001/*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License").  You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
010 * or http://forgerock.org/license/CDDLv1.0.html.
011 * See the License for the specific language governing permissions
012 * and limitations under the License.
013 *
014 * When distributing Covered Code, include this CDDL HEADER in each
015 * file and include the License file at legal-notices/CDDLv1_0.txt.
016 * If applicable, add the following below this CDDL HEADER, with the
017 * fields enclosed by brackets "[]" replaced with your own identifying
018 * information:
019 *      Portions Copyright [yyyy] [name of copyright owner]
020 *
021 * CDDL HEADER END
022 *
023 *
024 *      Copyright 2008 Sun Microsystems, Inc.
025 */
026package org.opends.server.admin.std.server;
027
028
029
030import java.util.SortedSet;
031import org.opends.server.admin.Configuration;
032import org.opends.server.admin.server.ConfigurationChangeListener;
033
034
035
036/**
037 * A server-side interface for querying Crypto Manager settings.
038 * <p>
039 * The Crypto Manager provides a common interface for performing
040 * compression, decompression, hashing, encryption and other kinds of
041 * cryptographic operations.
042 */
043public interface CryptoManagerCfg extends Configuration {
044
045  /**
046   * Gets the configuration class associated with this Crypto Manager.
047   *
048   * @return Returns the configuration class associated with this Crypto Manager.
049   */
050  Class<? extends CryptoManagerCfg> configurationClass();
051
052
053
054  /**
055   * Register to be notified when this Crypto Manager is changed.
056   *
057   * @param listener
058   *          The Crypto Manager configuration change listener.
059   */
060  void addChangeListener(ConfigurationChangeListener<CryptoManagerCfg> listener);
061
062
063
064  /**
065   * Deregister an existing Crypto Manager configuration change listener.
066   *
067   * @param listener
068   *          The Crypto Manager configuration change listener.
069   */
070  void removeChangeListener(ConfigurationChangeListener<CryptoManagerCfg> listener);
071
072
073
074  /**
075   * Gets the "cipher-key-length" property.
076   * <p>
077   * Specifies the key length in bits for the preferred cipher.
078   *
079   * @return Returns the value of the "cipher-key-length" property.
080   */
081  int getCipherKeyLength();
082
083
084
085  /**
086   * Gets the "cipher-transformation" property.
087   * <p>
088   * Specifies the cipher for the directory server using the syntax
089   * algorithm/mode/padding.
090   * <p>
091   * The full transformation is required: specifying only an algorithm
092   * and allowing the cipher provider to supply the default mode and
093   * padding is not supported, because there is no guarantee these
094   * default values are the same among different implementations. Some
095   * cipher algorithms, including RC4 and ARCFOUR, do not have a mode
096   * or padding, and hence must be specified using NONE for the mode
097   * field and NoPadding for the padding field. For example,
098   * RC4/NONE/NoPadding.
099   *
100   * @return Returns the value of the "cipher-transformation" property.
101   */
102  String getCipherTransformation();
103
104
105
106  /**
107   * Gets the "digest-algorithm" property.
108   * <p>
109   * Specifies the preferred message digest algorithm for the
110   * directory server.
111   *
112   * @return Returns the value of the "digest-algorithm" property.
113   */
114  String getDigestAlgorithm();
115
116
117
118  /**
119   * Gets the "key-wrapping-transformation" property.
120   * <p>
121   * The preferred key wrapping transformation for the directory
122   * server. This value must be the same for all server instances in a
123   * replication topology.
124   *
125   * @return Returns the value of the "key-wrapping-transformation" property.
126   */
127  String getKeyWrappingTransformation();
128
129
130
131  /**
132   * Gets the "mac-algorithm" property.
133   * <p>
134   * Specifies the preferred MAC algorithm for the directory server.
135   *
136   * @return Returns the value of the "mac-algorithm" property.
137   */
138  String getMacAlgorithm();
139
140
141
142  /**
143   * Gets the "mac-key-length" property.
144   * <p>
145   * Specifies the key length in bits for the preferred MAC algorithm.
146   *
147   * @return Returns the value of the "mac-key-length" property.
148   */
149  int getMacKeyLength();
150
151
152
153  /**
154   * Gets the "ssl-cert-nickname" property.
155   * <p>
156   * Specifies the nickname (also called the alias) of the certificate
157   * that the Crypto Manager should use when performing SSL
158   * communication.
159   * <p>
160   * This is only applicable when the Crypto Manager is configured to
161   * use SSL.
162   *
163   * @return Returns the value of the "ssl-cert-nickname" property.
164   */
165  String getSSLCertNickname();
166
167
168
169  /**
170   * Gets the "ssl-cipher-suite" property.
171   * <p>
172   * Specifies the names of the SSL cipher suites that are allowed for
173   * use in SSL or TLS communication.
174   *
175   * @return Returns an unmodifiable set containing the values of the "ssl-cipher-suite" property.
176   */
177  SortedSet<String> getSSLCipherSuite();
178
179
180
181  /**
182   * Gets the "ssl-encryption" property.
183   * <p>
184   * Specifies whether SSL/TLS is used to provide encrypted
185   * communication between two OpenDJ server components.
186   *
187   * @return Returns the value of the "ssl-encryption" property.
188   */
189  boolean isSSLEncryption();
190
191
192
193  /**
194   * Gets the "ssl-protocol" property.
195   * <p>
196   * Specifies the names of the SSL protocols that are allowed for use
197   * in SSL or TLS communication.
198   *
199   * @return Returns an unmodifiable set containing the values of the "ssl-protocol" property.
200   */
201  SortedSet<String> getSSLProtocol();
202
203}