View Javadoc

1   /*
2    * $Id: TlsDirectTrustStore.java 12269 2008-07-10 04:19:03Z dfeist $
3    * --------------------------------------------------------------------------------------
4    * Copyright (c) MuleSource, Inc.  All rights reserved.  http://www.mulesource.com
5    *
6    * The software in this package is published under the terms of the CPAL v1.0
7    * license, a copy of which has been included with this distribution in the
8    * LICENSE.txt file.
9    */
10  
11  package org.mule.api.security;
12  
13  import javax.net.ssl.TrustManagerFactory;
14  
15  /**
16   * Configure direct trust stores.
17   * TLS/SSL connections are made to trusted systems - the public certificates of trusted systems are stored in 
18   * a keystore (called a trust store) and used to verify that the connection made to a remote system "really
19   * is" the expected identity.
20   * 
21   * <p>The information specified in this interface may be used to configure a trust store directly, or the
22   * values in the {@link TlsIndirectTrustStore} may be stored as property values and used later, or both.  
23   * It may therefore be specific to a single
24   * connector, or global to all connectors made by that protocol, or even (in the case of the SSL transport)
25   * become a global default value.  For more information see the documentation for the connector or protocol in
26   * question.  The comments in {@link org.mule.api.security.tls.TlsConfiguration} may also be useful.</p>
27   */
28  public interface TlsDirectTrustStore extends TlsIndirectTrustStore
29  {
30  
31      /**
32       * @return The type of keystore used to implement the trust store defined in {@link #getTrustStore()}
33       */
34      String getTrustStoreType();
35  
36      /**
37       * @param trustStoreType The type of keystore used to implement the trust store defined in 
38       * {@link #setTrustStore(String)}
39       */
40      void setTrustStoreType(String trustStoreType);
41  
42      /**
43       * @return The algorithm used by the trust store.  The default comes from {
44       * @link org.mule.api.security.provider.AutoDiscoverySecurityProviderFactory}
45       */
46      String getTrustManagerAlgorithm();
47  
48      /**
49       * @param trustManagerAlgorithm The algorithm used by the trust store.  The default comes from {
50       * @link org.mule.api.security.provider.AutoDiscoverySecurityProviderFactory}
51       */
52      void setTrustManagerAlgorithm(String trustManagerAlgorithm);
53  
54      /**
55       * @return Either the factory defined by {@link #setTrustManagerFactory(TrustManagerFactory)} or one
56       * constructed from the parameters in this interface ({@link #setTrustStore(String)} etc).
57       */
58      TrustManagerFactory getTrustManagerFactory();
59  
60      /**
61       * @param trustManagerFactory The source of trust information if the store is accessed directly
62       * (some connectors generate trust stores indirectly through System properties in which case this
63       * value will be ignored - see {@link TlsConfiguration}).
64       */
65      void setTrustManagerFactory(TrustManagerFactory trustManagerFactory);
66  
67      /**
68       * If the trust store is undefined and the trust store generated via System properties then the
69       * key store certificates defined via {@link TODO} can be used as a source of trust information.
70       * 
71       * @return true if the key store data should <em>not</em> be used when a trust store is otherwise 
72       * undefined
73       */
74      boolean isExplicitTrustStoreOnly();
75  
76      /**
77       * If the trust store is undefined and the trust store generated via System properties then the
78       * key store certificates defined via {@link TODO} can be used as a source of trust information.
79       * 
80       * @param explicitTrustStoreOnly true if the key store data should <em>not<em> be used when a trust 
81       * store is otherwise undefined
82       */
83      void setExplicitTrustStoreOnly(boolean explicitTrustStoreOnly);
84  
85      /**
86       * If a server socket is constructed directly (see {@link TlsConfiguration}) then this flag will
87       * control whether client authenticatin is required.  This does not apply to client connections.  
88       * 
89       * @return true if clients must be authenticated
90       */
91      boolean isRequireClientAuthentication();
92  
93      /**
94       * If a server socket is constructed directly (see {@link TlsConfiguration}) then this flag will
95       * control whether client authenticatin is required.  This does not apply to client connections.  
96       * 
97       * @param requireClientAuthentication true if clients must be authenticated
98       */
99      void setRequireClientAuthentication(boolean requireClientAuthentication);
100     
101 }
102 
103