common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/X509AuthModuleConf.java - syncope - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.syncope.common.lib.auth;

 import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
 import org.apache.syncope.common.lib.AbstractLDAPConf;
 import org.apache.syncope.common.lib.to.AuthModuleTO;
 import org.apache.syncope.common.lib.types.X509PolicySetting;
 import org.apache.syncope.common.lib.types.X509PrincipalType;
 import org.apache.syncope.common.lib.types.X509RevocationCheckerType;
 import org.apache.syncope.common.lib.types.X509RevocationFetcherType;
 import org.apache.syncope.common.lib.types.X509SubjectDnFormat;

 public class X509AuthModuleConf implements LDAPDependantAuthModuleConf {

     private static final long serialVersionUID = 1915254775199296906L;

     public static class LDAP extends AbstractLDAPConf implements Serializable {

         private static final long serialVersionUID = -7274446267090678730L;

         /**
          * The LDAP attribute that holds the certificate revocation list.
          */
         private String certificateAttribute = "certificateRevocationList";

         public String getCertificateAttribute() {
             return certificateAttribute;
         }

         public void setCertificateAttribute(final String certificateAttribute) {
             this.certificateAttribute = certificateAttribute;
         }
     }

     /**
      * The authentication handler name.
      */
     private String name;

     /**
      * The order of the authentication handler in the chain.
      */
     private int order = Integer.MAX_VALUE;

     /**
      * Threshold value if expired CRL revocation policy is to be handled via threshold.
      */
     private int revocationPolicyThreshold = 172_800;

     /**
      * Whether revocation checking should check all resources, or stop at first one.
      */
     private boolean checkAll;

     /**
      * The refresh interval of the internal scheduler in cases where CRL revocation checking
      * is done via resources.
      */
     private int refreshIntervalSeconds = 3_600;

     /**
      * When CRL revocation checking is done via distribution points,
      * decide if fetch failures should throw errors.
      */
     private boolean throwOnFetchFailure;

     private X509PrincipalType principalType = X509PrincipalType.SUBJECT_DN;

     /**
      * Relevant for {@code CN_EDIPI}, {@code RFC822_EMAIL}, {@code SUBJECT}, {@code SUBJECT_ALT_NAME} principal types.
      */
     private String principalAlternateAttribute;

     /**
      * Relevant for {@code SUBJECT_DN} principal type.
      */
     private X509SubjectDnFormat principalTypeSubjectDnFormat = X509SubjectDnFormat.DEFAULT;

     /**
      * Relevant for {@code SERIAL_NO_DN} principal type.
      * The serial number prefix used for principal resolution.
      */
     private String principalTypeSerialNoDnSerialNumberPrefix = "SERIALNUMBER=";

     /**
      * Relevant for {@code SERIAL_NO_DN} principal type.
      * Value delimiter used for principal resolution.
      */
     private String principalTypeSerialNoDnValueDelimiter = ", ";

     /**
      * Relevant for {@code SERIAL_NO} principal type.
      * Radix used.
      */
     private int principalTypeSerialNoSNRadix;

     /**
      * Relevant for {@code SERIAL_NO} principal type.
      * If radix hex padding should be used.
      */
     private boolean principalTypeSerialNoHexSNZeroPadding;

     /**
      * Revocation certificate checking is carried out according to this setting.
      */
     private X509RevocationCheckerType revocationChecker = X509RevocationCheckerType.NONE;

     /**
      * Options to describe how to fetch CRL resources.
      */
     private X509RevocationFetcherType crlFetcher = X509RevocationFetcherType.RESOURCE;

     /**
      * List of CRL resources to use for fetching.
      */
     private final List<String> crlResources = new ArrayList<>(0);

     /**
      * When CRLs are cached, indicate maximum number of elements kept in memory.
      */
     private int cacheMaxElementsInMemory = 1_000;

     /**
      * Determine whether X509 authentication should allow other forms of authentication such as username/password.
      * If this setting is turned off, typically the ability to view the login form as the primary form of
      * authentication is turned off.
      */
     private boolean mixedMode = true;

     /**
      * When CRLs are cached, indicate the time-to-live of cache items.
      */
     private String cacheTimeToLiveSeconds = "PT4H";

     /**
      * If the CRL resource is unavailable, activate the this policy.
      */
     private X509PolicySetting crlResourceUnavailablePolicy = X509PolicySetting.DENY;

     /**
      * If the CRL resource has expired, activate the this policy.
      * Activated if {@link #revocationChecker} is {@code RESOURCE}.
      */
     private X509PolicySetting crlResourceExpiredPolicy = X509PolicySetting.DENY;

     /**
      * If the CRL is unavailable, activate the this policy.
      * Activated if {@link #revocationChecker} is {@code CRL}.
      */
     private X509PolicySetting crlUnavailablePolicy = X509PolicySetting.DENY;

     /**
      * If the CRL has expired, activate the this policy.
      * Activated if {@link #revocationChecker} is {@code CRL}.
      */
     private X509PolicySetting crlExpiredPolicy = X509PolicySetting.DENY;

     /**
      * The compiled pattern supplied by the deployer.
      */
     private String regExTrustedIssuerDnPattern;

     /**
      * Deployer supplied setting for maximum pathLength in a SUPPLIED
      * certificate.
      */
     private int maxPathLength = 1;

     /**
      * Deployer supplied setting to allow unlimited pathLength in a SUPPLIED
      * certificate.
      */
     private boolean maxPathLengthAllowUnspecified = false;

     /**
      * Deployer supplied setting to check the KeyUsage extension.
      */
     private boolean checkKeyUsage = false;

     /**
      * Deployer supplied setting to force require the correct KeyUsage
      * extension.
      */
     private boolean requireKeyUsage = false;

     /**
      * The pattern that authorizes an acceptable certificate by its subject dn.
      */
     private String regExSubjectDnPattern = ".+";

     /**
      * Whether to extract certificate from request.
      * The default implementation extracts certificate from header via Tomcat SSLValve parsing logic
      * and using the {@link #sslHeaderName} header.
      * Must be false by default because if someone enables it they need to make sure they are
      * behind proxy that won't let the header arrive directly from the browser.
      */
     private boolean extractCert;

     /**
      * The name of the header to consult for an X509 cert (e.g. when behind proxy).
      */
     private String sslHeaderName = "ssl_client_cert";

     private LDAP ldap;

     @Override
     public AbstractLDAPConf ldapInstance() {
         return new X509AuthModuleConf.LDAP();
     }

     public String getName() {
         return name;
     }

     public void setName(final String name) {
         this.name = name;
     }

     public int getOrder() {
         return order;
     }

     public void setOrder(final int order) {
         this.order = order;
     }

     public int getRevocationPolicyThreshold() {
         return revocationPolicyThreshold;
     }

     public void setRevocationPolicyThreshold(final int revocationPolicyThreshold) {
         this.revocationPolicyThreshold = revocationPolicyThreshold;
     }

     public boolean isCheckAll() {
         return checkAll;
     }

     public void setCheckAll(final boolean checkAll) {
         this.checkAll = checkAll;
     }

     public int getRefreshIntervalSeconds() {
         return refreshIntervalSeconds;
     }

     public void setRefreshIntervalSeconds(final int refreshIntervalSeconds) {
         this.refreshIntervalSeconds = refreshIntervalSeconds;
     }

     public boolean isThrowOnFetchFailure() {
         return throwOnFetchFailure;
     }

     public void setThrowOnFetchFailure(final boolean throwOnFetchFailure) {
         this.throwOnFetchFailure = throwOnFetchFailure;
     }

     public X509PrincipalType getPrincipalType() {
         return principalType;
     }

     public void setPrincipalType(final X509PrincipalType principalType) {
         this.principalType = principalType;
     }

     public String getPrincipalAlternateAttribute() {
         return principalAlternateAttribute;
     }

     public void setPrincipalAlternateAttribute(final String principalAlternateAttribute) {
         this.principalAlternateAttribute = principalAlternateAttribute;
     }

     public X509SubjectDnFormat getPrincipalTypeSubjectDnFormat() {
         return principalTypeSubjectDnFormat;
     }

     public void setPrincipalTypeSubjectDnFormat(final X509SubjectDnFormat principalTypeSubjectDnFormat) {
         this.principalTypeSubjectDnFormat = principalTypeSubjectDnFormat;
     }

     public String getPrincipalTypeSerialNoDnSerialNumberPrefix() {
         return principalTypeSerialNoDnSerialNumberPrefix;
     }

     public void setPrincipalTypeSerialNoDnSerialNumberPrefix(final String principalTypeSerialNoDnSerialNumberPrefix) {
         this.principalTypeSerialNoDnSerialNumberPrefix = principalTypeSerialNoDnSerialNumberPrefix;
     }

     public String getPrincipalTypeSerialNoDnValueDelimiter() {
         return principalTypeSerialNoDnValueDelimiter;
     }

     public void setPrincipalTypeSerialNoDnValueDelimiter(final String principalTypeSerialNoDnValueDelimiter) {
         this.principalTypeSerialNoDnValueDelimiter = principalTypeSerialNoDnValueDelimiter;
     }

     public int getPrincipalTypeSerialNoSNRadix() {
         return principalTypeSerialNoSNRadix;
     }

     public void setPrincipalTypeSerialNoSNRadix(final int principalTypeSerialNoSNRadix) {
         this.principalTypeSerialNoSNRadix = principalTypeSerialNoSNRadix;
     }

     public boolean isPrincipalTypeSerialNoHexSNZeroPadding() {
         return principalTypeSerialNoHexSNZeroPadding;
     }

     public void setPrincipalTypeSerialNoHexSNZeroPadding(final boolean principalTypeSerialNoHexSNZeroPadding) {
         this.principalTypeSerialNoHexSNZeroPadding = principalTypeSerialNoHexSNZeroPadding;
     }

     public X509RevocationCheckerType getRevocationChecker() {
         return revocationChecker;
     }

     public void setRevocationChecker(final X509RevocationCheckerType revocationChecker) {
         this.revocationChecker = revocationChecker;
     }

     public X509RevocationFetcherType getCrlFetcher() {
         return crlFetcher;
     }

     public void setCrlFetcher(final X509RevocationFetcherType crlFetcher) {
         this.crlFetcher = crlFetcher;
     }

     public int getCacheMaxElementsInMemory() {
         return cacheMaxElementsInMemory;
     }

     public void setCacheMaxElementsInMemory(final int cacheMaxElementsInMemory) {
         this.cacheMaxElementsInMemory = cacheMaxElementsInMemory;
     }

     public boolean isMixedMode() {
         return mixedMode;
     }

     public void setMixedMode(final boolean mixedMode) {
         this.mixedMode = mixedMode;
     }

     public String getCacheTimeToLiveSeconds() {
         return cacheTimeToLiveSeconds;
     }

     public void setCacheTimeToLiveSeconds(final String cacheTimeToLiveSeconds) {
         this.cacheTimeToLiveSeconds = cacheTimeToLiveSeconds;
     }

     public X509PolicySetting getCrlResourceUnavailablePolicy() {
         return crlResourceUnavailablePolicy;
     }

     public void setCrlResourceUnavailablePolicy(final X509PolicySetting crlResourceUnavailablePolicy) {
         this.crlResourceUnavailablePolicy = crlResourceUnavailablePolicy;
     }

     public X509PolicySetting getCrlResourceExpiredPolicy() {
         return crlResourceExpiredPolicy;
     }

     public void setCrlResourceExpiredPolicy(final X509PolicySetting crlResourceExpiredPolicy) {
         this.crlResourceExpiredPolicy = crlResourceExpiredPolicy;
     }

     public X509PolicySetting getCrlUnavailablePolicy() {
         return crlUnavailablePolicy;
     }

     public void setCrlUnavailablePolicy(final X509PolicySetting crlUnavailablePolicy) {
         this.crlUnavailablePolicy = crlUnavailablePolicy;
     }

     public X509PolicySetting getCrlExpiredPolicy() {
         return crlExpiredPolicy;
     }

     public void setCrlExpiredPolicy(final X509PolicySetting crlExpiredPolicy) {
         this.crlExpiredPolicy = crlExpiredPolicy;
     }

     public List<String> getCrlResources() {
         return crlResources;
     }

     public String getRegExTrustedIssuerDnPattern() {
         return regExTrustedIssuerDnPattern;
     }

     public void setRegExTrustedIssuerDnPattern(final String regExTrustedIssuerDnPattern) {
         this.regExTrustedIssuerDnPattern = regExTrustedIssuerDnPattern;
     }

     public int getMaxPathLength() {
         return maxPathLength;
     }

     public void setMaxPathLength(final int maxPathLength) {
         this.maxPathLength = maxPathLength;
     }

     public boolean isMaxPathLengthAllowUnspecified() {
         return maxPathLengthAllowUnspecified;
     }

     public void setMaxPathLengthAllowUnspecified(final boolean maxPathLengthAllowUnspecified) {
         this.maxPathLengthAllowUnspecified = maxPathLengthAllowUnspecified;
     }

     public boolean isCheckKeyUsage() {
         return checkKeyUsage;
     }

     public void setCheckKeyUsage(final boolean checkKeyUsage) {
         this.checkKeyUsage = checkKeyUsage;
     }

     public boolean isRequireKeyUsage() {
         return requireKeyUsage;
     }

     public void setRequireKeyUsage(final boolean requireKeyUsage) {
         this.requireKeyUsage = requireKeyUsage;
     }

     public String getRegExSubjectDnPattern() {
         return regExSubjectDnPattern;
     }

     public void setRegExSubjectDnPattern(final String regExSubjectDnPattern) {
         this.regExSubjectDnPattern = regExSubjectDnPattern;
     }

     public boolean isExtractCert() {
         return extractCert;
     }

     public void setExtractCert(final boolean extractCert) {
         this.extractCert = extractCert;
     }

     public String getSslHeaderName() {
         return sslHeaderName;
     }

     public void setSslHeaderName(final String sslHeaderName) {
         this.sslHeaderName = sslHeaderName;
     }

     public LDAP getLdap() {
         return ldap;
     }

     public void setLdap(final LDAP ldap) {
         this.ldap = ldap;
     }

     @Override
     public Map<String, Object> map(final AuthModuleTO authModule, final Mapper mapper) {
         return mapper.map(authModule, this);
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package org.apache.syncope.common.lib.auth;

	import java.io.Serializable;
	import java.util.ArrayList;
	import java.util.List;
	import java.util.Map;
	import org.apache.syncope.common.lib.AbstractLDAPConf;
	import org.apache.syncope.common.lib.to.AuthModuleTO;
	import org.apache.syncope.common.lib.types.X509PolicySetting;
	import org.apache.syncope.common.lib.types.X509PrincipalType;
	import org.apache.syncope.common.lib.types.X509RevocationCheckerType;
	import org.apache.syncope.common.lib.types.X509RevocationFetcherType;
	import org.apache.syncope.common.lib.types.X509SubjectDnFormat;

	public class X509AuthModuleConf implements LDAPDependantAuthModuleConf {

	private static final long serialVersionUID = 1915254775199296906L;

	public static class LDAP extends AbstractLDAPConf implements Serializable {

	private static final long serialVersionUID = -7274446267090678730L;

	/**
	* The LDAP attribute that holds the certificate revocation list.
	*/
	private String certificateAttribute = "certificateRevocationList";

	public String getCertificateAttribute() {
	return certificateAttribute;
	}

	public void setCertificateAttribute(final String certificateAttribute) {
	this.certificateAttribute = certificateAttribute;
	}
	}

	/**
	* The authentication handler name.
	*/
	private String name;

	/**
	* The order of the authentication handler in the chain.
	*/
	private int order = Integer.MAX_VALUE;

	/**
	* Threshold value if expired CRL revocation policy is to be handled via threshold.
	*/
	private int revocationPolicyThreshold = 172_800;

	/**
	* Whether revocation checking should check all resources, or stop at first one.
	*/
	private boolean checkAll;

	/**
	* The refresh interval of the internal scheduler in cases where CRL revocation checking
	* is done via resources.
	*/
	private int refreshIntervalSeconds = 3_600;

	/**
	* When CRL revocation checking is done via distribution points,
	* decide if fetch failures should throw errors.
	*/
	private boolean throwOnFetchFailure;

	private X509PrincipalType principalType = X509PrincipalType.SUBJECT_DN;

	/**
	* Relevant for {@code CN_EDIPI}, {@code RFC822_EMAIL}, {@code SUBJECT}, {@code SUBJECT_ALT_NAME} principal types.
	*/
	private String principalAlternateAttribute;

	/**
	* Relevant for {@code SUBJECT_DN} principal type.
	*/
	private X509SubjectDnFormat principalTypeSubjectDnFormat = X509SubjectDnFormat.DEFAULT;

	/**
	* Relevant for {@code SERIAL_NO_DN} principal type.
	* The serial number prefix used for principal resolution.
	*/
	private String principalTypeSerialNoDnSerialNumberPrefix = "SERIALNUMBER=";

	/**
	* Relevant for {@code SERIAL_NO_DN} principal type.
	* Value delimiter used for principal resolution.
	*/
	private String principalTypeSerialNoDnValueDelimiter = ", ";

	/**
	* Relevant for {@code SERIAL_NO} principal type.
	* Radix used.
	*/
	private int principalTypeSerialNoSNRadix;

	/**
	* Relevant for {@code SERIAL_NO} principal type.
	* If radix hex padding should be used.
	*/
	private boolean principalTypeSerialNoHexSNZeroPadding;

	/**
	* Revocation certificate checking is carried out according to this setting.
	*/
	private X509RevocationCheckerType revocationChecker = X509RevocationCheckerType.NONE;

	/**
	* Options to describe how to fetch CRL resources.
	*/
	private X509RevocationFetcherType crlFetcher = X509RevocationFetcherType.RESOURCE;

	/**
	* List of CRL resources to use for fetching.
	*/
	private final List<String> crlResources = new ArrayList<>(0);

	/**
	* When CRLs are cached, indicate maximum number of elements kept in memory.
	*/
	private int cacheMaxElementsInMemory = 1_000;

	/**
	* Determine whether X509 authentication should allow other forms of authentication such as username/password.
	* If this setting is turned off, typically the ability to view the login form as the primary form of
	* authentication is turned off.
	*/
	private boolean mixedMode = true;

	/**
	* When CRLs are cached, indicate the time-to-live of cache items.
	*/
	private String cacheTimeToLiveSeconds = "PT4H";

	/**
	* If the CRL resource is unavailable, activate the this policy.
	*/
	private X509PolicySetting crlResourceUnavailablePolicy = X509PolicySetting.DENY;

	/**
	* If the CRL resource has expired, activate the this policy.
	* Activated if {@link #revocationChecker} is {@code RESOURCE}.
	*/
	private X509PolicySetting crlResourceExpiredPolicy = X509PolicySetting.DENY;

	/**
	* If the CRL is unavailable, activate the this policy.
	* Activated if {@link #revocationChecker} is {@code CRL}.
	*/
	private X509PolicySetting crlUnavailablePolicy = X509PolicySetting.DENY;

	/**
	* If the CRL has expired, activate the this policy.
	* Activated if {@link #revocationChecker} is {@code CRL}.
	*/
	private X509PolicySetting crlExpiredPolicy = X509PolicySetting.DENY;

	/**
	* The compiled pattern supplied by the deployer.
	*/
	private String regExTrustedIssuerDnPattern;

	/**
	* Deployer supplied setting for maximum pathLength in a SUPPLIED
	* certificate.
	*/
	private int maxPathLength = 1;

	/**
	* Deployer supplied setting to allow unlimited pathLength in a SUPPLIED
	* certificate.
	*/
	private boolean maxPathLengthAllowUnspecified = false;

	/**
	* Deployer supplied setting to check the KeyUsage extension.
	*/
	private boolean checkKeyUsage = false;

	/**
	* Deployer supplied setting to force require the correct KeyUsage
	* extension.
	*/
	private boolean requireKeyUsage = false;

	/**
	* The pattern that authorizes an acceptable certificate by its subject dn.
	*/
	private String regExSubjectDnPattern = ".+";

	/**
	* Whether to extract certificate from request.
	* The default implementation extracts certificate from header via Tomcat SSLValve parsing logic
	* and using the {@link #sslHeaderName} header.
	* Must be false by default because if someone enables it they need to make sure they are
	* behind proxy that won't let the header arrive directly from the browser.
	*/
	private boolean extractCert;

	/**
	* The name of the header to consult for an X509 cert (e.g. when behind proxy).
	*/
	private String sslHeaderName = "ssl_client_cert";

	private LDAP ldap;

	@Override
	public AbstractLDAPConf ldapInstance() {
	return new X509AuthModuleConf.LDAP();
	}

	public String getName() {
	return name;
	}

	public void setName(final String name) {
	this.name = name;
	}

	public int getOrder() {
	return order;
	}

	public void setOrder(final int order) {
	this.order = order;
	}

	public int getRevocationPolicyThreshold() {
	return revocationPolicyThreshold;
	}

	public void setRevocationPolicyThreshold(final int revocationPolicyThreshold) {
	this.revocationPolicyThreshold = revocationPolicyThreshold;
	}

	public boolean isCheckAll() {
	return checkAll;
	}

	public void setCheckAll(final boolean checkAll) {
	this.checkAll = checkAll;
	}

	public int getRefreshIntervalSeconds() {
	return refreshIntervalSeconds;
	}

	public void setRefreshIntervalSeconds(final int refreshIntervalSeconds) {
	this.refreshIntervalSeconds = refreshIntervalSeconds;
	}

	public boolean isThrowOnFetchFailure() {
	return throwOnFetchFailure;
	}

	public void setThrowOnFetchFailure(final boolean throwOnFetchFailure) {
	this.throwOnFetchFailure = throwOnFetchFailure;
	}

	public X509PrincipalType getPrincipalType() {
	return principalType;
	}

	public void setPrincipalType(final X509PrincipalType principalType) {
	this.principalType = principalType;
	}

	public String getPrincipalAlternateAttribute() {
	return principalAlternateAttribute;
	}

	public void setPrincipalAlternateAttribute(final String principalAlternateAttribute) {
	this.principalAlternateAttribute = principalAlternateAttribute;
	}

	public X509SubjectDnFormat getPrincipalTypeSubjectDnFormat() {
	return principalTypeSubjectDnFormat;
	}

	public void setPrincipalTypeSubjectDnFormat(final X509SubjectDnFormat principalTypeSubjectDnFormat) {
	this.principalTypeSubjectDnFormat = principalTypeSubjectDnFormat;
	}

	public String getPrincipalTypeSerialNoDnSerialNumberPrefix() {
	return principalTypeSerialNoDnSerialNumberPrefix;
	}

	public void setPrincipalTypeSerialNoDnSerialNumberPrefix(final String principalTypeSerialNoDnSerialNumberPrefix) {
	this.principalTypeSerialNoDnSerialNumberPrefix = principalTypeSerialNoDnSerialNumberPrefix;
	}

	public String getPrincipalTypeSerialNoDnValueDelimiter() {
	return principalTypeSerialNoDnValueDelimiter;
	}

	public void setPrincipalTypeSerialNoDnValueDelimiter(final String principalTypeSerialNoDnValueDelimiter) {
	this.principalTypeSerialNoDnValueDelimiter = principalTypeSerialNoDnValueDelimiter;
	}

	public int getPrincipalTypeSerialNoSNRadix() {
	return principalTypeSerialNoSNRadix;
	}

	public void setPrincipalTypeSerialNoSNRadix(final int principalTypeSerialNoSNRadix) {
	this.principalTypeSerialNoSNRadix = principalTypeSerialNoSNRadix;
	}

	public boolean isPrincipalTypeSerialNoHexSNZeroPadding() {
	return principalTypeSerialNoHexSNZeroPadding;
	}

	public void setPrincipalTypeSerialNoHexSNZeroPadding(final boolean principalTypeSerialNoHexSNZeroPadding) {
	this.principalTypeSerialNoHexSNZeroPadding = principalTypeSerialNoHexSNZeroPadding;
	}

	public X509RevocationCheckerType getRevocationChecker() {
	return revocationChecker;
	}

	public void setRevocationChecker(final X509RevocationCheckerType revocationChecker) {
	this.revocationChecker = revocationChecker;
	}

	public X509RevocationFetcherType getCrlFetcher() {
	return crlFetcher;
	}

	public void setCrlFetcher(final X509RevocationFetcherType crlFetcher) {
	this.crlFetcher = crlFetcher;
	}

	public int getCacheMaxElementsInMemory() {
	return cacheMaxElementsInMemory;
	}

	public void setCacheMaxElementsInMemory(final int cacheMaxElementsInMemory) {
	this.cacheMaxElementsInMemory = cacheMaxElementsInMemory;
	}

	public boolean isMixedMode() {
	return mixedMode;
	}

	public void setMixedMode(final boolean mixedMode) {
	this.mixedMode = mixedMode;
	}

	public String getCacheTimeToLiveSeconds() {
	return cacheTimeToLiveSeconds;
	}

	public void setCacheTimeToLiveSeconds(final String cacheTimeToLiveSeconds) {
	this.cacheTimeToLiveSeconds = cacheTimeToLiveSeconds;
	}

	public X509PolicySetting getCrlResourceUnavailablePolicy() {
	return crlResourceUnavailablePolicy;
	}

	public void setCrlResourceUnavailablePolicy(final X509PolicySetting crlResourceUnavailablePolicy) {
	this.crlResourceUnavailablePolicy = crlResourceUnavailablePolicy;
	}

	public X509PolicySetting getCrlResourceExpiredPolicy() {
	return crlResourceExpiredPolicy;
	}

	public void setCrlResourceExpiredPolicy(final X509PolicySetting crlResourceExpiredPolicy) {
	this.crlResourceExpiredPolicy = crlResourceExpiredPolicy;
	}

	public X509PolicySetting getCrlUnavailablePolicy() {
	return crlUnavailablePolicy;
	}

	public void setCrlUnavailablePolicy(final X509PolicySetting crlUnavailablePolicy) {
	this.crlUnavailablePolicy = crlUnavailablePolicy;
	}

	public X509PolicySetting getCrlExpiredPolicy() {
	return crlExpiredPolicy;
	}

	public void setCrlExpiredPolicy(final X509PolicySetting crlExpiredPolicy) {
	this.crlExpiredPolicy = crlExpiredPolicy;
	}

	public List<String> getCrlResources() {
	return crlResources;
	}

	public String getRegExTrustedIssuerDnPattern() {
	return regExTrustedIssuerDnPattern;
	}

	public void setRegExTrustedIssuerDnPattern(final String regExTrustedIssuerDnPattern) {
	this.regExTrustedIssuerDnPattern = regExTrustedIssuerDnPattern;
	}

	public int getMaxPathLength() {
	return maxPathLength;
	}

	public void setMaxPathLength(final int maxPathLength) {
	this.maxPathLength = maxPathLength;
	}

	public boolean isMaxPathLengthAllowUnspecified() {
	return maxPathLengthAllowUnspecified;
	}

	public void setMaxPathLengthAllowUnspecified(final boolean maxPathLengthAllowUnspecified) {
	this.maxPathLengthAllowUnspecified = maxPathLengthAllowUnspecified;
	}

	public boolean isCheckKeyUsage() {
	return checkKeyUsage;
	}

	public void setCheckKeyUsage(final boolean checkKeyUsage) {
	this.checkKeyUsage = checkKeyUsage;
	}

	public boolean isRequireKeyUsage() {
	return requireKeyUsage;
	}

	public void setRequireKeyUsage(final boolean requireKeyUsage) {
	this.requireKeyUsage = requireKeyUsage;
	}

	public String getRegExSubjectDnPattern() {
	return regExSubjectDnPattern;
	}

	public void setRegExSubjectDnPattern(final String regExSubjectDnPattern) {
	this.regExSubjectDnPattern = regExSubjectDnPattern;
	}

	public boolean isExtractCert() {
	return extractCert;
	}

	public void setExtractCert(final boolean extractCert) {
	this.extractCert = extractCert;
	}

	public String getSslHeaderName() {
	return sslHeaderName;
	}

	public void setSslHeaderName(final String sslHeaderName) {
	this.sslHeaderName = sslHeaderName;
	}

	public LDAP getLdap() {
	return ldap;
	}

	public void setLdap(final LDAP ldap) {
	this.ldap = ldap;
	}

	@Override
	public Map<String, Object> map(final AuthModuleTO authModule, final Mapper mapper) {
	return mapper.map(authModule, this);
	}
	}