1 package org.eclipse.jetty.server.ssl;
2
3 import java.io.File;
4 import java.security.SecureRandom;
5 import java.security.Security;
6
7 import javax.net.ssl.KeyManagerFactory;
8 import javax.net.ssl.SSLContext;
9 import javax.net.ssl.SSLEngine;
10 import javax.net.ssl.TrustManagerFactory;
11
12 import org.eclipse.jetty.http.ssl.SslContextFactory;
13 import org.eclipse.jetty.server.Connector;
14
15
16 /* ------------------------------------------------------------ */
17 /** The interface for SSL connectors and their configuration methods.
18 *
19 */
20 public interface SslConnector extends Connector
21 {
22 @Deprecated
23 public static final String DEFAULT_KEYSTORE_ALGORITHM=(Security.getProperty("ssl.KeyManagerFactory.algorithm")==null?"SunX509":Security.getProperty("ssl.KeyManagerFactory.algorithm"));
24 @Deprecated
25 public static final String DEFAULT_TRUSTSTORE_ALGORITHM=(Security.getProperty("ssl.TrustManagerFactory.algorithm")==null?"SunX509":Security.getProperty("ssl.TrustManagerFactory.algorithm"));
26
27 /** Default value for the keystore location path. @deprecated */
28 @Deprecated
29 public static final String DEFAULT_KEYSTORE = System.getProperty("user.home") + File.separator + ".keystore";
30
31 /** String name of key password property. @deprecated */
32 @Deprecated
33 public static final String KEYPASSWORD_PROPERTY = "org.eclipse.jetty.ssl.keypassword";
34
35 /** String name of keystore password property. @deprecated */
36 @Deprecated
37 public static final String PASSWORD_PROPERTY = "org.eclipse.jetty.ssl.password";
38
39
40 /* ------------------------------------------------------------ */
41 /**
42 * @return the instance of SslContextFactory associated with the connector
43 */
44 public SslContextFactory getSslContextFactory();
45
46 /* ------------------------------------------------------------ */
47 /**
48 * @return The array of Ciphersuite names to exclude from
49 * {@link SSLEngine#setEnabledCipherSuites(String[])}
50 * @deprecated
51 */
52 @Deprecated
53 public abstract String[] getExcludeCipherSuites();
54
55 /* ------------------------------------------------------------ */
56 /**
57 * @param cipherSuites The array of Ciphersuite names to exclude from
58 * {@link SSLEngine#setEnabledCipherSuites(String[])}
59 * @deprecated
60 */
61 @Deprecated
62 public abstract void setExcludeCipherSuites(String[] cipherSuites);
63
64 /* ------------------------------------------------------------ */
65 /**
66 * @return The array of Ciphersuite names to include in
67 * {@link SSLEngine#setEnabledCipherSuites(String[])}
68 * @deprecated
69 */
70 @Deprecated
71 public abstract String[] getIncludeCipherSuites();
72
73 /* ------------------------------------------------------------ */
74 /**
75 * @param cipherSuites The array of Ciphersuite names to include in
76 * {@link SSLEngine#setEnabledCipherSuites(String[])}
77 * @deprecated
78 */
79 @Deprecated
80 public abstract void setIncludeCipherSuites(String[] cipherSuites);
81
82 /* ------------------------------------------------------------ */
83 /**
84 * @param password The password for the key store
85 * @deprecated
86 */
87 @Deprecated
88 public abstract void setPassword(String password);
89
90 /* ------------------------------------------------------------ */
91 /**
92 * @param password The password for the trust store
93 * @deprecated
94 */
95 @Deprecated
96 public abstract void setTrustPassword(String password);
97
98 /* ------------------------------------------------------------ */
99 /**
100 * @param password The password (if any) for the specific key within
101 * the key store
102 * @deprecated
103 */
104 @Deprecated
105 public abstract void setKeyPassword(String password);
106
107 /* ------------------------------------------------------------ */
108 /**
109 * @return The SSL protocol (default "TLS") passed to {@link SSLContext#getInstance(String, String)}
110 * @deprecated
111 */
112 @Deprecated
113 public abstract String getProtocol();
114
115 /* ------------------------------------------------------------ */
116 /**
117 * @param protocol The SSL protocol (default "TLS") passed to {@link SSLContext#getInstance(String, String)}
118 * @deprecated
119 */
120 @Deprecated
121 public abstract void setProtocol(String protocol);
122
123 /* ------------------------------------------------------------ */
124 /**
125 * @param keystore The file or URL of the SSL Key store.
126 * @deprecated
127 */
128 @Deprecated
129 public abstract void setKeystore(String keystore);
130
131 /* ------------------------------------------------------------ */
132 /**
133 * @return The file or URL of the SSL Key store.
134 * @deprecated
135 */
136 @Deprecated
137 public abstract String getKeystore();
138
139 /* ------------------------------------------------------------ */
140 /**
141 * @return The type of the key store (default "JKS")
142 * @deprecated
143 */
144 @Deprecated
145 public abstract String getKeystoreType();
146
147 /* ------------------------------------------------------------ */
148 /**
149 * @return True if SSL needs client authentication.
150 * @see SSLEngine#getNeedClientAuth()
151 * @deprecated
152 */
153 @Deprecated
154 public abstract boolean getNeedClientAuth();
155
156 /* ------------------------------------------------------------ */
157 /**
158 * @return True if SSL wants client authentication.
159 * @see SSLEngine#getWantClientAuth()
160 * @deprecated
161 */
162 @Deprecated
163 public abstract boolean getWantClientAuth();
164
165 /* ------------------------------------------------------------ */
166 /**
167 * @param needClientAuth True if SSL needs client authentication.
168 * @see SSLEngine#getNeedClientAuth()
169 * @deprecated
170 */
171 @Deprecated
172 public abstract void setNeedClientAuth(boolean needClientAuth);
173
174 /* ------------------------------------------------------------ */
175 /**
176 * @param wantClientAuth True if SSL wants client authentication.
177 * @see SSLEngine#getWantClientAuth()
178 * @deprecated
179 */
180 @Deprecated
181 public abstract void setWantClientAuth(boolean wantClientAuth);
182
183 /* ------------------------------------------------------------ */
184 /**
185 * @param keystoreType The type of the key store (default "JKS")
186 * @deprecated
187 */
188 @Deprecated
189 public abstract void setKeystoreType(String keystoreType);
190
191 /* ------------------------------------------------------------ */
192 /**
193 * @return The SSL provider name, which if set is passed to
194 * {@link SSLContext#getInstance(String, String)}
195 * @deprecated
196 */
197 @Deprecated
198 public abstract String getProvider();
199
200 /* ------------------------------------------------------------ */
201 /**
202 * @return The algorithm name, which if set is passed to
203 * {@link SecureRandom#getInstance(String)} to obtain the {@link SecureRandom}
204 * instance passed to {@link SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)}
205 * @deprecated
206 */
207 @Deprecated
208 public abstract String getSecureRandomAlgorithm();
209
210 /* ------------------------------------------------------------ */
211 /**
212 * @return The algorithm name (default "SunX509") used by the {@link KeyManagerFactory}
213 * @deprecated
214 */
215 @Deprecated
216 public abstract String getSslKeyManagerFactoryAlgorithm();
217
218 /* ------------------------------------------------------------ */
219 /**
220 * @return The algorithm name (default "SunX509") used by the {@link TrustManagerFactory}
221 * @deprecated
222 */
223 @Deprecated
224 public abstract String getSslTrustManagerFactoryAlgorithm();
225
226 /* ------------------------------------------------------------ */
227 /**
228 * @return The file name or URL of the trust store location
229 * @deprecated
230 */
231 @Deprecated
232 public abstract String getTruststore();
233
234 /* ------------------------------------------------------------ */
235 /**
236 * @return The type of the trust store (default "JKS")
237 * @deprecated
238 */
239 @Deprecated
240 public abstract String getTruststoreType();
241
242 /* ------------------------------------------------------------ */
243 /**
244 * @param provider The SSL provider name, which if set is passed to
245 * {@link SSLContext#getInstance(String, String)}
246 * @deprecated
247 */
248 @Deprecated
249 public abstract void setProvider(String provider);
250
251 /* ------------------------------------------------------------ */
252 /**
253 * @param algorithm The algorithm name, which if set is passed to
254 * {@link SecureRandom#getInstance(String)} to obtain the {@link SecureRandom}
255 * instance passed to {@link SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)}
256 * @deprecated
257 */
258 @Deprecated
259 public abstract void setSecureRandomAlgorithm(String algorithm);
260
261 /* ------------------------------------------------------------ */
262 /**
263 * @param algorithm The algorithm name (default "SunX509") used by
264 * the {@link KeyManagerFactory}
265 * @deprecated
266 */
267 @Deprecated
268 public abstract void setSslKeyManagerFactoryAlgorithm(String algorithm);
269
270 /* ------------------------------------------------------------ */
271 /**
272 * @param algorithm The algorithm name (default "SunX509") used by the {@link TrustManagerFactory}
273 * @deprecated
274 */
275 @Deprecated
276 public abstract void setSslTrustManagerFactoryAlgorithm(String algorithm);
277
278 /* ------------------------------------------------------------ */
279 /**
280 * @param truststore The file name or URL of the trust store location
281 * @deprecated
282 */
283 @Deprecated
284 public abstract void setTruststore(String truststore);
285
286 /* ------------------------------------------------------------ */
287 /**
288 * @param truststoreType The type of the trust store (default "JKS")
289 * @deprecated
290 */
291 @Deprecated
292 public abstract void setTruststoreType(String truststoreType);
293
294 /* ------------------------------------------------------------ */
295 /**
296 * @param sslContext Set a preconfigured SSLContext
297 * @deprecated
298 */
299 @Deprecated
300 public abstract void setSslContext(SSLContext sslContext);
301
302 /* ------------------------------------------------------------ */
303 /**
304 * @return The SSLContext
305 * @deprecated
306 */
307 @Deprecated
308 public abstract SSLContext getSslContext();
309
310
311 /* ------------------------------------------------------------ */
312 /**
313 * @return True if SSL re-negotiation is allowed (default false)
314 * @deprecated
315 */
316 @Deprecated
317 public boolean isAllowRenegotiate();
318
319 /* ------------------------------------------------------------ */
320 /**
321 * Set if SSL re-negotiation is allowed. CVE-2009-3555 discovered
322 * a vulnerability in SSL/TLS with re-negotiation. If your JVM
323 * does not have CVE-2009-3555 fixed, then re-negotiation should
324 * not be allowed.
325 * @param allowRenegotiate true if re-negotiation is allowed (default false)
326 * @deprecated
327 */
328 @Deprecated
329 public void setAllowRenegotiate(boolean allowRenegotiate);
330 }