001/* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at 010 * docs/licenses/cddl.txt 011 * or http://www.opensource.org/licenses/cddl1.php. 012 * See the License for the specific language governing permissions 013 * and limitations under the License. 014 * 015 * When distributing Covered Code, include this CDDL HEADER in each 016 * file and include the License file at 017 * docs/licenses/cddl.txt. If applicable, 018 * add the following below this CDDL HEADER, with the fields enclosed 019 * by brackets "[]" replaced with your own identifying information: 020 * Portions Copyright [yyyy] [name of copyright owner] 021 * 022 * CDDL HEADER END 023 * 024 * 025 * Copyright 2011-2018 Ping Identity Corporation 026 */ 027package com.unboundid.directory.sdk.ds.api; 028 029 030 031import java.io.InputStream; 032import java.io.OutputStream; 033import java.util.Collections; 034import java.util.List; 035import java.util.Map; 036import javax.crypto.CipherInputStream; 037import javax.crypto.CipherOutputStream; 038 039import com.unboundid.directory.sdk.broker.internal.BrokerExtension; 040import com.unboundid.directory.sdk.common.internal.ExampleUsageProvider; 041import com.unboundid.directory.sdk.common.internal.Reconfigurable; 042import com.unboundid.directory.sdk.common.internal.UnboundIDExtension; 043import com.unboundid.directory.sdk.ds.config.CipherStreamProviderConfig; 044import com.unboundid.directory.sdk.ds.types.DirectoryServerContext; 045import com.unboundid.directory.sdk.ds.internal.DirectoryServerExtension; 046import com.unboundid.ldap.sdk.LDAPException; 047import com.unboundid.ldap.sdk.ResultCode; 048import com.unboundid.util.Extensible; 049import com.unboundid.util.ThreadSafety; 050import com.unboundid.util.ThreadSafetyLevel; 051import com.unboundid.util.args.ArgumentException; 052import com.unboundid.util.args.ArgumentParser; 053 054 055 056/** 057 * This class defines an API that must be implemented by extensions which 058 * provide access to cipher input streams and cipher output streams to be used 059 * by the server in order to read and write encrypted data. 060 * <BR> 061 * <H2>Configuring Cipher Stream Providers</H2> 062 * In order to configure a cipher stream provider created using this API, use a 063 * command like: 064 * <PRE> 065 * dsconfig create-cipher-stream-provider \ 066 * --provider-name "<I>{provider-name}</I>" \ 067 * --type third-party \ 068 * --set enabled:true \ 069 * --set "extension-class:<I>{class-name}</I>" \ 070 * --set "extension-argument:<I>{name=value}</I>" 071 * </PRE> 072 * where "<I>{provider-name}</I>" is the name to use for the cipher stream 073 * provider instance, "<I>{class-name}</I>" is the fully-qualified name of the 074 * Java class that extends 075 * {@code com.unboundid.directory.sdk.ds.api.CipherStreamProvider}, 076 * and "<I>{name=value}</I>" represents name-value pairs for any arguments to 077 * provide to the cipher stream provider. If multiple arguments should be 078 * provided to the cipher stream provider, then the 079 * "<CODE>--set extension-argument:<I>{name=value}</I></CODE>" option should be 080 * provided multiple times. 081 */ 082@Extensible() 083@DirectoryServerExtension() 084@BrokerExtension() 085@ThreadSafety(level=ThreadSafetyLevel.INTERFACE_THREADSAFE) 086public abstract class CipherStreamProvider 087 implements UnboundIDExtension, 088 Reconfigurable<CipherStreamProviderConfig>, 089 ExampleUsageProvider 090{ 091 /** 092 * Creates a new instance of this cipher stream provider. All cipher stream 093 * provider implementations must include a default constructor, but any 094 * initialization should generally be done in the 095 * {@code initializeCipherStreamProvider} method. 096 */ 097 public CipherStreamProvider() 098 { 099 // No implementation is required. 100 } 101 102 103 104 /** 105 * {@inheritDoc} 106 */ 107 public abstract String getExtensionName(); 108 109 110 111 /** 112 * {@inheritDoc} 113 */ 114 public abstract String[] getExtensionDescription(); 115 116 117 118 /** 119 * {@inheritDoc} 120 */ 121 public void defineConfigArguments(final ArgumentParser parser) 122 throws ArgumentException 123 { 124 // No arguments will be allowed by default. 125 } 126 127 128 129 /** 130 * Initializes this cipher stream provider. 131 * 132 * @param serverContext A handle to the server context for the server in 133 * which this extension is running. 134 * @param config The general configuration for this cipher stream 135 * provider. 136 * @param parser The argument parser which has been initialized from 137 * the configuration for this cipher stream provider. 138 * 139 * @throws LDAPException If a problem occurs while initializing this cipher 140 * stream provider. 141 */ 142 public void initializeCipherStreamProvider( 143 final DirectoryServerContext serverContext, 144 final CipherStreamProviderConfig config, 145 final ArgumentParser parser) 146 throws LDAPException 147 { 148 // No initialization will be performed by default. 149 } 150 151 152 153 /** 154 * {@inheritDoc} 155 */ 156 public boolean isConfigurationAcceptable( 157 final CipherStreamProviderConfig config, 158 final ArgumentParser parser, 159 final List<String> unacceptableReasons) 160 { 161 // No extended validation will be performed by default. 162 return true; 163 } 164 165 166 167 /** 168 * {@inheritDoc} 169 */ 170 public ResultCode applyConfiguration(final CipherStreamProviderConfig config, 171 final ArgumentParser parser, 172 final List<String> adminActionsRequired, 173 final List<String> messages) 174 { 175 // By default, no configuration changes will be applied. If there are any 176 // arguments, then add an admin action message indicating that the extension 177 // needs to be restarted for any changes to take effect. 178 if (! parser.getNamedArguments().isEmpty()) 179 { 180 adminActionsRequired.add( 181 "No configuration change has actually been applied. The new " + 182 "configuration will not take effect until this cipher stream " + 183 "provider is disabled and re-enabled or until the server is " + 184 "restarted."); 185 } 186 187 return ResultCode.SUCCESS; 188 } 189 190 191 192 /** 193 * Performs any cleanup which may be necessary when this cipher stream 194 * provider is to be taken out of service. 195 */ 196 public void finalizeCipherStreamProvider() 197 { 198 // No implementation is required. 199 } 200 201 202 203 /** 204 * Wraps the provided input stream in a cipher input stream that can be used 205 * to decrypt data read from the given stream. 206 * 207 * @param source The input stream to be wrapped with a cipher input stream. 208 * 209 * @return The cipher input stream which wraps the provided input stream. 210 * 211 * @throws LDAPException If a problem occurs while creating the cipher input 212 * stream. 213 */ 214 public abstract CipherInputStream createCipherInputStream( 215 final InputStream source) 216 throws LDAPException; 217 218 219 220 /** 221 * Wraps the provided output stream in a cipher output stream that can be used 222 * to encrypt data written to the given stream. 223 * 224 * @param target The output stream to be wrapped with a cipher output 225 * stream. 226 * 227 * @return The cipher output stream which wraps the provided output stream. 228 * 229 * @throws LDAPException If a problem occurs while creating the cipher 230 * output stream. 231 */ 232 public abstract CipherOutputStream createCipherOutputStream( 233 final OutputStream target) 234 throws LDAPException; 235 236 237 238 /** 239 * {@inheritDoc} 240 */ 241 public Map<List<String>,String> getExamplesArgumentSets() 242 { 243 return Collections.emptyMap(); 244 } 245}