1 package org.eclipse.jetty.server.ssl;
2
3 import java.io.File;
4 import java.security.SecureRandom;
5
6 import javax.net.ssl.KeyManagerFactory;
7 import javax.net.ssl.SSLContext;
8 import javax.net.ssl.SSLEngine;
9 import javax.net.ssl.TrustManagerFactory;
10
11 import org.eclipse.jetty.server.Connector;
12
13
14 /* ------------------------------------------------------------ */
15 /** The interface for SSL connectors and their configuration methods.
16 *
17 */
18 public interface SslConnector extends Connector
19 {
20
21 /** Default value for the keystore location path. */
22 public static final String DEFAULT_KEYSTORE = System.getProperty("user.home") + File.separator + ".keystore";
23
24 /** String name of key password property. */
25 public static final String KEYPASSWORD_PROPERTY = "org.eclipse.jetty.ssl.keypassword";
26
27 /** String name of keystore password property. */
28 public static final String PASSWORD_PROPERTY = "org.eclipse.jetty.ssl.password";
29
30
31 /* ------------------------------------------------------------ */
32 /**
33 * @return The array of Ciphersuite names to exclude from
34 * {@link SSLEngine#setEnabledCipherSuites(String[])}
35 */
36 public abstract String[] getExcludeCipherSuites();
37
38 /* ------------------------------------------------------------ */
39 /**
40 * @param cipherSuites The array of Ciphersuite names to exclude from
41 * {@link SSLEngine#setEnabledCipherSuites(String[])}
42 */
43 public abstract void setExcludeCipherSuites(String[] cipherSuites);
44
45 /* ------------------------------------------------------------ */
46 /**
47 * @param password The password for the key store
48 */
49 public abstract void setPassword(String password);
50
51 /* ------------------------------------------------------------ */
52 /**
53 * @param password The password for the trust store
54 */
55 public abstract void setTrustPassword(String password);
56
57 /* ------------------------------------------------------------ */
58 /**
59 * @param password The password (if any) for the specific key within
60 * the key store
61 */
62 public abstract void setKeyPassword(String password);
63
64 /* ------------------------------------------------------------ */
65 /**
66 * @return The SSL protocol (default "TLS") passed to {@link SSLContext#getInstance(String, String)}
67 */
68 public abstract String getProtocol();
69
70 /* ------------------------------------------------------------ */
71 /**
72 * @param protocol The SSL protocol (default "TLS") passed to {@link SSLContext#getInstance(String, String)}
73
74 */
75 public abstract void setProtocol(String protocol);
76
77 /* ------------------------------------------------------------ */
78 /**
79 * @param keystore The file or URL of the SSL Key store.
80 */
81 public abstract void setKeystore(String keystore);
82
83 /* ------------------------------------------------------------ */
84 /**
85 * @return The file or URL of the SSL Key store.
86 */
87 public abstract String getKeystore();
88
89 /* ------------------------------------------------------------ */
90 /**
91 * @return The type of the key store (default "JKS")
92 */
93 public abstract String getKeystoreType();
94
95 /* ------------------------------------------------------------ */
96 /**
97 * @return True if SSL needs client authentication.
98 * @see SSLEngine#getNeedClientAuth()
99 */
100 public abstract boolean getNeedClientAuth();
101
102 /* ------------------------------------------------------------ */
103 /**
104 * @return True if SSL wants client authentication.
105 * @see SSLEngine#getWantClientAuth()
106 */
107 public abstract boolean getWantClientAuth();
108
109 /* ------------------------------------------------------------ */
110 /**
111 * @param needClientAuth True if SSL needs client authentication.
112 * @see SSLEngine#getNeedClientAuth()
113 */
114 public abstract void setNeedClientAuth(boolean needClientAuth);
115
116 /* ------------------------------------------------------------ */
117 /**
118 * @param wantClientAuth True if SSL wants client authentication.
119 * @see SSLEngine#getWantClientAuth()
120 */
121 public abstract void setWantClientAuth(boolean wantClientAuth);
122
123 /* ------------------------------------------------------------ */
124 /**
125 * @param keystoreType The type of the key store (default "JKS")
126 */
127 public abstract void setKeystoreType(String keystoreType);
128
129 /* ------------------------------------------------------------ */
130 /**
131 * @return The SSL provider name, which if set is passed to
132 * {@link SSLContext#getInstance(String, String)}
133 */
134 public abstract String getProvider();
135
136 /* ------------------------------------------------------------ */
137 /**
138 * @return The algorithm name, which if set is passed to
139 * {@link SecureRandom#getInstance(String)} to obtain the {@link SecureRandom}
140 * instance passed to {@link SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)}
141 */
142 public abstract String getSecureRandomAlgorithm();
143
144 /* ------------------------------------------------------------ */
145 /**
146 * @return The algorithm name (default "SunX509") used by the {@link KeyManagerFactory}
147 */
148 public abstract String getSslKeyManagerFactoryAlgorithm();
149
150 /* ------------------------------------------------------------ */
151 /**
152 * @return The algorithm name (default "SunX509") used by the {@link TrustManagerFactory}
153 */
154 public abstract String getSslTrustManagerFactoryAlgorithm();
155
156 /* ------------------------------------------------------------ */
157 /**
158 * @return The file name or URL of the trust store location
159 */
160 public abstract String getTruststore();
161
162 /* ------------------------------------------------------------ */
163 /**
164 * @return The type of the trust store (default "JKS")
165 */
166 public abstract String getTruststoreType();
167
168 /* ------------------------------------------------------------ */
169 /**
170 * @param provider The SSL provider name, which if set is passed to
171 * {@link SSLContext#getInstance(String, String)}
172 */
173 public abstract void setProvider(String provider);
174
175 /* ------------------------------------------------------------ */
176 /**
177 * @param algorithm The algorithm name, which if set is passed to
178 * {@link SecureRandom#getInstance(String)} to obtain the {@link SecureRandom}
179 * instance passed to {@link SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)}
180
181 */
182 public abstract void setSecureRandomAlgorithm(String algorithm);
183
184 /* ------------------------------------------------------------ */
185 /**
186 * @param algorithm The algorithm name (default "SunX509") used by
187 * the {@link KeyManagerFactory}
188 */
189 public abstract void setSslKeyManagerFactoryAlgorithm(String algorithm);
190
191 /* ------------------------------------------------------------ */
192 /**
193 * @param algorithm The algorithm name (default "SunX509") used by the {@link TrustManagerFactory}
194 */
195 public abstract void setSslTrustManagerFactoryAlgorithm(String algorithm);
196
197 /* ------------------------------------------------------------ */
198 /**
199 * @param truststore The file name or URL of the trust store location
200 */
201 public abstract void setTruststore(String truststore);
202
203 /* ------------------------------------------------------------ */
204 /**
205 * @param truststoreType The type of the trust store (default "JKS")
206 */
207 public abstract void setTruststoreType(String truststoreType);
208
209 /* ------------------------------------------------------------ */
210 /**
211 * @param sslContext Set a preconfigured SSLContext
212 */
213 public abstract void setSslContext(SSLContext sslContext);
214
215 /* ------------------------------------------------------------ */
216 /**
217 * @return The SSLContext
218 */
219 public abstract SSLContext getSslContext();
220 }