org.opends.server.extensions
Class PKCS11KeyManagerProvider

java.lang.Object
  extended by org.opends.server.api.KeyManagerProvider<PKCS11KeyManagerProviderCfg>
      extended by org.opends.server.extensions.PKCS11KeyManagerProvider
All Implemented Interfaces:
ConfigurationChangeListener<PKCS11KeyManagerProviderCfg>

public class PKCS11KeyManagerProvider
extends KeyManagerProvider<PKCS11KeyManagerProviderCfg>
implements ConfigurationChangeListener<PKCS11KeyManagerProviderCfg>

This class defines a key manager provider that will access keys stored on a PKCS#11 device. It will use the Java PKCS#11 interface, which may need to be configured on the underlying system.


Field Summary
static java.lang.String PKCS11_KEYSTORE_TYPE
          The keystore type to use when accessing the PKCS#11 keystore.
 
Constructor Summary
PKCS11KeyManagerProvider()
          Creates a new instance of this PKCS#11 key manager provider.
 
Method Summary
 ConfigChangeResult applyConfigurationChange(PKCS11KeyManagerProviderCfg configuration)
          Applies the configuration changes to this change listener.
 void finalizeKeyManagerProvider()
          Performs any finalization that may be necessary for this key manager provider.
 javax.net.ssl.KeyManager[] getKeyManagers()
          Retrieves a set of KeyManager objects that may be used for interactions requiring access to a key manager.
 void initializeKeyManagerProvider(PKCS11KeyManagerProviderCfg configuration)
          Initializes this key manager provider based on the information in the provided key manager provider configuration.
 boolean isConfigurationAcceptable(PKCS11KeyManagerProviderCfg configuration, java.util.List<Message> unacceptableReasons)
          Indicates whether the provided configuration is acceptable for this key manager provider.
 boolean isConfigurationChangeAcceptable(PKCS11KeyManagerProviderCfg configuration, java.util.List<Message> unacceptableReasons)
          Indicates whether the proposed change to the configuration is acceptable to this change listener.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

PKCS11_KEYSTORE_TYPE

public static final java.lang.String PKCS11_KEYSTORE_TYPE
The keystore type to use when accessing the PKCS#11 keystore.

See Also:
Constant Field Values
Constructor Detail

PKCS11KeyManagerProvider

public PKCS11KeyManagerProvider()
Creates a new instance of this PKCS#11 key manager provider. The initializeKeyManagerProvider method must be called on the resulting object before it may be used.

Method Detail

initializeKeyManagerProvider

public void initializeKeyManagerProvider(PKCS11KeyManagerProviderCfg configuration)
                                  throws ConfigException,
                                         InitializationException
Initializes this key manager provider based on the information in the provided key manager provider configuration.

Specified by:
initializeKeyManagerProvider in class KeyManagerProvider<PKCS11KeyManagerProviderCfg>
Parameters:
configuration - The key manager provider configuration that contains the information to use to initialize this key manager provider.
Throws:
ConfigException - If an unrecoverable problem arises in the process of performing the initialization as a result of the server configuration.
InitializationException - If a problem occurs during initialization that is not related to the server configuration.

finalizeKeyManagerProvider

public void finalizeKeyManagerProvider()
Performs any finalization that may be necessary for this key manager provider.

Specified by:
finalizeKeyManagerProvider in class KeyManagerProvider<PKCS11KeyManagerProviderCfg>

getKeyManagers

public javax.net.ssl.KeyManager[] getKeyManagers()
                                          throws DirectoryException
Retrieves a set of KeyManager objects that may be used for interactions requiring access to a key manager.

Specified by:
getKeyManagers in class KeyManagerProvider<PKCS11KeyManagerProviderCfg>
Returns:
A set of KeyManager objects that may be used for interactions requiring access to a key manager.
Throws:
DirectoryException - If a problem occurs while attempting to obtain the set of key managers.

isConfigurationAcceptable

public boolean isConfigurationAcceptable(PKCS11KeyManagerProviderCfg configuration,
                                         java.util.List<Message> unacceptableReasons)
Indicates whether the provided configuration is acceptable for this key manager provider. It should be possible to call this method on an uninitialized key manager provider instance in order to determine whether the key manager provider would be able to use the provided configuration.

Note that implementations which use a subclass of the provided configuration class will likely need to cast the configuration to the appropriate subclass type.

Overrides:
isConfigurationAcceptable in class KeyManagerProvider<PKCS11KeyManagerProviderCfg>
Parameters:
configuration - The key manager provider configuration for which to make the determination.
unacceptableReasons - A list that may be used to hold the reasons that the provided configuration is not acceptable.
Returns:
true if the provided configuration is acceptable for this key manager provider, or false if not.

isConfigurationChangeAcceptable

public boolean isConfigurationChangeAcceptable(PKCS11KeyManagerProviderCfg configuration,
                                               java.util.List<Message> unacceptableReasons)
Indicates whether the proposed change to the configuration is acceptable to this change listener.

Specified by:
isConfigurationChangeAcceptable in interface ConfigurationChangeListener<PKCS11KeyManagerProviderCfg>
Parameters:
configuration - The new configuration containing the changes.
unacceptableReasons - A list that can be used to hold messages about why the provided configuration is not acceptable.
Returns:
Returns true if the proposed change is acceptable, or false if it is not.

applyConfigurationChange

public ConfigChangeResult applyConfigurationChange(PKCS11KeyManagerProviderCfg configuration)
Applies the configuration changes to this change listener.

Specified by:
applyConfigurationChange in interface ConfigurationChangeListener<PKCS11KeyManagerProviderCfg>
Parameters:
configuration - The new configuration containing the changes.
Returns:
Returns information about the result of changing the configuration.