1 package org.eclipse.jetty.server.ssl; 2 3 import java.io.File; 4 import java.security.SecureRandom; 5 6 import javax.net.ssl.KeyManagerFactory; 7 import javax.net.ssl.SSLContext; 8 import javax.net.ssl.SSLEngine; 9 import javax.net.ssl.TrustManagerFactory; 10 11 import org.eclipse.jetty.server.Connector; 12 13 14 /* ------------------------------------------------------------ */ 15 /** The interface for SSL connectors and their configuration methods. 16 * 17 */ 18 public interface SslConnector extends Connector 19 { 20 21 /** Default value for the keystore location path. */ 22 public static final String DEFAULT_KEYSTORE = System.getProperty("user.home") + File.separator + ".keystore"; 23 24 /** String name of key password property. */ 25 public static final String KEYPASSWORD_PROPERTY = "org.eclipse.jetty.ssl.keypassword"; 26 27 /** String name of keystore password property. */ 28 public static final String PASSWORD_PROPERTY = "org.eclipse.jetty.ssl.password"; 29 30 31 /* ------------------------------------------------------------ */ 32 /** 33 * @return The array of Ciphersuite names to exclude from 34 * {@link SSLEngine#setEnabledCipherSuites(String[])} 35 */ 36 public abstract String[] getExcludeCipherSuites(); 37 38 /* ------------------------------------------------------------ */ 39 /** 40 * @param cipherSuites The array of Ciphersuite names to exclude from 41 * {@link SSLEngine#setEnabledCipherSuites(String[])} 42 */ 43 public abstract void setExcludeCipherSuites(String[] cipherSuites); 44 45 /* ------------------------------------------------------------ */ 46 /** 47 * @param password The password for the key store 48 */ 49 public abstract void setPassword(String password); 50 51 /* ------------------------------------------------------------ */ 52 /** 53 * @param password The password for the trust store 54 */ 55 public abstract void setTrustPassword(String password); 56 57 /* ------------------------------------------------------------ */ 58 /** 59 * @param password The password (if any) for the specific key within 60 * the key store 61 */ 62 public abstract void setKeyPassword(String password); 63 64 /* ------------------------------------------------------------ */ 65 /** 66 * @return The SSL protocol (default "TLS") passed to {@link SSLContext#getInstance(String, String)} 67 */ 68 public abstract String getProtocol(); 69 70 /* ------------------------------------------------------------ */ 71 /** 72 * @param protocol The SSL protocol (default "TLS") passed to {@link SSLContext#getInstance(String, String)} 73 74 */ 75 public abstract void setProtocol(String protocol); 76 77 /* ------------------------------------------------------------ */ 78 /** 79 * @param keystore The file or URL of the SSL Key store. 80 */ 81 public abstract void setKeystore(String keystore); 82 83 /* ------------------------------------------------------------ */ 84 /** 85 * @return The file or URL of the SSL Key store. 86 */ 87 public abstract String getKeystore(); 88 89 /* ------------------------------------------------------------ */ 90 /** 91 * @return The type of the key store (default "JKS") 92 */ 93 public abstract String getKeystoreType(); 94 95 /* ------------------------------------------------------------ */ 96 /** 97 * @return True if SSL needs client authentication. 98 * @see SSLEngine#getNeedClientAuth() 99 */ 100 public abstract boolean getNeedClientAuth(); 101 102 /* ------------------------------------------------------------ */ 103 /** 104 * @return True if SSL wants client authentication. 105 * @see SSLEngine#getWantClientAuth() 106 */ 107 public abstract boolean getWantClientAuth(); 108 109 /* ------------------------------------------------------------ */ 110 /** 111 * @param needClientAuth True if SSL needs client authentication. 112 * @see SSLEngine#getNeedClientAuth() 113 */ 114 public abstract void setNeedClientAuth(boolean needClientAuth); 115 116 /* ------------------------------------------------------------ */ 117 /** 118 * @param wantClientAuth True if SSL wants client authentication. 119 * @see SSLEngine#getWantClientAuth() 120 */ 121 public abstract void setWantClientAuth(boolean wantClientAuth); 122 123 /* ------------------------------------------------------------ */ 124 /** 125 * @param keystoreType The type of the key store (default "JKS") 126 */ 127 public abstract void setKeystoreType(String keystoreType); 128 129 /* ------------------------------------------------------------ */ 130 /** 131 * @return The SSL provider name, which if set is passed to 132 * {@link SSLContext#getInstance(String, String)} 133 */ 134 public abstract String getProvider(); 135 136 /* ------------------------------------------------------------ */ 137 /** 138 * @return The algorithm name, which if set is passed to 139 * {@link SecureRandom#getInstance(String)} to obtain the {@link SecureRandom} 140 * instance passed to {@link SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)} 141 */ 142 public abstract String getSecureRandomAlgorithm(); 143 144 /* ------------------------------------------------------------ */ 145 /** 146 * @return The algorithm name (default "SunX509") used by the {@link KeyManagerFactory} 147 */ 148 public abstract String getSslKeyManagerFactoryAlgorithm(); 149 150 /* ------------------------------------------------------------ */ 151 /** 152 * @return The algorithm name (default "SunX509") used by the {@link TrustManagerFactory} 153 */ 154 public abstract String getSslTrustManagerFactoryAlgorithm(); 155 156 /* ------------------------------------------------------------ */ 157 /** 158 * @return The file name or URL of the trust store location 159 */ 160 public abstract String getTruststore(); 161 162 /* ------------------------------------------------------------ */ 163 /** 164 * @return The type of the trust store (default "JKS") 165 */ 166 public abstract String getTruststoreType(); 167 168 /* ------------------------------------------------------------ */ 169 /** 170 * @param provider The SSL provider name, which if set is passed to 171 * {@link SSLContext#getInstance(String, String)} 172 */ 173 public abstract void setProvider(String provider); 174 175 /* ------------------------------------------------------------ */ 176 /** 177 * @param algorithm The algorithm name, which if set is passed to 178 * {@link SecureRandom#getInstance(String)} to obtain the {@link SecureRandom} 179 * instance passed to {@link SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)} 180 181 */ 182 public abstract void setSecureRandomAlgorithm(String algorithm); 183 184 /* ------------------------------------------------------------ */ 185 /** 186 * @param algorithm The algorithm name (default "SunX509") used by 187 * the {@link KeyManagerFactory} 188 */ 189 public abstract void setSslKeyManagerFactoryAlgorithm(String algorithm); 190 191 /* ------------------------------------------------------------ */ 192 /** 193 * @param algorithm The algorithm name (default "SunX509") used by the {@link TrustManagerFactory} 194 */ 195 public abstract void setSslTrustManagerFactoryAlgorithm(String algorithm); 196 197 /* ------------------------------------------------------------ */ 198 /** 199 * @param truststore The file name or URL of the trust store location 200 */ 201 public abstract void setTruststore(String truststore); 202 203 /* ------------------------------------------------------------ */ 204 /** 205 * @param truststoreType The type of the trust store (default "JKS") 206 */ 207 public abstract void setTruststoreType(String truststoreType); 208 209 /* ------------------------------------------------------------ */ 210 /** 211 * @param sslContext Set a preconfigured SSLContext 212 */ 213 public abstract void setSslContext(SSLContext sslContext); 214 215 /* ------------------------------------------------------------ */ 216 /** 217 * @return The SSLContext 218 */ 219 public abstract SSLContext getSslContext(); 220 }