1 //
2 // ========================================================================
3 // Copyright (c) 1995-2013 Mort Bay Consulting Pty. Ltd.
4 // ------------------------------------------------------------------------
5 // All rights reserved. This program and the accompanying materials
6 // are made available under the terms of the Eclipse Public License v1.0
7 // and Apache License v2.0 which accompanies this distribution.
8 //
9 // The Eclipse Public License is available at
10 // http://www.eclipse.org/legal/epl-v10.html
11 //
12 // The Apache License v2.0 is available at
13 // http://www.opensource.org/licenses/apache2.0.php
14 //
15 // You may elect to redistribute this code under either of these licenses.
16 // ========================================================================
17 //
18
19 package org.eclipse.jetty.server.ssl;
20
21 import java.io.File;
22 import java.security.SecureRandom;
23 import java.security.Security;
24
25 import javax.net.ssl.KeyManagerFactory;
26 import javax.net.ssl.SSLContext;
27 import javax.net.ssl.SSLEngine;
28 import javax.net.ssl.TrustManagerFactory;
29
30 import org.eclipse.jetty.server.Connector;
31 import org.eclipse.jetty.util.ssl.SslContextFactory;
32
33
34 /* ------------------------------------------------------------ */
35 /** The interface for SSL connectors and their configuration methods.
36 *
37 */
38 public interface SslConnector extends Connector
39 {
40 @Deprecated
41 public static final String DEFAULT_KEYSTORE_ALGORITHM=(Security.getProperty("ssl.KeyManagerFactory.algorithm")==null?"SunX509":Security.getProperty("ssl.KeyManagerFactory.algorithm"));
42 @Deprecated
43 public static final String DEFAULT_TRUSTSTORE_ALGORITHM=(Security.getProperty("ssl.TrustManagerFactory.algorithm")==null?"SunX509":Security.getProperty("ssl.TrustManagerFactory.algorithm"));
44
45 /** Default value for the keystore location path. @deprecated */
46 @Deprecated
47 public static final String DEFAULT_KEYSTORE = System.getProperty("user.home") + File.separator + ".keystore";
48
49 /** String name of key password property. @deprecated */
50 @Deprecated
51 public static final String KEYPASSWORD_PROPERTY = "org.eclipse.jetty.ssl.keypassword";
52
53 /** String name of keystore password property. @deprecated */
54 @Deprecated
55 public static final String PASSWORD_PROPERTY = "org.eclipse.jetty.ssl.password";
56
57
58 /* ------------------------------------------------------------ */
59 /**
60 * @return the instance of SslContextFactory associated with the connector
61 */
62 public SslContextFactory getSslContextFactory();
63
64 /* ------------------------------------------------------------ */
65 /**
66 * @return The array of Ciphersuite names to exclude from
67 * {@link SSLEngine#setEnabledCipherSuites(String[])}
68 * @deprecated
69 */
70 @Deprecated
71 public abstract String[] getExcludeCipherSuites();
72
73 /* ------------------------------------------------------------ */
74 /**
75 * @param cipherSuites The array of Ciphersuite names to exclude from
76 * {@link SSLEngine#setEnabledCipherSuites(String[])}
77 * @deprecated
78 */
79 @Deprecated
80 public abstract void setExcludeCipherSuites(String[] cipherSuites);
81
82 /* ------------------------------------------------------------ */
83 /**
84 * @return The array of Ciphersuite names to include in
85 * {@link SSLEngine#setEnabledCipherSuites(String[])}
86 * @deprecated
87 */
88 @Deprecated
89 public abstract String[] getIncludeCipherSuites();
90
91 /* ------------------------------------------------------------ */
92 /**
93 * @param cipherSuites The array of Ciphersuite names to include in
94 * {@link SSLEngine#setEnabledCipherSuites(String[])}
95 * @deprecated
96 */
97 @Deprecated
98 public abstract void setIncludeCipherSuites(String[] cipherSuites);
99
100 /* ------------------------------------------------------------ */
101 /**
102 * @param password The password for the key store
103 * @deprecated
104 */
105 @Deprecated
106 public abstract void setPassword(String password);
107
108 /* ------------------------------------------------------------ */
109 /**
110 * @param password The password for the trust store
111 * @deprecated
112 */
113 @Deprecated
114 public abstract void setTrustPassword(String password);
115
116 /* ------------------------------------------------------------ */
117 /**
118 * @param password The password (if any) for the specific key within
119 * the key store
120 * @deprecated
121 */
122 @Deprecated
123 public abstract void setKeyPassword(String password);
124
125 /* ------------------------------------------------------------ */
126 /**
127 * @return The SSL protocol (default "TLS") passed to {@link SSLContext#getInstance(String, String)}
128 * @deprecated
129 */
130 @Deprecated
131 public abstract String getProtocol();
132
133 /* ------------------------------------------------------------ */
134 /**
135 * @param protocol The SSL protocol (default "TLS") passed to {@link SSLContext#getInstance(String, String)}
136 * @deprecated
137 */
138 @Deprecated
139 public abstract void setProtocol(String protocol);
140
141 /* ------------------------------------------------------------ */
142 /**
143 * @param keystore The file or URL of the SSL Key store.
144 * @deprecated
145 */
146 @Deprecated
147 public abstract void setKeystore(String keystore);
148
149 /* ------------------------------------------------------------ */
150 /**
151 * @return The file or URL of the SSL Key store.
152 * @deprecated
153 */
154 @Deprecated
155 public abstract String getKeystore();
156
157 /* ------------------------------------------------------------ */
158 /**
159 * @return The type of the key store (default "JKS")
160 * @deprecated
161 */
162 @Deprecated
163 public abstract String getKeystoreType();
164
165 /* ------------------------------------------------------------ */
166 /**
167 * @return True if SSL needs client authentication.
168 * @see SSLEngine#getNeedClientAuth()
169 * @deprecated
170 */
171 @Deprecated
172 public abstract boolean getNeedClientAuth();
173
174 /* ------------------------------------------------------------ */
175 /**
176 * @return True if SSL wants client authentication.
177 * @see SSLEngine#getWantClientAuth()
178 * @deprecated
179 */
180 @Deprecated
181 public abstract boolean getWantClientAuth();
182
183 /* ------------------------------------------------------------ */
184 /**
185 * @param needClientAuth True if SSL needs client authentication.
186 * @see SSLEngine#getNeedClientAuth()
187 * @deprecated
188 */
189 @Deprecated
190 public abstract void setNeedClientAuth(boolean needClientAuth);
191
192 /* ------------------------------------------------------------ */
193 /**
194 * @param wantClientAuth True if SSL wants client authentication.
195 * @see SSLEngine#getWantClientAuth()
196 * @deprecated
197 */
198 @Deprecated
199 public abstract void setWantClientAuth(boolean wantClientAuth);
200
201 /* ------------------------------------------------------------ */
202 /**
203 * @param keystoreType The type of the key store (default "JKS")
204 * @deprecated
205 */
206 @Deprecated
207 public abstract void setKeystoreType(String keystoreType);
208
209 /* ------------------------------------------------------------ */
210 /**
211 * @return The SSL provider name, which if set is passed to
212 * {@link SSLContext#getInstance(String, String)}
213 * @deprecated
214 */
215 @Deprecated
216 public abstract String getProvider();
217
218 /* ------------------------------------------------------------ */
219 /**
220 * @return The algorithm name, which if set is passed to
221 * {@link SecureRandom#getInstance(String)} to obtain the {@link SecureRandom}
222 * instance passed to {@link SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)}
223 * @deprecated
224 */
225 @Deprecated
226 public abstract String getSecureRandomAlgorithm();
227
228 /* ------------------------------------------------------------ */
229 /**
230 * @return The algorithm name (default "SunX509") used by the {@link KeyManagerFactory}
231 * @deprecated
232 */
233 @Deprecated
234 public abstract String getSslKeyManagerFactoryAlgorithm();
235
236 /* ------------------------------------------------------------ */
237 /**
238 * @return The algorithm name (default "SunX509") used by the {@link TrustManagerFactory}
239 * @deprecated
240 */
241 @Deprecated
242 public abstract String getSslTrustManagerFactoryAlgorithm();
243
244 /* ------------------------------------------------------------ */
245 /**
246 * @return The file name or URL of the trust store location
247 * @deprecated
248 */
249 @Deprecated
250 public abstract String getTruststore();
251
252 /* ------------------------------------------------------------ */
253 /**
254 * @return The type of the trust store (default "JKS")
255 * @deprecated
256 */
257 @Deprecated
258 public abstract String getTruststoreType();
259
260 /* ------------------------------------------------------------ */
261 /**
262 * @param provider The SSL provider name, which if set is passed to
263 * {@link SSLContext#getInstance(String, String)}
264 * @deprecated
265 */
266 @Deprecated
267 public abstract void setProvider(String provider);
268
269 /* ------------------------------------------------------------ */
270 /**
271 * @param algorithm The algorithm name, which if set is passed to
272 * {@link SecureRandom#getInstance(String)} to obtain the {@link SecureRandom}
273 * instance passed to {@link SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)}
274 * @deprecated
275 */
276 @Deprecated
277 public abstract void setSecureRandomAlgorithm(String algorithm);
278
279 /* ------------------------------------------------------------ */
280 /**
281 * @param algorithm The algorithm name (default "SunX509") used by
282 * the {@link KeyManagerFactory}
283 * @deprecated
284 */
285 @Deprecated
286 public abstract void setSslKeyManagerFactoryAlgorithm(String algorithm);
287
288 /* ------------------------------------------------------------ */
289 /**
290 * @param algorithm The algorithm name (default "SunX509") used by the {@link TrustManagerFactory}
291 * @deprecated
292 */
293 @Deprecated
294 public abstract void setSslTrustManagerFactoryAlgorithm(String algorithm);
295
296 /* ------------------------------------------------------------ */
297 /**
298 * @param truststore The file name or URL of the trust store location
299 * @deprecated
300 */
301 @Deprecated
302 public abstract void setTruststore(String truststore);
303
304 /* ------------------------------------------------------------ */
305 /**
306 * @param truststoreType The type of the trust store (default "JKS")
307 * @deprecated
308 */
309 @Deprecated
310 public abstract void setTruststoreType(String truststoreType);
311
312 /* ------------------------------------------------------------ */
313 /**
314 * @param sslContext Set a preconfigured SSLContext
315 * @deprecated
316 */
317 @Deprecated
318 public abstract void setSslContext(SSLContext sslContext);
319
320 /* ------------------------------------------------------------ */
321 /**
322 * @return The SSLContext
323 * @deprecated
324 */
325 @Deprecated
326 public abstract SSLContext getSslContext();
327
328
329 /* ------------------------------------------------------------ */
330 /**
331 * @return True if SSL re-negotiation is allowed (default false)
332 * @deprecated
333 */
334 @Deprecated
335 public boolean isAllowRenegotiate();
336
337 /* ------------------------------------------------------------ */
338 /**
339 * Set if SSL re-negotiation is allowed. CVE-2009-3555 discovered
340 * a vulnerability in SSL/TLS with re-negotiation. If your JVM
341 * does not have CVE-2009-3555 fixed, then re-negotiation should
342 * not be allowed.
343 * @param allowRenegotiate true if re-negotiation is allowed (default false)
344 * @deprecated
345 */
346 @Deprecated
347 public void setAllowRenegotiate(boolean allowRenegotiate);
348 }