Interface CryptoManagerCfg

  • All Superinterfaces:
    Configuration

    public interface CryptoManagerCfg
    extends Configuration
    A server-side interface for querying Crypto Manager settings.

    The Crypto Manager provides a common interface for performing compression, decompression, hashing, encryption and other kinds of cryptographic operations.

    • Method Detail

      • configurationClass

        Class<? extends CryptoManagerCfg> configurationClass()
        Gets the configuration class associated with this Crypto Manager.
        Specified by:
        configurationClass in interface Configuration
        Returns:
        Returns the configuration class associated with this Crypto Manager.
      • addChangeListener

        void addChangeListener​(ConfigurationChangeListener<CryptoManagerCfg> listener)
        Register to be notified when this Crypto Manager is changed.
        Parameters:
        listener - The Crypto Manager configuration change listener.
      • removeChangeListener

        void removeChangeListener​(ConfigurationChangeListener<CryptoManagerCfg> listener)
        Deregister an existing Crypto Manager configuration change listener.
        Parameters:
        listener - The Crypto Manager configuration change listener.
      • getCipherKeyLength

        int getCipherKeyLength()
        Gets the "cipher-key-length" property.

        Specifies the key length in bits for the preferred cipher.

        Default value: 128

        Returns:
        Returns the value of the "cipher-key-length" property.
      • getCipherTransformation

        String getCipherTransformation()
        Gets the "cipher-transformation" property.

        Specifies the cipher for the directory server using the syntax algorithm/mode/padding.

        The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms, including RC4 and ARCFOUR, do not have a mode or padding, and hence must be specified using NONE for the mode field and NoPadding for the padding field. For example, RC4/NONE/NoPadding.

        Default value: AES/CBC/PKCS5Padding

        Returns:
        Returns the value of the "cipher-transformation" property.
      • getDigestAlgorithm

        String getDigestAlgorithm()
        Gets the "digest-algorithm" property.

        Specifies the preferred message digest algorithm for the directory server.

        Default value: SHA-256

        Returns:
        Returns the value of the "digest-algorithm" property.
      • getKeyManagerProvider

        String getKeyManagerProvider()
        Gets the "key-manager-provider" property.

        The name of the key manager containing the master key-pair and any deprecated master key.

        The master key, which is identified using the "master-key-alias" property, will be used for encrypting secrets that are generated and distributed across the deployment. Master keys may be periodically rotated, but should never be removed from the referenced key manager because they may still be needed for decryption. The alias must correspond to a PrivateKeyEntry in the keystore and is typically an RSA key-pair.

        Returns:
        Returns the value of the "key-manager-provider" property.
      • getKeyManagerProviderDn

        Dn getKeyManagerProviderDn()
        Gets the "key-manager-provider" property as a DN.

        The name of the key manager containing the master key-pair and any deprecated master key.

        The master key, which is identified using the "master-key-alias" property, will be used for encrypting secrets that are generated and distributed across the deployment. Master keys may be periodically rotated, but should never be removed from the referenced key manager because they may still be needed for decryption. The alias must correspond to a PrivateKeyEntry in the keystore and is typically an RSA key-pair.

        Returns:
        Returns the DN value of the "key-manager-provider" property.
      • getKeyWrappingTransformation

        String getKeyWrappingTransformation()
        Gets the "key-wrapping-transformation" property.

        The preferred key wrapping transformation for the directory server. This value must be the same for all server instances in a replication topology.

        Default value: RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING

        Returns:
        Returns the value of the "key-wrapping-transformation" property.
      • getMacAlgorithm

        String getMacAlgorithm()
        Gets the "mac-algorithm" property.

        Specifies the preferred MAC algorithm for the directory server.

        Default value: HmacSHA256

        Returns:
        Returns the value of the "mac-algorithm" property.
      • getMacKeyLength

        int getMacKeyLength()
        Gets the "mac-key-length" property.

        Specifies the key length in bits for the preferred MAC algorithm.

        Default value: 128

        Returns:
        Returns the value of the "mac-key-length" property.
      • getMasterKeyAlias

        String getMasterKeyAlias()
        Gets the "master-key-alias" property.

        The alias of the master key-pair which should be used for encrypting secrets that are generated and distributed across the deployment.

        Master keys may be periodically rotated, but should never be removed from the referenced key manager because they may still be needed for decryption. The master key alias reference a PrivateKeyEntry in the keystore which is typically an RSA key-pair.

        Returns:
        Returns the value of the "master-key-alias" property.