001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions Copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2008 Sun Microsystems, Inc. 015 */ 016package org.forgerock.opendj.server.config.client; 017 018 019 020import java.net.InetAddress; 021import java.util.Collection; 022import java.util.SortedSet; 023import org.forgerock.opendj.config.ConfigurationClient; 024import org.forgerock.opendj.config.ManagedObjectDefinition; 025import org.forgerock.opendj.config.PropertyException; 026import org.forgerock.opendj.ldap.AddressMask; 027import org.forgerock.opendj.server.config.server.AdministrationConnectorCfg; 028 029 030 031/** 032 * A client-side interface for reading and modifying Administration 033 * Connector settings. 034 * <p> 035 * The Administration Connector is used to interact with 036 * administration tools using LDAP. 037 */ 038public interface AdministrationConnectorCfgClient extends ConfigurationClient { 039 040 /** 041 * Get the configuration definition associated with this Administration Connector. 042 * 043 * @return Returns the configuration definition associated with this Administration Connector. 044 */ 045 ManagedObjectDefinition<? extends AdministrationConnectorCfgClient, ? extends AdministrationConnectorCfg> definition(); 046 047 048 049 /** 050 * Gets the "allowed-client" property. 051 * <p> 052 * Specifies a set of host names or address masks that determine the 053 * clients that are allowed to establish connections to this 054 * Administration Connector. 055 * <p> 056 * Valid values include a host name, a fully qualified domain name, 057 * a domain name, an IP address, or a subnetwork with subnetwork 058 * mask. 059 * 060 * @return Returns the values of the "allowed-client" property. 061 */ 062 SortedSet<AddressMask> getAllowedClient(); 063 064 065 066 /** 067 * Sets the "allowed-client" property. 068 * <p> 069 * Specifies a set of host names or address masks that determine the 070 * clients that are allowed to establish connections to this 071 * Administration Connector. 072 * <p> 073 * Valid values include a host name, a fully qualified domain name, 074 * a domain name, an IP address, or a subnetwork with subnetwork 075 * mask. 076 * 077 * @param values The values of the "allowed-client" property. 078 * @throws PropertyException 079 * If one or more of the new values are invalid. 080 */ 081 void setAllowedClient(Collection<AddressMask> values) throws PropertyException; 082 083 084 085 /** 086 * Gets the "denied-client" property. 087 * <p> 088 * Specifies a set of host names or address masks that determine the 089 * clients that are not allowed to establish connections to this 090 * Administration Connector. 091 * <p> 092 * Valid values include a host name, a fully qualified domain name, 093 * a domain name, an IP address, or a subnetwork with subnetwork 094 * mask. If both allowed and denied client masks are defined and a 095 * client connection matches one or more masks in both lists, then 096 * the connection is denied. If only a denied list is specified, then 097 * any client not matching a mask in that list is allowed. 098 * 099 * @return Returns the values of the "denied-client" property. 100 */ 101 SortedSet<AddressMask> getDeniedClient(); 102 103 104 105 /** 106 * Sets the "denied-client" property. 107 * <p> 108 * Specifies a set of host names or address masks that determine the 109 * clients that are not allowed to establish connections to this 110 * Administration Connector. 111 * <p> 112 * Valid values include a host name, a fully qualified domain name, 113 * a domain name, an IP address, or a subnetwork with subnetwork 114 * mask. If both allowed and denied client masks are defined and a 115 * client connection matches one or more masks in both lists, then 116 * the connection is denied. If only a denied list is specified, then 117 * any client not matching a mask in that list is allowed. 118 * 119 * @param values The values of the "denied-client" property. 120 * @throws PropertyException 121 * If one or more of the new values are invalid. 122 */ 123 void setDeniedClient(Collection<AddressMask> values) throws PropertyException; 124 125 126 127 /** 128 * Gets the "key-manager-provider" property. 129 * <p> 130 * Specifies the name of the key manager that is used with the 131 * Administration Connector . 132 * 133 * @return Returns the value of the "key-manager-provider" property. 134 */ 135 String getKeyManagerProvider(); 136 137 138 139 /** 140 * Sets the "key-manager-provider" property. 141 * <p> 142 * Specifies the name of the key manager that is used with the 143 * Administration Connector . 144 * 145 * @param value The value of the "key-manager-provider" property. 146 * @throws PropertyException 147 * If the new value is invalid. 148 */ 149 void setKeyManagerProvider(String value) throws PropertyException; 150 151 152 153 /** 154 * Gets the "listen-address" property. 155 * <p> 156 * Specifies the address or set of addresses on which this 157 * Administration Connector should listen for connections from LDAP 158 * clients. 159 * <p> 160 * Multiple addresses may be provided as separate values for this 161 * attribute. If no values are provided, then the Administration 162 * Connector listens on all interfaces. 163 * 164 * @return Returns the values of the "listen-address" property. 165 */ 166 SortedSet<InetAddress> getListenAddress(); 167 168 169 170 /** 171 * Sets the "listen-address" property. 172 * <p> 173 * Specifies the address or set of addresses on which this 174 * Administration Connector should listen for connections from LDAP 175 * clients. 176 * <p> 177 * Multiple addresses may be provided as separate values for this 178 * attribute. If no values are provided, then the Administration 179 * Connector listens on all interfaces. 180 * 181 * @param values The values of the "listen-address" property. 182 * @throws PropertyException 183 * If one or more of the new values are invalid. 184 */ 185 void setListenAddress(Collection<InetAddress> values) throws PropertyException; 186 187 188 189 /** 190 * Gets the "listen-port" property. 191 * <p> 192 * Specifies the port number on which the Administration Connector 193 * will listen for connections from clients. 194 * <p> 195 * Only a single port number may be provided. 196 * 197 * @return Returns the value of the "listen-port" property. 198 */ 199 Integer getListenPort(); 200 201 202 203 /** 204 * Sets the "listen-port" property. 205 * <p> 206 * Specifies the port number on which the Administration Connector 207 * will listen for connections from clients. 208 * <p> 209 * Only a single port number may be provided. 210 * 211 * @param value The value of the "listen-port" property. 212 * @throws PropertyException 213 * If the new value is invalid. 214 */ 215 void setListenPort(int value) throws PropertyException; 216 217 218 219 /** 220 * Gets the "ssl-cert-nickname" property. 221 * <p> 222 * Specifies the nicknames (also called the aliases) of the keys or 223 * key pairs that the Administration Connector should use when 224 * performing SSL communication. The property can be used multiple 225 * times (referencing different nicknames) when server certificates 226 * with different public key algorithms are used in parallel (for 227 * example, RSA, DSA, and ECC-based algorithms). When a nickname 228 * refers to an asymmetric (public/private) key pair, the nickname 229 * for the public key certificate and associated private key entry 230 * must match exactly. A single nickname is used to retrieve both the 231 * public key and the private key. 232 * 233 * @return Returns the values of the "ssl-cert-nickname" property. 234 */ 235 SortedSet<String> getSSLCertNickname(); 236 237 238 239 /** 240 * Sets the "ssl-cert-nickname" property. 241 * <p> 242 * Specifies the nicknames (also called the aliases) of the keys or 243 * key pairs that the Administration Connector should use when 244 * performing SSL communication. The property can be used multiple 245 * times (referencing different nicknames) when server certificates 246 * with different public key algorithms are used in parallel (for 247 * example, RSA, DSA, and ECC-based algorithms). When a nickname 248 * refers to an asymmetric (public/private) key pair, the nickname 249 * for the public key certificate and associated private key entry 250 * must match exactly. A single nickname is used to retrieve both the 251 * public key and the private key. 252 * 253 * @param values The values of the "ssl-cert-nickname" property. 254 * @throws PropertyException 255 * If one or more of the new values are invalid. 256 */ 257 void setSSLCertNickname(Collection<String> values) throws PropertyException; 258 259 260 261 /** 262 * Gets the "ssl-cipher-suite" property. 263 * <p> 264 * Specifies the names of the SSL cipher suites that are allowed for 265 * use in SSL communication. 266 * 267 * @return Returns the values of the "ssl-cipher-suite" property. 268 */ 269 SortedSet<String> getSSLCipherSuite(); 270 271 272 273 /** 274 * Sets the "ssl-cipher-suite" property. 275 * <p> 276 * Specifies the names of the SSL cipher suites that are allowed for 277 * use in SSL communication. 278 * 279 * @param values The values of the "ssl-cipher-suite" property. 280 * @throws PropertyException 281 * If one or more of the new values are invalid. 282 */ 283 void setSSLCipherSuite(Collection<String> values) throws PropertyException; 284 285 286 287 /** 288 * Gets the "ssl-protocol" property. 289 * <p> 290 * Specifies the names of the SSL protocols that are allowed for use 291 * in SSL or StartTLS communication. 292 * 293 * @return Returns the values of the "ssl-protocol" property. 294 */ 295 SortedSet<String> getSSLProtocol(); 296 297 298 299 /** 300 * Sets the "ssl-protocol" property. 301 * <p> 302 * Specifies the names of the SSL protocols that are allowed for use 303 * in SSL or StartTLS communication. 304 * 305 * @param values The values of the "ssl-protocol" property. 306 * @throws PropertyException 307 * If one or more of the new values are invalid. 308 */ 309 void setSSLProtocol(Collection<String> values) throws PropertyException; 310 311 312 313 /** 314 * Gets the "trust-manager-provider" property. 315 * <p> 316 * Specifies the name of the trust manager that is used with the 317 * Administration Connector . 318 * 319 * @return Returns the value of the "trust-manager-provider" property. 320 */ 321 String getTrustManagerProvider(); 322 323 324 325 /** 326 * Sets the "trust-manager-provider" property. 327 * <p> 328 * Specifies the name of the trust manager that is used with the 329 * Administration Connector . 330 * 331 * @param value The value of the "trust-manager-provider" property. 332 * @throws PropertyException 333 * If the new value is invalid. 334 */ 335 void setTrustManagerProvider(String value) throws PropertyException; 336 337}