001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions Copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2008 Sun Microsystems, Inc. 015 */ 016package org.forgerock.opendj.server.config.server; 017 018 019 020import java.util.SortedSet; 021import org.forgerock.opendj.config.Configuration; 022import org.forgerock.opendj.config.server.ConfigurationChangeListener; 023 024 025 026/** 027 * A server-side interface for querying Crypto Manager settings. 028 * <p> 029 * The Crypto Manager provides a common interface for performing 030 * compression, decompression, hashing, encryption and other kinds of 031 * cryptographic operations. 032 */ 033public interface CryptoManagerCfg extends Configuration { 034 035 /** 036 * Gets the configuration class associated with this Crypto Manager. 037 * 038 * @return Returns the configuration class associated with this Crypto Manager. 039 */ 040 Class<? extends CryptoManagerCfg> configurationClass(); 041 042 043 044 /** 045 * Register to be notified when this Crypto Manager is changed. 046 * 047 * @param listener 048 * The Crypto Manager configuration change listener. 049 */ 050 void addChangeListener(ConfigurationChangeListener<CryptoManagerCfg> listener); 051 052 053 054 /** 055 * Deregister an existing Crypto Manager configuration change listener. 056 * 057 * @param listener 058 * The Crypto Manager configuration change listener. 059 */ 060 void removeChangeListener(ConfigurationChangeListener<CryptoManagerCfg> listener); 061 062 063 064 /** 065 * Gets the "cipher-key-length" property. 066 * <p> 067 * Specifies the key length in bits for the preferred cipher. 068 * 069 * @return Returns the value of the "cipher-key-length" property. 070 */ 071 int getCipherKeyLength(); 072 073 074 075 /** 076 * Gets the "cipher-transformation" property. 077 * <p> 078 * Specifies the cipher for the directory server using the syntax 079 * algorithm/mode/padding. 080 * <p> 081 * The full transformation is required: specifying only an algorithm 082 * and allowing the cipher provider to supply the default mode and 083 * padding is not supported, because there is no guarantee these 084 * default values are the same among different implementations. Some 085 * cipher algorithms, including RC4 and ARCFOUR, do not have a mode 086 * or padding, and hence must be specified using NONE for the mode 087 * field and NoPadding for the padding field. For example, 088 * RC4/NONE/NoPadding. 089 * 090 * @return Returns the value of the "cipher-transformation" property. 091 */ 092 String getCipherTransformation(); 093 094 095 096 /** 097 * Gets the "digest-algorithm" property. 098 * <p> 099 * Specifies the preferred message digest algorithm for the 100 * directory server. 101 * 102 * @return Returns the value of the "digest-algorithm" property. 103 */ 104 String getDigestAlgorithm(); 105 106 107 108 /** 109 * Gets the "key-wrapping-transformation" property. 110 * <p> 111 * The preferred key wrapping transformation for the directory 112 * server. This value must be the same for all server instances in a 113 * replication topology. 114 * 115 * @return Returns the value of the "key-wrapping-transformation" property. 116 */ 117 String getKeyWrappingTransformation(); 118 119 120 121 /** 122 * Gets the "mac-algorithm" property. 123 * <p> 124 * Specifies the preferred MAC algorithm for the directory server. 125 * 126 * @return Returns the value of the "mac-algorithm" property. 127 */ 128 String getMacAlgorithm(); 129 130 131 132 /** 133 * Gets the "mac-key-length" property. 134 * <p> 135 * Specifies the key length in bits for the preferred MAC algorithm. 136 * 137 * @return Returns the value of the "mac-key-length" property. 138 */ 139 int getMacKeyLength(); 140 141 142 143 /** 144 * Gets the "ssl-cert-nickname" property. 145 * <p> 146 * Specifies the nicknames (also called the aliases) of the keys or 147 * key pairs that the Crypto Manager should use when performing SSL 148 * communication. The property can be used multiple times 149 * (referencing different nicknames) when server certificates with 150 * different public key algorithms are used in parallel (for example, 151 * RSA, DSA, and ECC-based algorithms). When a nickname refers to an 152 * asymmetric (public/private) key pair, the nickname for the public 153 * key certificate and associated private key entry must match 154 * exactly. A single nickname is used to retrieve both the public key 155 * and the private key. 156 * <p> 157 * This is only applicable when the Crypto Manager is configured to 158 * use SSL. 159 * 160 * @return Returns an unmodifiable set containing the values of the "ssl-cert-nickname" property. 161 */ 162 SortedSet<String> getSSLCertNickname(); 163 164 165 166 /** 167 * Gets the "ssl-cipher-suite" property. 168 * <p> 169 * Specifies the names of the SSL cipher suites that are allowed for 170 * use in SSL or TLS communication. 171 * 172 * @return Returns an unmodifiable set containing the values of the "ssl-cipher-suite" property. 173 */ 174 SortedSet<String> getSSLCipherSuite(); 175 176 177 178 /** 179 * Gets the "ssl-encryption" property. 180 * <p> 181 * Specifies whether SSL/TLS is used to provide encrypted 182 * communication between two OpenDJ server components. 183 * 184 * @return Returns the value of the "ssl-encryption" property. 185 */ 186 boolean isSSLEncryption(); 187 188 189 190 /** 191 * Gets the "ssl-protocol" property. 192 * <p> 193 * Specifies the names of the SSL protocols that are allowed for use 194 * in SSL or TLS communication. 195 * 196 * @return Returns an unmodifiable set containing the values of the "ssl-protocol" property. 197 */ 198 SortedSet<String> getSSLProtocol(); 199 200}