<?xml version="1.0" encoding="utf-8"?>
<!--
 ! CDDL HEADER START
 !
 ! The contents of this file are subject to the terms of the
 ! Common Development and Distribution License, Version 1.0 only
 ! (the "License").  You may not use this file except in compliance
 ! with the License.
 !
 ! You can obtain a copy of the license at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
 ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
 ! See the License for the specific language governing permissions
 ! and limitations under the License.
 !
 ! When distributing Covered Code, include this CDDL HEADER in each
 ! file and include the License file at
 ! trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
 ! add the following below this CDDL HEADER, with the fields enclosed
 ! by brackets "[]" replaced with your own identifying information:
 !      Portions Copyright [yyyy] [name of copyright owner]
 !
 ! CDDL HEADER END
 !
 !
 !      Portions Copyright 2007 Sun Microsystems, Inc.
 ! -->

<adm:managed-object name="pkcs11-key-manager"
  plural-name="pkcs11-key-managers"
  package="org.opends.server.admin.std" extends="key-manager"
  xmlns:adm="http://www.opends.org/admin"
  xmlns:ldap="http://www.opends.org/admin-ldap">
  <adm:TODO>
    The key manager must be able to get a pin from somewhere. It looks
    in property, then an environment variable, then a file, and finally
    in a configuration attribute. At least one must be present. Can we
    express this ordering and this "at least one" constraint? Perhaps
    support a "one-of" element which can be used to group a set of
    properties.
  </adm:TODO>
  <adm:synopsis>
    The
    <adm:user-friendly-name />
    provider provides the ability for the server to access the private
    key information through the PKCS11 interface. This standard
    interface is used by cryptographic accelerators and hardware
    security modules.
  </adm:synopsis>
  <adm:profile name="ldap">
    <ldap:object-class>
      <ldap:oid>1.3.6.1.4.1.26027.1.2.21</ldap:oid>
      <ldap:name>ds-cfg-pkcs11-key-manager-provider</ldap:name>
      <ldap:superior>ds-cfg-key-manager-provider</ldap:superior>
    </ldap:object-class>
  </adm:profile>
  <adm:property-override name="java-implementation-class">
    <adm:default-behavior>
      <adm:defined>
        <adm:value>
          org.opends.server.extensions.PKCS11KeyManagerProvider
        </adm:value>
      </adm:defined>
    </adm:default-behavior>
  </adm:property-override>
  <adm:property-reference name="key-store-pin" />
  <adm:property-reference name="key-store-pin-property" />
  <adm:property-reference name="key-store-pin-environment-variable" />
  <adm:property-reference name="key-store-pin-file" />
</adm:managed-object>