001/* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt 010 * or http://forgerock.org/license/CDDLv1.0.html. 011 * See the License for the specific language governing permissions 012 * and limitations under the License. 013 * 014 * When distributing Covered Code, include this CDDL HEADER in each 015 * file and include the License file at legal-notices/CDDLv1_0.txt. 016 * If applicable, add the following below this CDDL HEADER, with the 017 * fields enclosed by brackets "[]" replaced with your own identifying 018 * information: 019 * Portions Copyright [yyyy] [name of copyright owner] 020 * 021 * CDDL HEADER END 022 * 023 * 024 * Copyright 2008 Sun Microsystems, Inc. 025 */ 026package org.opends.server.admin.std.server; 027 028 029 030import java.util.SortedSet; 031import org.opends.server.admin.Configuration; 032import org.opends.server.admin.server.ConfigurationChangeListener; 033 034 035 036/** 037 * A server-side interface for querying Crypto Manager settings. 038 * <p> 039 * The Crypto Manager provides a common interface for performing 040 * compression, decompression, hashing, encryption and other kinds of 041 * cryptographic operations. 042 */ 043public interface CryptoManagerCfg extends Configuration { 044 045 /** 046 * Gets the configuration class associated with this Crypto Manager. 047 * 048 * @return Returns the configuration class associated with this Crypto Manager. 049 */ 050 Class<? extends CryptoManagerCfg> configurationClass(); 051 052 053 054 /** 055 * Register to be notified when this Crypto Manager is changed. 056 * 057 * @param listener 058 * The Crypto Manager configuration change listener. 059 */ 060 void addChangeListener(ConfigurationChangeListener<CryptoManagerCfg> listener); 061 062 063 064 /** 065 * Deregister an existing Crypto Manager configuration change listener. 066 * 067 * @param listener 068 * The Crypto Manager configuration change listener. 069 */ 070 void removeChangeListener(ConfigurationChangeListener<CryptoManagerCfg> listener); 071 072 073 074 /** 075 * Gets the "cipher-key-length" property. 076 * <p> 077 * Specifies the key length in bits for the preferred cipher. 078 * 079 * @return Returns the value of the "cipher-key-length" property. 080 */ 081 int getCipherKeyLength(); 082 083 084 085 /** 086 * Gets the "cipher-transformation" property. 087 * <p> 088 * Specifies the cipher for the directory server using the syntax 089 * algorithm/mode/padding. 090 * <p> 091 * The full transformation is required: specifying only an algorithm 092 * and allowing the cipher provider to supply the default mode and 093 * padding is not supported, because there is no guarantee these 094 * default values are the same among different implementations. Some 095 * cipher algorithms, including RC4 and ARCFOUR, do not have a mode 096 * or padding, and hence must be specified using NONE for the mode 097 * field and NoPadding for the padding field. For example, 098 * RC4/NONE/NoPadding. 099 * 100 * @return Returns the value of the "cipher-transformation" property. 101 */ 102 String getCipherTransformation(); 103 104 105 106 /** 107 * Gets the "digest-algorithm" property. 108 * <p> 109 * Specifies the preferred message digest algorithm for the 110 * directory server. 111 * 112 * @return Returns the value of the "digest-algorithm" property. 113 */ 114 String getDigestAlgorithm(); 115 116 117 118 /** 119 * Gets the "key-wrapping-transformation" property. 120 * <p> 121 * The preferred key wrapping transformation for the directory 122 * server. This value must be the same for all server instances in a 123 * replication topology. 124 * 125 * @return Returns the value of the "key-wrapping-transformation" property. 126 */ 127 String getKeyWrappingTransformation(); 128 129 130 131 /** 132 * Gets the "mac-algorithm" property. 133 * <p> 134 * Specifies the preferred MAC algorithm for the directory server. 135 * 136 * @return Returns the value of the "mac-algorithm" property. 137 */ 138 String getMacAlgorithm(); 139 140 141 142 /** 143 * Gets the "mac-key-length" property. 144 * <p> 145 * Specifies the key length in bits for the preferred MAC algorithm. 146 * 147 * @return Returns the value of the "mac-key-length" property. 148 */ 149 int getMacKeyLength(); 150 151 152 153 /** 154 * Gets the "ssl-cert-nickname" property. 155 * <p> 156 * Specifies the nickname (also called the alias) of the certificate 157 * that the Crypto Manager should use when performing SSL 158 * communication. 159 * <p> 160 * This is only applicable when the Crypto Manager is configured to 161 * use SSL. 162 * 163 * @return Returns the value of the "ssl-cert-nickname" property. 164 */ 165 String getSSLCertNickname(); 166 167 168 169 /** 170 * Gets the "ssl-cipher-suite" property. 171 * <p> 172 * Specifies the names of the SSL cipher suites that are allowed for 173 * use in SSL or TLS communication. 174 * 175 * @return Returns an unmodifiable set containing the values of the "ssl-cipher-suite" property. 176 */ 177 SortedSet<String> getSSLCipherSuite(); 178 179 180 181 /** 182 * Gets the "ssl-encryption" property. 183 * <p> 184 * Specifies whether SSL/TLS is used to provide encrypted 185 * communication between two OpenDJ server components. 186 * 187 * @return Returns the value of the "ssl-encryption" property. 188 */ 189 boolean isSSLEncryption(); 190 191 192 193 /** 194 * Gets the "ssl-protocol" property. 195 * <p> 196 * Specifies the names of the SSL protocols that are allowed for use 197 * in SSL or TLS communication. 198 * 199 * @return Returns an unmodifiable set containing the values of the "ssl-protocol" property. 200 */ 201 SortedSet<String> getSSLProtocol(); 202 203}