001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions Copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2008 Sun Microsystems, Inc.
015 */
016package org.forgerock.opendj.server.config.client;
017
018
019
020import java.util.Collection;
021import java.util.SortedSet;
022import org.forgerock.opendj.config.ConfigurationClient;
023import org.forgerock.opendj.config.ManagedObjectDefinition;
024import org.forgerock.opendj.config.PropertyException;
025import org.forgerock.opendj.server.config.server.CryptoManagerCfg;
026
027
028
029/**
030 * A client-side interface for reading and modifying Crypto Manager
031 * settings.
032 * <p>
033 * The Crypto Manager provides a common interface for performing
034 * compression, decompression, hashing, encryption and other kinds of
035 * cryptographic operations.
036 */
037public interface CryptoManagerCfgClient extends ConfigurationClient {
038
039  /**
040   * Get the configuration definition associated with this Crypto Manager.
041   *
042   * @return Returns the configuration definition associated with this Crypto Manager.
043   */
044  ManagedObjectDefinition<? extends CryptoManagerCfgClient, ? extends CryptoManagerCfg> definition();
045
046
047
048  /**
049   * Gets the "cipher-key-length" property.
050   * <p>
051   * Specifies the key length in bits for the preferred cipher.
052   *
053   * @return Returns the value of the "cipher-key-length" property.
054   */
055  int getCipherKeyLength();
056
057
058
059  /**
060   * Sets the "cipher-key-length" property.
061   * <p>
062   * Specifies the key length in bits for the preferred cipher.
063   *
064   * @param value The value of the "cipher-key-length" property.
065   * @throws PropertyException
066   *           If the new value is invalid.
067   */
068  void setCipherKeyLength(Integer value) throws PropertyException;
069
070
071
072  /**
073   * Gets the "cipher-transformation" property.
074   * <p>
075   * Specifies the cipher for the directory server using the syntax
076   * algorithm/mode/padding.
077   * <p>
078   * The full transformation is required: specifying only an algorithm
079   * and allowing the cipher provider to supply the default mode and
080   * padding is not supported, because there is no guarantee these
081   * default values are the same among different implementations. Some
082   * cipher algorithms, including RC4 and ARCFOUR, do not have a mode
083   * or padding, and hence must be specified using NONE for the mode
084   * field and NoPadding for the padding field. For example,
085   * RC4/NONE/NoPadding.
086   *
087   * @return Returns the value of the "cipher-transformation" property.
088   */
089  String getCipherTransformation();
090
091
092
093  /**
094   * Sets the "cipher-transformation" property.
095   * <p>
096   * Specifies the cipher for the directory server using the syntax
097   * algorithm/mode/padding.
098   * <p>
099   * The full transformation is required: specifying only an algorithm
100   * and allowing the cipher provider to supply the default mode and
101   * padding is not supported, because there is no guarantee these
102   * default values are the same among different implementations. Some
103   * cipher algorithms, including RC4 and ARCFOUR, do not have a mode
104   * or padding, and hence must be specified using NONE for the mode
105   * field and NoPadding for the padding field. For example,
106   * RC4/NONE/NoPadding.
107   *
108   * @param value The value of the "cipher-transformation" property.
109   * @throws PropertyException
110   *           If the new value is invalid.
111   */
112  void setCipherTransformation(String value) throws PropertyException;
113
114
115
116  /**
117   * Gets the "digest-algorithm" property.
118   * <p>
119   * Specifies the preferred message digest algorithm for the
120   * directory server.
121   *
122   * @return Returns the value of the "digest-algorithm" property.
123   */
124  String getDigestAlgorithm();
125
126
127
128  /**
129   * Sets the "digest-algorithm" property.
130   * <p>
131   * Specifies the preferred message digest algorithm for the
132   * directory server.
133   *
134   * @param value The value of the "digest-algorithm" property.
135   * @throws PropertyException
136   *           If the new value is invalid.
137   */
138  void setDigestAlgorithm(String value) throws PropertyException;
139
140
141
142  /**
143   * Gets the "key-wrapping-transformation" property.
144   * <p>
145   * The preferred key wrapping transformation for the directory
146   * server. This value must be the same for all server instances in a
147   * replication topology.
148   *
149   * @return Returns the value of the "key-wrapping-transformation" property.
150   */
151  String getKeyWrappingTransformation();
152
153
154
155  /**
156   * Sets the "key-wrapping-transformation" property.
157   * <p>
158   * The preferred key wrapping transformation for the directory
159   * server. This value must be the same for all server instances in a
160   * replication topology.
161   *
162   * @param value The value of the "key-wrapping-transformation" property.
163   * @throws PropertyException
164   *           If the new value is invalid.
165   */
166  void setKeyWrappingTransformation(String value) throws PropertyException;
167
168
169
170  /**
171   * Gets the "mac-algorithm" property.
172   * <p>
173   * Specifies the preferred MAC algorithm for the directory server.
174   *
175   * @return Returns the value of the "mac-algorithm" property.
176   */
177  String getMacAlgorithm();
178
179
180
181  /**
182   * Sets the "mac-algorithm" property.
183   * <p>
184   * Specifies the preferred MAC algorithm for the directory server.
185   *
186   * @param value The value of the "mac-algorithm" property.
187   * @throws PropertyException
188   *           If the new value is invalid.
189   */
190  void setMacAlgorithm(String value) throws PropertyException;
191
192
193
194  /**
195   * Gets the "mac-key-length" property.
196   * <p>
197   * Specifies the key length in bits for the preferred MAC algorithm.
198   *
199   * @return Returns the value of the "mac-key-length" property.
200   */
201  int getMacKeyLength();
202
203
204
205  /**
206   * Sets the "mac-key-length" property.
207   * <p>
208   * Specifies the key length in bits for the preferred MAC algorithm.
209   *
210   * @param value The value of the "mac-key-length" property.
211   * @throws PropertyException
212   *           If the new value is invalid.
213   */
214  void setMacKeyLength(Integer value) throws PropertyException;
215
216
217
218  /**
219   * Gets the "ssl-cert-nickname" property.
220   * <p>
221   * Specifies the nicknames (also called the aliases) of the keys or
222   * key pairs that the Crypto Manager should use when performing SSL
223   * communication. The property can be used multiple times
224   * (referencing different nicknames) when server certificates with
225   * different public key algorithms are used in parallel (for example,
226   * RSA, DSA, and ECC-based algorithms). When a nickname refers to an
227   * asymmetric (public/private) key pair, the nickname for the public
228   * key certificate and associated private key entry must match
229   * exactly. A single nickname is used to retrieve both the public key
230   * and the private key.
231   * <p>
232   * This is only applicable when the Crypto Manager is configured to
233   * use SSL.
234   *
235   * @return Returns the values of the "ssl-cert-nickname" property.
236   */
237  SortedSet<String> getSSLCertNickname();
238
239
240
241  /**
242   * Sets the "ssl-cert-nickname" property.
243   * <p>
244   * Specifies the nicknames (also called the aliases) of the keys or
245   * key pairs that the Crypto Manager should use when performing SSL
246   * communication. The property can be used multiple times
247   * (referencing different nicknames) when server certificates with
248   * different public key algorithms are used in parallel (for example,
249   * RSA, DSA, and ECC-based algorithms). When a nickname refers to an
250   * asymmetric (public/private) key pair, the nickname for the public
251   * key certificate and associated private key entry must match
252   * exactly. A single nickname is used to retrieve both the public key
253   * and the private key.
254   * <p>
255   * This is only applicable when the Crypto Manager is configured to
256   * use SSL.
257   *
258   * @param values The values of the "ssl-cert-nickname" property.
259   * @throws PropertyException
260   *           If one or more of the new values are invalid.
261   */
262  void setSSLCertNickname(Collection<String> values) throws PropertyException;
263
264
265
266  /**
267   * Gets the "ssl-cipher-suite" property.
268   * <p>
269   * Specifies the names of the SSL cipher suites that are allowed for
270   * use in SSL or TLS communication.
271   *
272   * @return Returns the values of the "ssl-cipher-suite" property.
273   */
274  SortedSet<String> getSSLCipherSuite();
275
276
277
278  /**
279   * Sets the "ssl-cipher-suite" property.
280   * <p>
281   * Specifies the names of the SSL cipher suites that are allowed for
282   * use in SSL or TLS communication.
283   *
284   * @param values The values of the "ssl-cipher-suite" property.
285   * @throws PropertyException
286   *           If one or more of the new values are invalid.
287   */
288  void setSSLCipherSuite(Collection<String> values) throws PropertyException;
289
290
291
292  /**
293   * Gets the "ssl-encryption" property.
294   * <p>
295   * Specifies whether SSL/TLS is used to provide encrypted
296   * communication between two OpenDJ server components.
297   *
298   * @return Returns the value of the "ssl-encryption" property.
299   */
300  boolean isSSLEncryption();
301
302
303
304  /**
305   * Sets the "ssl-encryption" property.
306   * <p>
307   * Specifies whether SSL/TLS is used to provide encrypted
308   * communication between two OpenDJ server components.
309   *
310   * @param value The value of the "ssl-encryption" property.
311   * @throws PropertyException
312   *           If the new value is invalid.
313   */
314  void setSSLEncryption(Boolean value) throws PropertyException;
315
316
317
318  /**
319   * Gets the "ssl-protocol" property.
320   * <p>
321   * Specifies the names of the SSL protocols that are allowed for use
322   * in SSL or TLS communication.
323   *
324   * @return Returns the values of the "ssl-protocol" property.
325   */
326  SortedSet<String> getSSLProtocol();
327
328
329
330  /**
331   * Sets the "ssl-protocol" property.
332   * <p>
333   * Specifies the names of the SSL protocols that are allowed for use
334   * in SSL or TLS communication.
335   *
336   * @param values The values of the "ssl-protocol" property.
337   * @throws PropertyException
338   *           If one or more of the new values are invalid.
339   */
340  void setSSLProtocol(Collection<String> values) throws PropertyException;
341
342}