Interface CryptoManagerCfgClient
-
- All Superinterfaces:
ConfigurationClient
public interface CryptoManagerCfgClient extends ConfigurationClient
A client-side interface for reading and modifying Crypto Manager settings.The Crypto Manager provides a common interface for performing compression, decompression, hashing, encryption and other kinds of cryptographic operations.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description ManagedObjectDefinition<? extends CryptoManagerCfgClient,? extends CryptoManagerCfg>
definition()
Get the configuration definition associated with this Crypto Manager.ValueOrExpression<Integer>
getCipherKeyLength()
Gets the "cipher-key-length" property.ValueOrExpression<String>
getCipherTransformation()
Gets the "cipher-transformation" property.ValueOrExpression<String>
getDigestAlgorithm()
Gets the "digest-algorithm" property.ValueOrExpression<String>
getKeyManagerProvider()
Gets the "key-manager-provider" property.ValueOrExpression<CryptoManagerCfgDefn.KeyWrappingMode>
getKeyWrappingMode()
Gets the "key-wrapping-mode" property.ValueOrExpression<String>
getKeyWrappingTransformation()
Gets the "key-wrapping-transformation" property.ValueOrExpression<String>
getMacAlgorithm()
Gets the "mac-algorithm" property.ValueOrExpression<Integer>
getMacKeyLength()
Gets the "mac-key-length" property.ValueOrExpression<String>
getMasterKeyAlias()
Gets the "master-key-alias" property.void
setCipherKeyLength(ValueOrExpression<Integer> value)
Sets the "cipher-key-length" property.void
setCipherTransformation(ValueOrExpression<String> value)
Sets the "cipher-transformation" property.void
setDigestAlgorithm(ValueOrExpression<String> value)
Sets the "digest-algorithm" property.void
setKeyManagerProvider(ValueOrExpression<String> value)
Sets the "key-manager-provider" property.void
setKeyWrappingMode(ValueOrExpression<CryptoManagerCfgDefn.KeyWrappingMode> value)
Sets the "key-wrapping-mode" property.void
setKeyWrappingTransformation(ValueOrExpression<String> value)
Sets the "key-wrapping-transformation" property.void
setMacAlgorithm(ValueOrExpression<String> value)
Sets the "mac-algorithm" property.void
setMacKeyLength(ValueOrExpression<Integer> value)
Sets the "mac-key-length" property.void
setMasterKeyAlias(ValueOrExpression<String> value)
Sets the "master-key-alias" property.-
Methods inherited from interface org.forgerock.opendj.config.ConfigurationClient
commit, properties
-
-
-
-
Method Detail
-
definition
ManagedObjectDefinition<? extends CryptoManagerCfgClient,? extends CryptoManagerCfg> definition()
Get the configuration definition associated with this Crypto Manager.- Specified by:
definition
in interfaceConfigurationClient
- Returns:
- Returns the configuration definition associated with this Crypto Manager.
-
getCipherKeyLength
ValueOrExpression<Integer> getCipherKeyLength()
Gets the "cipher-key-length" property.Specifies the key length in bits for the preferred cipher.
Default value:
128
- Returns:
- Returns the value of the "cipher-key-length" property.
-
setCipherKeyLength
void setCipherKeyLength(ValueOrExpression<Integer> value) throws PropertyException
Sets the "cipher-key-length" property.Specifies the key length in bits for the preferred cipher.
- Parameters:
value
- The value of the "cipher-key-length" property.- Throws:
PropertyException
- If the new value is invalid.
-
getCipherTransformation
ValueOrExpression<String> getCipherTransformation()
Gets the "cipher-transformation" property.Specifies the cipher for the directory server using the syntax algorithm/mode/padding.
The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms do not have a mode or padding, hence the fields must be specified using NONE as mode and NoPadding as padding. For example, ChaCha20/NONE/NoPadding.
Default value:
AES/CBC/PKCS5Padding
- Returns:
- Returns the value of the "cipher-transformation" property.
-
setCipherTransformation
void setCipherTransformation(ValueOrExpression<String> value) throws PropertyException
Sets the "cipher-transformation" property.Specifies the cipher for the directory server using the syntax algorithm/mode/padding.
The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms do not have a mode or padding, hence the fields must be specified using NONE as mode and NoPadding as padding. For example, ChaCha20/NONE/NoPadding.
- Parameters:
value
- The value of the "cipher-transformation" property.- Throws:
PropertyException
- If the new value is invalid.
-
getDigestAlgorithm
ValueOrExpression<String> getDigestAlgorithm()
Gets the "digest-algorithm" property.Specifies the preferred message digest algorithm for the directory server.
Default value:
SHA-256
- Returns:
- Returns the value of the "digest-algorithm" property.
-
setDigestAlgorithm
void setDigestAlgorithm(ValueOrExpression<String> value) throws PropertyException
Sets the "digest-algorithm" property.Specifies the preferred message digest algorithm for the directory server.
- Parameters:
value
- The value of the "digest-algorithm" property.- Throws:
PropertyException
- If the new value is invalid.
-
getKeyManagerProvider
@MandatoryProperty ValueOrExpression<String> getKeyManagerProvider()
Gets the "key-manager-provider" property.The name of the key manager containing the master key-pair and any deprecated master key.
The master key, which is identified using the "master-key-alias" property, will be used for encrypting secrets that are generated and distributed across the deployment. Master keys may be periodically rotated, but should never be removed from the referenced key manager because they may still be needed for decryption. The alias must correspond to a PrivateKeyEntry in the keystore and is typically an RSA key-pair.
- Returns:
- Returns the value of the "key-manager-provider" property.
-
setKeyManagerProvider
@MandatoryProperty void setKeyManagerProvider(ValueOrExpression<String> value) throws PropertyException
Sets the "key-manager-provider" property.The name of the key manager containing the master key-pair and any deprecated master key.
The master key, which is identified using the "master-key-alias" property, will be used for encrypting secrets that are generated and distributed across the deployment. Master keys may be periodically rotated, but should never be removed from the referenced key manager because they may still be needed for decryption. The alias must correspond to a PrivateKeyEntry in the keystore and is typically an RSA key-pair.
- Parameters:
value
- The value of the "key-manager-provider" property.- Throws:
PropertyException
- If the new value is invalid.
-
getKeyWrappingMode
ValueOrExpression<CryptoManagerCfgDefn.KeyWrappingMode> getKeyWrappingMode()
Gets the "key-wrapping-mode" property.Defines which crypto operation to use to wrap symmetric keys for storage.
Symmetric keys are wrapped either by direct encryption or by using the wrap cipher mode, depending on the configured crypto provider capabilities or key type.
Default value:
encrypt
- Returns:
- Returns the value of the "key-wrapping-mode" property.
-
setKeyWrappingMode
void setKeyWrappingMode(ValueOrExpression<CryptoManagerCfgDefn.KeyWrappingMode> value) throws PropertyException
Sets the "key-wrapping-mode" property.Defines which crypto operation to use to wrap symmetric keys for storage.
Symmetric keys are wrapped either by direct encryption or by using the wrap cipher mode, depending on the configured crypto provider capabilities or key type.
- Parameters:
value
- The value of the "key-wrapping-mode" property.- Throws:
PropertyException
- If the new value is invalid.
-
getKeyWrappingTransformation
ValueOrExpression<String> getKeyWrappingTransformation()
Gets the "key-wrapping-transformation" property.The preferred key wrapping transformation for the directory server. This value must be the same for all server instances in a replication topology.
Default value:
RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING
- Returns:
- Returns the value of the "key-wrapping-transformation" property.
-
setKeyWrappingTransformation
void setKeyWrappingTransformation(ValueOrExpression<String> value) throws PropertyException
Sets the "key-wrapping-transformation" property.The preferred key wrapping transformation for the directory server. This value must be the same for all server instances in a replication topology.
- Parameters:
value
- The value of the "key-wrapping-transformation" property.- Throws:
PropertyException
- If the new value is invalid.
-
getMacAlgorithm
ValueOrExpression<String> getMacAlgorithm()
Gets the "mac-algorithm" property.Specifies the preferred MAC algorithm for the directory server.
Default value:
HmacSHA256
- Returns:
- Returns the value of the "mac-algorithm" property.
-
setMacAlgorithm
void setMacAlgorithm(ValueOrExpression<String> value) throws PropertyException
Sets the "mac-algorithm" property.Specifies the preferred MAC algorithm for the directory server.
- Parameters:
value
- The value of the "mac-algorithm" property.- Throws:
PropertyException
- If the new value is invalid.
-
getMacKeyLength
ValueOrExpression<Integer> getMacKeyLength()
Gets the "mac-key-length" property.Specifies the key length in bits for the preferred MAC algorithm.
Default value:
128
- Returns:
- Returns the value of the "mac-key-length" property.
-
setMacKeyLength
void setMacKeyLength(ValueOrExpression<Integer> value) throws PropertyException
Sets the "mac-key-length" property.Specifies the key length in bits for the preferred MAC algorithm.
- Parameters:
value
- The value of the "mac-key-length" property.- Throws:
PropertyException
- If the new value is invalid.
-
getMasterKeyAlias
@MandatoryProperty ValueOrExpression<String> getMasterKeyAlias()
Gets the "master-key-alias" property.The alias of the master key-pair which should be used for encrypting secrets that are generated and distributed across the deployment.
Master keys may be periodically rotated, but should never be removed from the referenced key manager because they may still be needed for decryption. The master key alias reference a PrivateKeyEntry in the keystore which is typically an RSA key-pair.
- Returns:
- Returns the value of the "master-key-alias" property.
-
setMasterKeyAlias
@MandatoryProperty void setMasterKeyAlias(ValueOrExpression<String> value) throws PropertyException
Sets the "master-key-alias" property.The alias of the master key-pair which should be used for encrypting secrets that are generated and distributed across the deployment.
Master keys may be periodically rotated, but should never be removed from the referenced key manager because they may still be needed for decryption. The master key alias reference a PrivateKeyEntry in the keystore which is typically an RSA key-pair.
- Parameters:
value
- The value of the "master-key-alias" property.- Throws:
PropertyException
- If the new value is invalid.
-
-