1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.syncope.common.lib.auth;
20
21 import java.io.Serializable;
22 import java.util.ArrayList;
23 import java.util.List;
24 import java.util.Map;
25 import java.util.concurrent.TimeUnit;
26 import org.apache.syncope.common.lib.AbstractLDAPConf;
27 import org.apache.syncope.common.lib.to.AuthModuleTO;
28 import org.apache.syncope.common.lib.types.X509PolicySetting;
29 import org.apache.syncope.common.lib.types.X509PrincipalType;
30 import org.apache.syncope.common.lib.types.X509RevocationCheckerType;
31 import org.apache.syncope.common.lib.types.X509RevocationFetcherType;
32 import org.apache.syncope.common.lib.types.X509SubjectDnFormat;
33
34 public class X509AuthModuleConf implements AuthModuleConf {
35
36 private static final long serialVersionUID = 1915254775199296906L;
37
38 public static class LDAP extends AbstractLDAPConf implements Serializable {
39
40 private static final long serialVersionUID = -7274446267090678730L;
41
42
43
44
45 private String certificateAttribute = "certificateRevocationList";
46
47 public String getCertificateAttribute() {
48 return certificateAttribute;
49 }
50
51 public void setCertificateAttribute(final String certificateAttribute) {
52 this.certificateAttribute = certificateAttribute;
53 }
54 }
55
56
57
58
59 private String name;
60
61
62
63
64 private int order = Integer.MAX_VALUE;
65
66
67
68
69 private int revocationPolicyThreshold = 172_800;
70
71
72
73
74 private boolean checkAll;
75
76
77
78
79
80 private int refreshIntervalSeconds = 3_600;
81
82
83
84
85
86 private boolean throwOnFetchFailure;
87
88 private X509PrincipalType principalType = X509PrincipalType.SUBJECT_DN;
89
90
91
92
93 private String principalAlternateAttribute;
94
95
96
97
98 private X509SubjectDnFormat principalTypeSubjectDnFormat = X509SubjectDnFormat.DEFAULT;
99
100
101
102
103
104 private String principalTypeSerialNoDnSerialNumberPrefix = "SERIALNUMBER=";
105
106
107
108
109
110 private String principalTypeSerialNoDnValueDelimiter = ", ";
111
112
113
114
115
116 private int principalTypeSerialNoSNRadix;
117
118
119
120
121
122 private boolean principalTypeSerialNoHexSNZeroPadding;
123
124
125
126
127 private X509RevocationCheckerType revocationChecker = X509RevocationCheckerType.NONE;
128
129
130
131
132 private X509RevocationFetcherType crlFetcher = X509RevocationFetcherType.RESOURCE;
133
134
135
136
137 private final List<String> crlResources = new ArrayList<>(0);
138
139
140
141
142 private int cacheMaxElementsInMemory = 1_000;
143
144
145
146
147 private boolean cacheDiskOverflow;
148
149
150
151
152 private String cacheDiskSize = "100MB";
153
154
155
156
157 private boolean cacheEternal;
158
159
160
161
162
163
164 private boolean mixedMode = true;
165
166
167
168
169 private long cacheTimeToLiveSeconds = TimeUnit.HOURS.toSeconds(4);
170
171
172
173
174 private X509PolicySetting crlResourceUnavailablePolicy = X509PolicySetting.DENY;
175
176
177
178
179
180 private X509PolicySetting crlResourceExpiredPolicy = X509PolicySetting.DENY;
181
182
183
184
185
186 private X509PolicySetting crlUnavailablePolicy = X509PolicySetting.DENY;
187
188
189
190
191
192 private X509PolicySetting crlExpiredPolicy = X509PolicySetting.DENY;
193
194
195
196
197 private String regExTrustedIssuerDnPattern;
198
199
200
201
202
203 private int maxPathLength = 1;
204
205
206
207
208
209 private boolean maxPathLengthAllowUnspecified = false;
210
211
212
213
214 private boolean checkKeyUsage = false;
215
216
217
218
219
220 private boolean requireKeyUsage = false;
221
222
223
224
225 private String regExSubjectDnPattern = ".+";
226
227
228
229
230
231
232
233
234 private boolean extractCert;
235
236
237
238
239 private String sslHeaderName = "ssl_client_cert";
240
241 private LDAP ldap;
242
243 public String getName() {
244 return name;
245 }
246
247 public void setName(final String name) {
248 this.name = name;
249 }
250
251 public int getOrder() {
252 return order;
253 }
254
255 public void setOrder(final int order) {
256 this.order = order;
257 }
258
259 public int getRevocationPolicyThreshold() {
260 return revocationPolicyThreshold;
261 }
262
263 public void setRevocationPolicyThreshold(final int revocationPolicyThreshold) {
264 this.revocationPolicyThreshold = revocationPolicyThreshold;
265 }
266
267 public boolean isCheckAll() {
268 return checkAll;
269 }
270
271 public void setCheckAll(final boolean checkAll) {
272 this.checkAll = checkAll;
273 }
274
275 public int getRefreshIntervalSeconds() {
276 return refreshIntervalSeconds;
277 }
278
279 public void setRefreshIntervalSeconds(final int refreshIntervalSeconds) {
280 this.refreshIntervalSeconds = refreshIntervalSeconds;
281 }
282
283 public boolean isThrowOnFetchFailure() {
284 return throwOnFetchFailure;
285 }
286
287 public void setThrowOnFetchFailure(final boolean throwOnFetchFailure) {
288 this.throwOnFetchFailure = throwOnFetchFailure;
289 }
290
291 public X509PrincipalType getPrincipalType() {
292 return principalType;
293 }
294
295 public void setPrincipalType(final X509PrincipalType principalType) {
296 this.principalType = principalType;
297 }
298
299 public String getPrincipalAlternateAttribute() {
300 return principalAlternateAttribute;
301 }
302
303 public void setPrincipalAlternateAttribute(final String principalAlternateAttribute) {
304 this.principalAlternateAttribute = principalAlternateAttribute;
305 }
306
307 public X509SubjectDnFormat getPrincipalTypeSubjectDnFormat() {
308 return principalTypeSubjectDnFormat;
309 }
310
311 public void setPrincipalTypeSubjectDnFormat(final X509SubjectDnFormat principalTypeSubjectDnFormat) {
312 this.principalTypeSubjectDnFormat = principalTypeSubjectDnFormat;
313 }
314
315 public String getPrincipalTypeSerialNoDnSerialNumberPrefix() {
316 return principalTypeSerialNoDnSerialNumberPrefix;
317 }
318
319 public void setPrincipalTypeSerialNoDnSerialNumberPrefix(final String principalTypeSerialNoDnSerialNumberPrefix) {
320 this.principalTypeSerialNoDnSerialNumberPrefix = principalTypeSerialNoDnSerialNumberPrefix;
321 }
322
323 public String getPrincipalTypeSerialNoDnValueDelimiter() {
324 return principalTypeSerialNoDnValueDelimiter;
325 }
326
327 public void setPrincipalTypeSerialNoDnValueDelimiter(final String principalTypeSerialNoDnValueDelimiter) {
328 this.principalTypeSerialNoDnValueDelimiter = principalTypeSerialNoDnValueDelimiter;
329 }
330
331 public int getPrincipalTypeSerialNoSNRadix() {
332 return principalTypeSerialNoSNRadix;
333 }
334
335 public void setPrincipalTypeSerialNoSNRadix(final int principalTypeSerialNoSNRadix) {
336 this.principalTypeSerialNoSNRadix = principalTypeSerialNoSNRadix;
337 }
338
339 public boolean isPrincipalTypeSerialNoHexSNZeroPadding() {
340 return principalTypeSerialNoHexSNZeroPadding;
341 }
342
343 public void setPrincipalTypeSerialNoHexSNZeroPadding(final boolean principalTypeSerialNoHexSNZeroPadding) {
344 this.principalTypeSerialNoHexSNZeroPadding = principalTypeSerialNoHexSNZeroPadding;
345 }
346
347 public X509RevocationCheckerType getRevocationChecker() {
348 return revocationChecker;
349 }
350
351 public void setRevocationChecker(final X509RevocationCheckerType revocationChecker) {
352 this.revocationChecker = revocationChecker;
353 }
354
355 public X509RevocationFetcherType getCrlFetcher() {
356 return crlFetcher;
357 }
358
359 public void setCrlFetcher(final X509RevocationFetcherType crlFetcher) {
360 this.crlFetcher = crlFetcher;
361 }
362
363 public int getCacheMaxElementsInMemory() {
364 return cacheMaxElementsInMemory;
365 }
366
367 public void setCacheMaxElementsInMemory(final int cacheMaxElementsInMemory) {
368 this.cacheMaxElementsInMemory = cacheMaxElementsInMemory;
369 }
370
371 public boolean isCacheDiskOverflow() {
372 return cacheDiskOverflow;
373 }
374
375 public void setCacheDiskOverflow(final boolean cacheDiskOverflow) {
376 this.cacheDiskOverflow = cacheDiskOverflow;
377 }
378
379 public String getCacheDiskSize() {
380 return cacheDiskSize;
381 }
382
383 public void setCacheDiskSize(final String cacheDiskSize) {
384 this.cacheDiskSize = cacheDiskSize;
385 }
386
387 public boolean isCacheEternal() {
388 return cacheEternal;
389 }
390
391 public void setCacheEternal(final boolean cacheEternal) {
392 this.cacheEternal = cacheEternal;
393 }
394
395 public boolean isMixedMode() {
396 return mixedMode;
397 }
398
399 public void setMixedMode(final boolean mixedMode) {
400 this.mixedMode = mixedMode;
401 }
402
403 public long getCacheTimeToLiveSeconds() {
404 return cacheTimeToLiveSeconds;
405 }
406
407 public void setCacheTimeToLiveSeconds(final long cacheTimeToLiveSeconds) {
408 this.cacheTimeToLiveSeconds = cacheTimeToLiveSeconds;
409 }
410
411 public X509PolicySetting getCrlResourceUnavailablePolicy() {
412 return crlResourceUnavailablePolicy;
413 }
414
415 public void setCrlResourceUnavailablePolicy(final X509PolicySetting crlResourceUnavailablePolicy) {
416 this.crlResourceUnavailablePolicy = crlResourceUnavailablePolicy;
417 }
418
419 public X509PolicySetting getCrlResourceExpiredPolicy() {
420 return crlResourceExpiredPolicy;
421 }
422
423 public void setCrlResourceExpiredPolicy(final X509PolicySetting crlResourceExpiredPolicy) {
424 this.crlResourceExpiredPolicy = crlResourceExpiredPolicy;
425 }
426
427 public X509PolicySetting getCrlUnavailablePolicy() {
428 return crlUnavailablePolicy;
429 }
430
431 public void setCrlUnavailablePolicy(final X509PolicySetting crlUnavailablePolicy) {
432 this.crlUnavailablePolicy = crlUnavailablePolicy;
433 }
434
435 public X509PolicySetting getCrlExpiredPolicy() {
436 return crlExpiredPolicy;
437 }
438
439 public void setCrlExpiredPolicy(final X509PolicySetting crlExpiredPolicy) {
440 this.crlExpiredPolicy = crlExpiredPolicy;
441 }
442
443 public List<String> getCrlResources() {
444 return crlResources;
445 }
446
447 public String getRegExTrustedIssuerDnPattern() {
448 return regExTrustedIssuerDnPattern;
449 }
450
451 public void setRegExTrustedIssuerDnPattern(final String regExTrustedIssuerDnPattern) {
452 this.regExTrustedIssuerDnPattern = regExTrustedIssuerDnPattern;
453 }
454
455 public int getMaxPathLength() {
456 return maxPathLength;
457 }
458
459 public void setMaxPathLength(final int maxPathLength) {
460 this.maxPathLength = maxPathLength;
461 }
462
463 public boolean isMaxPathLengthAllowUnspecified() {
464 return maxPathLengthAllowUnspecified;
465 }
466
467 public void setMaxPathLengthAllowUnspecified(final boolean maxPathLengthAllowUnspecified) {
468 this.maxPathLengthAllowUnspecified = maxPathLengthAllowUnspecified;
469 }
470
471 public boolean isCheckKeyUsage() {
472 return checkKeyUsage;
473 }
474
475 public void setCheckKeyUsage(final boolean checkKeyUsage) {
476 this.checkKeyUsage = checkKeyUsage;
477 }
478
479 public boolean isRequireKeyUsage() {
480 return requireKeyUsage;
481 }
482
483 public void setRequireKeyUsage(final boolean requireKeyUsage) {
484 this.requireKeyUsage = requireKeyUsage;
485 }
486
487 public String getRegExSubjectDnPattern() {
488 return regExSubjectDnPattern;
489 }
490
491 public void setRegExSubjectDnPattern(final String regExSubjectDnPattern) {
492 this.regExSubjectDnPattern = regExSubjectDnPattern;
493 }
494
495 public boolean isExtractCert() {
496 return extractCert;
497 }
498
499 public void setExtractCert(final boolean extractCert) {
500 this.extractCert = extractCert;
501 }
502
503 public String getSslHeaderName() {
504 return sslHeaderName;
505 }
506
507 public void setSslHeaderName(final String sslHeaderName) {
508 this.sslHeaderName = sslHeaderName;
509 }
510
511 public LDAP getLdap() {
512 return ldap;
513 }
514
515 public void setLdap(final LDAP ldap) {
516 this.ldap = ldap;
517 }
518
519 @Override
520 public Map<String, Object> map(final AuthModuleTO authModule, final Mapper mapper) {
521 return mapper.map(authModule, this);
522 }
523 }