessage(msgID, className, String.valueOf(configEntryDN),
- String.valueOf(e)));
- resultCode = DirectoryServer.getServerErrorResultCode();
- return new ConfigChangeResult(resultCode, adminActionRequired, messages);
- }
-
- try
- {
- provider.initializeTrustManagerProvider(configEntry);
- }
- catch (Exception e)
- {
- if (debugEnabled())
- {
- TRACER.debugCaught(DebugLogLevel.ERROR, e);
- }
-
- int msgID = MSGID_CONFIG_TRUSTMANAGER_INITIALIZATION_FAILED;
- messages.add(getMessage(msgID, className, String.valueOf(configEntryDN),
- String.valueOf(e)));
- resultCode = DirectoryServer.getServerErrorResultCode();
- return new ConfigChangeResult(resultCode, adminActionRequired, messages);
- }
-
-
- providers.put(configEntryDN, provider);
- DirectoryServer.registerTrustManagerProvider(configEntryDN, provider);
- return new ConfigChangeResult(resultCode, adminActionRequired, messages);
- }
-
-
-
- /**
- * Indicates whether it is acceptable to remove the provided configuration
- * entry.
- *
- * @param configEntry The configuration entry that will be removed
- * from the configuration.
- * @param unacceptableReason A buffer to which this method can append a
- * human-readable message explaining why the
- * proposed delete is not acceptable.
- *
- * @return <CODE>true</CODE> if the proposed entry may be removed from the
- * configuration, or <CODE>false</CODE> if not.
- */
- public boolean configDeleteIsAcceptable(ConfigEntry configEntry,
- StringBuilder unacceptableReason)
- {
- // A delete should always be acceptable, so just return true.
- return true;
- }
-
-
-
- /**
- * Attempts to apply a new configuration based on the provided deleted entry.
- *
- * @param configEntry The new configuration entry that has been deleted.
- *
- * @return Information about the result of processing the configuration
- * change.
- */
- public ConfigChangeResult applyConfigurationDelete(ConfigEntry configEntry)
- {
- DN configEntryDN = configEntry.getDN();
- ResultCode resultCode = ResultCode.SUCCESS;
- boolean adminActionRequired = false;
-
-
- // See if the entry is registered as a trust manager provider. If so,
- // deregister it and stop the provider.
- TrustManagerProvider provider = providers.remove(configEntryDN);
+ TrustManagerProvider provider = providers.remove(configuration.dn());
if (provider != null)
{
- DirectoryServer.deregisterTrustManagerProvider(configEntryDN);
provider.finalizeTrustManagerProvider();
}
+ return new ConfigChangeResult(resultCode, adminActionRequired, messages);
+ }
- return new ConfigChangeResult(resultCode, adminActionRequired);
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public boolean isConfigurationChangeAcceptable(TrustManagerCfg configuration,
+ List<String> unacceptableReasons)
+ {
+ if (configuration.isEnabled())
+ {
+ // Get the name of the class and make sure we can instantiate it as a
+ // trust manager provider.
+ String className = configuration.getJavaImplementationClass();
+ try
+ {
+ loadProvider(className, null);
+ }
+ catch (InitializationException ie)
+ {
+ unacceptableReasons.add(ie.getMessage());
+ return false;
+ }
+ }
+
+ // If we've gotten here, then it's fine.
+ return true;
+ }
+
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public ConfigChangeResult applyConfigurationChange(
+ TrustManagerCfg configuration)
+ {
+ ResultCode resultCode = ResultCode.SUCCESS;
+ boolean adminActionRequired = false;
+ ArrayList<String> messages = new ArrayList<String>();
+
+
+ // Get the existing provider if it's already enabled.
+ TrustManagerProvider existingProvider = providers.get(configuration.dn());
+
+
+ // If the new configuration has the provider disabled, then disable it if it
+ // is enabled, or do nothing if it's already disabled.
+ if (! configuration.isEnabled())
+ {
+ if (existingProvider != null)
+ {
+ DirectoryServer.deregisterTrustManagerProvider(configuration.dn());
+
+ TrustManagerProvider provider = providers.remove(configuration.dn());
+ if (provider != null)
+ {
+ provider.finalizeTrustManagerProvider();
+ }
+ }
+
+ return new ConfigChangeResult(resultCode, adminActionRequired, messages);
+ }
+
+
+ // Get the class for the trust manager provider. If the provider is already
+ // enabled, then we shouldn't do anything with it although if the class has
+ // changed then we'll at least need to indicate that administrative action
+ // is required. If the provider is disabled, then instantiate the class and
+ // initialize and register it as a trust manager provider.
+ String className = configuration.getJavaImplementationClass();
+ if (existingProvider != null)
+ {
+ if (! className.equals(existingProvider.getClass().getName()))
+ {
+ adminActionRequired = true;
+ }
+
+ return new ConfigChangeResult(resultCode, adminActionRequired, messages);
+ }
+
+ TrustManagerProvider provider = null;
+ try
+ {
+ provider = loadProvider(className, configuration);
+ }
+ catch (InitializationException ie)
+ {
+ if (resultCode == ResultCode.SUCCESS)
+ {
+ resultCode = DirectoryServer.getServerErrorResultCode();
+ }
+
+ messages.add(ie.getMessage());
+ }
+
+ if (resultCode == ResultCode.SUCCESS)
+ {
+ providers.put(configuration.dn(), provider);
+ DirectoryServer.registerTrustManagerProvider(configuration.dn(),
+ provider);
+ }
+
+ return new ConfigChangeResult(resultCode, adminActionRequired, messages);
+ }
+
+
+
+ /**
+ * Loads the specified class, instantiates it as a trust manager provider, and
+ * optionally initializes that instance.
+ *
+ * @param className The fully-qualified name of the trust manager
+ * provider class to load, instantiate, and initialize.
+ * @param configuration The configuration to use to initialize the trust
+ * manager provider, or {@code null} if the provider
+ * should not be initialized.
+ *
+ * @return The possibly initialized trust manager provider.
+ *
+ * @throws InitializationException If a problem occurred while attempting to
+ * initialize the trust manager provider.
+ */
+ private TrustManagerProvider loadProvider(String className,
+ TrustManagerCfg configuration)
+ throws InitializationException
+ {
+ try
+ {
+ TrustManagerCfgDefn definition = TrustManagerCfgDefn.getInstance();
+ ClassPropertyDefinition propertyDefinition =
+ definition.getJavaImplementationClassPropertyDefinition();
+ Class<? extends TrustManagerProvider> providerClass =
+ propertyDefinition.loadClass(className, TrustManagerProvider.class);
+ TrustManagerProvider provider = providerClass.newInstance();
+
+ if (configuration != null)
+ {
+ Method method =
+ provider.getClass().getMethod("initializeTrustManagerProvider",
+ configuration.definition().getServerConfigurationClass());
+ method.invoke(provider, configuration);
+ }
+
+ return provider;
+ }
+ catch (Exception e)
+ {
+ int msgID = MSGID_CONFIG_TRUSTMANAGER_INITIALIZATION_FAILED;
+ String message = getMessage(msgID, className,
+ String.valueOf(configuration.dn()),
+ stackTraceToSingleLineString(e));
+ throw new InitializationException(msgID, message, e);
+ }
}
}
--
Gitblit v1.10.0