Package org.forgerock.opendj.server.config.client

Interface CryptoManagerCfgClient

  • All Superinterfaces:
    ConfigurationClient
    public interface CryptoManagerCfgClient
extends ConfigurationClient
    A client-side interface for reading and modifying Crypto Manager settings.

    The Crypto Manager provides a common interface for performing compression, decompression, hashing, encryption and other kinds of cryptographic operations.

    • Method Detail

      • getCipherKeyLength

        int getCipherKeyLength()
        Gets the "cipher-key-length" property.

        Specifies the key length in bits for the preferred cipher.

        Returns:
        Returns the value of the "cipher-key-length" property.

      • setCipherKeyLength

        void setCipherKeyLength​(Integer value)
                 throws PropertyException
        Sets the "cipher-key-length" property.

        Specifies the key length in bits for the preferred cipher.

        Parameters:
        value - The value of the "cipher-key-length" property.
        Throws:
        PropertyException - If the new value is invalid.

      • getCipherTransformation

        String getCipherTransformation()
        Gets the "cipher-transformation" property.

        Specifies the cipher for the directory server using the syntax algorithm/mode/padding.

        The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms, including RC4 and ARCFOUR, do not have a mode or padding, and hence must be specified using NONE for the mode field and NoPadding for the padding field. For example, RC4/NONE/NoPadding.

        Returns:
        Returns the value of the "cipher-transformation" property.

      • setCipherTransformation

        void setCipherTransformation​(String value)
                      throws PropertyException
        Sets the "cipher-transformation" property.

        Specifies the cipher for the directory server using the syntax algorithm/mode/padding.

        The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms, including RC4 and ARCFOUR, do not have a mode or padding, and hence must be specified using NONE for the mode field and NoPadding for the padding field. For example, RC4/NONE/NoPadding.

        Parameters:
        value - The value of the "cipher-transformation" property.
        Throws:
        PropertyException - If the new value is invalid.

      • getDigestAlgorithm

        String getDigestAlgorithm()
        Gets the "digest-algorithm" property.

        Specifies the preferred message digest algorithm for the directory server.

        Returns:
        Returns the value of the "digest-algorithm" property.

      • setDigestAlgorithm

        void setDigestAlgorithm​(String value)
                 throws PropertyException
        Sets the "digest-algorithm" property.

        Specifies the preferred message digest algorithm for the directory server.

        Parameters:
        value - The value of the "digest-algorithm" property.
        Throws:
        PropertyException - If the new value is invalid.

      • getKeyWrappingTransformation

        String getKeyWrappingTransformation()
        Gets the "key-wrapping-transformation" property.

        The preferred key wrapping transformation for the directory server. This value must be the same for all server instances in a replication topology.

        Returns:
        Returns the value of the "key-wrapping-transformation" property.

      • setKeyWrappingTransformation

        void setKeyWrappingTransformation​(String value)
                           throws PropertyException
        Sets the "key-wrapping-transformation" property.

        The preferred key wrapping transformation for the directory server. This value must be the same for all server instances in a replication topology.

        Parameters:
        value - The value of the "key-wrapping-transformation" property.
        Throws:
        PropertyException - If the new value is invalid.

      • getMacAlgorithm

        String getMacAlgorithm()
        Gets the "mac-algorithm" property.

        Specifies the preferred MAC algorithm for the directory server.

        Returns:
        Returns the value of the "mac-algorithm" property.

      • setMacAlgorithm

        void setMacAlgorithm​(String value)
              throws PropertyException
        Sets the "mac-algorithm" property.

        Specifies the preferred MAC algorithm for the directory server.

        Parameters:
        value - The value of the "mac-algorithm" property.
        Throws:
        PropertyException - If the new value is invalid.

      • getMacKeyLength

        int getMacKeyLength()
        Gets the "mac-key-length" property.

        Specifies the key length in bits for the preferred MAC algorithm.

        Returns:
        Returns the value of the "mac-key-length" property.

      • setMacKeyLength

        void setMacKeyLength​(Integer value)
              throws PropertyException
        Sets the "mac-key-length" property.

        Specifies the key length in bits for the preferred MAC algorithm.

        Parameters:
        value - The value of the "mac-key-length" property.
        Throws:
        PropertyException - If the new value is invalid.

      • getSSLCertNickname

        SortedSet<String> getSSLCertNickname()
        Gets the "ssl-cert-nickname" property.

        Specifies the nicknames (also called the aliases) of the keys or key pairs that the Crypto Manager should use when performing SSL communication. The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key.

        This is only applicable when the Crypto Manager is configured to use SSL.

        Returns:
        Returns the values of the "ssl-cert-nickname" property.

      • setSSLCertNickname

        void setSSLCertNickname​(Collection<String> values)
                 throws PropertyException
        Sets the "ssl-cert-nickname" property.

        Specifies the nicknames (also called the aliases) of the keys or key pairs that the Crypto Manager should use when performing SSL communication. The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key.

        This is only applicable when the Crypto Manager is configured to use SSL.

        Parameters:
        values - The values of the "ssl-cert-nickname" property.
        Throws:
        PropertyException - If one or more of the new values are invalid.

      • getSSLCipherSuite

        SortedSet<String> getSSLCipherSuite()
        Gets the "ssl-cipher-suite" property.

        Specifies the names of the SSL cipher suites that are allowed for use in SSL or TLS communication.

        Returns:
        Returns the values of the "ssl-cipher-suite" property.

      • setSSLCipherSuite

        void setSSLCipherSuite​(Collection<String> values)
                throws PropertyException
        Sets the "ssl-cipher-suite" property.

        Specifies the names of the SSL cipher suites that are allowed for use in SSL or TLS communication.

        Parameters:
        values - The values of the "ssl-cipher-suite" property.
        Throws:
        PropertyException - If one or more of the new values are invalid.

      • isSSLEncryption

        boolean isSSLEncryption()
        Gets the "ssl-encryption" property.

        Specifies whether SSL/TLS is used to provide encrypted communication between two OpenDJ server components.

        Returns:
        Returns the value of the "ssl-encryption" property.

      • setSSLEncryption

        void setSSLEncryption​(Boolean value)
               throws PropertyException
        Sets the "ssl-encryption" property.

        Specifies whether SSL/TLS is used to provide encrypted communication between two OpenDJ server components.

        Parameters:
        value - The value of the "ssl-encryption" property.
        Throws:
        PropertyException - If the new value is invalid.

      • getSSLProtocol

        SortedSet<String> getSSLProtocol()
        Gets the "ssl-protocol" property.

        Specifies the names of the SSL protocols that are allowed for use in SSL or TLS communication.

        Returns:
        Returns the values of the "ssl-protocol" property.

      • setSSLProtocol

        void setSSLProtocol​(Collection<String> values)
             throws PropertyException
        Sets the "ssl-protocol" property.

        Specifies the names of the SSL protocols that are allowed for use in SSL or TLS communication.

        Parameters:
        values - The values of the "ssl-protocol" property.
        Throws:
        PropertyException - If one or more of the new values are invalid.