Package org.forgerock.opendj.security

Class OpenDjSecurityProvider

java.lang.Object
java.util.Dictionary<K,V>
java.util.Hashtable<Object,Object>
java.util.Properties
java.security.Provider
org.forgerock.opendj.security.OpenDjSecurityProvider
All Implemented Interfaces:
Serializable, Cloneable, Map<Object,Object>
public final class OpenDjSecurityProvider extends Provider
The OpenDJ LDAP security provider which exposes an LDAP/LDIF based KeyStore service, as well as providing utility methods facilitating construction of LDAP/LDIF based key stores. See the package documentation for more information.
See Also:

  • Constructor Details

    • OpenDjSecurityProvider

      public OpenDjSecurityProvider()
      Creates a default LDAP security provider with no default key store configuration.

    • OpenDjSecurityProvider

      public OpenDjSecurityProvider(String configFile)
      Creates a LDAP security provider with provided default key store configuration.
      Parameters:
      configFile - The configuration file, which may be null indicating that key stores will be configured when they are instantiated.

    • OpenDjSecurityProvider

      public OpenDjSecurityProvider(URI configFile)
      Creates a LDAP security provider with provided default key store configuration.
      Parameters:
      configFile - The configuration file, which may be null indicating that key stores will be configured when they are instantiated.

  • Method Details

    • configure

      public Provider configure(String configFile)
      Overrides:
      configure in class Provider
      Parameters:
      configFile - The configuration file, which may be null indicating that key stores will be configured when they are instantiated.
      Returns:
      The configured provider.

    • newLdapKeyStore

      public static KeyStore newLdapKeyStore(ConnectionFactory factory, Dn baseDN)
      Creates a new LDAP key store with default options. The returned key store will already have been loaded.
      Parameters:
      factory - The LDAP connection factory.
      baseDN - The DN of the subtree containing the LDAP key store.
      Returns:
      The LDAP key store.

    • newLdapKeyStore

      public static KeyStore newLdapKeyStore(ConnectionFactory factory, Dn baseDN, Options options)
      Creates a new LDAP key store with custom options. The returned key store will already have been loaded.
      Parameters:
      factory - The LDAP connection factory.
      baseDN - The DN of the subtree containing the LDAP key store.
      options - The optional key store parameters, including the cache configuration, key store password, and crypto parameters.
      Returns:
      The LDAP key store.
      See Also:

    • newLdifKeyStore

      public static KeyStore newLdifKeyStore(File ldifFile, Dn baseDN) throws IOException
      Creates a new LDIF based key store which will read and write key store objects to the provided key store file. The LDIF file will be read during construction and re-written after each update. The returned key store will already have been loaded.
      Parameters:
      ldifFile - The name of the LDIF file containing the key store objects.
      baseDN - The DN of the subtree containing the LDAP key store.
      Returns:
      The LDIF key store.
      Throws:
      IOException - If an error occurred while reading the LDIF file.

    • newLdifKeyStore

      public static KeyStore newLdifKeyStore(File ldifFile, Dn baseDN, Options options) throws IOException
      Creates a new LDIF based key store which will read and write key store objects to the provided key store file. The LDIF file will be read during construction and re-written after each update. The returned key store will already have been loaded.
      Parameters:
      ldifFile - The name of the LDIF file containing the key store objects.
      baseDN - The DN of the subtree containing the LDAP key store.
      options - The optional key store parameters, including the cache configuration, key store password, and crypto parameters.
      Returns:
      The LDIF key store.
      Throws:
      IOException - If an error occurred while reading the LDIF file.

    • newKeyStoreObjectCacheFromMap

      public static KeyStoreObjectCache newKeyStoreObjectCacheFromMap(Map<String,org.forgerock.opendj.security.KeyStoreObject> map)
      Creates a new key store object cache which will delegate to the provided Map. It is the responsibility of the map implementation to perform cache eviction if needed. The provided map MUST be thread-safe.
      Parameters:
      map - The thread-safe Map implementation in which key store objects will be stored.
      Returns:
      The new key store object cache.

    • newCapacityBasedKeyStoreObjectCache

      public static KeyStoreObjectCache newCapacityBasedKeyStoreObjectCache(int capacity)
      Creates a new fixed capacity key store object cache which will evict objects once it reaches the provided capacity. This implementation is only intended for simple use cases and is not particularly scalable.
      Parameters:
      capacity - The maximum number of key store objects that will be cached before eviction occurs.
      Returns:
      The new key store object cache.

    • newClearTextPasswordFactory

      public static Factory<char[]> newClearTextPasswordFactory(char[] password)
      Returns a password factory which will return a copy of the provided password for each invocation of Factory.newInstance(), and which does not provide any protection of the in memory representation of the password.
      Parameters:
      password - The password or null if no password should ever be returned.
      Returns:
      A password factory which will return a copy of the provided password.