001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions Copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2006-2008 Sun Microsystems, Inc. 015 * Portions Copyright 2015-2016 ForgeRock AS. 016 */ 017package org.opends.server.api; 018import org.forgerock.i18n.LocalizableMessage; 019 020 021 022import java.util.List; 023import javax.net.ssl.KeyManager; 024 025import org.forgerock.opendj.server.config.server.KeyManagerProviderCfg; 026import org.forgerock.opendj.config.server.ConfigException; 027import org.opends.server.types.DirectoryException; 028import org.opends.server.types.InitializationException; 029 030 031 032/** 033 * This class defines an API that may be used to obtain a set of 034 * {@code javax.net.ssl.KeyManager} objects for use when performing 035 * SSL communication. 036 * 037 * @param <T> 038 * The type of key manager provider configuration handled by 039 * this key manager provider implementation. 040 */ 041@org.opends.server.types.PublicAPI( 042 stability=org.opends.server.types.StabilityLevel.VOLATILE, 043 mayInstantiate=false, 044 mayExtend=true, 045 mayInvoke=true) 046public abstract class KeyManagerProvider 047 <T extends KeyManagerProviderCfg> 048{ 049 /** 050 * Initializes this key manager provider based on the information in 051 * the provided key manager provider configuration. 052 * 053 * @param configuration 054 * The key manager provider configuration that contains the 055 * information to use to initialize this key manager 056 * provider. 057 * @throws ConfigException 058 * If an unrecoverable problem arises in the process of 059 * performing the initialization as a result of the server 060 * configuration. 061 * @throws InitializationException 062 * If a problem occurs during initialization that is not 063 * related to the server configuration. 064 */ 065 public abstract void initializeKeyManagerProvider(T configuration) 066 throws ConfigException, InitializationException; 067 068 069 /** 070 * 071 * Verifies that an alias is defined in the scope of this Key Manager. 072 * 073 * @param alias 074 * The alias to check. 075 * @return true if the alias exists, false otherwise 076 */ 077 public boolean containsKeyWithAlias(String alias) 078 { 079 return true; 080 } 081 082 /** 083 * 084 * Verifies that the keystore has at least one usable key. 085 * 086 * @return true if the keystore has at least one usable key, false otherwise 087 */ 088 public boolean containsAtLeastOneKey() 089 { 090 return true; 091 } 092 093 /** 094 * Indicates whether the provided configuration is acceptable for 095 * this key manager provider. It should be possible to call this 096 * method on an uninitialized key manager provider instance in order 097 * to determine whether the key manager provider would be able to 098 * use the provided configuration. 099 * <BR><BR> 100 * Note that implementations which use a subclass of the provided 101 * configuration class will likely need to cast the configuration 102 * to the appropriate subclass type. 103 * 104 * @param configuration The key manager provider 105 * configuration for which to make the 106 * determination. 107 * @param unacceptableReasons A list that may be used to hold the 108 * reasons that the provided 109 * configuration is not acceptable. 110 * 111 * @return {@code true} if the provided configuration is acceptable 112 * for this key manager provider, or {@code false} if not. 113 */ 114 public boolean isConfigurationAcceptable( 115 T configuration, 116 List<LocalizableMessage> unacceptableReasons) 117 { 118 // This default implementation does not perform any special 119 // validation. It should be overridden by key manager provider 120 // implementations that wish to perform more detailed validation. 121 return true; 122 } 123 124 125 126 /** 127 * Performs any finalization that may be necessary for this key 128 * manager provider. 129 */ 130 public abstract void finalizeKeyManagerProvider(); 131 132 133 134 /** 135 * Retrieves a set of {@code KeyManager} objects that may be used 136 * for interactions requiring access to a key manager. 137 * 138 * @return A set of {@code KeyManager} objects that may be used for 139 * interactions requiring access to a key manager. 140 * 141 * @throws DirectoryException If a problem occurs while attempting 142 * to obtain the set of key managers. 143 */ 144 public abstract KeyManager[] getKeyManagers() 145 throws DirectoryException; 146} 147