Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
TlsDirectTrustStore |
|
| 1.0;1 |
1 | /* | |
2 | * $Id: TlsDirectTrustStore.java 19191 2010-08-25 21:05:23Z tcarlson $ | |
3 | * -------------------------------------------------------------------------------------- | |
4 | * Copyright (c) MuleSoft, Inc. All rights reserved. http://www.mulesoft.com | |
5 | * | |
6 | * The software in this package is published under the terms of the CPAL v1.0 | |
7 | * license, a copy of which has been included with this distribution in the | |
8 | * LICENSE.txt file. | |
9 | */ | |
10 | ||
11 | package org.mule.api.security; | |
12 | ||
13 | import org.mule.api.security.provider.AutoDiscoverySecurityProviderFactory; | |
14 | import org.mule.api.security.tls.TlsConfiguration; | |
15 | ||
16 | import javax.net.ssl.TrustManagerFactory; | |
17 | ||
18 | /** | |
19 | * Configure direct trust stores. | |
20 | * TLS/SSL connections are made to trusted systems - the public certificates of trusted systems are stored in | |
21 | * a keystore (called a trust store) and used to verify that the connection made to a remote system "really | |
22 | * is" the expected identity. | |
23 | * | |
24 | * <p>The information specified in this interface may be used to configure a trust store directly, or the | |
25 | * values in the {@link TlsIndirectTrustStore} may be stored as property values and used later, or both. | |
26 | * It may therefore be specific to a single | |
27 | * connector, or global to all connectors made by that protocol, or even (in the case of the SSL transport) | |
28 | * become a global default value. For more information see the documentation for the connector or protocol in | |
29 | * question. The comments in {@link TlsConfiguration} may also be useful.</p> | |
30 | */ | |
31 | public interface TlsDirectTrustStore extends TlsIndirectTrustStore | |
32 | { | |
33 | ||
34 | /** | |
35 | * @return The type of keystore used to implement the trust store defined in {@link #getTrustStore()} | |
36 | */ | |
37 | String getTrustStoreType(); | |
38 | ||
39 | /** | |
40 | * @param trustStoreType The type of keystore used to implement the trust store defined in | |
41 | * {@link #setTrustStore(String)} | |
42 | */ | |
43 | void setTrustStoreType(String trustStoreType); | |
44 | ||
45 | /** | |
46 | * @return The algorithm used by the trust store. The default comes from | |
47 | * {@link AutoDiscoverySecurityProviderFactory} | |
48 | */ | |
49 | String getTrustManagerAlgorithm(); | |
50 | ||
51 | /** | |
52 | * @param trustManagerAlgorithm The algorithm used by the trust store. The default comes from | |
53 | * {@link AutoDiscoverySecurityProviderFactory} | |
54 | */ | |
55 | void setTrustManagerAlgorithm(String trustManagerAlgorithm); | |
56 | ||
57 | /** | |
58 | * @return Either the factory defined by {@link #setTrustManagerFactory(TrustManagerFactory)} or one | |
59 | * constructed from the parameters in this interface ({@link #setTrustStoreType(String)} etc). | |
60 | */ | |
61 | TrustManagerFactory getTrustManagerFactory(); | |
62 | ||
63 | /** | |
64 | * @param trustManagerFactory The source of trust information if the store is accessed directly | |
65 | * (some connectors generate trust stores indirectly through System properties in which case this | |
66 | * value will be ignored - see {@link TlsConfiguration}). | |
67 | */ | |
68 | void setTrustManagerFactory(TrustManagerFactory trustManagerFactory); | |
69 | ||
70 | /** | |
71 | * If the trust store is undefined and the trust store generated via System properties then the | |
72 | * key store certificates defined via <b>TODO</b> can be used as a source of trust information. | |
73 | * | |
74 | * @return true if the key store data should <em>not</em> be used when a trust store is otherwise | |
75 | * undefined | |
76 | */ | |
77 | boolean isExplicitTrustStoreOnly(); | |
78 | ||
79 | /** | |
80 | * If the trust store is undefined and the trust store generated via System properties then the | |
81 | * key store certificates defined via <b>TODO</b> can be used as a source of trust information. | |
82 | * | |
83 | * @param explicitTrustStoreOnly true if the key store data should <em>not<em> be used when a trust | |
84 | * store is otherwise undefined | |
85 | */ | |
86 | void setExplicitTrustStoreOnly(boolean explicitTrustStoreOnly); | |
87 | ||
88 | /** | |
89 | * If a server socket is constructed directly (see {@link TlsConfiguration}) then this flag will | |
90 | * control whether client authenticatin is required. This does not apply to client connections. | |
91 | * | |
92 | * @return true if clients must be authenticated | |
93 | */ | |
94 | boolean isRequireClientAuthentication(); | |
95 | ||
96 | /** | |
97 | * If a server socket is constructed directly (see {@link TlsConfiguration}) then this flag will | |
98 | * control whether client authenticatin is required. This does not apply to client connections. | |
99 | * | |
100 | * @param requireClientAuthentication true if clients must be authenticated | |
101 | */ | |
102 | void setRequireClientAuthentication(boolean requireClientAuthentication); | |
103 | ||
104 | } | |
105 | ||
106 |