Package org.forgerock.opendj.server.config.client

Interface CryptoManagerCfgClient

All Superinterfaces:
ConfigurationClient
public interface CryptoManagerCfgClient extends ConfigurationClient
A client-side interface for reading and modifying Crypto Manager settings.

The Crypto Manager provides a common interface for performing compression, decompression, hashing, encryption and other kinds of cryptographic operations.

  • Method Details

    • definition

      ManagedObjectDefinition<? extends CryptoManagerCfgClient,? extends CryptoManagerCfg> definition()
      Get the configuration definition associated with this Crypto Manager.
      Specified by:
      definition in interface ConfigurationClient
      Returns:
      Returns the configuration definition associated with this Crypto Manager.

    • getCipherKeyLength

      ValueOrExpression<Integer> getCipherKeyLength()
      Gets the "cipher-key-length" property.

      Specifies the key length in bits for the preferred cipher.

      Default value: 128

      Returns:
      Returns the value of the "cipher-key-length" property.

    • setCipherKeyLength

      void setCipherKeyLength(ValueOrExpression<Integer> value) throws PropertyException
      Sets the "cipher-key-length" property.

      Specifies the key length in bits for the preferred cipher.

      Parameters:
      value - The value of the "cipher-key-length" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getCipherTransformation

      ValueOrExpression<String> getCipherTransformation()
      Gets the "cipher-transformation" property.

      Specifies the cipher for the directory server using the syntax algorithm/mode/padding.

      The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms do not have a mode or padding, hence the fields must be specified using NONE as mode and NoPadding as padding. For example, ChaCha20/NONE/NoPadding.

      Default value: AES/CBC/PKCS5Padding

      Returns:
      Returns the value of the "cipher-transformation" property.

    • setCipherTransformation

      void setCipherTransformation(ValueOrExpression<String> value) throws PropertyException
      Sets the "cipher-transformation" property.

      Specifies the cipher for the directory server using the syntax algorithm/mode/padding.

      The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms do not have a mode or padding, hence the fields must be specified using NONE as mode and NoPadding as padding. For example, ChaCha20/NONE/NoPadding.

      Parameters:
      value - The value of the "cipher-transformation" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getDigestAlgorithm

      ValueOrExpression<String> getDigestAlgorithm()
      Gets the "digest-algorithm" property.

      Specifies the preferred message digest algorithm for the directory server.

      Default value: SHA-256

      Returns:
      Returns the value of the "digest-algorithm" property.

    • setDigestAlgorithm

      void setDigestAlgorithm(ValueOrExpression<String> value) throws PropertyException
      Sets the "digest-algorithm" property.

      Specifies the preferred message digest algorithm for the directory server.

      Parameters:
      value - The value of the "digest-algorithm" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getKeyManagerProvider

      @MandatoryProperty ValueOrExpression<String> getKeyManagerProvider()
      Gets the "key-manager-provider" property.

      The name of the key manager containing the master key-pair and any deprecated master key.

      The master key, which is identified using the "master-key-alias" property, will be used for encrypting secrets that are generated and distributed across the deployment. Master keys may be periodically rotated, but should never be removed from the referenced key manager because they may still be needed for decryption. The alias must correspond to a PrivateKeyEntry in the keystore and is typically an RSA key-pair.

      Returns:
      Returns the value of the "key-manager-provider" property.

    • setKeyManagerProvider

      @MandatoryProperty void setKeyManagerProvider(ValueOrExpression<String> value) throws PropertyException
      Sets the "key-manager-provider" property.

      The name of the key manager containing the master key-pair and any deprecated master key.

      The master key, which is identified using the "master-key-alias" property, will be used for encrypting secrets that are generated and distributed across the deployment. Master keys may be periodically rotated, but should never be removed from the referenced key manager because they may still be needed for decryption. The alias must correspond to a PrivateKeyEntry in the keystore and is typically an RSA key-pair.

      Parameters:
      value - The value of the "key-manager-provider" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getKeyWrappingMode

      ValueOrExpression<CryptoManagerCfgDefn.KeyWrappingMode> getKeyWrappingMode()
      Gets the "key-wrapping-mode" property.

      Defines which crypto operation to use to wrap symmetric keys for storage.

      Symmetric keys are wrapped either by direct encryption or by using the wrap cipher mode, depending on the configured crypto provider capabilities or key type.

      Default value: encrypt

      Returns:
      Returns the value of the "key-wrapping-mode" property.

    • setKeyWrappingMode

      void setKeyWrappingMode(ValueOrExpression<CryptoManagerCfgDefn.KeyWrappingMode> value) throws PropertyException
      Sets the "key-wrapping-mode" property.

      Defines which crypto operation to use to wrap symmetric keys for storage.

      Symmetric keys are wrapped either by direct encryption or by using the wrap cipher mode, depending on the configured crypto provider capabilities or key type.

      Parameters:
      value - The value of the "key-wrapping-mode" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getKeyWrappingTransformation

      ValueOrExpression<String> getKeyWrappingTransformation()
      Gets the "key-wrapping-transformation" property.

      The preferred key wrapping transformation for the directory server. This value must be the same for all server instances in a replication topology.

      Default value: RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING

      Returns:
      Returns the value of the "key-wrapping-transformation" property.

    • setKeyWrappingTransformation

      void setKeyWrappingTransformation(ValueOrExpression<String> value) throws PropertyException
      Sets the "key-wrapping-transformation" property.

      The preferred key wrapping transformation for the directory server. This value must be the same for all server instances in a replication topology.

      Parameters:
      value - The value of the "key-wrapping-transformation" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getMacAlgorithm

      ValueOrExpression<String> getMacAlgorithm()
      Gets the "mac-algorithm" property.

      Specifies the preferred MAC algorithm for the directory server.

      Default value: HmacSHA256

      Returns:
      Returns the value of the "mac-algorithm" property.

    • setMacAlgorithm

      void setMacAlgorithm(ValueOrExpression<String> value) throws PropertyException
      Sets the "mac-algorithm" property.

      Specifies the preferred MAC algorithm for the directory server.

      Parameters:
      value - The value of the "mac-algorithm" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getMacKeyLength

      ValueOrExpression<Integer> getMacKeyLength()
      Gets the "mac-key-length" property.

      Specifies the key length in bits for the preferred MAC algorithm.

      Default value: 128

      Returns:
      Returns the value of the "mac-key-length" property.

    • setMacKeyLength

      void setMacKeyLength(ValueOrExpression<Integer> value) throws PropertyException
      Sets the "mac-key-length" property.

      Specifies the key length in bits for the preferred MAC algorithm.

      Parameters:
      value - The value of the "mac-key-length" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getMasterKeyAlias

      @MandatoryProperty ValueOrExpression<String> getMasterKeyAlias()
      Gets the "master-key-alias" property.

      The alias of the master key-pair which should be used for encrypting secrets that are generated and distributed across the deployment.

      Master keys may be periodically rotated, but should never be removed from the referenced key manager because they may still be needed for decryption. The master key alias reference a PrivateKeyEntry in the keystore which is typically an RSA key-pair.

      Returns:
      Returns the value of the "master-key-alias" property.

    • setMasterKeyAlias

      @MandatoryProperty void setMasterKeyAlias(ValueOrExpression<String> value) throws PropertyException
      Sets the "master-key-alias" property.

      The alias of the master key-pair which should be used for encrypting secrets that are generated and distributed across the deployment.

      Master keys may be periodically rotated, but should never be removed from the referenced key manager because they may still be needed for decryption. The master key alias reference a PrivateKeyEntry in the keystore which is typically an RSA key-pair.

      Parameters:
      value - The value of the "master-key-alias" property.
      Throws:
      PropertyException - If the new value is invalid.