001/* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at 010 * docs/licenses/cddl.txt 011 * or http://www.opensource.org/licenses/cddl1.php. 012 * See the License for the specific language governing permissions 013 * and limitations under the License. 014 * 015 * When distributing Covered Code, include this CDDL HEADER in each 016 * file and include the License file at 017 * docs/licenses/cddl.txt. If applicable, 018 * add the following below this CDDL HEADER, with the fields enclosed 019 * by brackets "[]" replaced with your own identifying information: 020 * Portions Copyright [yyyy] [name of copyright owner] 021 * 022 * CDDL HEADER END 023 * 024 * 025 * Copyright 2010-2021 Ping Identity Corporation 026 */ 027package com.unboundid.directory.sdk.common.types; 028 029 030 031import java.io.File; 032import java.io.InputStream; 033import java.io.IOException; 034import java.io.OutputStream; 035import java.security.GeneralSecurityException; 036import java.util.Collection; 037import java.util.List; 038import java.util.Map; 039import java.util.Set; 040import java.util.UUID; 041 042import javax.mail.MessagingException; 043 044import com.unboundid.directory.sdk.ds.api.ChangeListener; 045import com.unboundid.directory.sdk.common.api.DiskSpaceConsumer; 046import com.unboundid.directory.sdk.common.api.MonitorProvider; 047import com.unboundid.directory.sdk.common.api.ServerShutdownListener; 048import com.unboundid.directory.sdk.common.api.ServerThread; 049import com.unboundid.directory.sdk.common.config.GenericConfig; 050import com.unboundid.directory.sdk.common.schema.Schema; 051import com.unboundid.directory.sdk.ds.types.RegisteredChangeListener; 052import com.unboundid.directory.sdk.proxy.types.Location; 053import com.unboundid.ldap.sdk.ChangeType; 054import com.unboundid.ldap.sdk.DN; 055import com.unboundid.ldap.sdk.Filter; 056import com.unboundid.ldap.sdk.LDAPConnection; 057import com.unboundid.ldap.sdk.LDAPConnectionOptions; 058import com.unboundid.ldap.sdk.LDAPConnectionPool; 059import com.unboundid.ldap.sdk.LDAPException; 060import com.unboundid.ldap.sdk.LDAPInterface; 061import com.unboundid.util.NotExtensible; 062import com.unboundid.util.ThreadSafety; 063import com.unboundid.util.ThreadSafetyLevel; 064 065 066 067/** 068 * This interface may be used to obtain information about the server in 069 * which an extension is running. 070 */ 071@NotExtensible() 072@ThreadSafety(level=ThreadSafetyLevel.INTERFACE_THREADSAFE) 073public interface ServerContext 074{ 075 /** 076 * Retrieves the compact name of the server vendor. The returned name will 077 * not have any spaces. 078 * 079 * @return The compact name of the server vendor. 080 */ 081 String getShortVendorName(); 082 083 084 085 /** 086 * Retrieves the full name of the server vendor. The returned name may 087 * contain spaces. 088 * 089 * @return The full name of the server vendor. 090 */ 091 String getFullVendorName(); 092 093 094 095 /** 096 * Retrieves the compact name of the server. The returned name will not have 097 * any spaces. 098 * 099 * @return The compact name of the server. 100 */ 101 String getCompactProductName(); 102 103 104 105 /** 106 * Retrieves the package name of the server that is used for defining the 107 * server package ZIP file and root directory. The returned name will not 108 * have any spaces. 109 * 110 * @return The package name of the server. 111 */ 112 String getPackageName(); 113 114 115 116 /** 117 * Retrieves the full name of the server. The returned name may contain 118 * spaces. 119 * 120 * @return The full name of the server. 121 */ 122 String getFullProductName(); 123 124 125 126 /** 127 * Retrieves the base name of the server which is generally the full 128 * product name without the vendor information. The returned name may 129 * contain spaces. 130 * 131 * @return The full name of the server. 132 */ 133 String getBasicProductName(); 134 135 136 137 /** 138 * Retrieves the major version number for the server. The major version 139 * number is the first number which appears in the full version string (e.g., 140 * for a version string of "1.2.3.4-beta5", the major version number is 1). 141 * 142 * @return The major version number for the server. 143 */ 144 int getMajorVersionNumber(); 145 146 147 148 /** 149 * Retrieves the minor version number for the server. The minor version 150 * number is the second number which appears in the full version string (e.g., 151 * for a version string of "1.2.3.4-beta5", the minor version number is 2). 152 * 153 * @return The minor version number for the server. 154 */ 155 int getMinorVersionNumber(); 156 157 158 159 /** 160 * Retrieves the point version number for the server. The point version 161 * number is the third number which appears in the full version string (e.g., 162 * for a version string of "1.2.3.4-beta5", the point version number is 3). 163 * 164 * @return The point version number for the server. 165 */ 166 int getPointVersionNumber(); 167 168 169 170 /** 171 * Retrieves the patch version number for the server. The patch version 172 * number is the fourth number which appears in the full version string (e.g., 173 * for a version string of "1.2.3.4-beta5", the patch version number is 4). 174 * 175 * @return The point version number for the server. 176 */ 177 int getPatchVersionNumber(); 178 179 180 181 /** 182 * Retrieves a string that is the concatenation of the major, minor, 183 * point, and patch version numbers of the server. 184 * 185 * @return the server's version number string. 186 */ 187 String getVersionNumber(); 188 189 190 191 /** 192 * Retrieves a string that is the concatenation of the product name, the 193 * major, minor, point, and patch version numbers of the server and any 194 * any other unique version information. 195 * 196 * @return the server's full version number string. 197 */ 198 String getFullVersion(); 199 200 201 202 /** 203 * Retrieves the version qualifier string for the server. The version 204 * qualifier is an optional string which may provide additional information 205 * about the server version. If a version qualifier is present, then it will 206 * immediately follow the patch version number (e.g., for a version string of 207 * "1.2.3.4-beta5", the version qualifier is "-beta5"). 208 * 209 * @return The version qualifier for the server, or an empty string if no 210 * version qualifier is defined. 211 */ 212 String getVersionQualifier(); 213 214 215 216 /** 217 * Retrieves a value which identifies the source revision (in the 218 * version control system used to hold the server source code) from which the 219 * server was built. 220 * 221 * @return The source revision identifier for the server. 222 */ 223 String getSourceRevision(); 224 225 226 227 /** 228 * Indicates whether the server is in the process of starting up. 229 * 230 * @return {@code true} if the server is in the process of starting up, or 231 * {@code false} if not. 232 */ 233 boolean isStarting(); 234 235 236 237 /** 238 * Indicates whether the server is currently running. 239 * 240 * @return {@code true} if the server is running, or {@code false} if not. 241 */ 242 boolean isRunning(); 243 244 245 246 /** 247 * Indicates whether the server is in the process of shutting down. 248 * 249 * @return {@code true} if the server is in the process of shutting down, or 250 * {@code false} if not. 251 */ 252 boolean isShuttingDown(); 253 254 255 256 /** 257 * Retrieves the time that the server was started. The value returned will 258 * be an offset in milliseconds since 12:00 a.m. on January 1, 1970. 259 * 260 * @return The time that the server was started. 261 */ 262 long getStartTime(); 263 264 265 266 /** 267 * Retrieves a compact ID that was generated at the time the server was 268 * started. It is not guaranteed to be unique among all instances of the 269 * server, but is guaranteed to be unique across all invocations of a single 270 * server installation. This is suitable for inclusion in log messages and 271 * can help differentiate operations with the same connection ID and operation 272 * ID across server restarts. 273 * 274 * @return A compact ID that was generated at the time the server was 275 * started. 276 */ 277 String getStartupID(); 278 279 280 281 /** 282 * Retrieves a unique identifier that was generated at the time the server was 283 * started. It will be unique across all server instances and all invocations 284 * of the same instance. 285 * 286 * @return A unique identifier that was generated at the time the server was 287 * started. 288 */ 289 UUID getStartupUUID(); 290 291 292 293 /** 294 * Retrieves the instance name that has been assigned to the server. 295 * 296 * @return The instance name that has been assigned to the server. 297 */ 298 String getInstanceName(); 299 300 301 302 303 /** 304 * Retrieves the location that has been assigned to the server, if any. 305 * 306 * @return The location that has been assigned to the server, or 307 * {@code null} if no location has been assigned. 308 */ 309 Location getLocation(); 310 311 312 313 /** 314 * Retrieves the path to the server root directory. 315 * 316 * @return The path to the server root directory. 317 */ 318 File getServerRoot(); 319 320 321 322 /** 323 * Retrieves a ToolExecutor that can be used to internally execute select 324 * command line utilities. 325 * 326 * @return A ToolExecutor that can be used to internally execute select 327 * command line utilities. 328 */ 329 ToolExecutor getToolExecutor(); 330 331 332 333 /** 334 * Indicates whether the extension is running in a server that has Directory 335 * Server functionality available. 336 * 337 * @return {@code true} if Directory Server functionality is available, or 338 * {@code false} if not. 339 */ 340 boolean isDirectoryFunctionalityAvailable(); 341 342 343 344 /** 345 * Indicates whether the extension is running in a server that has Directory 346 * Proxy Server functionality available. 347 * 348 * @return {@code true} if Directory Proxy Server functionality is available, 349 * or {@code false} if not. 350 */ 351 boolean isDirectoryProxyFunctionalityAvailable(); 352 353 354 355 /** 356 * Indicates whether the extension is running in a server that has 357 * Data Sync Server functionality available. 358 * 359 * @return {@code true} if Data Sync Server functionality is 360 * available, or {@code false} if not. 361 */ 362 boolean isSyncFunctionalityAvailable(); 363 364 365 366 /** 367 * Retrieves an internal connection that is authenticated as a root user 368 * that is not subject to access control. 369 * <BR><BR> 370 * During operation processing, this connection is considered a root 371 * connection that is both internal and secure. 372 * <BR><BR> 373 * Note that the returned connection will use the client connection policy 374 * defined as the default policy for internal operations. If you have access 375 * to a {@code ClientContext} and wish to use the client connection policy 376 * associated with that connection, use the 377 * {@link ClientContext#getInternalRootConnection(boolean)} method. 378 * 379 * @return An internal connection that is authenticated as a root user. 380 */ 381 InternalConnection getInternalRootConnection(); 382 383 384 385 /** 386 * Retrieves an internal connection that is authenticated as the specified 387 * user. Operations on the connection may be subject to access control based 388 * on the privileges associated with the specified user. 389 * <BR><BR> 390 * During operation processing, this connection is considered a user 391 * connection that is both internal and secure. 392 * <BR><BR> 393 * Note that the returned connection will use the client connection policy 394 * defined as the default policy for internal operations. If you have access 395 * to a {@code ClientContext} and wish to use the client connection policy 396 * associated with that connection, use the 397 * {@link ClientContext#getInternalConnection(String,boolean)} method. 398 * 399 * @param dn The DN of the user as whom the connection should be 400 * authenticated. It may be {@code null} or empty if the 401 * connection should be unauthenticated. 402 * 403 * @return An internal connection that is authenticated as the specified 404 * user. 405 * 406 * @throws LDAPException If a problem occurs while attempting to 407 * authenticate as the specified user. 408 */ 409 InternalConnection getInternalConnection(final String dn) 410 throws LDAPException; 411 412 413 414 /** 415 * Retrieves a client connection that is authenticated as a root user 416 * and is not subject to access control. 417 * <BR><BR> 418 * This method should be used when the connection will be used on behalf of 419 * some external client, and allows you to indicate whether the external 420 * client has a secure connection. This information is used by some of the 421 * internal security controls, such as password policies, which may reject 422 * password change operations if they are not over a secure connection, for 423 * example. 424 * <BR><BR> 425 * During operation processing, this connection is considered a root 426 * connection that is external and optionally secure, depending on the 427 * {@code isClientSecure} parameter. 428 * 429 * @param isClientSecure Whether the external client is connected over a 430 * secure channel. 431 * 432 * @return A client connection that is authenticated as a root user. 433 */ 434 LDAPInterface getClientRootConnection(final boolean isClientSecure); 435 436 437 438 /** 439 * Retrieves a client connection that is authenticated as the specified 440 * user. Operations on the connection may be subject to access control based 441 * on the privileges associated with the specified user. 442 * <BR><BR> 443 * This method should be used when the connection will be used on behalf of 444 * some external client, and allows you to indicate whether the external 445 * client has a secure connection. This information is used by some of the 446 * internal security controls, such as password policies, which may reject 447 * password change operations if they are not over a secure connection, for 448 * example. 449 * <BR><BR> 450 * During operation processing, this connection is considered a user 451 * connection that is external and optionally secure, depending on the 452 * {@code isClientSecure} parameter. 453 * 454 * @param dn The DN of the user as whom the connection should be 455 * authenticated. It may be {@code null} or empty if the 456 * connection should be unauthenticated. 457 * 458 * @param isClientSecure Whether the external client is connected over a 459 * secure channel. 460 * 461 * @return An internal connection that is authenticated as the specified 462 * user. 463 * 464 * @throws LDAPException If a problem occurs while attempting to 465 * authenticate as the specified user. 466 */ 467 LDAPInterface getClientConnection(final String dn, 468 final boolean isClientSecure) 469 throws LDAPException; 470 471 472 473 /** 474 * Retrieves a reference to the server schema. 475 * 476 * @return A reference to the server schema. 477 */ 478 Schema getSchema(); 479 480 481 482 /** 483 * Registers the provided OID with the server so that it will appear in the 484 * supportedControl attribute of the server's root DSE. This method should 485 * only be used by extensions which implement some level of support for that 486 * control (e.g., a pre-parse plugin which performs all necessary processing 487 * from the control and removes it from the request so that it will not be 488 * seen and potentially rejected by the core server). 489 * 490 * @param oid The OID to be registered. 491 */ 492 void registerSupportedControlOID(final String oid); 493 494 495 496 /** 497 * Deregisters the provided OID with the server so that it will no longer 498 * appear in the supportedControl attribute of the server's root DSE. 499 * 500 * @param oid The OID to be deregistered. 501 */ 502 void deregisterSupportedControlOID(final String oid); 503 504 505 506 /** 507 * Registers the provided change listener with the server so that it may be 508 * notified of any changes matching the provided criteria. 509 * 510 * @param listener The change listener to be registered with the server. 511 * It must not be {@code null}. 512 * @param changeTypes The types of changes for which the listener should be 513 * registered. It may be {@code null} or empty to 514 * indicate that the listener should be registered for 515 * all types of changes. 516 * @param baseDNs The set of base DNs for which the listener should be 517 * registered. It may be {@code null} or empty to 518 * indicate that the listener should be registered for 519 * changes processed anywhere in the server. 520 * @param filter A filter which may be used to restrict the set of 521 * changes for which the listener is notified. If a 522 * filter is provided, then only changes in which the 523 * target entry matches the given filter (either before 524 * or after the change was processed) will be notified. 525 * It may be {@code null} to indicate that the contents 526 * of the entry should not be considered. 527 * 528 * @return An object representing the change listener that has been 529 * registered with the server. 530 * 531 * @throws LDAPException If a problem is encountered while attempting to 532 * register the provided change listener (e.g., if any 533 * of the base DNs cannot be parsed as a valid DN). 534 */ 535 RegisteredChangeListener registerChangeListener(final ChangeListener listener, 536 final Set<ChangeType> changeTypes, 537 final List<String> baseDNs, 538 final Filter filter) 539 throws LDAPException; 540 541 542 543 /** 544 * Deregisters the provided change listener with the server. This will have 545 * no effect if the provided listener is not registered. 546 * 547 * @param listener The change listener to be deregistered. It must not be 548 * {@code null}. 549 */ 550 void deregisterChangeListener(final RegisteredChangeListener listener); 551 552 553 554 /** 555 * Registers the provided disk space consumer with the server. 556 * 557 * @param consumer The disk space consumer to be registered with the server. 558 * It must not be {@code null}. 559 * 560 * @return An object representing the disk space consumer that has been 561 * registered with the server. 562 */ 563 RegisteredDiskSpaceConsumer registerDiskSpaceConsumer( 564 final DiskSpaceConsumer consumer); 565 566 567 568 /** 569 * Deregisters the provided disk space consumer with the server. This will no 570 * no effect if the provided consumer is not registered. 571 * 572 * @param consumer The disk space consumer to be deregistered with the 573 * server. It must not be {@code null}. 574 */ 575 void deregisterDiskSpaceConsumer(final RegisteredDiskSpaceConsumer consumer); 576 577 578 579 /** 580 * Registers the provided listener to be notified when the server shutdown 581 * process has begun. 582 * 583 * @param listener The server shutdown listener to be registered. It must 584 * not be {@code null}. 585 * 586 * @return An object representing the shutdown listener that has been 587 * registered with the server. 588 */ 589 RegisteredServerShutdownListener registerShutdownListener( 590 final ServerShutdownListener listener); 591 592 593 594 /** 595 * Deregisters the provided server shutdown listener with the server. This 596 * will have no effect if the provided listener is not registered. 597 * 598 * @param listener The server shutdown listener to be deregistered. It must 599 * not be {@code null}. 600 */ 601 void deregisterShutdownListener( 602 final RegisteredServerShutdownListener listener); 603 604 605 606 /** 607 * Registers the given monitor provider with the server. It is important that 608 * this monitor provider has a unique instance name across all monitor 609 * providers in the server. If there is already a monitor provider registered 610 * with the same instance name, an {@link IllegalStateException} will be 611 * thrown. 612 * <p> 613 * The generated monitor entry will have a DN in the following format: 614 * <code>cn={monitor-instance-name} [from {extension-type}:{extension-name}], 615 * cn=monitor</code> and it will contain three auto-generated attributes: 616 * <code>ds-extension-monitor-name</code>, <code>ds-extension-type</code>, and 617 * <code>ds-extension-name</code>. Note: the {extension-type} and 618 * {extension-name} are from the extension which owns this ServerContext 619 * instance, not from the given MonitorProvider object. 620 * <p> 621 * The specified monitor provider does not need any server-side configuration, 622 * and the configuration-related methods 623 * (<code>initalizeMonitorProvider()</code>, 624 * <code>finalizeMonitorProvider()</code>, 625 * <code>defineConfigArguments()</code>, 626 * <code>isConfigurationAcceptable()</code>, 627 * <code>applyConfiguration()</code>) do not need to be implemented because 628 * they will not be called. 629 * <p> 630 * When an extension is disabled, all of its registered monitor 631 * providers will automatically deregister themselves from the server. 632 * You can also manually deregister them using 633 * {@link #deregisterMonitorProvider(RegisteredMonitorProvider)} or 634 * {@link #deregisterAllMonitorProviders()}. 635 * 636 * @param provider The monitor provider instance to be registered. It 637 * must not be {@code null}. 638 * @param config The configuration object from the extension that is 639 * registering the given monitor provider. This is required so 640 * that the monitor entry can be given a unique DN which 641 * includes the name of the extension that registered it. 642 * 643 * @return An object representing the monitor provider that has been 644 * registered with the server. 645 */ 646 RegisteredMonitorProvider registerMonitorProvider( 647 final MonitorProvider provider, 648 final GenericConfig config); 649 650 651 652 /** 653 * Deregisters the given monitor provider with the server. This will have no 654 * effect if the given monitor provider is not registered. 655 * 656 * @param provider The monitor provider instance to be registered. It 657 * must not be {@code null}. 658 */ 659 void deregisterMonitorProvider(final RegisteredMonitorProvider provider); 660 661 662 663 /** 664 * Deregisters all the monitor providers that were registered with the server 665 * by this instance of {@link ServerContext}. This can be useful during 666 * cleanup or if you want to clear out all the existing monitor data from a 667 * given extension and register new monitor providers. 668 * <p> 669 * This will be called automatically when your extension is unloaded or 670 * disabled. 671 */ 672 void deregisterAllMonitorProviders(); 673 674 675 676 /** 677 * Creates a new thread to run within the server. The thread will not be 678 * started. 679 * 680 * @param name The name to use for the thread. It must not be 681 * {@code null} or empty. 682 * @param serverThread The class providing the logic for the thread. It 683 * must not be {@code null}. 684 * 685 * @return The thread that has been created but not yet started. 686 */ 687 Thread createThread(final ServerThread serverThread, final String name); 688 689 690 691 /** 692 * Writes a message to the server error log. 693 * 694 * @param severity The severity to use for the log message. It must not be 695 * {@code null}. 696 * @param message The message to be logged. It must not be {@code null}. 697 */ 698 void logMessage(final LogSeverity severity, final String message); 699 700 701 702 /** 703 * Indicates whether trace log messages of the provided severity can be 704 * logged by an extension to any trace log publishers. This allows callers 705 * to avoid potentially expensive message construction for messages that are 706 * not going to be logged. 707 * 708 * @param logSeverity The log message severity. 709 * Must not be {@code null}. 710 * @return {@code true} if trace log messages from extensions are 711 * loggable to any trace log publishers 712 */ 713 boolean isTraceMessageLoggable(final LogSeverity logSeverity); 714 715 716 717 /** 718 * Writes a message to the server trace log publishers. 719 * 720 * @param logSeverity The log message severity. If the log message may 721 * contain potentially sensitive information, 722 * {@link LogSeverity#DEBUG} should be used. 723 * Must not be {@code null}. 724 * @param message The message to be logged. It must not be {@code null}. 725 */ 726 void logTraceMessage(final LogSeverity logSeverity, final String message); 727 728 729 730 /** 731 * Writes a message to the server trace log publishers. 732 * 733 * @param logSeverity The log message severity. If the log message may 734 * contain potentially sensitive information, 735 * {@link LogSeverity#DEBUG} should be used. 736 * Must not be {@code null}. 737 * @param message The message to be logged. It must not be {@code null}. 738 * @param keyValues Keys and values that are to be logged with key=value. 739 * Keys should not contain spaces or other special 740 * characters. This map may be {@code null}. 741 */ 742 void logTraceMessage(final LogSeverity logSeverity, 743 final String message, 744 final Map<String, String> keyValues); 745 746 747 748 /** 749 * Generates an administrative alert notification. 750 * 751 * @param severity The severity to use for the alert notification. It must 752 * not be {@code null}. 753 * @param message The message to be used for the alert notification. It 754 * must not be {@code null}. 755 */ 756 void sendAlert(final AlertSeverity severity, final String message); 757 758 759 760 /** 761 * Generates an administrative alert notification. 762 * 763 * @param alertTypeName The name to use to identify the alert type. Each 764 * kind of alert must have a distinct name and all 765 * alerts with this alert type must always be used with 766 * the same severity and OID values. Alert type names 767 * must start with a lowercase ASCII letter and must 768 * contain only lowercase ASCII letters, numeric 769 * digits, and dashes. 770 * @param severity The severity to use for the alert notification. 771 * It must not be {@code null}. 772 * @param alertTypeOID The numeric OID for the alert type. It must not be 773 * {@code null}, and it must be a valid numeric OID. 774 * The same OID must always be used for the associated 775 * alert type, and each different alert type must have 776 * a unique OID. 777 * @param message The message to be used for the alert notification. 778 * It must not be {@code null}. 779 * 780 * @throws LDAPException If the provided information cannot be used to 781 * generate a valid alert (e.g., if the alert type 782 * name does not meet the naming constraints or has 783 * already been used with a different severity and/or 784 * OID, or if the OID has already been used with a 785 * different alert type). 786 */ 787 void sendAlert(final String alertTypeName, final AlertSeverity severity, 788 final String alertTypeOID, final String message) 789 throws LDAPException; 790 791 792 793 /** 794 * Generates an administrative alert and updates the server's general monitor 795 * entry to list the specified alert type as a degraded alert type. Once the 796 * condition that triggered the server to be considered degraded has been 797 * resolved, the {@link DegradedAlertType#setResolved} method should be used 798 * to remove the alert type from the list of degraded alert types. 799 * <BR><BR> 800 * If a server has one or more unavailable alert types, it will be considered 801 * unavailable for use by products which make use of this information. If a 802 * server does not have any unavailable alert types but has one or more 803 * degraded alert types, then it will be considered degraded and less 804 * desirable for use by products which make use of this information. 805 * 806 * @param alertTypeName The name to use to identify the alert type. Each 807 * kind of alert must have a distinct name and all 808 * alerts with this alert type must always be used with 809 * the same severity and OID values. Alert type names 810 * must start with a lowercase ASCII letter and must 811 * contain only lowercase ASCII letters, numeric 812 * digits, and dashes. 813 * @param severity The severity to use for the alert notification. 814 * It must not be {@code null}. 815 * @param alertTypeOID The numeric OID for the alert type. It must not be 816 * {@code null}, and it must be a valid numeric OID. 817 * The same OID must always be used for the associated 818 * alert type, and each different alert type must have 819 * a unique OID. 820 * @param message The message to be used for the alert notification. 821 * It must not be {@code null}. 822 * 823 * @return An object that may be used to obtain information about the alert 824 * type and indicate that the degraded condition has been resolved. 825 * 826 * @throws LDAPException If the provided information cannot be used to 827 * generate a valid alert (e.g., if the alert type 828 * name does not meet the naming constraints or has 829 * already been used with a different severity and/or 830 * OID, or if the OID has already been used with a 831 * different alert type). 832 */ 833 DegradedAlertType sendDegradedAlertNotification(final String alertTypeName, 834 final AlertSeverity severity, 835 final String alertTypeOID, 836 final String message) 837 throws LDAPException; 838 839 840 841 /** 842 * Generates an administrative alert and updates the server's general monitor 843 * entry to list the specified alert type as an unavailable alert type. Once 844 * the condition that triggered the server to be considered unavailable has 845 * been resolved, the {@link UnavailableAlertType#setResolved} method should 846 * be used to remove the alert type from the list of unavailable alert types. 847 * <BR><BR> 848 * If a server has one or more unavailable alert types, it will be considered 849 * unavailable for use by products which make use of this information. If a 850 * server does not have any unavailable alert types but has one or more 851 * degraded alert types, then it will be considered degraded and less 852 * desirable for use by products which make use of this information. 853 * 854 * @param alertTypeName The name to use to identify the alert type. Each 855 * kind of alert must have a distinct name and all 856 * alerts with this alert type must always be used with 857 * the same severity and OID values. Alert type names 858 * must start with a lowercase ASCII letter and must 859 * contain only lowercase ASCII letters, numeric 860 * digits, and dashes. 861 * @param severity The severity to use for the alert notification. 862 * It must not be {@code null}. 863 * @param alertTypeOID The numeric OID for the alert type. It must not be 864 * {@code null}, and it must be a valid numeric OID. 865 * The same OID must always be used for the associated 866 * alert type, and each different alert type must have 867 * a unique OID. 868 * @param message The message to be used for the alert notification. 869 * It must not be {@code null}. 870 * 871 * @return An object that may be used to obtain information about the alert 872 * type and indicate that the unavailable condition has been 873 * resolved. 874 * 875 * @throws LDAPException If the provided information cannot be used to 876 * generate a valid alert (e.g., if the alert type 877 * name does not meet the naming constraints or has 878 * already been used with a different severity and/or 879 * OID, or if the OID has already been used with a 880 * different alert type). 881 */ 882 UnavailableAlertType sendUnavailableAlertNotification( 883 final String alertTypeName, 884 final AlertSeverity severity, 885 final String alertTypeOID, final String message) 886 throws LDAPException; 887 888 889 890 /** 891 * Indicates whether debugging is enabled in the server. 892 * <BR><BR> 893 * Note that debug messages written by Server SDK extensions will be handled 894 * in the same way as debug messages generated in other areas of the server. 895 * However, the "Server SDK Extension Debug Logger" may be used to easily 896 * obtain only debug messages generated by Server SDK extensions, suppressing 897 * all messages generated in other areas of the server. 898 * 899 * @return {@code true} if debugging is enabled in the server, or 900 * {@code false} if not. 901 */ 902 boolean debugEnabled(); 903 904 905 906 /** 907 * Writes a debug message indicating that the provided exception has been 908 * caught. 909 * <BR><BR> 910 * Note that debug messages written by Server SDK extensions will be handled 911 * in the same way as debug messages generated in other areas of the server. 912 * However, the "Server SDK Extension Debug Logger" may be used to easily 913 * obtain only debug messages generated by Server SDK extensions, suppressing 914 * all messages generated in other areas of the server. 915 * 916 * @param t The exception that has been caught. 917 */ 918 void debugCaught(final Throwable t); 919 920 921 922 /** 923 * Writes a debug message indicating that the provided exception will be 924 * thrown. 925 * <BR><BR> 926 * Note that debug messages written by Server SDK extensions will be handled 927 * in the same way as debug messages generated in other areas of the server. 928 * However, the "Server SDK Extension Debug Logger" may be used to easily 929 * obtain only debug messages generated by Server SDK extensions, suppressing 930 * all messages generated in other areas of the server. 931 * 932 * @param t The exception that will be thrown. 933 */ 934 void debugThrown(final Throwable t); 935 936 937 938 /** 939 * Writes a debug message with an error severity. 940 * <BR><BR> 941 * Note that debug messages written by Server SDK extensions will be handled 942 * in the same way as debug messages generated in other areas of the server. 943 * However, the "Server SDK Extension Debug Logger" may be used to easily 944 * obtain only debug messages generated by Server SDK extensions, suppressing 945 * all messages generated in other areas of the server. 946 * 947 * @param message The message to be debugged. 948 */ 949 void debugError(final String message); 950 951 952 953 /** 954 * Writes a debug message with a warning severity. 955 * <BR><BR> 956 * Note that debug messages written by Server SDK extensions will be handled 957 * in the same way as debug messages generated in other areas of the server. 958 * However, the "Server SDK Extension Debug Logger" may be used to easily 959 * obtain only debug messages generated by Server SDK extensions, suppressing 960 * all messages generated in other areas of the server. 961 * 962 * @param message The message to be debugged. 963 */ 964 void debugWarning(final String message); 965 966 967 968 /** 969 * Writes a debug message with an informational severity. 970 * <BR><BR> 971 * Note that debug messages written by Server SDK extensions will be handled 972 * in the same way as debug messages generated in other areas of the server. 973 * However, the "Server SDK Extension Debug Logger" may be used to easily 974 * obtain only debug messages generated by Server SDK extensions, suppressing 975 * all messages generated in other areas of the server. 976 * 977 * @param message The message to be debugged. 978 */ 979 void debugInfo(final String message); 980 981 982 983 /** 984 * Writes a debug message with a verbose severity. 985 * <BR><BR> 986 * Note that debug messages written by Server SDK extensions will be handled 987 * in the same way as debug messages generated in other areas of the server. 988 * However, the "Server SDK Extension Debug Logger" may be used to easily 989 * obtain only debug messages generated by Server SDK extensions, suppressing 990 * all messages generated in other areas of the server. 991 * 992 * @param message The message to be debugged. 993 */ 994 void debugVerbose(final String message); 995 996 997 998 /** 999 * Retrieves a connection that is established and (if appropriate) 1000 * authenticated to the specified LDAP External server. This will be a 1001 * newly-created connection that is not used for any other purpose, and the 1002 * caller is responsible for closing that connection when it is no longer 1003 * needed. 1004 * 1005 * @param ldapExternalServerCfgObjectName The name of the configuration 1006 * object for the LDAP external 1007 * server to which the connection 1008 * should be established. It must 1009 * not be {@code null}. 1010 * @param connectionOptions The set of options to use for the 1011 * connection that is established. 1012 * It may be {@code null} if a 1013 * default set of options should be 1014 * used. 1015 * 1016 * @return The newly-created LDAP connection. 1017 * 1018 * @throws LDAPException If it is not possible to establish a connection to 1019 * the target servers. 1020 */ 1021 LDAPConnection getLDAPExternalServerConnection( 1022 final String ldapExternalServerCfgObjectName, 1023 final LDAPConnectionOptions connectionOptions) 1024 throws LDAPException; 1025 1026 1027 1028 /** 1029 * Retrieves a connection pool with connections to the specified server. This 1030 * will be a newly-created connection pool that is not used for any other 1031 * purpose, and the caller is responsible for closing that connection pool 1032 * when it is no longer needed. 1033 * 1034 * @param ldapExternalServerCfgObjectName The name of the configuration 1035 * object for the LDAP external 1036 * server to which the connections 1037 * should be established. It must 1038 * not be {@code null}. 1039 * @param connectionOptions The set of options to use for the 1040 * connection that is established. 1041 * It may be {@code null} if a 1042 * default set of options should be 1043 * used. 1044 * @param initialConnections The initial number of connections 1045 * to attempt to establish. It must 1046 * be greater than or equal to zero. 1047 * @param maxConnections The maximum number of connections 1048 * that should be established and 1049 * unused in the pool at any time. 1050 * It must be greater than or equal 1051 * to {@code initialConnections}, and 1052 * it must not be zero. 1053 * @param throwOnConnectFailure Indicates whether to throw an 1054 * {@code LDAPException} if an error 1055 * is encountered while attempting to 1056 * connect or authenticate any of the 1057 * initial connections. If this is 1058 * {@code false} and none of the 1059 * initial connections can be 1060 * established (or if the initial 1061 * number of connections is zero), 1062 * then the pool will be returned 1063 * without any connections. 1064 * 1065 * @return The newly-created LDAP connection pool. 1066 * 1067 * @throws LDAPException If it is not possible to establish a pool of 1068 * connections to the specified LDAP external server. 1069 */ 1070 LDAPConnectionPool getLDAPExternalServerConnectionPool( 1071 final String ldapExternalServerCfgObjectName, 1072 final LDAPConnectionOptions connectionOptions, 1073 final int initialConnections, 1074 final int maxConnections, 1075 final boolean throwOnConnectFailure) 1076 throws LDAPException; 1077 1078 1079 1080 /** 1081 * Retrieves the plaintext representation of the specified obscured value from 1082 * the server configuration. Obscured values may be used to allow extensions 1083 * to store potentially sensitive information (for example, credentials needed 1084 * to access some external system) in the configuration in a manner that will 1085 * prevent them from being stored in the clear or displayed in the clear in 1086 * administrative interfaces. If a server extension needs to be configured 1087 * with potentially sensitive information, it is recommended that each piece 1088 * of sensitive information be stored as an obscured value, and that the 1089 * extension be configured with the names of the relevant obscured values. 1090 * 1091 * @param obscuredValueConfigObjectName The name of the configuration object 1092 * for the obscured value to retrieve. 1093 * It must not be {@code null}. 1094 * 1095 * @return The plaintext representation of the specified obscured value from 1096 * the server configuration. 1097 * 1098 * @throws LDAPException If the provided name does not reference an obscured 1099 * value that is defined in the server configuration. 1100 */ 1101 String getObscuredValue(final String obscuredValueConfigObjectName) 1102 throws LDAPException; 1103 1104 1105 1106 /** 1107 * Returns a ValueConstructor built from the provided value template. A 1108 * ValueConstructor can be used to construct string values from a template 1109 * that can reference attributes on an entry. 1110 * 1111 * @param constructedValueTemplate The constructed value pattern. See 1112 * {@link ValueConstructor} for details on 1113 * the syntax for the template. 1114 * 1115 * @return A ValueConstructor based on the provided template. 1116 * 1117 * @throws LDAPException If the provided value template is invalid. 1118 */ 1119 ValueConstructor createValueConstructor(final String constructedValueTemplate) 1120 throws LDAPException; 1121 1122 1123 1124 /** 1125 * Retrieves the group defined in the specified entry. 1126 * 1127 * @param groupDN The DN of the entry containing the group to retrieve. It 1128 * must not be {@code null}. 1129 * 1130 * @return The group defined in the specified entry. 1131 * 1132 * @throws LDAPException If the specified entry does not exist, if it exists 1133 * but does not represent a group, or if a problem is 1134 * encountered while retrieving the group. 1135 */ 1136 Group getGroup(final String groupDN) 1137 throws LDAPException; 1138 1139 1140 1141 /** 1142 * Retrieves the set of groups in which the specified user is a member, 1143 * indexed by group DN. 1144 * 1145 * @param userDN The DN of the user for whom to retrieve the 1146 * associated groups. It must not be 1147 * {@code null}. 1148 * @param directMembershipOnly Indicates whether to only consider the user a 1149 * member of the group if that user is directly 1150 * named as a member of the group. If this 1151 * parameter is {@code true}, then the method 1152 * will return {@code true} only if the user is 1153 * directly listed as a member of the group, and 1154 * will not included dynamic or nested 1155 * membership. If this parameter is 1156 * {@code false}, then the method will return 1157 * {@code true} if the user is a direct member 1158 * of the group, is a member of a dynamic group 1159 * in which the user matches the membership 1160 * criteria, or if the user is a member of a 1161 * nested group. 1162 * 1163 * @return A map of the groups in which the specified user is a member, or an 1164 * empty map if the specified user is not a member of any groups. 1165 * 1166 * @throws LDAPException If the specified user does not exist or if a 1167 * problem is encountered while attempting to retrieve 1168 * the groups in which the user is a member. 1169 */ 1170 Map<DN,Group> getGroupsForUser(final String userDN, 1171 final boolean directMembershipOnly) 1172 throws LDAPException; 1173 1174 1175 1176 /** 1177 * Indicates whether the specified user has the indicated privilege. The set 1178 * of defined privileges may be found in the privilege-list.html and 1179 * privilege-list.csv files in the server docs directory. 1180 * 1181 * @param userDN The DN of the user for whom to make the 1182 * determination. It must not be {@code null}. 1183 * @param privilegeName The name of the privilege for which to make the 1184 * determination. It must not be {@code null}. 1185 * 1186 * @return {@code true} if the specified user has the indicated privilege, or 1187 * {@code false} if not. 1188 * 1189 * @throws LDAPException If the specified user does not exist, if the 1190 * indicated privilege is not defined in the server, 1191 * or if a problem is encountered while trying to make 1192 * the determination. 1193 */ 1194 boolean hasPrivilege(final String userDN, final String privilegeName) 1195 throws LDAPException; 1196 1197 1198 1199 /** 1200 * Retrieves the names of the privileges held by the specified user. The set 1201 * of defined privileges may be found in the privilege-list.html and 1202 * privilege-list.csv files in the server docs directory. 1203 * 1204 * @param userDN The DN of the user for whom to retrieve the privileges. It 1205 * must not be {@code null}. 1206 * 1207 * @return The names of the privileges held by the specified user, or an 1208 * empty set if the user does not have any privileges. 1209 * 1210 * @throws LDAPException If the specified user does not exist, or if a 1211 * problem is encountered while attempting to retrieve 1212 * the user's privileges. 1213 */ 1214 Set<String> getPrivilegeNames(final String userDN) 1215 throws LDAPException; 1216 1217 1218 1219 /** 1220 * Reload the key and trust manager providers associated with any HTTP 1221 * connection handlers.that provide support for HTTPS. This can cause any 1222 * changes to the certificates in those stores to be applied to the running 1223 * instance without the need to disable and re-enable the connection handler 1224 * or to restart the server. Note that this reload does have the potential 1225 * to interfere with the ability for clients to resume a TLS session created 1226 * before the reload was invoked. 1227 * 1228 * @throws LDAPException If an error occurs. 1229 */ 1230 void reloadHTTPConnectionHandlerCertificates() 1231 throws LDAPException; 1232 1233 1234 1235 /** 1236 * Opens an input stream that may be used to read data from the provided 1237 * file. The contents of the file may optionally have been encrypted with the 1238 * LDAP SDK's {@code PassphraseEncryptedOutputStream} using a key from the 1239 * server's encryption settings database, and may have optionally been 1240 * compressed with the GZIP compression algorithm. If the file is both 1241 * compressed and encrypted, then the data must have been compressed before 1242 * it was encrypted. 1243 * 1244 * @param file The file to be read. It must not be {@code null}. 1245 * 1246 * @return The input stream that may be used to read the optionally 1247 * compressed and/or encrypted file. 1248 * 1249 * @throws LDAPException If a problem is encountered while interacting with 1250 * the server's encryption framework, or if the data 1251 * is encrypted with a key not contained in the 1252 * encryption settings database. 1253 * 1254 * @throws GeneralSecurityException If a problem is encountered while 1255 * preparing to decrypt the data. 1256 * 1257 * @throws IOException If a problem is encountered while attempting to read 1258 * or decompress the data. 1259 */ 1260 InputStream getPossiblyCompressedAndEncryptedInputStream(final File file) 1261 throws LDAPException, GeneralSecurityException, IOException; 1262 1263 1264 1265 /** 1266 * Examines the provided input stream and determines whether its contents have 1267 * been encrypted with a {@code PassphraseEncryptedOutputStream}, and if so, 1268 * retrieves an input stream that may be used to read its decrypted content. 1269 * Also examines the input stream to determine whether its contents may have 1270 * been GZIP-compressed, and if so, retrieves an input stream that may be used 1271 * to read its decompressed content. If the data is encrypted, it must start 1272 * with a {@code PassphraseEncryptedStreamHeader}, and it must have been 1273 * encrypted with a key contained in the server's encryption settings 1274 * database. If the data is both compressed and encrypted, then it must have 1275 * been compressed before it was encrypted. 1276 * <BR><BR> 1277 * Note that if a problem occurs that causes this method to throw an 1278 * exception, then the provided stream will have been closed before control 1279 * returns to the caller. 1280 * 1281 * @param inputStream The input stream from which the data is to be 1282 * obtained. It must not be {@code null}. 1283 * 1284 * @return The input stream that may be used to read the optionally 1285 * compressed and/or encrypted data from the provided input stream. 1286 * 1287 * @throws LDAPException If a problem is encountered while interacting with 1288 * the server's encryption framework, or if the data 1289 * is encrypted with a key not contained in the 1290 * encryption settings database. 1291 * 1292 * @throws GeneralSecurityException If a problem is encountered while 1293 * preparing to decrypt the data. 1294 * 1295 * @throws IOException If a problem is encountered while attempting to read 1296 * or decompress the data. 1297 */ 1298 InputStream getPossiblyCompressedAndEncryptedInputStream( 1299 final InputStream inputStream) 1300 throws LDAPException, GeneralSecurityException, IOException; 1301 1302 1303 1304 /** 1305 * Wraps the provided output stream in a 1306 * {@code PassphraseEncryptedOutputStream} so that data written to it will be 1307 * encrypted, optionally after also wrapping it in a {@code GZIPOutputStream} 1308 * to ensure that the data is compressed before it is encrypted. The 1309 * encryption key will be obtained from the server's preferred encryption 1310 * settings definition. 1311 * 1312 * @param outputStream The output stream to be wrapped. It must not be 1313 * {@code null}. 1314 * @param compress Indicates whether to GZIP-compress the data before 1315 * encrypting it. 1316 * 1317 * @return The output stream that may be used to write encrypted (and 1318 * possibly compressed) data. 1319 * 1320 * @throws LDAPException If a problem is encountered while interacting with 1321 * the server's encryption framework or if the server 1322 * encryption settings database does not have a 1323 * preferred definition. 1324 * 1325 * @throws GeneralSecurityException If a problem is encountered while 1326 * preparing to encrypt the data. 1327 * 1328 * @throws IOException If a problem occurs while preparing to compress the 1329 * the data. 1330 */ 1331 OutputStream getEncryptedOutputStream(final OutputStream outputStream, 1332 final boolean compress) 1333 throws LDAPException, IOException, GeneralSecurityException; 1334 1335 1336 1337 /** 1338 * Wraps the provided output stream in a 1339 * {@code PassphraseEncryptedOutputStream} so that data written to it will be 1340 * encrypted, optionally after also wrapping it in a {@code GZIPOutputStream} 1341 * to ensure that the data is compressed before it is encrypted. 1342 * 1343 * @param outputStream The output stream to be wrapped. 1344 * It must not be {@code null}. 1345 * @param encryptionSettingsDefinitionID The identifier of the encryption 1346 * settings definition that should be 1347 * used to encrypt the data. It must 1348 * not be {@code null}. 1349 * @param compress Indicates whether to GZIP-compress 1350 * the data before encrypting it. 1351 * 1352 * @return The output stream that may be used to write encrypted (and 1353 * possibly compressed) data. 1354 * 1355 * @throws LDAPException If a problem is encountered while interacting with 1356 * the server's encryption framework, or if the 1357 * encryption settings database does not have a 1358 * definition with the specified ID. 1359 * 1360 * @throws GeneralSecurityException If a problem is encountered while 1361 * preparing to encrypt the data. 1362 * 1363 * @throws IOException If a problem occurs while preparing to compress the 1364 * the data. 1365 */ 1366 OutputStream getEncryptedOutputStream(final OutputStream outputStream, 1367 final String encryptionSettingsDefinitionID, 1368 final boolean compress) 1369 throws LDAPException, GeneralSecurityException, IOException; 1370 1371 1372 1373 /** 1374 * Retrieves information about the server's preferred encryption settings 1375 * definition, which is the default definition that will be used for new 1376 * encryption operations if no other definition is requested. 1377 * 1378 * @return Information about the server's preferred encryption settings 1379 * definition, or {@code null} if the server does not have a 1380 * preferred encryption settings definition. 1381 */ 1382 EncryptionSettingsDefinition getPreferredEncryptionSettingsDefinition(); 1383 1384 1385 1386 /** 1387 * Retrieves the encryption settings definition with the specified ID. 1388 * 1389 * @param id The identifier for the encryption settings definition to 1390 * retrieve. It must not be {@code null}. 1391 * 1392 * @return The encryption settings definition with the specified ID, or 1393 * {@code null} if the encryption settings database does not have a 1394 * definition with the specified ID. 1395 */ 1396 EncryptionSettingsDefinition getEncryptionSettingsDefinition(final String id); 1397 1398 1399 1400 /** 1401 * Retrieves a list of all of the encryption settings definitions contained 1402 * in the server's encryption settings database. 1403 * 1404 * @return A list of all the encryption settings definitions contained in 1405 * the server's encryption settings database. 1406 */ 1407 List<EncryptionSettingsDefinition> getEncryptionSettingsDefinitions(); 1408 1409 1410 1411 /** 1412 * Creates a multi-part email message with the provided information. 1413 * 1414 * @param senderAddress The sender address for the email message. It must 1415 * not be {@code null} or empty. 1416 * @param replyToAddress The reply-to address for this email message. It 1417 * may be {@code null} if no reply-to address is 1418 * needed. If it is non-{@code null}, then it must 1419 * not be empty. 1420 * @param toAddresses The set of "to" addresses for the email message. 1421 * At least one of the {@code toAddresses}, 1422 * {@code ccAddresses}, and {@code bccAddresses} 1423 * arguments must be non-{@code null} and non-empty. 1424 * @param ccAddresses The set of "cc" addresses for the email message. 1425 * At least one of the {@code toAddresses}, 1426 * {@code ccAddresses}, and {@code bccAddresses} 1427 * arguments must be non-{@code null} and non-empty. 1428 * @param bccAddresses The set of "bcc" addresses for the email message. 1429 * At least one of the {@code toAddresses}, 1430 * {@code ccAddresses}, and {@code bccAddresses} 1431 * arguments must be non-{@code null} and non-empty. 1432 * @param subject The subject for the email message. It must not be 1433 * {@code null} or empty. 1434 * @param plainTextPart The content for the plain-text-formatted body of 1435 * the message. It must not be {@code null} if 1436 * {@code htmlPart} is {@code null}. If it is 1437 * non-{@code null}, then it must not be empty. 1438 * @param htmlPart The content for the HTML-formatted body of the 1439 * message. It must not be {@code null} if 1440 * {@code plainTextPart} is {@code null}. If it is 1441 * non-{@code null}, then it must not be empty. 1442 * @param customHeaders An optional map of custom headers to include in the 1443 * email message. It may be {@code null} or empty if 1444 * no custom headers should be included. 1445 * @param attachments An optional set of attachments to include in the 1446 * email message. It may be {@code null} or empty if 1447 * the message should not include any attachments. 1448 * 1449 * @return The email message that was created. 1450 * 1451 * @throws MessagingException If there is a problem with any of the 1452 * provided addresses. 1453 */ 1454 EMailMessage createEMailMessage(final String senderAddress, 1455 final String replyToAddress, 1456 final Collection<String> toAddresses, 1457 final Collection<String> ccAddresses, 1458 final Collection<String> bccAddresses, 1459 final String subject, 1460 final String plainTextPart, 1461 final String htmlPart, 1462 final Map<String,List<String>> customHeaders, 1463 final List<EMailAttachment> attachments) 1464 throws MessagingException; 1465 1466 1467 1468 /** 1469 * Creates an email attachment with the provided information. 1470 * 1471 * @param filename The filename for this attachment. It must not be 1472 * {@code null} or empty. It must be just the name of 1473 * the file, without any path information. 1474 * @param contentType The MIME type for the email attachment. If this is 1475 * {@code null}, then a default value of 1476 * "application/octet-stream" will be used. 1477 * @param isInline Indicates whether the attachment is intended to be 1478 * referenced inline within the body of the email 1479 * message (e.g., an image displayed within the 1480 * HTML-formatted message). 1481 * @param data The bytes that comprise the data for the attachment. 1482 * It must not be {@code null} or empty. 1483 * 1484 * @return The email attachment that has been created. 1485 */ 1486 EMailAttachment createEMailAttachment(final String filename, 1487 final String contentType, 1488 final boolean isInline, 1489 final byte[] data); 1490 1491 1492 1493 /** 1494 * Retrieves a passphrase obtained by the specified passphrase provider. 1495 * 1496 * @param providerName The name or configuration entry DN for the passphrase 1497 * provider to invoke. It must not be {@code null}. 1498 * @param allowCached Indicates whether the provider may use a cached 1499 * version of the passphrase (if the provider supports 1500 * caching). 1501 * 1502 * @return The passphrase retrieved from the specified passphrase provider. 1503 * It will not be {@code null}. 1504 * 1505 * @throws LDAPException If the requested passphrase provider is not defined 1506 * or enabled in the server configuration, or if a 1507 * problem occurs while invoking the passphrase 1508 * provider. 1509 */ 1510 char[] getPassphraseFromPassphraseProvider(final String providerName, 1511 final boolean allowCached) 1512 throws LDAPException; 1513}