Interface CryptoManagerCfgClient

  • All Superinterfaces:
    ConfigurationClient

    public interface CryptoManagerCfgClient
    extends ConfigurationClient
    A client-side interface for reading and modifying Crypto Manager settings.

    The Crypto Manager provides a common interface for performing compression, decompression, hashing, encryption and other kinds of cryptographic operations.

    • Method Detail

      • getCipherKeyLength

        ValueOrExpression<Integer> getCipherKeyLength()
        Gets the "cipher-key-length" property.

        Specifies the key length in bits for the preferred cipher.

        Default value: 128

        Returns:
        Returns the value of the "cipher-key-length" property.
      • setCipherKeyLength

        void setCipherKeyLength​(ValueOrExpression<Integer> value)
                         throws PropertyException
        Sets the "cipher-key-length" property.

        Specifies the key length in bits for the preferred cipher.

        Parameters:
        value - The value of the "cipher-key-length" property.
        Throws:
        PropertyException - If the new value is invalid.
      • getCipherTransformation

        ValueOrExpression<String> getCipherTransformation()
        Gets the "cipher-transformation" property.

        Specifies the cipher for the directory server using the syntax algorithm/mode/padding.

        The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms do not have a mode or padding, hence the fields must be specified using NONE as mode and NoPadding as padding. For example, ChaCha20/NONE/NoPadding.

        Default value: AES/CBC/PKCS5Padding

        Returns:
        Returns the value of the "cipher-transformation" property.
      • setCipherTransformation

        void setCipherTransformation​(ValueOrExpression<String> value)
                              throws PropertyException
        Sets the "cipher-transformation" property.

        Specifies the cipher for the directory server using the syntax algorithm/mode/padding.

        The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms do not have a mode or padding, hence the fields must be specified using NONE as mode and NoPadding as padding. For example, ChaCha20/NONE/NoPadding.

        Parameters:
        value - The value of the "cipher-transformation" property.
        Throws:
        PropertyException - If the new value is invalid.
      • getDigestAlgorithm

        ValueOrExpression<String> getDigestAlgorithm()
        Gets the "digest-algorithm" property.

        Specifies the preferred message digest algorithm for the directory server.

        Default value: SHA-256

        Returns:
        Returns the value of the "digest-algorithm" property.
      • setDigestAlgorithm

        void setDigestAlgorithm​(ValueOrExpression<String> value)
                         throws PropertyException
        Sets the "digest-algorithm" property.

        Specifies the preferred message digest algorithm for the directory server.

        Parameters:
        value - The value of the "digest-algorithm" property.
        Throws:
        PropertyException - If the new value is invalid.
      • getKeyManagerProvider

        @MandatoryProperty
        ValueOrExpression<String> getKeyManagerProvider()
        Gets the "key-manager-provider" property.

        The name of the key manager containing the master key-pair and any deprecated master key.

        The master key, which is identified using the "master-key-alias" property, will be used for encrypting secrets that are generated and distributed across the deployment. Master keys may be periodically rotated, but should never be removed from the referenced key manager because they may still be needed for decryption. The alias must correspond to a PrivateKeyEntry in the keystore and is typically an RSA key-pair.

        Returns:
        Returns the value of the "key-manager-provider" property.
      • setKeyManagerProvider

        @MandatoryProperty
        void setKeyManagerProvider​(ValueOrExpression<String> value)
                            throws PropertyException
        Sets the "key-manager-provider" property.

        The name of the key manager containing the master key-pair and any deprecated master key.

        The master key, which is identified using the "master-key-alias" property, will be used for encrypting secrets that are generated and distributed across the deployment. Master keys may be periodically rotated, but should never be removed from the referenced key manager because they may still be needed for decryption. The alias must correspond to a PrivateKeyEntry in the keystore and is typically an RSA key-pair.

        Parameters:
        value - The value of the "key-manager-provider" property.
        Throws:
        PropertyException - If the new value is invalid.
      • getKeyWrappingMode

        ValueOrExpression<CryptoManagerCfgDefn.KeyWrappingMode> getKeyWrappingMode()
        Gets the "key-wrapping-mode" property.

        Defines which crypto operation to use to wrap symmetric keys for storage.

        Symmetric keys are wrapped either by direct encryption or by using the wrap cipher mode, depending on the configured crypto provider capabilities or key type.

        Default value: encrypt

        Returns:
        Returns the value of the "key-wrapping-mode" property.
      • setKeyWrappingMode

        void setKeyWrappingMode​(ValueOrExpression<CryptoManagerCfgDefn.KeyWrappingMode> value)
                         throws PropertyException
        Sets the "key-wrapping-mode" property.

        Defines which crypto operation to use to wrap symmetric keys for storage.

        Symmetric keys are wrapped either by direct encryption or by using the wrap cipher mode, depending on the configured crypto provider capabilities or key type.

        Parameters:
        value - The value of the "key-wrapping-mode" property.
        Throws:
        PropertyException - If the new value is invalid.
      • getKeyWrappingTransformation

        ValueOrExpression<String> getKeyWrappingTransformation()
        Gets the "key-wrapping-transformation" property.

        The preferred key wrapping transformation for the directory server. This value must be the same for all server instances in a replication topology.

        Default value: RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING

        Returns:
        Returns the value of the "key-wrapping-transformation" property.
      • setKeyWrappingTransformation

        void setKeyWrappingTransformation​(ValueOrExpression<String> value)
                                   throws PropertyException
        Sets the "key-wrapping-transformation" property.

        The preferred key wrapping transformation for the directory server. This value must be the same for all server instances in a replication topology.

        Parameters:
        value - The value of the "key-wrapping-transformation" property.
        Throws:
        PropertyException - If the new value is invalid.
      • getMacAlgorithm

        ValueOrExpression<String> getMacAlgorithm()
        Gets the "mac-algorithm" property.

        Specifies the preferred MAC algorithm for the directory server.

        Default value: HmacSHA256

        Returns:
        Returns the value of the "mac-algorithm" property.
      • setMacAlgorithm

        void setMacAlgorithm​(ValueOrExpression<String> value)
                      throws PropertyException
        Sets the "mac-algorithm" property.

        Specifies the preferred MAC algorithm for the directory server.

        Parameters:
        value - The value of the "mac-algorithm" property.
        Throws:
        PropertyException - If the new value is invalid.
      • getMacKeyLength

        ValueOrExpression<Integer> getMacKeyLength()
        Gets the "mac-key-length" property.

        Specifies the key length in bits for the preferred MAC algorithm.

        Default value: 128

        Returns:
        Returns the value of the "mac-key-length" property.
      • setMacKeyLength

        void setMacKeyLength​(ValueOrExpression<Integer> value)
                      throws PropertyException
        Sets the "mac-key-length" property.

        Specifies the key length in bits for the preferred MAC algorithm.

        Parameters:
        value - The value of the "mac-key-length" property.
        Throws:
        PropertyException - If the new value is invalid.
      • getMasterKeyAlias

        @MandatoryProperty
        ValueOrExpression<String> getMasterKeyAlias()
        Gets the "master-key-alias" property.

        The alias of the master key-pair which should be used for encrypting secrets that are generated and distributed across the deployment.

        Master keys may be periodically rotated, but should never be removed from the referenced key manager because they may still be needed for decryption. The master key alias reference a PrivateKeyEntry in the keystore which is typically an RSA key-pair.

        Returns:
        Returns the value of the "master-key-alias" property.
      • setMasterKeyAlias

        @MandatoryProperty
        void setMasterKeyAlias​(ValueOrExpression<String> value)
                        throws PropertyException
        Sets the "master-key-alias" property.

        The alias of the master key-pair which should be used for encrypting secrets that are generated and distributed across the deployment.

        Master keys may be periodically rotated, but should never be removed from the referenced key manager because they may still be needed for decryption. The master key alias reference a PrivateKeyEntry in the keystore which is typically an RSA key-pair.

        Parameters:
        value - The value of the "master-key-alias" property.
        Throws:
        PropertyException - If the new value is invalid.