com.netegrity.sdk.policyapi
Class SmCertMap

java.lang.Object
  com.netegrity.sdk.policyapi.SmObjectImpl
      com.netegrity.sdk.policyapi.SmCertMap

All Implemented Interfaces:

SmObject, java.lang.Cloneable

public final class SmCertMap
extends SmObjectImpl

Represents a SiteMinder certificate mapping object.

This object has global scope.

Since:

SDK 2.0

Field Summary

static int	CertMapAttrType_Custom The Certificate mapping attribute type is Custom.
static int	CertMapAttrType_Exact The Certificate mapping attribute type is Exact.
static int	CertMapAttrType_Single The Certificate mapping attribute type is Single.
static int	CertMapFlags_Cache Setting this flag causes SiteMinder to use cached Certificate Revocation List (CRL) information until the date specified in the NextUpdate field in the CRL.
static int	CertMapFlags_CertRequired Setting this flag causes SiteMinder to verify that the certificate presented by the user matches the certificate stored in the user's entry in the authentication directory.
static int	CertMapFlags_CRLCheck Setting this flag causes the Policy Server to retrieve a CRL from an LDAP directory, verify the CRL, and validate that the user's certificate has not been revoked.
static int	CertMapFlags_UseDistributionPoints If the Certificate Revocation List (CRL) uses distribution points, set this flag.
static int	CertMapFlags_VerifySignature Setting this flag causes the Policy Server to check the Certificate Authority's public certificate against a signature stored in the policy database.
static int	DirType_LDAP The directory type in Certificate mapping is LDAP.
static int	DirType_ODBC The directory type in Certificate mapping is ODBC.
static int	DirType_WinNT The directory type in Certificate mapping is Windows NT.
static java.lang.String	PropCertMaps Property name to be specified in the method getGlobalObjectNames().
static java.lang.String	PropDirType The object's directory type property.
static java.lang.String	PropFlags The object's flags property.
static java.lang.String	PropIssuerDN The distinguished name of the server certificate property.
static java.lang.String	PropLDAPCaDN The distinguished name of the issuing Certificate Authority.
static java.lang.String	PropMapToLDAP The object's map to LDAP property.
static java.lang.String	PropUserDirectory The object's user directory property (searchable).

Fields inherited from class com.netegrity.sdk.policyapi.SmObjectImpl

PropObjectClassName

Fields inherited from interface com.netegrity.sdk.policyapi.SmObject

ConfigurationClassName, PropDesc, PropName, PropOid

Constructor Summary

SmCertMap()
Constructs a Certificate mapping object.

SmCertMap(java.lang.String oid)
Constructs a Certificate mapping object with the specified object identifier.

Method Summary

int	getAttrType() Gets the type of the attribute.
java.lang.String	getCADN() Gets the distinguished name of the issuing Certificate Authority.
java.lang.String	getDescription() Gets the description of the object.
int	getDirType() Gets the type of the directory.
int	getFlags() Gets the flags.
java.lang.String	getIssuerDN() Gets the distinguished name of the server certificate.
java.lang.String	getMapAttr() Gets the mapping attribute.
java.lang.String	getName() This method returns null.
SmObjId	getUserDir() Gets the user directory.
void	readProperties(java.util.Hashtable properties) Copies the object properties from the specified hashtable.
void	setAttrType(int attrType) Sets the type of the attribute.
void	setCADN(java.lang.String caDN) Sets the distinguished name of the issuing Certificate Authority.
void	setDescription(java.lang.String description) Certificate mapping objects do not have a description property.
void	setDirType(int dirType) Sets the type of the directory.
void	setFlags(int flags) Sets the flags.
void	setIssuerDN(java.lang.String issuerDN) Sets the distinguished name of the server certificate.
void	setMapAttr(java.lang.String mapAttr) Sets the mapping attribute.
void	setName(java.lang.String name) Certificate mapping object names are automatically constructed by the API.
void	setUserDir(java.lang.Object userDirectory) Sets the user directory.
java.lang.String	toString() Gets the name of the object.
void	writeProperties(java.util.Hashtable properties) Copies the object properties to the specified hashtable.

Methods inherited from class com.netegrity.sdk.policyapi.SmObjectImpl

getObjectClassname, getOid, isDomainObject, isWriteable, newObject, setObjectClassname, setOid, setOid, writeSearchProperties

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

PropCertMaps

public static final java.lang.String PropCertMaps

Property name to be specified in the method getGlobalObjectNames().

See Also:

Constant Field Values

PropIssuerDN

public static final java.lang.String PropIssuerDN

The distinguished name of the server certificate property.

See Also:

Constant Field Values

PropUserDirectory

public static final java.lang.String PropUserDirectory

The object's user directory property (searchable). You can search for certificate mapping objects based on this property.

See Also:

Constant Field Values

PropMapToLDAP

public static final java.lang.String PropMapToLDAP

The object's map to LDAP property.

See Also:

Constant Field Values

PropLDAPCaDN

public static final java.lang.String PropLDAPCaDN

The distinguished name of the issuing Certificate Authority.

See Also:

Constant Field Values

PropDirType

public static final java.lang.String PropDirType

The object's directory type property.

See Also:

Constant Field Values

PropFlags

public static final java.lang.String PropFlags

The object's flags property.

See Also:

Constant Field Values

DirType_LDAP

public static final int DirType_LDAP

The directory type in Certificate mapping is LDAP.

See Also:

Constant Field Values

DirType_WinNT

public static final int DirType_WinNT

The directory type in Certificate mapping is Windows NT.

See Also:

Constant Field Values

DirType_ODBC

public static final int DirType_ODBC

The directory type in Certificate mapping is ODBC.

See Also:

Constant Field Values

CertMapAttrType_Single

public static final int CertMapAttrType_Single

The Certificate mapping attribute type is Single.

See Also:

Constant Field Values

CertMapAttrType_Custom

public static final int CertMapAttrType_Custom

The Certificate mapping attribute type is Custom.

See Also:

Constant Field Values

CertMapAttrType_Exact

public static final int CertMapAttrType_Exact

The Certificate mapping attribute type is Exact.

See Also:

Constant Field Values

CertMapFlags_CertRequired

public static final int CertMapFlags_CertRequired

Setting this flag causes SiteMinder to verify that the certificate presented by the user matches the certificate stored in the user's entry in the authentication directory. The authentication directory must be an LDAP user directory.

See Also:

Constant Field Values

CertMapFlags_UseDistributionPoints

public static final int CertMapFlags_UseDistributionPoints

If the Certificate Revocation List (CRL) uses distribution points, set this flag. This flag causes SiteMinder to retrieve the distribution point from a user's certificate. SiteMinder then uses the distribution point to find the appropriate LDAP directory entry point for the CRL. If you set this flag, you must also set CertMapFlags_CRLCheck.

See Also:

Constant Field Values

CertMapFlags_VerifySignature

public static final int CertMapFlags_VerifySignature

Setting this flag causes the Policy Server to check the Certificate Authority's public certificate against a signature stored in the policy database. If you set this flag, you must also set CertMapFlags_CRLCheck.

See Also:

Constant Field Values

CertMapFlags_CRLCheck

public static final int CertMapFlags_CRLCheck

Setting this flag causes the Policy Server to retrieve a CRL from an LDAP directory, verify the CRL, and validate that the user's certificate has not been revoked.

See Also:

Constant Field Values

CertMapFlags_Cache

public static final int CertMapFlags_Cache

Setting this flag causes SiteMinder to use cached Certificate Revocation List (CRL) information until the date specified in the NextUpdate field in the CRL. If you set this flag, you must also set CertMapFlags_CRLCheck.

See Also:

Constant Field Values

Constructor Detail

SmCertMap

public SmCertMap()

Constructs a Certificate mapping object.

SmCertMap

public SmCertMap(java.lang.String oid)

Constructs a Certificate mapping object with the specified object identifier.

Parameters:

oid - Object identifier of the Certificate mapping object.

Method Detail

getName

public java.lang.String getName()

This method returns null. Use toString() to get the constructed name of certificate mapping object.

Specified by:

getName in interface SmObject

Overrides:

getName in class SmObjectImpl

Returns:

null.

toString

public java.lang.String toString()

Gets the name of the object. The API automatically constructs the name of the certificate mapping object. Names have the following format:

directoryTypeName + issuerDN

Specified by:

toString in interface SmObject

Overrides:

toString in class SmObjectImpl

Returns:

The name of the object or null if invalid directory type.

setName

public void setName(java.lang.String name)

Certificate mapping object names are automatically constructed by the API. Do not call this method.

See getName() for more information.

Specified by:

setName in interface SmObject

Overrides:

setName in class SmObjectImpl

Parameters:

name - The name of the object.

setDescription

public void setDescription(java.lang.String description)

Certificate mapping objects do not have a description property. Calling this method sets the description of the object to null.

Specified by:

setDescription in interface SmObject

Overrides:

setDescription in class SmObjectImpl

Parameters:

description - The description of the object.

getDescription

public java.lang.String getDescription()

Gets the description of the object.

Specified by:

getDescription in interface SmObject

Overrides:

getDescription in class SmObjectImpl

Returns:

null

setUserDir

public void setUserDir(java.lang.Object userDirectory)

Sets the user directory.

Parameters:

userDirectory - The user directory.

getUserDir

public SmObjId getUserDir()

Gets the user directory.

Returns:

The user directory.

setIssuerDN

public void setIssuerDN(java.lang.String issuerDN)

Sets the distinguished name of the server certificate.

Parameters:

issuerDN - The distinguished name of the server certificate.

getIssuerDN

public java.lang.String getIssuerDN()

Gets the distinguished name of the server certificate.

Returns:

The distinguished name of the server certificate.

setCADN

public void setCADN(java.lang.String caDN)

Sets the distinguished name of the issuing Certificate Authority.

Parameters:

caDN - The distinguished name of the issuing Certificate Authority.

getCADN

public java.lang.String getCADN()

Gets the distinguished name of the issuing Certificate Authority.

Returns:

The distinguished name of the issuing Certificate Authority.

setFlags

public void setFlags(int flags)

Sets the flags.

Parameters:

flags - The flags.

getFlags

public int getFlags()

Gets the flags.

Returns:

The flags.

setAttrType

public void setAttrType(int attrType)

Sets the type of the attribute.

Parameters:

attrType - The type of the attribute.

getAttrType

public int getAttrType()

Gets the type of the attribute.

Returns:

The type of the attribute.

setMapAttr

public void setMapAttr(java.lang.String mapAttr)

Sets the mapping attribute. The mapping attribute is set as follows:

• Single Attribute Mapping
  With single attribute mapping, the format of the attribute is:
  %{attribute_name}
  In this format, attribute_name is the name of the attribute used for matching the following items:
  • A single attribute from the subject distinguished name of a user's certificate
  • A single attribute stored in the user directory for the purpose of verifying the user's identity
    
• Custom Mapping
  Custom mapping expressions let you perform complex multiple attribute mapping. To establish a certificate mapping, you specify multiple user attributes to be extracted from a user distinguished name.

The syntax for a custom mapping expression is a parsing specification designed to enable full mapping flexibility. It indicates which information to take from the certificate and where in the user directory the information should be applied. The basic syntax is as follows:
UserAttribute=%{CertificateAttribute},UserAttribute2=%{CertificateAttribute}

Parameters:

mapAttr - The mapping attribute.

getMapAttr

public java.lang.String getMapAttr()

Gets the mapping attribute.

Returns:

The mapping attribute.

setDirType

public void setDirType(int dirType)

Sets the type of the directory. One of the following values can be used.

 DirType_LDAP  = 1
 DirType_WinNT = 2
 DirType_ODBC  = 3
 

Parameters:

dirType - The type of the directory.

getDirType

public int getDirType()

Gets the type of the directory.

Directory type is as follows:

 DirType_LDAP  = 1
 DirType_WinNT = 2
 DirType_ODBC  = 3
 

Returns:

The type of the directory.

writeProperties

public void writeProperties(java.util.Hashtable properties)

Description copied from interface: SmObject

Copies the object properties to the specified hashtable.

Specified by:

writeProperties in interface SmObject

Overrides:

writeProperties in class SmObjectImpl

Parameters:

properties - The hashtable where the object properties will be copied.

readProperties

public void readProperties(java.util.Hashtable properties)

Description copied from interface: SmObject

Copies the object properties from the specified hashtable.

Specified by:

readProperties in interface SmObject

Overrides:

readProperties in class SmObjectImpl

Parameters:

properties - The new properties of the object.