1 package org.eclipse.jetty.server.ssl;
2
3 import java.io.File;
4 import java.security.SecureRandom;
5 import java.security.Security;
6
7 import javax.net.ssl.KeyManagerFactory;
8 import javax.net.ssl.SSLContext;
9 import javax.net.ssl.SSLEngine;
10 import javax.net.ssl.TrustManagerFactory;
11
12 import org.eclipse.jetty.server.Connector;
13
14
15 /* ------------------------------------------------------------ */
16 /** The interface for SSL connectors and their configuration methods.
17 *
18 */
19 public interface SslConnector extends Connector
20 {
21 public static final String DEFAULT_KEYSTORE_ALGORITHM=(Security.getProperty("ssl.KeyManagerFactory.algorithm")==null?"SunX509":Security.getProperty("ssl.KeyManagerFactory.algorithm"));
22 public static final String DEFAULT_TRUSTSTORE_ALGORITHM=(Security.getProperty("ssl.TrustManagerFactory.algorithm")==null?"SunX509":Security.getProperty("ssl.TrustManagerFactory.algorithm"));
23
24 /** Default value for the keystore location path. */
25 public static final String DEFAULT_KEYSTORE = System.getProperty("user.home") + File.separator + ".keystore";
26
27 /** String name of key password property. */
28 public static final String KEYPASSWORD_PROPERTY = "org.eclipse.jetty.ssl.keypassword";
29
30 /** String name of keystore password property. */
31 public static final String PASSWORD_PROPERTY = "org.eclipse.jetty.ssl.password";
32
33 /* ------------------------------------------------------------ */
34 /**
35 * @return The array of Ciphersuite names to exclude from
36 * {@link SSLEngine#setEnabledCipherSuites(String[])}
37 */
38 public abstract String[] getExcludeCipherSuites();
39
40 /* ------------------------------------------------------------ */
41 /**
42 * @param cipherSuites The array of Ciphersuite names to exclude from
43 * {@link SSLEngine#setEnabledCipherSuites(String[])}
44 */
45 public abstract void setExcludeCipherSuites(String[] cipherSuites);
46
47 /* ------------------------------------------------------------ */
48 /**
49 * @return The array of Ciphersuite names to include in
50 * {@link SSLEngine#setEnabledCipherSuites(String[])}
51 */
52 public abstract String[] getIncludeCipherSuites();
53
54 /* ------------------------------------------------------------ */
55 /**
56 * @param cipherSuites The array of Ciphersuite names to include in
57 * {@link SSLEngine#setEnabledCipherSuites(String[])}
58 */
59 public abstract void setIncludeCipherSuites(String[] cipherSuites);
60
61 /* ------------------------------------------------------------ */
62 /**
63 * @param password The password for the key store
64 */
65 public abstract void setPassword(String password);
66
67 /* ------------------------------------------------------------ */
68 /**
69 * @param password The password for the trust store
70 */
71 public abstract void setTrustPassword(String password);
72
73 /* ------------------------------------------------------------ */
74 /**
75 * @param password The password (if any) for the specific key within
76 * the key store
77 */
78 public abstract void setKeyPassword(String password);
79
80 /* ------------------------------------------------------------ */
81 /**
82 * @return The SSL protocol (default "TLS") passed to {@link SSLContext#getInstance(String, String)}
83 */
84 public abstract String getProtocol();
85
86 /* ------------------------------------------------------------ */
87 /**
88 * @param protocol The SSL protocol (default "TLS") passed to {@link SSLContext#getInstance(String, String)}
89
90 */
91 public abstract void setProtocol(String protocol);
92
93 /* ------------------------------------------------------------ */
94 /**
95 * @param keystore The file or URL of the SSL Key store.
96 */
97 public abstract void setKeystore(String keystore);
98
99 /* ------------------------------------------------------------ */
100 /**
101 * @return The file or URL of the SSL Key store.
102 */
103 public abstract String getKeystore();
104
105 /* ------------------------------------------------------------ */
106 /**
107 * @return The type of the key store (default "JKS")
108 */
109 public abstract String getKeystoreType();
110
111 /* ------------------------------------------------------------ */
112 /**
113 * @return True if SSL needs client authentication.
114 * @see SSLEngine#getNeedClientAuth()
115 */
116 public abstract boolean getNeedClientAuth();
117
118 /* ------------------------------------------------------------ */
119 /**
120 * @return True if SSL wants client authentication.
121 * @see SSLEngine#getWantClientAuth()
122 */
123 public abstract boolean getWantClientAuth();
124
125 /* ------------------------------------------------------------ */
126 /**
127 * @param needClientAuth True if SSL needs client authentication.
128 * @see SSLEngine#getNeedClientAuth()
129 */
130 public abstract void setNeedClientAuth(boolean needClientAuth);
131
132 /* ------------------------------------------------------------ */
133 /**
134 * @param wantClientAuth True if SSL wants client authentication.
135 * @see SSLEngine#getWantClientAuth()
136 */
137 public abstract void setWantClientAuth(boolean wantClientAuth);
138
139 /* ------------------------------------------------------------ */
140 /**
141 * @param keystoreType The type of the key store (default "JKS")
142 */
143 public abstract void setKeystoreType(String keystoreType);
144
145 /* ------------------------------------------------------------ */
146 /**
147 * @return The SSL provider name, which if set is passed to
148 * {@link SSLContext#getInstance(String, String)}
149 */
150 public abstract String getProvider();
151
152 /* ------------------------------------------------------------ */
153 /**
154 * @return The algorithm name, which if set is passed to
155 * {@link SecureRandom#getInstance(String)} to obtain the {@link SecureRandom}
156 * instance passed to {@link SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)}
157 */
158 public abstract String getSecureRandomAlgorithm();
159
160 /* ------------------------------------------------------------ */
161 /**
162 * @return The algorithm name (default "SunX509") used by the {@link KeyManagerFactory}
163 */
164 public abstract String getSslKeyManagerFactoryAlgorithm();
165
166 /* ------------------------------------------------------------ */
167 /**
168 * @return The algorithm name (default "SunX509") used by the {@link TrustManagerFactory}
169 */
170 public abstract String getSslTrustManagerFactoryAlgorithm();
171
172 /* ------------------------------------------------------------ */
173 /**
174 * @return The file name or URL of the trust store location
175 */
176 public abstract String getTruststore();
177
178 /* ------------------------------------------------------------ */
179 /**
180 * @return The type of the trust store (default "JKS")
181 */
182 public abstract String getTruststoreType();
183
184 /* ------------------------------------------------------------ */
185 /**
186 * @param provider The SSL provider name, which if set is passed to
187 * {@link SSLContext#getInstance(String, String)}
188 */
189 public abstract void setProvider(String provider);
190
191 /* ------------------------------------------------------------ */
192 /**
193 * @param algorithm The algorithm name, which if set is passed to
194 * {@link SecureRandom#getInstance(String)} to obtain the {@link SecureRandom}
195 * instance passed to {@link SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)}
196
197 */
198 public abstract void setSecureRandomAlgorithm(String algorithm);
199
200 /* ------------------------------------------------------------ */
201 /**
202 * @param algorithm The algorithm name (default "SunX509") used by
203 * the {@link KeyManagerFactory}
204 */
205 public abstract void setSslKeyManagerFactoryAlgorithm(String algorithm);
206
207 /* ------------------------------------------------------------ */
208 /**
209 * @param algorithm The algorithm name (default "SunX509") used by the {@link TrustManagerFactory}
210 */
211 public abstract void setSslTrustManagerFactoryAlgorithm(String algorithm);
212
213 /* ------------------------------------------------------------ */
214 /**
215 * @param truststore The file name or URL of the trust store location
216 */
217 public abstract void setTruststore(String truststore);
218
219 /* ------------------------------------------------------------ */
220 /**
221 * @param truststoreType The type of the trust store (default "JKS")
222 */
223 public abstract void setTruststoreType(String truststoreType);
224
225 /* ------------------------------------------------------------ */
226 /**
227 * @param sslContext Set a preconfigured SSLContext
228 */
229 public abstract void setSslContext(SSLContext sslContext);
230
231 /* ------------------------------------------------------------ */
232 /**
233 * @return The SSLContext
234 */
235 public abstract SSLContext getSslContext();
236
237
238 /* ------------------------------------------------------------ */
239 /**
240 * @return True if SSL re-negotiation is allowed (default false)
241 */
242 public boolean isAllowRenegotiate();
243
244 /* ------------------------------------------------------------ */
245 /**
246 * Set if SSL re-negotiation is allowed. CVE-2009-3555 discovered
247 * a vulnerability in SSL/TLS with re-negotiation. If your JVM
248 * does not have CVE-2009-3555 fixed, then re-negotiation should
249 * not be allowed.
250 * @param allowRenegotiate true if re-negotiation is allowed (default false)
251 */
252 public void setAllowRenegotiate(boolean allowRenegotiate);
253 }