001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions Copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2008 Sun Microsystems, Inc.
015 */
016package org.forgerock.opendj.server.config.client;
017
018
019
020import java.net.InetAddress;
021import java.util.Collection;
022import java.util.SortedSet;
023import org.forgerock.opendj.config.ConfigurationClient;
024import org.forgerock.opendj.config.ManagedObjectDefinition;
025import org.forgerock.opendj.config.PropertyException;
026import org.forgerock.opendj.ldap.AddressMask;
027import org.forgerock.opendj.server.config.server.AdministrationConnectorCfg;
028
029
030
031/**
032 * A client-side interface for reading and modifying Administration
033 * Connector settings.
034 * <p>
035 * The Administration Connector is used to interact with
036 * administration tools using LDAP.
037 */
038public interface AdministrationConnectorCfgClient extends ConfigurationClient {
039
040  /**
041   * Get the configuration definition associated with this Administration Connector.
042   *
043   * @return Returns the configuration definition associated with this Administration Connector.
044   */
045  ManagedObjectDefinition<? extends AdministrationConnectorCfgClient, ? extends AdministrationConnectorCfg> definition();
046
047
048
049  /**
050   * Gets the "allowed-client" property.
051   * <p>
052   * Specifies a set of host names or address masks that determine the
053   * clients that are allowed to establish connections to this
054   * Administration Connector.
055   * <p>
056   * Valid values include a host name, a fully qualified domain name,
057   * a domain name, an IP address, or a subnetwork with subnetwork
058   * mask.
059   *
060   * @return Returns the values of the "allowed-client" property.
061   */
062  SortedSet<AddressMask> getAllowedClient();
063
064
065
066  /**
067   * Sets the "allowed-client" property.
068   * <p>
069   * Specifies a set of host names or address masks that determine the
070   * clients that are allowed to establish connections to this
071   * Administration Connector.
072   * <p>
073   * Valid values include a host name, a fully qualified domain name,
074   * a domain name, an IP address, or a subnetwork with subnetwork
075   * mask.
076   *
077   * @param values The values of the "allowed-client" property.
078   * @throws PropertyException
079   *           If one or more of the new values are invalid.
080   */
081  void setAllowedClient(Collection<AddressMask> values) throws PropertyException;
082
083
084
085  /**
086   * Gets the "denied-client" property.
087   * <p>
088   * Specifies a set of host names or address masks that determine the
089   * clients that are not allowed to establish connections to this
090   * Administration Connector.
091   * <p>
092   * Valid values include a host name, a fully qualified domain name,
093   * a domain name, an IP address, or a subnetwork with subnetwork
094   * mask. If both allowed and denied client masks are defined and a
095   * client connection matches one or more masks in both lists, then
096   * the connection is denied. If only a denied list is specified, then
097   * any client not matching a mask in that list is allowed.
098   *
099   * @return Returns the values of the "denied-client" property.
100   */
101  SortedSet<AddressMask> getDeniedClient();
102
103
104
105  /**
106   * Sets the "denied-client" property.
107   * <p>
108   * Specifies a set of host names or address masks that determine the
109   * clients that are not allowed to establish connections to this
110   * Administration Connector.
111   * <p>
112   * Valid values include a host name, a fully qualified domain name,
113   * a domain name, an IP address, or a subnetwork with subnetwork
114   * mask. If both allowed and denied client masks are defined and a
115   * client connection matches one or more masks in both lists, then
116   * the connection is denied. If only a denied list is specified, then
117   * any client not matching a mask in that list is allowed.
118   *
119   * @param values The values of the "denied-client" property.
120   * @throws PropertyException
121   *           If one or more of the new values are invalid.
122   */
123  void setDeniedClient(Collection<AddressMask> values) throws PropertyException;
124
125
126
127  /**
128   * Gets the "key-manager-provider" property.
129   * <p>
130   * Specifies the name of the key manager that is used with the
131   * Administration Connector .
132   *
133   * @return Returns the value of the "key-manager-provider" property.
134   */
135  String getKeyManagerProvider();
136
137
138
139  /**
140   * Sets the "key-manager-provider" property.
141   * <p>
142   * Specifies the name of the key manager that is used with the
143   * Administration Connector .
144   *
145   * @param value The value of the "key-manager-provider" property.
146   * @throws PropertyException
147   *           If the new value is invalid.
148   */
149  void setKeyManagerProvider(String value) throws PropertyException;
150
151
152
153  /**
154   * Gets the "listen-address" property.
155   * <p>
156   * Specifies the address or set of addresses on which this
157   * Administration Connector should listen for connections from LDAP
158   * clients.
159   * <p>
160   * Multiple addresses may be provided as separate values for this
161   * attribute. If no values are provided, then the Administration
162   * Connector listens on all interfaces.
163   *
164   * @return Returns the values of the "listen-address" property.
165   */
166  SortedSet<InetAddress> getListenAddress();
167
168
169
170  /**
171   * Sets the "listen-address" property.
172   * <p>
173   * Specifies the address or set of addresses on which this
174   * Administration Connector should listen for connections from LDAP
175   * clients.
176   * <p>
177   * Multiple addresses may be provided as separate values for this
178   * attribute. If no values are provided, then the Administration
179   * Connector listens on all interfaces.
180   *
181   * @param values The values of the "listen-address" property.
182   * @throws PropertyException
183   *           If one or more of the new values are invalid.
184   */
185  void setListenAddress(Collection<InetAddress> values) throws PropertyException;
186
187
188
189  /**
190   * Gets the "listen-port" property.
191   * <p>
192   * Specifies the port number on which the Administration Connector
193   * will listen for connections from clients.
194   * <p>
195   * Only a single port number may be provided.
196   *
197   * @return Returns the value of the "listen-port" property.
198   */
199  Integer getListenPort();
200
201
202
203  /**
204   * Sets the "listen-port" property.
205   * <p>
206   * Specifies the port number on which the Administration Connector
207   * will listen for connections from clients.
208   * <p>
209   * Only a single port number may be provided.
210   *
211   * @param value The value of the "listen-port" property.
212   * @throws PropertyException
213   *           If the new value is invalid.
214   */
215  void setListenPort(int value) throws PropertyException;
216
217
218
219  /**
220   * Gets the "ssl-cert-nickname" property.
221   * <p>
222   * Specifies the nicknames (also called the aliases) of the keys or
223   * key pairs that the Administration Connector should use when
224   * performing SSL communication. The property can be used multiple
225   * times (referencing different nicknames) when server certificates
226   * with different public key algorithms are used in parallel (for
227   * example, RSA, DSA, and ECC-based algorithms). When a nickname
228   * refers to an asymmetric (public/private) key pair, the nickname
229   * for the public key certificate and associated private key entry
230   * must match exactly. A single nickname is used to retrieve both the
231   * public key and the private key.
232   *
233   * @return Returns the values of the "ssl-cert-nickname" property.
234   */
235  SortedSet<String> getSSLCertNickname();
236
237
238
239  /**
240   * Sets the "ssl-cert-nickname" property.
241   * <p>
242   * Specifies the nicknames (also called the aliases) of the keys or
243   * key pairs that the Administration Connector should use when
244   * performing SSL communication. The property can be used multiple
245   * times (referencing different nicknames) when server certificates
246   * with different public key algorithms are used in parallel (for
247   * example, RSA, DSA, and ECC-based algorithms). When a nickname
248   * refers to an asymmetric (public/private) key pair, the nickname
249   * for the public key certificate and associated private key entry
250   * must match exactly. A single nickname is used to retrieve both the
251   * public key and the private key.
252   *
253   * @param values The values of the "ssl-cert-nickname" property.
254   * @throws PropertyException
255   *           If one or more of the new values are invalid.
256   */
257  void setSSLCertNickname(Collection<String> values) throws PropertyException;
258
259
260
261  /**
262   * Gets the "ssl-cipher-suite" property.
263   * <p>
264   * Specifies the names of the SSL cipher suites that are allowed for
265   * use in SSL communication.
266   *
267   * @return Returns the values of the "ssl-cipher-suite" property.
268   */
269  SortedSet<String> getSSLCipherSuite();
270
271
272
273  /**
274   * Sets the "ssl-cipher-suite" property.
275   * <p>
276   * Specifies the names of the SSL cipher suites that are allowed for
277   * use in SSL communication.
278   *
279   * @param values The values of the "ssl-cipher-suite" property.
280   * @throws PropertyException
281   *           If one or more of the new values are invalid.
282   */
283  void setSSLCipherSuite(Collection<String> values) throws PropertyException;
284
285
286
287  /**
288   * Gets the "ssl-protocol" property.
289   * <p>
290   * Specifies the names of the SSL protocols that are allowed for use
291   * in SSL or StartTLS communication.
292   *
293   * @return Returns the values of the "ssl-protocol" property.
294   */
295  SortedSet<String> getSSLProtocol();
296
297
298
299  /**
300   * Sets the "ssl-protocol" property.
301   * <p>
302   * Specifies the names of the SSL protocols that are allowed for use
303   * in SSL or StartTLS communication.
304   *
305   * @param values The values of the "ssl-protocol" property.
306   * @throws PropertyException
307   *           If one or more of the new values are invalid.
308   */
309  void setSSLProtocol(Collection<String> values) throws PropertyException;
310
311
312
313  /**
314   * Gets the "trust-manager-provider" property.
315   * <p>
316   * Specifies the name of the trust manager that is used with the
317   * Administration Connector .
318   *
319   * @return Returns the value of the "trust-manager-provider" property.
320   */
321  String getTrustManagerProvider();
322
323
324
325  /**
326   * Sets the "trust-manager-provider" property.
327   * <p>
328   * Specifies the name of the trust manager that is used with the
329   * Administration Connector .
330   *
331   * @param value The value of the "trust-manager-provider" property.
332   * @throws PropertyException
333   *           If the new value is invalid.
334   */
335  void setTrustManagerProvider(String value) throws PropertyException;
336
337}