1 /* 2 * $Id: TlsDirectTrustStore.java 7963 2007-08-21 08:53:15Z dirk.olmes $ 3 * -------------------------------------------------------------------------------------- 4 * Copyright (c) MuleSource, Inc. All rights reserved. http://www.mulesource.com 5 * 6 * The software in this package is published under the terms of the CPAL v1.0 7 * license, a copy of which has been included with this distribution in the 8 * LICENSE.txt file. 9 */ 10 11 package org.mule.umo.security; 12 13 import javax.net.ssl.TrustManagerFactory; 14 15 /** 16 * Configure direct trust stores. 17 * TLS/SSL connections are made to trusted systems - the public certificates of trusted systems are stored in 18 * a keystore (called a trust store) and used to verify that the connection made to a remote system "really 19 * is" the expected identity. 20 * 21 * <p>The information specified in this interface may be used to configure a trust store directly, or the 22 * values in the {@link TlsIndirectTrustStore} may be stored as property values and used later, or both. 23 * It may therefore be specific to a single 24 * connector, or global to all connectors made by that protocol, or even (in the case of the SSL transport) 25 * become a global default value. For more information see the documentation for the connector or protocol in 26 * question. The comments in {@link org.mule.umo.security.tls.TlsConfiguration} may also be useful.</p> 27 */ 28 public interface TlsDirectTrustStore extends TlsIndirectTrustStore 29 { 30 31 /** 32 * @return The type of keystore used to implement the trust store defined in {@link #getTrustStore()} 33 */ 34 String getTrustStoreType(); 35 36 /** 37 * @param trustStoreType The type of keystore used to implement the trust store defined in 38 * {@link #setTrustStore(String)} 39 */ 40 void setTrustStoreType(String trustStoreType); 41 42 /** 43 * @return The algorithm used by the trust store. The default comes from { 44 * @link org.mule.umo.security.provider.AutoDiscoverySecurityProviderFactory} 45 */ 46 String getTrustManagerAlgorithm(); 47 48 /** 49 * @param trustManagerAlgorithm The algorithm used by the trust store. The default comes from { 50 * @link org.mule.umo.security.provider.AutoDiscoverySecurityProviderFactory} 51 */ 52 void setTrustManagerAlgorithm(String trustManagerAlgorithm); 53 54 /** 55 * @return Either the factory defined by {@link #setTrustManagerFactory(TrustManagerFactory)} or one 56 * constructed from the parameters in this interface ({@link #setTrustStore(String)} etc). 57 */ 58 TrustManagerFactory getTrustManagerFactory(); 59 60 /** 61 * @param trustManagerFactory The source of trust information if the store is accessed directly 62 * (some connectors generate trust stores indirectly through System properties in which case this 63 * value will be ignored - see {@link TlsConfiguration}). 64 */ 65 void setTrustManagerFactory(TrustManagerFactory trustManagerFactory); 66 67 /** 68 * If the trust store is undefined and the trust store generated via System properties then the 69 * key store certificates defined via {@link TODO} can be used as a source of trust information. 70 * 71 * @return true if the key store data should <em>not</em> be used when a trust store is otherwise 72 * undefined 73 */ 74 boolean isExplicitTrustStoreOnly(); 75 76 /** 77 * If the trust store is undefined and the trust store generated via System properties then the 78 * key store certificates defined via {@link TODO} can be used as a source of trust information. 79 * 80 * @param explicitTrustStoreOnly true if the key store data should <em>not<em> be used when a trust 81 * store is otherwise undefined 82 */ 83 void setExplicitTrustStoreOnly(boolean explicitTrustStoreOnly); 84 85 /** 86 * If a server socket is constructed directly (see {@link TlsConfiguration}) then this flag will 87 * control whether client authenticatin is required. This does not apply to client connections. 88 * 89 * @return true if clients must be authenticated 90 */ 91 boolean isRequireClientAuthentication(); 92 93 /** 94 * If a server socket is constructed directly (see {@link TlsConfiguration}) then this flag will 95 * control whether client authenticatin is required. This does not apply to client connections. 96 * 97 * @param requireClientAuthentication true if clients must be authenticated 98 */ 99 void setRequireClientAuthentication(boolean requireClientAuthentication); 100 101 } 102 103