Package org.forgerock.opendj.server.config.meta

Class CryptoManagerCfgDefn

java.lang.Object
org.forgerock.opendj.config.AbstractManagedObjectDefinition<C,S>
org.forgerock.opendj.config.ManagedObjectDefinition<CryptoManagerCfgClient,CryptoManagerCfg>
org.forgerock.opendj.server.config.meta.CryptoManagerCfgDefn
public final class CryptoManagerCfgDefn extends ManagedObjectDefinition<CryptoManagerCfgClient,CryptoManagerCfg>
An interface for querying the Crypto Manager managed object definition meta information.

The Crypto Manager provides a common interface for performing compression, decompression, hashing, encryption and other kinds of cryptographic operations.

  • Method Details

    • getInstance

      public static CryptoManagerCfgDefn getInstance()
      Get the Crypto Manager configuration definition singleton.
      Returns:
      Returns the Crypto Manager configuration definition singleton.

    • createClientConfiguration

      public CryptoManagerCfgClient createClientConfiguration(ManagedObject<? extends CryptoManagerCfgClient> impl)
      Description copied from class: ManagedObjectDefinition
      Creates a client configuration view of the provided managed object. Modifications made to the underlying managed object will be reflected in the client configuration view and vice versa.
      Specified by:
      createClientConfiguration in class ManagedObjectDefinition<CryptoManagerCfgClient,CryptoManagerCfg>
      Parameters:
      impl - The managed object.
      Returns:
      Returns a client configuration view of the provided managed object.

    • createServerConfiguration

      public CryptoManagerCfg createServerConfiguration(ServerManagedObject<? extends CryptoManagerCfg> impl)
      Description copied from class: ManagedObjectDefinition
      Creates a server configuration view of the provided server managed object.
      Specified by:
      createServerConfiguration in class ManagedObjectDefinition<CryptoManagerCfgClient,CryptoManagerCfg>
      Parameters:
      impl - The server managed object.
      Returns:
      Returns a server configuration view of the provided server managed object.

    • getServerConfigurationClass

      public Class<CryptoManagerCfg> getServerConfigurationClass()
      Description copied from class: ManagedObjectDefinition
      Gets the server configuration class instance associated with this managed object definition.
      Specified by:
      getServerConfigurationClass in class ManagedObjectDefinition<CryptoManagerCfgClient,CryptoManagerCfg>
      Returns:
      Returns the server configuration class instance associated with this managed object definition.

    • getCipherKeyLengthPropertyDefinition

      public IntegerPropertyDefinition getCipherKeyLengthPropertyDefinition()
      Get the "cipher-key-length" property definition.

      Specifies the key length in bits for the preferred cipher.

      Returns:
      Returns the "cipher-key-length" property definition.

    • getCipherTransformationPropertyDefinition

      public StringPropertyDefinition getCipherTransformationPropertyDefinition()
      Get the "cipher-transformation" property definition.

      Specifies the cipher for the directory server using the syntax algorithm/mode/padding.

      The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms do not have a mode or padding, hence the fields must be specified using NONE as mode and NoPadding as padding. For example, ChaCha20/NONE/NoPadding.

      Returns:
      Returns the "cipher-transformation" property definition.

    • getDigestAlgorithmPropertyDefinition

      public StringPropertyDefinition getDigestAlgorithmPropertyDefinition()
      Get the "digest-algorithm" property definition.

      Specifies the preferred message digest algorithm for the directory server.

      Returns:
      Returns the "digest-algorithm" property definition.

    • getKeyManagerProviderPropertyDefinition

      public AggregationPropertyDefinition<KeyManagerProviderCfgClient,KeyManagerProviderCfg> getKeyManagerProviderPropertyDefinition()
      Get the "key-manager-provider" property definition.

      The name of the key manager containing the master key-pair and any deprecated master key.

      The master key, which is identified using the "master-key-alias" property, will be used for encrypting secrets that are generated and distributed across the deployment. Master keys may be periodically rotated, but should never be removed from the referenced key manager because they may still be needed for decryption. The alias must correspond to a PrivateKeyEntry in the keystore and is typically an RSA key-pair.

      Returns:
      Returns the "key-manager-provider" property definition.

    • getKeyWrappingModePropertyDefinition

      public EnumPropertyDefinition<CryptoManagerCfgDefn.KeyWrappingMode> getKeyWrappingModePropertyDefinition()
      Get the "key-wrapping-mode" property definition.

      Defines which crypto operation to use to wrap symmetric keys for storage.

      Symmetric keys are wrapped either by direct encryption or by using the wrap cipher mode, depending on the configured crypto provider capabilities or key type.

      Returns:
      Returns the "key-wrapping-mode" property definition.

    • getKeyWrappingTransformationPropertyDefinition

      public StringPropertyDefinition getKeyWrappingTransformationPropertyDefinition()
      Get the "key-wrapping-transformation" property definition.

      The preferred key wrapping transformation for the directory server. This value must be the same for all server instances in a replication topology.

      Returns:
      Returns the "key-wrapping-transformation" property definition.

    • getMacAlgorithmPropertyDefinition

      public StringPropertyDefinition getMacAlgorithmPropertyDefinition()
      Get the "mac-algorithm" property definition.

      Specifies the preferred MAC algorithm for the directory server.

      Returns:
      Returns the "mac-algorithm" property definition.

    • getMacKeyLengthPropertyDefinition

      public IntegerPropertyDefinition getMacKeyLengthPropertyDefinition()
      Get the "mac-key-length" property definition.

      Specifies the key length in bits for the preferred MAC algorithm.

      Returns:
      Returns the "mac-key-length" property definition.

    • getMasterKeyAliasPropertyDefinition

      public StringPropertyDefinition getMasterKeyAliasPropertyDefinition()
      Get the "master-key-alias" property definition.

      The alias of the master key-pair which should be used for encrypting secrets that are generated and distributed across the deployment.

      Master keys may be periodically rotated, but should never be removed from the referenced key manager because they may still be needed for decryption. The master key alias reference a PrivateKeyEntry in the keystore which is typically an RSA key-pair.

      Returns:
      Returns the "master-key-alias" property definition.