001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions Copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2008 Sun Microsystems, Inc. 015 */ 016package org.forgerock.opendj.server.config.client; 017 018 019 020import java.util.Collection; 021import java.util.SortedSet; 022import org.forgerock.opendj.config.ConfigurationClient; 023import org.forgerock.opendj.config.ManagedObjectDefinition; 024import org.forgerock.opendj.config.PropertyException; 025import org.forgerock.opendj.server.config.server.CryptoManagerCfg; 026 027 028 029/** 030 * A client-side interface for reading and modifying Crypto Manager 031 * settings. 032 * <p> 033 * The Crypto Manager provides a common interface for performing 034 * compression, decompression, hashing, encryption and other kinds of 035 * cryptographic operations. 036 */ 037public interface CryptoManagerCfgClient extends ConfigurationClient { 038 039 /** 040 * Get the configuration definition associated with this Crypto Manager. 041 * 042 * @return Returns the configuration definition associated with this Crypto Manager. 043 */ 044 ManagedObjectDefinition<? extends CryptoManagerCfgClient, ? extends CryptoManagerCfg> definition(); 045 046 047 048 /** 049 * Gets the "cipher-key-length" property. 050 * <p> 051 * Specifies the key length in bits for the preferred cipher. 052 * 053 * @return Returns the value of the "cipher-key-length" property. 054 */ 055 int getCipherKeyLength(); 056 057 058 059 /** 060 * Sets the "cipher-key-length" property. 061 * <p> 062 * Specifies the key length in bits for the preferred cipher. 063 * 064 * @param value The value of the "cipher-key-length" property. 065 * @throws PropertyException 066 * If the new value is invalid. 067 */ 068 void setCipherKeyLength(Integer value) throws PropertyException; 069 070 071 072 /** 073 * Gets the "cipher-transformation" property. 074 * <p> 075 * Specifies the cipher for the directory server using the syntax 076 * algorithm/mode/padding. 077 * <p> 078 * The full transformation is required: specifying only an algorithm 079 * and allowing the cipher provider to supply the default mode and 080 * padding is not supported, because there is no guarantee these 081 * default values are the same among different implementations. Some 082 * cipher algorithms, including RC4 and ARCFOUR, do not have a mode 083 * or padding, and hence must be specified using NONE for the mode 084 * field and NoPadding for the padding field. For example, 085 * RC4/NONE/NoPadding. 086 * 087 * @return Returns the value of the "cipher-transformation" property. 088 */ 089 String getCipherTransformation(); 090 091 092 093 /** 094 * Sets the "cipher-transformation" property. 095 * <p> 096 * Specifies the cipher for the directory server using the syntax 097 * algorithm/mode/padding. 098 * <p> 099 * The full transformation is required: specifying only an algorithm 100 * and allowing the cipher provider to supply the default mode and 101 * padding is not supported, because there is no guarantee these 102 * default values are the same among different implementations. Some 103 * cipher algorithms, including RC4 and ARCFOUR, do not have a mode 104 * or padding, and hence must be specified using NONE for the mode 105 * field and NoPadding for the padding field. For example, 106 * RC4/NONE/NoPadding. 107 * 108 * @param value The value of the "cipher-transformation" property. 109 * @throws PropertyException 110 * If the new value is invalid. 111 */ 112 void setCipherTransformation(String value) throws PropertyException; 113 114 115 116 /** 117 * Gets the "digest-algorithm" property. 118 * <p> 119 * Specifies the preferred message digest algorithm for the 120 * directory server. 121 * 122 * @return Returns the value of the "digest-algorithm" property. 123 */ 124 String getDigestAlgorithm(); 125 126 127 128 /** 129 * Sets the "digest-algorithm" property. 130 * <p> 131 * Specifies the preferred message digest algorithm for the 132 * directory server. 133 * 134 * @param value The value of the "digest-algorithm" property. 135 * @throws PropertyException 136 * If the new value is invalid. 137 */ 138 void setDigestAlgorithm(String value) throws PropertyException; 139 140 141 142 /** 143 * Gets the "key-wrapping-transformation" property. 144 * <p> 145 * The preferred key wrapping transformation for the directory 146 * server. This value must be the same for all server instances in a 147 * replication topology. 148 * 149 * @return Returns the value of the "key-wrapping-transformation" property. 150 */ 151 String getKeyWrappingTransformation(); 152 153 154 155 /** 156 * Sets the "key-wrapping-transformation" property. 157 * <p> 158 * The preferred key wrapping transformation for the directory 159 * server. This value must be the same for all server instances in a 160 * replication topology. 161 * 162 * @param value The value of the "key-wrapping-transformation" property. 163 * @throws PropertyException 164 * If the new value is invalid. 165 */ 166 void setKeyWrappingTransformation(String value) throws PropertyException; 167 168 169 170 /** 171 * Gets the "mac-algorithm" property. 172 * <p> 173 * Specifies the preferred MAC algorithm for the directory server. 174 * 175 * @return Returns the value of the "mac-algorithm" property. 176 */ 177 String getMacAlgorithm(); 178 179 180 181 /** 182 * Sets the "mac-algorithm" property. 183 * <p> 184 * Specifies the preferred MAC algorithm for the directory server. 185 * 186 * @param value The value of the "mac-algorithm" property. 187 * @throws PropertyException 188 * If the new value is invalid. 189 */ 190 void setMacAlgorithm(String value) throws PropertyException; 191 192 193 194 /** 195 * Gets the "mac-key-length" property. 196 * <p> 197 * Specifies the key length in bits for the preferred MAC algorithm. 198 * 199 * @return Returns the value of the "mac-key-length" property. 200 */ 201 int getMacKeyLength(); 202 203 204 205 /** 206 * Sets the "mac-key-length" property. 207 * <p> 208 * Specifies the key length in bits for the preferred MAC algorithm. 209 * 210 * @param value The value of the "mac-key-length" property. 211 * @throws PropertyException 212 * If the new value is invalid. 213 */ 214 void setMacKeyLength(Integer value) throws PropertyException; 215 216 217 218 /** 219 * Gets the "ssl-cert-nickname" property. 220 * <p> 221 * Specifies the nicknames (also called the aliases) of the keys or 222 * key pairs that the Crypto Manager should use when performing SSL 223 * communication. The property can be used multiple times 224 * (referencing different nicknames) when server certificates with 225 * different public key algorithms are used in parallel (for example, 226 * RSA, DSA, and ECC-based algorithms). When a nickname refers to an 227 * asymmetric (public/private) key pair, the nickname for the public 228 * key certificate and associated private key entry must match 229 * exactly. A single nickname is used to retrieve both the public key 230 * and the private key. 231 * <p> 232 * This is only applicable when the Crypto Manager is configured to 233 * use SSL. 234 * 235 * @return Returns the values of the "ssl-cert-nickname" property. 236 */ 237 SortedSet<String> getSSLCertNickname(); 238 239 240 241 /** 242 * Sets the "ssl-cert-nickname" property. 243 * <p> 244 * Specifies the nicknames (also called the aliases) of the keys or 245 * key pairs that the Crypto Manager should use when performing SSL 246 * communication. The property can be used multiple times 247 * (referencing different nicknames) when server certificates with 248 * different public key algorithms are used in parallel (for example, 249 * RSA, DSA, and ECC-based algorithms). When a nickname refers to an 250 * asymmetric (public/private) key pair, the nickname for the public 251 * key certificate and associated private key entry must match 252 * exactly. A single nickname is used to retrieve both the public key 253 * and the private key. 254 * <p> 255 * This is only applicable when the Crypto Manager is configured to 256 * use SSL. 257 * 258 * @param values The values of the "ssl-cert-nickname" property. 259 * @throws PropertyException 260 * If one or more of the new values are invalid. 261 */ 262 void setSSLCertNickname(Collection<String> values) throws PropertyException; 263 264 265 266 /** 267 * Gets the "ssl-cipher-suite" property. 268 * <p> 269 * Specifies the names of the SSL cipher suites that are allowed for 270 * use in SSL or TLS communication. 271 * 272 * @return Returns the values of the "ssl-cipher-suite" property. 273 */ 274 SortedSet<String> getSSLCipherSuite(); 275 276 277 278 /** 279 * Sets the "ssl-cipher-suite" property. 280 * <p> 281 * Specifies the names of the SSL cipher suites that are allowed for 282 * use in SSL or TLS communication. 283 * 284 * @param values The values of the "ssl-cipher-suite" property. 285 * @throws PropertyException 286 * If one or more of the new values are invalid. 287 */ 288 void setSSLCipherSuite(Collection<String> values) throws PropertyException; 289 290 291 292 /** 293 * Gets the "ssl-encryption" property. 294 * <p> 295 * Specifies whether SSL/TLS is used to provide encrypted 296 * communication between two OpenDJ server components. 297 * 298 * @return Returns the value of the "ssl-encryption" property. 299 */ 300 boolean isSSLEncryption(); 301 302 303 304 /** 305 * Sets the "ssl-encryption" property. 306 * <p> 307 * Specifies whether SSL/TLS is used to provide encrypted 308 * communication between two OpenDJ server components. 309 * 310 * @param value The value of the "ssl-encryption" property. 311 * @throws PropertyException 312 * If the new value is invalid. 313 */ 314 void setSSLEncryption(Boolean value) throws PropertyException; 315 316 317 318 /** 319 * Gets the "ssl-protocol" property. 320 * <p> 321 * Specifies the names of the SSL protocols that are allowed for use 322 * in SSL or TLS communication. 323 * 324 * @return Returns the values of the "ssl-protocol" property. 325 */ 326 SortedSet<String> getSSLProtocol(); 327 328 329 330 /** 331 * Sets the "ssl-protocol" property. 332 * <p> 333 * Specifies the names of the SSL protocols that are allowed for use 334 * in SSL or TLS communication. 335 * 336 * @param values The values of the "ssl-protocol" property. 337 * @throws PropertyException 338 * If one or more of the new values are invalid. 339 */ 340 void setSSLProtocol(Collection<String> values) throws PropertyException; 341 342}