Package com.unboundid.directory.sdk.ds.api

Class CipherStreamProvider

  • All Implemented Interfaces:
    Configurable, ExampleUsageProvider, Reconfigurable<CipherStreamProviderConfig>, UnboundIDExtension
    @Extensible
@DirectoryServerExtension
@BrokerExtension
@ThreadSafety(level=INTERFACE_THREADSAFE)
public abstract class CipherStreamProvider
extends java.lang.Object
implements UnboundIDExtension, Reconfigurable<CipherStreamProviderConfig>, ExampleUsageProvider
    This class defines an API that must be implemented by extensions which provide access to cipher input streams and cipher output streams to be used by the server in order to read and write encrypted data.

    Configuring Cipher Stream Providers

    In order to configure a cipher stream provider created using this API, use a command like: 
          dsconfig create-cipher-stream-provider \
           --provider-name "{provider-name}" \
           --type third-party \
           --set enabled:true \
           --set "extension-class:{class-name}" \
           --set "extension-argument:{name=value}"
    where "{provider-name}" is the name to use for the cipher stream provider instance, "{class-name}" is the fully-qualified name of the Java class that extends com.unboundid.directory.sdk.ds.api.CipherStreamProvider, and "{name=value}" represents name-value pairs for any arguments to provide to the cipher stream provider. If multiple arguments should be provided to the cipher stream provider, then the "--set extension-argument:{name=value}" option should be provided multiple times.

    • Constructor Summary

      Constructors 
      Constructor Description
      CipherStreamProvider()
      Creates a new instance of this cipher stream provider.

    • Method Summary

      All Methods Instance Methods Abstract Methods Concrete Methods 
      Modifier and Type Method Description
      ResultCode applyConfiguration​(CipherStreamProviderConfig config, ArgumentParser parser, java.util.List<java.lang.String> adminActionsRequired, java.util.List<java.lang.String> messages)
      Attempts to apply the configuration from the provided argument parser to this extension.
      abstract javax.crypto.CipherInputStream createCipherInputStream​(java.io.InputStream source)
      Wraps the provided input stream in a cipher input stream that can be used to decrypt data read from the given stream.
      javax.crypto.CipherInputStream createCipherInputStreamWithoutCaching​(java.io.InputStream source, boolean allowInteractive)
      Wraps the provided input stream in a cipher input stream that can be used to decrypt data read from the given stream.
      abstract javax.crypto.CipherOutputStream createCipherOutputStream​(java.io.OutputStream target)
      Wraps the provided output stream in a cipher output stream that can be used to encrypt data written to the given stream.
      void defineConfigArguments​(ArgumentParser parser)
      Updates the provided argument parser to define any configuration arguments which may be used by this extension.
      void finalizeCipherStreamProvider()
      Performs any cleanup which may be necessary when this cipher stream provider is to be taken out of service.
      java.util.Map<java.lang.String,​java.lang.String> getBackupCompatibilityProperties()
      Retrieves a map with information about any backup compatibility properties that are specific to this cipher stream provider.
      java.util.List<java.lang.String> getBackupCompatibilityPropertyStrings​(java.util.Map<java.lang.String,​java.lang.String> propertyMap)
      Retrieves a list of human-readable string representations for the provided cipher-stream-provider-specific backup compatibility properties.
      java.util.List<java.lang.String> getBackupLogMessages()
      Retrieves a list of messages that should be logged (and made available in the output) when backing up an encryption settings database protected with this cipher stream provider.
      java.util.Map<java.util.List<java.lang.String>,​java.lang.String> getExamplesArgumentSets()
      Retrieves a map containing examples of configurations that may be used for this extension.
      abstract java.lang.String[] getExtensionDescription()
      Retrieves a human-readable description for this extension.
      abstract java.lang.String getExtensionName()
      Retrieves a human-readable name for this extension.
      void identifyBackupCompatibilityProblems​(java.util.Map<java.lang.String,​java.lang.String> sourceProperties, java.util.Map<java.lang.String,​java.lang.String> targetProperties, java.util.List<java.lang.CharSequence> errorMessages, java.util.List<java.lang.CharSequence> warningMessages)
      Examines the provided set of backup compatibility properties to determine whether there might be any warning or error conditions that may interfere with the ability to restore a backup of the encryption settings database.
      void initializeCipherStreamProvider​(DirectoryServerContext serverContext, CipherStreamProviderConfig config, ArgumentParser parser)
      Initializes this cipher stream provider.
      boolean isConfigurationAcceptable​(CipherStreamProviderConfig config, ArgumentParser parser, java.util.List<java.lang.String> unacceptableReasons)
      Indicates whether the configuration represented by the provided argument parser is acceptable for use by this extension.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • CipherStreamProvider

        public CipherStreamProvider()
        Creates a new instance of this cipher stream provider. All cipher stream provider implementations must include a default constructor, but any initialization should generally be done in the initializeCipherStreamProvider method.

    • Method Detail

      • getExtensionDescription

        public abstract java.lang.String[] getExtensionDescription()
        Retrieves a human-readable description for this extension. Each element of the array that is returned will be considered a separate paragraph in generated documentation.
        Specified by:
        getExtensionDescription in interface UnboundIDExtension
        Returns:
        A human-readable description for this extension, or null or an empty array if no description should be available.

      • defineConfigArguments

        public void defineConfigArguments​(ArgumentParser parser)
                           throws ArgumentException
        Updates the provided argument parser to define any configuration arguments which may be used by this extension. The argument parser may also be updated to define relationships between arguments (e.g., to specify required, exclusive, or dependent argument sets).
        Specified by:
        defineConfigArguments in interface Configurable
        Parameters:
        parser - The argument parser to be updated with the configuration arguments which may be used by this extension.
        Throws:
        ArgumentException - If a problem is encountered while updating the provided argument parser.

      • initializeCipherStreamProvider

        public void initializeCipherStreamProvider​(DirectoryServerContext serverContext,
                                           CipherStreamProviderConfig config,
                                           ArgumentParser parser)
                                    throws LDAPException
        Initializes this cipher stream provider.
        Parameters:
        serverContext - A handle to the server context for the server in which this extension is running.
        config - The general configuration for this cipher stream provider.
        parser - The argument parser which has been initialized from the configuration for this cipher stream provider.
        Throws:
        LDAPException - If a problem occurs while initializing this cipher stream provider.

      • isConfigurationAcceptable

        public boolean isConfigurationAcceptable​(CipherStreamProviderConfig config,
                                         ArgumentParser parser,
                                         java.util.List<java.lang.String> unacceptableReasons)
        Indicates whether the configuration represented by the provided argument parser is acceptable for use by this extension. The parser will have been used to parse any configuration available for this extension, and any automatic validation will have been performed. This method may be used to perform any more complex validation which cannot be performed automatically by the argument parser.
        Specified by:
        isConfigurationAcceptable in interface Reconfigurable<CipherStreamProviderConfig>
        Parameters:
        config - The general configuration for this extension.
        parser - The argument parser that has been used to parse the proposed configuration for this extension.
        unacceptableReasons - A list to which messages may be added to provide additional information about why the provided configuration is not acceptable.
        Returns:
        true if the configuration in the provided argument parser appears to be acceptable, or false if not.

      • applyConfiguration

        public ResultCode applyConfiguration​(CipherStreamProviderConfig config,
                                     ArgumentParser parser,
                                     java.util.List<java.lang.String> adminActionsRequired,
                                     java.util.List<java.lang.String> messages)
        Attempts to apply the configuration from the provided argument parser to this extension.
        Specified by:
        applyConfiguration in interface Reconfigurable<CipherStreamProviderConfig>
        Parameters:
        config - The general configuration for this extension.
        parser - The argument parser that has been used to parse the new configuration for this extension.
        adminActionsRequired - A list to which messages may be added to provide additional information about any additional administrative actions that may be required to apply some of the configuration changes.
        messages - A list to which messages may be added to provide additional information about the processing performed by this method.
        Returns:
        A result code providing information about the result of applying the configuration change. A result of SUCCESS should be used to indicate that all processing completed successfully. Any other result will indicate that a problem occurred during processing.

      • finalizeCipherStreamProvider

        public void finalizeCipherStreamProvider()
        Performs any cleanup which may be necessary when this cipher stream provider is to be taken out of service.

      • createCipherInputStream

        public abstract javax.crypto.CipherInputStream createCipherInputStream​(java.io.InputStream source)
                                                                throws LDAPException
        Wraps the provided input stream in a cipher input stream that can be used to decrypt data read from the given stream.
        Parameters:
        source - The input stream to be wrapped with a cipher input stream.
        Returns:
        The cipher input stream which wraps the provided input stream.
        Throws:
        LDAPException - If a problem occurs while creating the cipher input stream.

      • createCipherOutputStream

        public abstract javax.crypto.CipherOutputStream createCipherOutputStream​(java.io.OutputStream target)
                                                                  throws LDAPException
        Wraps the provided output stream in a cipher output stream that can be used to encrypt data written to the given stream.
        Parameters:
        target - The output stream to be wrapped with a cipher output stream.
        Returns:
        The cipher output stream which wraps the provided output stream.
        Throws:
        LDAPException - If a problem occurs while creating the cipher output stream.

      • createCipherInputStreamWithoutCaching

        public javax.crypto.CipherInputStream createCipherInputStreamWithoutCaching​(java.io.InputStream source,
                                                                            boolean allowInteractive)
                                                                     throws LDAPException
        Wraps the provided input stream in a cipher input stream that can be used to decrypt data read from the given stream. This method is primarily intended to verify that the cipher stream provider can still be used to read the encryption settings database on a fresh startup, so if possible, it should not use a precomputed encryption key or any other cached data.
        Parameters:
        source - The input stream to be wrapped with a cipher input stream.
        allowInteractive - Indicates whether to allow use of the method in an interactive context.
        Returns:
        The cipher input stream that wraps the provided input stream.
        Throws:
        LDAPException - If a problem occurs while creating the cipher input stream.

      • getBackupCompatibilityProperties

        public java.util.Map<java.lang.String,​java.lang.String> getBackupCompatibilityProperties()
        Retrieves a map with information about any backup compatibility properties that are specific to this cipher stream provider.
        Returns:
        A map with information about any backup compatibility properties that are specific to this cipher stream provider. It may be null or empty if there are no provider-specific properties.

      • identifyBackupCompatibilityProblems

        public void identifyBackupCompatibilityProblems​(java.util.Map<java.lang.String,​java.lang.String> sourceProperties,
                                                java.util.Map<java.lang.String,​java.lang.String> targetProperties,
                                                java.util.List<java.lang.CharSequence> errorMessages,
                                                java.util.List<java.lang.CharSequence> warningMessages)
        Examines the provided set of backup compatibility properties to determine whether there might be any warning or error conditions that may interfere with the ability to restore a backup of the encryption settings database. The default implementation does not do anything, but subclasses may override this method to provide any appropriate warning and error messages.
        Parameters:
        sourceProperties - A map of properties (obtained from the getBackupCompatibilityProperties() method) from the backup to be restore. The contents of this map must not be altered.
        targetProperties - A map of properties (obtained from the getBackupCompatibilityProperties() method) from the server in which the backup is to be restored. The contents of this map must not be altered.
        errorMessages - A list that may be updated with messages about any compatibility errors that have been identified. If any compatibility errors are identified, the restore will be aborted.
        warningMessages - A list that may be updated with messages about any compatibility warnings that have been identified. If any compatibility warnings are identified, they will be presented to a user attempting a restore, but the user may choose to ignore them if they are certain that the issue will not cause any problems.

      • getBackupCompatibilityPropertyStrings

        public java.util.List<java.lang.String> getBackupCompatibilityPropertyStrings​(java.util.Map<java.lang.String,​java.lang.String> propertyMap)
        Retrieves a list of human-readable string representations for the provided cipher-stream-provider-specific backup compatibility properties. The list returned does not need to have a one-to-one mapping with the properties (e.g., it may omit information about some properties, or it may combine information from multiple properties into a single string, or it may convert one property into multiple strings). It may also be null if this cipher stream provider does not expect to have any provider-specific properties.
        Parameters:
        propertyMap - A map of the property names and the associated values to use in obtaining the human-readable string representations.
        Returns:
        A list of human-readable string representations for the provider-specific backup compatibility properties, or null if this cipher stream provider does not expect to have any provider-specific properties.

      • getBackupLogMessages

        public java.util.List<java.lang.String> getBackupLogMessages()
        Retrieves a list of messages that should be logged (and made available in the output) when backing up an encryption settings database protected with this cipher stream provider. For example, this may be used to warn about additional files that may also need to be backed up separately (e.g., an encryption key stored in a separate file).
        Returns:
        A list of messages that should be logged when backing up an encryption settings database protected with this cipher stream provider. It may be null or empty if no log messages are needed.

      • getExamplesArgumentSets

        public java.util.Map<java.util.List<java.lang.String>,​java.lang.String> getExamplesArgumentSets()
        Retrieves a map containing examples of configurations that may be used for this extension. The map key should be a list of sample arguments, and the corresponding value should be a description of the behavior that will be exhibited by the extension when used with that configuration.
        Specified by:
        getExamplesArgumentSets in interface ExampleUsageProvider
        Returns:
        A map containing examples of configurations that may be used for this extension. It may be null or empty if there should not be any example argument sets.