001    /*
002     * CDDL HEADER START
003     *
004     * The contents of this file are subject to the terms of the
005     * Common Development and Distribution License, Version 1.0 only
006     * (the "License").  You may not use this file except in compliance
007     * with the License.
008     *
009     * You can obtain a copy of the license at
010     * trunk/opends/resource/legal-notices/OpenDS.LICENSE
011     * or https://OpenDS.dev.java.net/OpenDS.LICENSE.
012     * See the License for the specific language governing permissions
013     * and limitations under the License.
014     *
015     * When distributing Covered Code, include this CDDL HEADER in each
016     * file and include the License file at
017     * trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
018     * add the following below this CDDL HEADER, with the fields enclosed
019     * by brackets "[]" replaced with your own identifying information:
020     *      Portions Copyright [yyyy] [name of copyright owner]
021     *
022     * CDDL HEADER END
023     *
024     *
025     *      Copyright 2008 Sun Microsystems, Inc.
026     */
027    package org.opends.server.admin.std.server;
028    
029    
030    
031    import java.util.SortedSet;
032    import org.opends.server.admin.Configuration;
033    import org.opends.server.admin.server.ConfigurationChangeListener;
034    
035    
036    
037    /**
038     * A server-side interface for querying Crypto Manager settings.
039     * <p>
040     * The Crypto Manager provides a common interface for performing
041     * compression, decompression, hashing, encryption and other kinds of
042     * cryptographic operations.
043     */
044    public interface CryptoManagerCfg extends Configuration {
045    
046      /**
047       * Gets the configuration class associated with this Crypto Manager.
048       *
049       * @return Returns the configuration class associated with this Crypto Manager.
050       */
051      Class<? extends CryptoManagerCfg> configurationClass();
052    
053    
054    
055      /**
056       * Register to be notified when this Crypto Manager is changed.
057       *
058       * @param listener
059       *          The Crypto Manager configuration change listener.
060       */
061      void addChangeListener(ConfigurationChangeListener<CryptoManagerCfg> listener);
062    
063    
064    
065      /**
066       * Deregister an existing Crypto Manager configuration change listener.
067       *
068       * @param listener
069       *          The Crypto Manager configuration change listener.
070       */
071      void removeChangeListener(ConfigurationChangeListener<CryptoManagerCfg> listener);
072    
073    
074    
075      /**
076       * Gets the "cipher-key-length" property.
077       * <p>
078       * Specifies the key length in bits for the preferred cipher.
079       *
080       * @return Returns the value of the "cipher-key-length" property.
081       */
082      int getCipherKeyLength();
083    
084    
085    
086      /**
087       * Gets the "cipher-transformation" property.
088       * <p>
089       * Specifies the cipher for the Directory Server using the syntax
090       * algorithm/mode/padding.
091       * <p>
092       * The full transformation is required: specifying only an algorithm
093       * and allowing the cipher provider to supply the default mode and
094       * padding is not supported, because there is no guarantee these
095       * default values are the same among different implementations. Some
096       * cipher algorithms, including RC4 and ARCFOUR, do not have a mode
097       * or padding, and hence must be specified using NONE for the mode
098       * field and NoPadding for the padding field. For example,
099       * RC4/NONE/NoPadding.
100       *
101       * @return Returns the value of the "cipher-transformation" property.
102       */
103      String getCipherTransformation();
104    
105    
106    
107      /**
108       * Gets the "digest-algorithm" property.
109       * <p>
110       * Specifies the preferred message digest algorithm for the
111       * Directory Server.
112       *
113       * @return Returns the value of the "digest-algorithm" property.
114       */
115      String getDigestAlgorithm();
116    
117    
118    
119      /**
120       * Gets the "key-wrapping-transformation" property.
121       * <p>
122       * The preferred key wrapping transformation for the Directory
123       * Server. This value must be the same for all server instances in a
124       * replication topology.
125       *
126       * @return Returns the value of the "key-wrapping-transformation" property.
127       */
128      String getKeyWrappingTransformation();
129    
130    
131    
132      /**
133       * Gets the "mac-algorithm" property.
134       * <p>
135       * Specifies the preferred MAC algorithm for the Directory Server.
136       *
137       * @return Returns the value of the "mac-algorithm" property.
138       */
139      String getMacAlgorithm();
140    
141    
142    
143      /**
144       * Gets the "mac-key-length" property.
145       * <p>
146       * Specifies the key length in bits for the preferred MAC algorithm.
147       *
148       * @return Returns the value of the "mac-key-length" property.
149       */
150      int getMacKeyLength();
151    
152    
153    
154      /**
155       * Gets the "ssl-cert-nickname" property.
156       * <p>
157       * Specifies the nickname (also called the alias) of the certificate
158       * that the Crypto Manager should use when performing SSL
159       * communication.
160       * <p>
161       * This is only applicable when the Crypto Manager is configured to
162       * use SSL.
163       *
164       * @return Returns the value of the "ssl-cert-nickname" property.
165       */
166      String getSSLCertNickname();
167    
168    
169    
170      /**
171       * Gets the "ssl-cipher-suite" property.
172       * <p>
173       * Specifies the names of the SSL cipher suites that are allowed for
174       * use in SSL or TLS communication.
175       *
176       * @return Returns an unmodifiable set containing the values of the "ssl-cipher-suite" property.
177       */
178      SortedSet<String> getSSLCipherSuite();
179    
180    
181    
182      /**
183       * Gets the "ssl-encryption" property.
184       * <p>
185       * Specifies whether SSL/TLS is used to provide encrypted
186       * communication between two OpenDS server components.
187       *
188       * @return Returns the value of the "ssl-encryption" property.
189       */
190      boolean isSSLEncryption();
191    
192    
193    
194      /**
195       * Gets the "ssl-protocol" property.
196       * <p>
197       * Specifies the names of the SSL protocols that are allowed for use
198       * in SSL or TLS communication.
199       *
200       * @return Returns an unmodifiable set containing the values of the "ssl-protocol" property.
201       */
202      SortedSet<String> getSSLProtocol();
203    
204    }