001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions Copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2006-2008 Sun Microsystems, Inc.
015 * Portions Copyright 2015-2016 ForgeRock AS.
016 */
017package org.opends.server.api;
018import org.forgerock.i18n.LocalizableMessage;
019
020
021
022import java.util.List;
023import javax.net.ssl.KeyManager;
024
025import org.forgerock.opendj.server.config.server.KeyManagerProviderCfg;
026import org.forgerock.opendj.config.server.ConfigException;
027import org.opends.server.types.DirectoryException;
028import org.opends.server.types.InitializationException;
029
030
031
032/**
033 * This class defines an API that may be used to obtain a set of
034 * {@code javax.net.ssl.KeyManager} objects for use when performing
035 * SSL communication.
036 *
037 * @param <T>
038 *          The type of key manager provider configuration handled by
039 *          this key manager provider implementation.
040 */
041@org.opends.server.types.PublicAPI(
042     stability=org.opends.server.types.StabilityLevel.VOLATILE,
043     mayInstantiate=false,
044     mayExtend=true,
045     mayInvoke=true)
046public abstract class KeyManagerProvider
047    <T extends KeyManagerProviderCfg>
048{
049  /**
050   * Initializes this key manager provider based on the information in
051   * the provided key manager provider configuration.
052   *
053   * @param configuration
054   *          The key manager provider configuration that contains the
055   *          information to use to initialize this key manager
056   *          provider.
057   * @throws ConfigException
058   *           If an unrecoverable problem arises in the process of
059   *           performing the initialization as a result of the server
060   *           configuration.
061   * @throws InitializationException
062   *           If a problem occurs during initialization that is not
063   *           related to the server configuration.
064   */
065  public abstract void initializeKeyManagerProvider(T configuration)
066      throws ConfigException, InitializationException;
067
068
069  /**
070   *
071   * Verifies that an alias is defined in the scope of this Key Manager.
072   *
073   * @param alias
074   *          The alias to check.
075   * @return true if the alias exists, false otherwise
076   */
077  public boolean containsKeyWithAlias(String alias)
078  {
079    return true;
080  }
081
082  /**
083   *
084   * Verifies that the keystore has at least one usable key.
085   *
086   * @return true if the keystore has at least one usable key, false otherwise
087   */
088  public boolean containsAtLeastOneKey()
089  {
090    return true;
091  }
092
093  /**
094   * Indicates whether the provided configuration is acceptable for
095   * this key manager provider.  It should be possible to call this
096   * method on an uninitialized key manager provider instance in order
097   * to determine whether the key manager provider would be able to
098   * use the provided configuration.
099   * <BR><BR>
100   * Note that implementations which use a subclass of the provided
101   * configuration class will likely need to cast the configuration
102   * to the appropriate subclass type.
103   *
104   * @param  configuration        The key manager provider
105   *                              configuration for which to make the
106   *                              determination.
107   * @param  unacceptableReasons  A list that may be used to hold the
108   *                              reasons that the provided
109   *                              configuration is not acceptable.
110   *
111   * @return  {@code true} if the provided configuration is acceptable
112   *          for this key manager provider, or {@code false} if not.
113   */
114  public boolean isConfigurationAcceptable(
115                      T configuration,
116                      List<LocalizableMessage> unacceptableReasons)
117  {
118    // This default implementation does not perform any special
119    // validation.  It should be overridden by key manager provider
120    // implementations that wish to perform more detailed validation.
121    return true;
122  }
123
124
125
126  /**
127   * Performs any finalization that may be necessary for this key
128   * manager provider.
129   */
130  public abstract void finalizeKeyManagerProvider();
131
132
133
134  /**
135   * Retrieves a set of {@code KeyManager} objects that may be used
136   * for interactions requiring access to a key manager.
137   *
138   * @return  A set of {@code KeyManager} objects that may be used for
139   *          interactions requiring access to a key manager.
140   *
141   * @throws  DirectoryException  If a problem occurs while attempting
142   *                              to obtain the set of key managers.
143   */
144  public abstract KeyManager[] getKeyManagers()
145         throws DirectoryException;
146}
147