Interface CryptoManagerCfg
-
- All Superinterfaces:
Configuration
public interface CryptoManagerCfg extends Configuration
A server-side interface for querying Crypto Manager settings.The Crypto Manager provides a common interface for performing compression, decompression, hashing, encryption and other kinds of cryptographic operations.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description void
addChangeListener(ConfigurationChangeListener<CryptoManagerCfg> listener)
Register to be notified when this Crypto Manager is changed.Class<? extends CryptoManagerCfg>
configurationClass()
Gets the configuration class associated with this Crypto Manager.int
getCipherKeyLength()
Gets the "cipher-key-length" property.String
getCipherTransformation()
Gets the "cipher-transformation" property.String
getDigestAlgorithm()
Gets the "digest-algorithm" property.String
getKeyManagerProvider()
Gets the "key-manager-provider" property.Dn
getKeyManagerProviderDn()
Gets the "key-manager-provider" property as a DN.String
getKeyWrappingTransformation()
Gets the "key-wrapping-transformation" property.String
getMacAlgorithm()
Gets the "mac-algorithm" property.int
getMacKeyLength()
Gets the "mac-key-length" property.String
getMasterKeyAlias()
Gets the "master-key-alias" property.void
removeChangeListener(ConfigurationChangeListener<CryptoManagerCfg> listener)
Deregister an existing Crypto Manager configuration change listener.-
Methods inherited from interface org.forgerock.opendj.config.Configuration
dn, name
-
-
-
-
Method Detail
-
configurationClass
Class<? extends CryptoManagerCfg> configurationClass()
Gets the configuration class associated with this Crypto Manager.- Specified by:
configurationClass
in interfaceConfiguration
- Returns:
- Returns the configuration class associated with this Crypto Manager.
-
addChangeListener
void addChangeListener(ConfigurationChangeListener<CryptoManagerCfg> listener)
Register to be notified when this Crypto Manager is changed.- Parameters:
listener
- The Crypto Manager configuration change listener.
-
removeChangeListener
void removeChangeListener(ConfigurationChangeListener<CryptoManagerCfg> listener)
Deregister an existing Crypto Manager configuration change listener.- Parameters:
listener
- The Crypto Manager configuration change listener.
-
getCipherKeyLength
int getCipherKeyLength()
Gets the "cipher-key-length" property.Specifies the key length in bits for the preferred cipher.
Default value:
128
- Returns:
- Returns the value of the "cipher-key-length" property.
-
getCipherTransformation
String getCipherTransformation()
Gets the "cipher-transformation" property.Specifies the cipher for the directory server using the syntax algorithm/mode/padding.
The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms, including RC4 and ARCFOUR, do not have a mode or padding, and hence must be specified using NONE for the mode field and NoPadding for the padding field. For example, RC4/NONE/NoPadding.
Default value:
AES/CBC/PKCS5Padding
- Returns:
- Returns the value of the "cipher-transformation" property.
-
getDigestAlgorithm
String getDigestAlgorithm()
Gets the "digest-algorithm" property.Specifies the preferred message digest algorithm for the directory server.
Default value:
SHA-256
- Returns:
- Returns the value of the "digest-algorithm" property.
-
getKeyManagerProvider
String getKeyManagerProvider()
Gets the "key-manager-provider" property.The name of the key manager containing the master key-pair and any deprecated master key.
The master key, which is identified using the "master-key-alias" property, will be used for encrypting secrets that are generated and distributed across the deployment. Master keys may be periodically rotated, but should never be removed from the referenced key manager because they may still be needed for decryption. The alias must correspond to a PrivateKeyEntry in the keystore and is typically an RSA key-pair.
- Returns:
- Returns the value of the "key-manager-provider" property.
-
getKeyManagerProviderDn
Dn getKeyManagerProviderDn()
Gets the "key-manager-provider" property as a DN.The name of the key manager containing the master key-pair and any deprecated master key.
The master key, which is identified using the "master-key-alias" property, will be used for encrypting secrets that are generated and distributed across the deployment. Master keys may be periodically rotated, but should never be removed from the referenced key manager because they may still be needed for decryption. The alias must correspond to a PrivateKeyEntry in the keystore and is typically an RSA key-pair.
- Returns:
- Returns the DN value of the "key-manager-provider" property.
-
getKeyWrappingTransformation
String getKeyWrappingTransformation()
Gets the "key-wrapping-transformation" property.The preferred key wrapping transformation for the directory server. This value must be the same for all server instances in a replication topology.
Default value:
RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING
- Returns:
- Returns the value of the "key-wrapping-transformation" property.
-
getMacAlgorithm
String getMacAlgorithm()
Gets the "mac-algorithm" property.Specifies the preferred MAC algorithm for the directory server.
Default value:
HmacSHA256
- Returns:
- Returns the value of the "mac-algorithm" property.
-
getMacKeyLength
int getMacKeyLength()
Gets the "mac-key-length" property.Specifies the key length in bits for the preferred MAC algorithm.
Default value:
128
- Returns:
- Returns the value of the "mac-key-length" property.
-
getMasterKeyAlias
String getMasterKeyAlias()
Gets the "master-key-alias" property.The alias of the master key-pair which should be used for encrypting secrets that are generated and distributed across the deployment.
Master keys may be periodically rotated, but should never be removed from the referenced key manager because they may still be needed for decryption. The master key alias reference a PrivateKeyEntry in the keystore which is typically an RSA key-pair.
- Returns:
- Returns the value of the "master-key-alias" property.
-
-