001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions Copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2008 Sun Microsystems, Inc.
015 */
016package org.forgerock.opendj.server.config.server;
017
018
019
020import java.util.SortedSet;
021import org.forgerock.opendj.config.Configuration;
022import org.forgerock.opendj.config.server.ConfigurationChangeListener;
023
024
025
026/**
027 * A server-side interface for querying Crypto Manager settings.
028 * <p>
029 * The Crypto Manager provides a common interface for performing
030 * compression, decompression, hashing, encryption and other kinds of
031 * cryptographic operations.
032 */
033public interface CryptoManagerCfg extends Configuration {
034
035  /**
036   * Gets the configuration class associated with this Crypto Manager.
037   *
038   * @return Returns the configuration class associated with this Crypto Manager.
039   */
040  Class<? extends CryptoManagerCfg> configurationClass();
041
042
043
044  /**
045   * Register to be notified when this Crypto Manager is changed.
046   *
047   * @param listener
048   *          The Crypto Manager configuration change listener.
049   */
050  void addChangeListener(ConfigurationChangeListener<CryptoManagerCfg> listener);
051
052
053
054  /**
055   * Deregister an existing Crypto Manager configuration change listener.
056   *
057   * @param listener
058   *          The Crypto Manager configuration change listener.
059   */
060  void removeChangeListener(ConfigurationChangeListener<CryptoManagerCfg> listener);
061
062
063
064  /**
065   * Gets the "cipher-key-length" property.
066   * <p>
067   * Specifies the key length in bits for the preferred cipher.
068   *
069   * @return Returns the value of the "cipher-key-length" property.
070   */
071  int getCipherKeyLength();
072
073
074
075  /**
076   * Gets the "cipher-transformation" property.
077   * <p>
078   * Specifies the cipher for the directory server using the syntax
079   * algorithm/mode/padding.
080   * <p>
081   * The full transformation is required: specifying only an algorithm
082   * and allowing the cipher provider to supply the default mode and
083   * padding is not supported, because there is no guarantee these
084   * default values are the same among different implementations. Some
085   * cipher algorithms, including RC4 and ARCFOUR, do not have a mode
086   * or padding, and hence must be specified using NONE for the mode
087   * field and NoPadding for the padding field. For example,
088   * RC4/NONE/NoPadding.
089   *
090   * @return Returns the value of the "cipher-transformation" property.
091   */
092  String getCipherTransformation();
093
094
095
096  /**
097   * Gets the "digest-algorithm" property.
098   * <p>
099   * Specifies the preferred message digest algorithm for the
100   * directory server.
101   *
102   * @return Returns the value of the "digest-algorithm" property.
103   */
104  String getDigestAlgorithm();
105
106
107
108  /**
109   * Gets the "key-wrapping-transformation" property.
110   * <p>
111   * The preferred key wrapping transformation for the directory
112   * server. This value must be the same for all server instances in a
113   * replication topology.
114   *
115   * @return Returns the value of the "key-wrapping-transformation" property.
116   */
117  String getKeyWrappingTransformation();
118
119
120
121  /**
122   * Gets the "mac-algorithm" property.
123   * <p>
124   * Specifies the preferred MAC algorithm for the directory server.
125   *
126   * @return Returns the value of the "mac-algorithm" property.
127   */
128  String getMacAlgorithm();
129
130
131
132  /**
133   * Gets the "mac-key-length" property.
134   * <p>
135   * Specifies the key length in bits for the preferred MAC algorithm.
136   *
137   * @return Returns the value of the "mac-key-length" property.
138   */
139  int getMacKeyLength();
140
141
142
143  /**
144   * Gets the "ssl-cert-nickname" property.
145   * <p>
146   * Specifies the nicknames (also called the aliases) of the keys or
147   * key pairs that the Crypto Manager should use when performing SSL
148   * communication. The property can be used multiple times
149   * (referencing different nicknames) when server certificates with
150   * different public key algorithms are used in parallel (for example,
151   * RSA, DSA, and ECC-based algorithms). When a nickname refers to an
152   * asymmetric (public/private) key pair, the nickname for the public
153   * key certificate and associated private key entry must match
154   * exactly. A single nickname is used to retrieve both the public key
155   * and the private key.
156   * <p>
157   * This is only applicable when the Crypto Manager is configured to
158   * use SSL.
159   *
160   * @return Returns an unmodifiable set containing the values of the "ssl-cert-nickname" property.
161   */
162  SortedSet<String> getSSLCertNickname();
163
164
165
166  /**
167   * Gets the "ssl-cipher-suite" property.
168   * <p>
169   * Specifies the names of the SSL cipher suites that are allowed for
170   * use in SSL or TLS communication.
171   *
172   * @return Returns an unmodifiable set containing the values of the "ssl-cipher-suite" property.
173   */
174  SortedSet<String> getSSLCipherSuite();
175
176
177
178  /**
179   * Gets the "ssl-encryption" property.
180   * <p>
181   * Specifies whether SSL/TLS is used to provide encrypted
182   * communication between two OpenDJ server components.
183   *
184   * @return Returns the value of the "ssl-encryption" property.
185   */
186  boolean isSSLEncryption();
187
188
189
190  /**
191   * Gets the "ssl-protocol" property.
192   * <p>
193   * Specifies the names of the SSL protocols that are allowed for use
194   * in SSL or TLS communication.
195   *
196   * @return Returns an unmodifiable set containing the values of the "ssl-protocol" property.
197   */
198  SortedSet<String> getSSLProtocol();
199
200}