org.forgerock.opendj.security

Class OpenDjSecurityProvider

java.lang.Object

java.util.Dictionary<K,V>

java.util.Hashtable<Object,Object>

java.util.Properties

java.security.Provider

org.forgerock.opendj.security.OpenDjSecurityProvider

All Implemented Interfaces:

Serializable, Cloneable, Map<Object,Object>

public final class OpenDjSecurityProvider
extends Provider

The OpenDJ LDAP security provider which exposes an LDAP/LDIF based KeyStore service, as well as providing utility methods facilitating construction of LDAP/LDIF based key stores. See the package documentation for more information.

See Also:

Serialized Form

Nested Class Summary

Nested classes/interfaces inherited from class java.security.Provider

Provider.Service

Field Summary

Fields inherited from class java.util.Properties

defaults

Constructor Summary

Constructors

Constructor and Description
OpenDjSecurityProvider() Creates a default LDAP security provider with no default key store configuration.
OpenDjSecurityProvider(String configFile) Creates a LDAP security provider with provided default key store configuration.
OpenDjSecurityProvider(URI configFile) Creates a LDAP security provider with provided default key store configuration.

Method Summary

Modifier and Type	Method and Description
Provider	configure(String configFile) Implements the JDK9 configure() method for compatibility with recent versions fof Java.
static KeyStoreObjectCache	newCapacityBasedKeyStoreObjectCache(int capacity) Creates a new fixed capacity key store object cache which will evict objects once it reaches the provided capacity.
static Factory<char[]>	newClearTextPasswordFactory(char[] password) Returns a password factory which will return a copy of the provided password for each invocation of Factory.newInstance(), and which does not provide any protection of the in memory representation of the password.
static KeyStoreObjectCache	newKeyStoreObjectCacheFromMap(Map<String,KeyStoreObject> map) Creates a new key store object cache which will delegate to the provided Map.
static KeyStore	newLdapKeyStore(ConnectionFactory factory, Dn baseDN) Creates a new LDAP key store with default options.
static KeyStore	newLdapKeyStore(ConnectionFactory factory, Dn baseDN, Options options) Creates a new LDAP key store with custom options.
static KeyStore	newLdifKeyStore(File ldifFile, Dn baseDN) Creates a new LDIF based key store which will read and write key store objects to the provided key store file.
static KeyStore	newLdifKeyStore(File ldifFile, Dn baseDN, Options options) Creates a new LDIF based key store which will read and write key store objects to the provided key store file.

Methods inherited from class java.security.Provider

clear, compute, computeIfAbsent, computeIfPresent, elements, entrySet, forEach, get, getInfo, getName, getOrDefault, getProperty, getService, getServices, getVersion, keys, keySet, load, merge, put, putAll, putIfAbsent, putService, remove, remove, removeService, replace, replace, replaceAll, toString, values

Methods inherited from class java.util.Properties

getProperty, list, list, load, loadFromXML, propertyNames, save, setProperty, store, store, storeToXML, storeToXML, stringPropertyNames

Methods inherited from class java.util.Hashtable

clone, contains, containsKey, containsValue, equals, hashCode, isEmpty, rehash, size

Methods inherited from class java.lang.Object

finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

OpenDjSecurityProvider

public OpenDjSecurityProvider()

Creates a default LDAP security provider with no default key store configuration.

OpenDjSecurityProvider

public OpenDjSecurityProvider(String configFile)

Creates a LDAP security provider with provided default key store configuration.

Parameters:

configFile - The configuration file, which may be null indicating that key stores will be configured when they are instantiated.

OpenDjSecurityProvider

public OpenDjSecurityProvider(URI configFile)

Creates a LDAP security provider with provided default key store configuration.

Parameters:

configFile - The configuration file, which may be null indicating that key stores will be configured when they are instantiated.

Method Detail

configure

public Provider configure(String configFile)

Implements the JDK9 configure() method for compatibility with recent versions fof Java.

Parameters:

configFile - The configuration file, which may be null indicating that key stores will be configured when they are instantiated.

Returns:

The configured provider.

newLdapKeyStore

public static KeyStore newLdapKeyStore(ConnectionFactory factory,
                                       Dn baseDN)

Creates a new LDAP key store with default options. The returned key store will already have been loaded.

Parameters:

factory - The LDAP connection factory.

baseDN - The DN of the subtree containing the LDAP key store.

Returns:

The LDAP key store.

newLdapKeyStore

public static KeyStore newLdapKeyStore(ConnectionFactory factory,
                                       Dn baseDN,
                                       Options options)

Creates a new LDAP key store with custom options. The returned key store will already have been loaded.

Parameters:

factory - The LDAP connection factory.

baseDN - The DN of the subtree containing the LDAP key store.

options - The optional key store parameters, including the cache configuration, key store password, and crypto parameters.

Returns:

The LDAP key store.

See Also:

For the list of available key store options.

newLdifKeyStore

public static KeyStore newLdifKeyStore(File ldifFile,
                                       Dn baseDN)
                                throws IOException

Creates a new LDIF based key store which will read and write key store objects to the provided key store file. The LDIF file will be read during construction and re-written after each update. The returned key store will already have been loaded.

Parameters:

ldifFile - The name of the LDIF file containing the key store objects.

baseDN - The DN of the subtree containing the LDAP key store.

Returns:

The LDIF key store.

Throws:

IOException - If an error occurred while reading the LDIF file.

newLdifKeyStore

public static KeyStore newLdifKeyStore(File ldifFile,
                                       Dn baseDN,
                                       Options options)
                                throws IOException

Creates a new LDIF based key store which will read and write key store objects to the provided key store file. The LDIF file will be read during construction and re-written after each update. The returned key store will already have been loaded.

Parameters:

ldifFile - The name of the LDIF file containing the key store objects.

baseDN - The DN of the subtree containing the LDAP key store.

options - The optional key store parameters, including the cache configuration, key store password, and crypto parameters.

Returns:

The LDIF key store.

Throws:

IOException - If an error occurred while reading the LDIF file.

newKeyStoreObjectCacheFromMap

public static KeyStoreObjectCache newKeyStoreObjectCacheFromMap(Map<String,KeyStoreObject> map)

Creates a new key store object cache which will delegate to the provided Map. It is the responsibility of the map implementation to perform cache eviction if needed. The provided map MUST be thread-safe.

Parameters:

map - The thread-safe Map implementation in which key store objects will be stored.

Returns:

The new key store object cache.

newCapacityBasedKeyStoreObjectCache

public static KeyStoreObjectCache newCapacityBasedKeyStoreObjectCache(int capacity)

Creates a new fixed capacity key store object cache which will evict objects once it reaches the provided capacity. This implementation is only intended for simple use cases and is not particularly scalable.

Parameters:

capacity - The maximum number of key store objects that will be cached before eviction occurs.

Returns:

The new key store object cache.

newClearTextPasswordFactory

public static Factory<char[]> newClearTextPasswordFactory(char[] password)

Returns a password factory which will return a copy of the provided password for each invocation of Factory.newInstance(), and which does not provide any protection of the in memory representation of the password.

Parameters:

password - The password or null if no password should ever be returned.

Returns:

A password factory which will return a copy of the provided password.