001/*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License").  You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
010 * or http://forgerock.org/license/CDDLv1.0.html.
011 * See the License for the specific language governing permissions
012 * and limitations under the License.
013 *
014 * When distributing Covered Code, include this CDDL HEADER in each
015 * file and include the License file at legal-notices/CDDLv1_0.txt.
016 * If applicable, add the following below this CDDL HEADER, with the
017 * fields enclosed by brackets "[]" replaced with your own identifying
018 * information:
019 *      Portions Copyright [yyyy] [name of copyright owner]
020 *
021 * CDDL HEADER END
022 *
023 *
024 *      Copyright 2008 Sun Microsystems, Inc.
025 */
026package org.opends.server.admin.std.client;
027
028
029
030import java.util.Collection;
031import java.util.SortedSet;
032import org.opends.server.admin.ConfigurationClient;
033import org.opends.server.admin.ManagedObjectDefinition;
034import org.opends.server.admin.PropertyException;
035import org.opends.server.admin.std.server.CryptoManagerCfg;
036
037
038
039/**
040 * A client-side interface for reading and modifying Crypto Manager
041 * settings.
042 * <p>
043 * The Crypto Manager provides a common interface for performing
044 * compression, decompression, hashing, encryption and other kinds of
045 * cryptographic operations.
046 */
047public interface CryptoManagerCfgClient extends ConfigurationClient {
048
049  /**
050   * Get the configuration definition associated with this Crypto Manager.
051   *
052   * @return Returns the configuration definition associated with this Crypto Manager.
053   */
054  ManagedObjectDefinition<? extends CryptoManagerCfgClient, ? extends CryptoManagerCfg> definition();
055
056
057
058  /**
059   * Gets the "cipher-key-length" property.
060   * <p>
061   * Specifies the key length in bits for the preferred cipher.
062   *
063   * @return Returns the value of the "cipher-key-length" property.
064   */
065  int getCipherKeyLength();
066
067
068
069  /**
070   * Sets the "cipher-key-length" property.
071   * <p>
072   * Specifies the key length in bits for the preferred cipher.
073   *
074   * @param value The value of the "cipher-key-length" property.
075   * @throws PropertyException
076   *           If the new value is invalid.
077   */
078  void setCipherKeyLength(Integer value) throws PropertyException;
079
080
081
082  /**
083   * Gets the "cipher-transformation" property.
084   * <p>
085   * Specifies the cipher for the directory server using the syntax
086   * algorithm/mode/padding.
087   * <p>
088   * The full transformation is required: specifying only an algorithm
089   * and allowing the cipher provider to supply the default mode and
090   * padding is not supported, because there is no guarantee these
091   * default values are the same among different implementations. Some
092   * cipher algorithms, including RC4 and ARCFOUR, do not have a mode
093   * or padding, and hence must be specified using NONE for the mode
094   * field and NoPadding for the padding field. For example,
095   * RC4/NONE/NoPadding.
096   *
097   * @return Returns the value of the "cipher-transformation" property.
098   */
099  String getCipherTransformation();
100
101
102
103  /**
104   * Sets the "cipher-transformation" property.
105   * <p>
106   * Specifies the cipher for the directory server using the syntax
107   * algorithm/mode/padding.
108   * <p>
109   * The full transformation is required: specifying only an algorithm
110   * and allowing the cipher provider to supply the default mode and
111   * padding is not supported, because there is no guarantee these
112   * default values are the same among different implementations. Some
113   * cipher algorithms, including RC4 and ARCFOUR, do not have a mode
114   * or padding, and hence must be specified using NONE for the mode
115   * field and NoPadding for the padding field. For example,
116   * RC4/NONE/NoPadding.
117   *
118   * @param value The value of the "cipher-transformation" property.
119   * @throws PropertyException
120   *           If the new value is invalid.
121   */
122  void setCipherTransformation(String value) throws PropertyException;
123
124
125
126  /**
127   * Gets the "digest-algorithm" property.
128   * <p>
129   * Specifies the preferred message digest algorithm for the
130   * directory server.
131   *
132   * @return Returns the value of the "digest-algorithm" property.
133   */
134  String getDigestAlgorithm();
135
136
137
138  /**
139   * Sets the "digest-algorithm" property.
140   * <p>
141   * Specifies the preferred message digest algorithm for the
142   * directory server.
143   *
144   * @param value The value of the "digest-algorithm" property.
145   * @throws PropertyException
146   *           If the new value is invalid.
147   */
148  void setDigestAlgorithm(String value) throws PropertyException;
149
150
151
152  /**
153   * Gets the "key-wrapping-transformation" property.
154   * <p>
155   * The preferred key wrapping transformation for the directory
156   * server. This value must be the same for all server instances in a
157   * replication topology.
158   *
159   * @return Returns the value of the "key-wrapping-transformation" property.
160   */
161  String getKeyWrappingTransformation();
162
163
164
165  /**
166   * Sets the "key-wrapping-transformation" property.
167   * <p>
168   * The preferred key wrapping transformation for the directory
169   * server. This value must be the same for all server instances in a
170   * replication topology.
171   *
172   * @param value The value of the "key-wrapping-transformation" property.
173   * @throws PropertyException
174   *           If the new value is invalid.
175   */
176  void setKeyWrappingTransformation(String value) throws PropertyException;
177
178
179
180  /**
181   * Gets the "mac-algorithm" property.
182   * <p>
183   * Specifies the preferred MAC algorithm for the directory server.
184   *
185   * @return Returns the value of the "mac-algorithm" property.
186   */
187  String getMacAlgorithm();
188
189
190
191  /**
192   * Sets the "mac-algorithm" property.
193   * <p>
194   * Specifies the preferred MAC algorithm for the directory server.
195   *
196   * @param value The value of the "mac-algorithm" property.
197   * @throws PropertyException
198   *           If the new value is invalid.
199   */
200  void setMacAlgorithm(String value) throws PropertyException;
201
202
203
204  /**
205   * Gets the "mac-key-length" property.
206   * <p>
207   * Specifies the key length in bits for the preferred MAC algorithm.
208   *
209   * @return Returns the value of the "mac-key-length" property.
210   */
211  int getMacKeyLength();
212
213
214
215  /**
216   * Sets the "mac-key-length" property.
217   * <p>
218   * Specifies the key length in bits for the preferred MAC algorithm.
219   *
220   * @param value The value of the "mac-key-length" property.
221   * @throws PropertyException
222   *           If the new value is invalid.
223   */
224  void setMacKeyLength(Integer value) throws PropertyException;
225
226
227
228  /**
229   * Gets the "ssl-cert-nickname" property.
230   * <p>
231   * Specifies the nickname (also called the alias) of the certificate
232   * that the Crypto Manager should use when performing SSL
233   * communication.
234   * <p>
235   * This is only applicable when the Crypto Manager is configured to
236   * use SSL.
237   *
238   * @return Returns the value of the "ssl-cert-nickname" property.
239   */
240  String getSSLCertNickname();
241
242
243
244  /**
245   * Sets the "ssl-cert-nickname" property.
246   * <p>
247   * Specifies the nickname (also called the alias) of the certificate
248   * that the Crypto Manager should use when performing SSL
249   * communication.
250   * <p>
251   * This is only applicable when the Crypto Manager is configured to
252   * use SSL.
253   *
254   * @param value The value of the "ssl-cert-nickname" property.
255   * @throws PropertyException
256   *           If the new value is invalid.
257   */
258  void setSSLCertNickname(String value) throws PropertyException;
259
260
261
262  /**
263   * Gets the "ssl-cipher-suite" property.
264   * <p>
265   * Specifies the names of the SSL cipher suites that are allowed for
266   * use in SSL or TLS communication.
267   *
268   * @return Returns the values of the "ssl-cipher-suite" property.
269   */
270  SortedSet<String> getSSLCipherSuite();
271
272
273
274  /**
275   * Sets the "ssl-cipher-suite" property.
276   * <p>
277   * Specifies the names of the SSL cipher suites that are allowed for
278   * use in SSL or TLS communication.
279   *
280   * @param values The values of the "ssl-cipher-suite" property.
281   * @throws PropertyException
282   *           If one or more of the new values are invalid.
283   */
284  void setSSLCipherSuite(Collection<String> values) throws PropertyException;
285
286
287
288  /**
289   * Gets the "ssl-encryption" property.
290   * <p>
291   * Specifies whether SSL/TLS is used to provide encrypted
292   * communication between two OpenDJ server components.
293   *
294   * @return Returns the value of the "ssl-encryption" property.
295   */
296  boolean isSSLEncryption();
297
298
299
300  /**
301   * Sets the "ssl-encryption" property.
302   * <p>
303   * Specifies whether SSL/TLS is used to provide encrypted
304   * communication between two OpenDJ server components.
305   *
306   * @param value The value of the "ssl-encryption" property.
307   * @throws PropertyException
308   *           If the new value is invalid.
309   */
310  void setSSLEncryption(Boolean value) throws PropertyException;
311
312
313
314  /**
315   * Gets the "ssl-protocol" property.
316   * <p>
317   * Specifies the names of the SSL protocols that are allowed for use
318   * in SSL or TLS communication.
319   *
320   * @return Returns the values of the "ssl-protocol" property.
321   */
322  SortedSet<String> getSSLProtocol();
323
324
325
326  /**
327   * Sets the "ssl-protocol" property.
328   * <p>
329   * Specifies the names of the SSL protocols that are allowed for use
330   * in SSL or TLS communication.
331   *
332   * @param values The values of the "ssl-protocol" property.
333   * @throws PropertyException
334   *           If one or more of the new values are invalid.
335   */
336  void setSSLProtocol(Collection<String> values) throws PropertyException;
337
338}