Source code

001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions Copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2008 Sun Microsystems, Inc.
015 */
016package org.forgerock.opendj.server.config.client;
017
018
019
020import java.util.Collection;
021import java.util.SortedSet;
022import org.forgerock.opendj.config.ConfigurationClient;
023import org.forgerock.opendj.config.ManagedObjectDefinition;
024import org.forgerock.opendj.config.PropertyException;
025import org.forgerock.opendj.server.config.server.CryptoManagerCfg;
026
027
028
029/**
030 * A client-side interface for reading and modifying Crypto Manager
031 * settings.
032 * <p>
033 * The Crypto Manager provides a common interface for performing
034 * compression, decompression, hashing, encryption and other kinds of
035 * cryptographic operations.
036 */
037public interface CryptoManagerCfgClient extends ConfigurationClient {
038
039  /**
040   * Get the configuration definition associated with this Crypto Manager.
041   *
042   * @return Returns the configuration definition associated with this Crypto Manager.
043   */
044  ManagedObjectDefinition<? extends CryptoManagerCfgClient, ? extends CryptoManagerCfg> definition();
045
046
047
048  /**
049   * Gets the "cipher-key-length" property.
050   * <p>
051   * Specifies the key length in bits for the preferred cipher.
052   *
053   * @return Returns the value of the "cipher-key-length" property.
054   */
055  int getCipherKeyLength();
056
057
058
059  /**
060   * Sets the "cipher-key-length" property.
061   * <p>
062   * Specifies the key length in bits for the preferred cipher.
063   *
064   * @param value The value of the "cipher-key-length" property.
065   * @throws PropertyException
066   *           If the new value is invalid.
067   */
068  void setCipherKeyLength(Integer value) throws PropertyException;
069
070
071
072  /**
073   * Gets the "cipher-transformation" property.
074   * <p>
075   * Specifies the cipher for the directory server using the syntax
076   * algorithm/mode/padding.
077   * <p>
078   * The full transformation is required: specifying only an algorithm
079   * and allowing the cipher provider to supply the default mode and
080   * padding is not supported, because there is no guarantee these
081   * default values are the same among different implementations. Some
082   * cipher algorithms, including RC4 and ARCFOUR, do not have a mode
083   * or padding, and hence must be specified using NONE for the mode
084   * field and NoPadding for the padding field. For example,
085   * RC4/NONE/NoPadding.
086   *
087   * @return Returns the value of the "cipher-transformation" property.
088   */
089  String getCipherTransformation();
090
091
092
093  /**
094   * Sets the "cipher-transformation" property.
095   * <p>
096   * Specifies the cipher for the directory server using the syntax
097   * algorithm/mode/padding.
098   * <p>
099   * The full transformation is required: specifying only an algorithm
100   * and allowing the cipher provider to supply the default mode and
101   * padding is not supported, because there is no guarantee these
102   * default values are the same among different implementations. Some
103   * cipher algorithms, including RC4 and ARCFOUR, do not have a mode
104   * or padding, and hence must be specified using NONE for the mode
105   * field and NoPadding for the padding field. For example,
106   * RC4/NONE/NoPadding.
107   *
108   * @param value The value of the "cipher-transformation" property.
109   * @throws PropertyException
110   *           If the new value is invalid.
111   */
112  void setCipherTransformation(String value) throws PropertyException;
113
114
115
116  /**
117   * Gets the "digest-algorithm" property.
118   * <p>
119   * Specifies the preferred message digest algorithm for the
120   * directory server.
121   *
122   * @return Returns the value of the "digest-algorithm" property.
123   */
124  String getDigestAlgorithm();
125
126
127
128  /**
129   * Sets the "digest-algorithm" property.
130   * <p>
131   * Specifies the preferred message digest algorithm for the
132   * directory server.
133   *
134   * @param value The value of the "digest-algorithm" property.
135   * @throws PropertyException
136   *           If the new value is invalid.
137   */
138  void setDigestAlgorithm(String value) throws PropertyException;
139
140
141
142  /**
143   * Gets the "key-wrapping-transformation" property.
144   * <p>
145   * The preferred key wrapping transformation for the directory
146   * server. This value must be the same for all server instances in a
147   * replication topology.
148   *
149   * @return Returns the value of the "key-wrapping-transformation" property.
150   */
151  String getKeyWrappingTransformation();
152
153
154
155  /**
156   * Sets the "key-wrapping-transformation" property.
157   * <p>
158   * The preferred key wrapping transformation for the directory
159   * server. This value must be the same for all server instances in a
160   * replication topology.
161   *
162   * @param value The value of the "key-wrapping-transformation" property.
163   * @throws PropertyException
164   *           If the new value is invalid.
165   */
166  void setKeyWrappingTransformation(String value) throws PropertyException;
167
168
169
170  /**
171   * Gets the "mac-algorithm" property.
172   * <p>
173   * Specifies the preferred MAC algorithm for the directory server.
174   *
175   * @return Returns the value of the "mac-algorithm" property.
176   */
177  String getMacAlgorithm();
178
179
180
181  /**
182   * Sets the "mac-algorithm" property.
183   * <p>
184   * Specifies the preferred MAC algorithm for the directory server.
185   *
186   * @param value The value of the "mac-algorithm" property.
187   * @throws PropertyException
188   *           If the new value is invalid.
189   */
190  void setMacAlgorithm(String value) throws PropertyException;
191
192
193
194  /**
195   * Gets the "mac-key-length" property.
196   * <p>
197   * Specifies the key length in bits for the preferred MAC algorithm.
198   *
199   * @return Returns the value of the "mac-key-length" property.
200   */
201  int getMacKeyLength();
202
203
204
205  /**
206   * Sets the "mac-key-length" property.
207   * <p>
208   * Specifies the key length in bits for the preferred MAC algorithm.
209   *
210   * @param value The value of the "mac-key-length" property.
211   * @throws PropertyException
212   *           If the new value is invalid.
213   */
214  void setMacKeyLength(Integer value) throws PropertyException;
215
216
217
218  /**
219   * Gets the "ssl-cert-nickname" property.
220   * <p>
221   * Specifies the nicknames (also called the aliases) of the
222   * certificates that the Crypto Manager should use when performing
223   * SSL communication. The property can be used multiple times
224   * (referencing different nicknames) when an RSA, a DSA, and an ECC
225   * based server certificate is used in parallel.
226   * <p>
227   * This is only applicable when the Crypto Manager is configured to
228   * use SSL.
229   *
230   * @return Returns the values of the "ssl-cert-nickname" property.
231   */
232  SortedSet<String> getSSLCertNickname();
233
234
235
236  /**
237   * Sets the "ssl-cert-nickname" property.
238   * <p>
239   * Specifies the nicknames (also called the aliases) of the
240   * certificates that the Crypto Manager should use when performing
241   * SSL communication. The property can be used multiple times
242   * (referencing different nicknames) when an RSA, a DSA, and an ECC
243   * based server certificate is used in parallel.
244   * <p>
245   * This is only applicable when the Crypto Manager is configured to
246   * use SSL.
247   *
248   * @param values The values of the "ssl-cert-nickname" property.
249   * @throws PropertyException
250   *           If one or more of the new values are invalid.
251   */
252  void setSSLCertNickname(Collection<String> values) throws PropertyException;
253
254
255
256  /**
257   * Gets the "ssl-cipher-suite" property.
258   * <p>
259   * Specifies the names of the SSL cipher suites that are allowed for
260   * use in SSL or TLS communication.
261   *
262   * @return Returns the values of the "ssl-cipher-suite" property.
263   */
264  SortedSet<String> getSSLCipherSuite();
265
266
267
268  /**
269   * Sets the "ssl-cipher-suite" property.
270   * <p>
271   * Specifies the names of the SSL cipher suites that are allowed for
272   * use in SSL or TLS communication.
273   *
274   * @param values The values of the "ssl-cipher-suite" property.
275   * @throws PropertyException
276   *           If one or more of the new values are invalid.
277   */
278  void setSSLCipherSuite(Collection<String> values) throws PropertyException;
279
280
281
282  /**
283   * Gets the "ssl-encryption" property.
284   * <p>
285   * Specifies whether SSL/TLS is used to provide encrypted
286   * communication between two OpenDJ server components.
287   *
288   * @return Returns the value of the "ssl-encryption" property.
289   */
290  boolean isSSLEncryption();
291
292
293
294  /**
295   * Sets the "ssl-encryption" property.
296   * <p>
297   * Specifies whether SSL/TLS is used to provide encrypted
298   * communication between two OpenDJ server components.
299   *
300   * @param value The value of the "ssl-encryption" property.
301   * @throws PropertyException
302   *           If the new value is invalid.
303   */
304  void setSSLEncryption(Boolean value) throws PropertyException;
305
306
307
308  /**
309   * Gets the "ssl-protocol" property.
310   * <p>
311   * Specifies the names of the SSL protocols that are allowed for use
312   * in SSL or TLS communication.
313   *
314   * @return Returns the values of the "ssl-protocol" property.
315   */
316  SortedSet<String> getSSLProtocol();
317
318
319
320  /**
321   * Sets the "ssl-protocol" property.
322   * <p>
323   * Specifies the names of the SSL protocols that are allowed for use
324   * in SSL or TLS communication.
325   *
326   * @param values The values of the "ssl-protocol" property.
327   * @throws PropertyException
328   *           If one or more of the new values are invalid.
329   */
330  void setSSLProtocol(Collection<String> values) throws PropertyException;
331
332}