Package org.forgerock.opendj.security

Class OpenDjSecurityProvider

  • All Implemented Interfaces:
    Serializable, Cloneable, Map<Object,​Object>
    public final class OpenDjSecurityProvider
extends Provider
    The OpenDJ LDAP security provider which exposes an LDAP/LDIF based KeyStore service, as well as providing utility methods facilitating construction of LDAP/LDIF based key stores. See the package documentation for more information.
    See Also:
    Serialized Form

    • Constructor Detail

      • OpenDjSecurityProvider

        public OpenDjSecurityProvider()
        Creates a default LDAP security provider with no default key store configuration.

      • OpenDjSecurityProvider

        public OpenDjSecurityProvider​(String configFile)
        Creates a LDAP security provider with provided default key store configuration.
        Parameters:
        configFile - The configuration file, which may be null indicating that key stores will be configured when they are instantiated.

      • OpenDjSecurityProvider

        public OpenDjSecurityProvider​(URI configFile)
        Creates a LDAP security provider with provided default key store configuration.
        Parameters:
        configFile - The configuration file, which may be null indicating that key stores will be configured when they are instantiated.

    • Method Detail

      • configure

        public Provider configure​(String configFile)
        Overrides:
        configure in class Provider
        Parameters:
        configFile - The configuration file, which may be null indicating that key stores will be configured when they are instantiated.
        Returns:
        The configured provider.

      • newLdapKeyStore

        public static KeyStore newLdapKeyStore​(ConnectionFactory factory,
                                       Dn baseDN)
        Creates a new LDAP key store with default options. The returned key store will already have been loaded.
        Parameters:
        factory - The LDAP connection factory.
        baseDN - The DN of the subtree containing the LDAP key store.
        Returns:
        The LDAP key store.

      • newLdapKeyStore

        public static KeyStore newLdapKeyStore​(ConnectionFactory factory,
                                       Dn baseDN,
                                       Options options)
        Creates a new LDAP key store with custom options. The returned key store will already have been loaded.
        Parameters:
        factory - The LDAP connection factory.
        baseDN - The DN of the subtree containing the LDAP key store.
        options - The optional key store parameters, including the cache configuration, key store password, and crypto parameters.
        Returns:
        The LDAP key store.
        See Also:
        For the list of available key store options.

      • newLdifKeyStore

        public static KeyStore newLdifKeyStore​(File ldifFile,
                                       Dn baseDN)
                                throws IOException
        Creates a new LDIF based key store which will read and write key store objects to the provided key store file. The LDIF file will be read during construction and re-written after each update. The returned key store will already have been loaded.
        Parameters:
        ldifFile - The name of the LDIF file containing the key store objects.
        baseDN - The DN of the subtree containing the LDAP key store.
        Returns:
        The LDIF key store.
        Throws:
        IOException - If an error occurred while reading the LDIF file.

      • newLdifKeyStore

        public static KeyStore newLdifKeyStore​(File ldifFile,
                                       Dn baseDN,
                                       Options options)
                                throws IOException
        Creates a new LDIF based key store which will read and write key store objects to the provided key store file. The LDIF file will be read during construction and re-written after each update. The returned key store will already have been loaded.
        Parameters:
        ldifFile - The name of the LDIF file containing the key store objects.
        baseDN - The DN of the subtree containing the LDAP key store.
        options - The optional key store parameters, including the cache configuration, key store password, and crypto parameters.
        Returns:
        The LDIF key store.
        Throws:
        IOException - If an error occurred while reading the LDIF file.

      • newKeyStoreObjectCacheFromMap

        public static KeyStoreObjectCache newKeyStoreObjectCacheFromMap​(Map<String,​org.forgerock.opendj.security.KeyStoreObject> map)
        Creates a new key store object cache which will delegate to the provided Map. It is the responsibility of the map implementation to perform cache eviction if needed. The provided map MUST be thread-safe.
        Parameters:
        map - The thread-safe Map implementation in which key store objects will be stored.
        Returns:
        The new key store object cache.

      • newCapacityBasedKeyStoreObjectCache

        public static KeyStoreObjectCache newCapacityBasedKeyStoreObjectCache​(int capacity)
        Creates a new fixed capacity key store object cache which will evict objects once it reaches the provided capacity. This implementation is only intended for simple use cases and is not particularly scalable.
        Parameters:
        capacity - The maximum number of key store objects that will be cached before eviction occurs.
        Returns:
        The new key store object cache.

      • newClearTextPasswordFactory

        public static Factory<char[]> newClearTextPasswordFactory​(char[] password)
        Returns a password factory which will return a copy of the provided password for each invocation of Factory.newInstance(), and which does not provide any protection of the in memory representation of the password.
        Parameters:
        password - The password or null if no password should ever be returned.
        Returns:
        A password factory which will return a copy of the provided password.