Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
TlsDirectTrustStore |
|
| 1.0;1 |
1 | /* | |
2 | * Copyright (c) MuleSoft, Inc. All rights reserved. http://www.mulesoft.com | |
3 | * The software in this package is published under the terms of the CPAL v1.0 | |
4 | * license, a copy of which has been included with this distribution in the | |
5 | * LICENSE.txt file. | |
6 | */ | |
7 | package org.mule.api.security; | |
8 | ||
9 | import org.mule.api.security.provider.AutoDiscoverySecurityProviderFactory; | |
10 | import org.mule.api.security.tls.TlsConfiguration; | |
11 | ||
12 | import javax.net.ssl.TrustManagerFactory; | |
13 | ||
14 | /** | |
15 | * Configure direct trust stores. | |
16 | * TLS/SSL connections are made to trusted systems - the public certificates of trusted systems are stored in | |
17 | * a keystore (called a trust store) and used to verify that the connection made to a remote system "really | |
18 | * is" the expected identity. | |
19 | * | |
20 | * <p>The information specified in this interface may be used to configure a trust store directly, or the | |
21 | * values in the {@link TlsIndirectTrustStore} may be stored as property values and used later, or both. | |
22 | * It may therefore be specific to a single | |
23 | * connector, or global to all connectors made by that protocol, or even (in the case of the SSL transport) | |
24 | * become a global default value. For more information see the documentation for the connector or protocol in | |
25 | * question. The comments in {@link TlsConfiguration} may also be useful.</p> | |
26 | */ | |
27 | public interface TlsDirectTrustStore extends TlsIndirectTrustStore | |
28 | { | |
29 | ||
30 | /** | |
31 | * @return The type of keystore used to implement the trust store defined in {@link #getTrustStore()} | |
32 | */ | |
33 | String getTrustStoreType(); | |
34 | ||
35 | /** | |
36 | * @param trustStoreType The type of keystore used to implement the trust store defined in | |
37 | * {@link #setTrustStore(String)} | |
38 | */ | |
39 | void setTrustStoreType(String trustStoreType); | |
40 | ||
41 | /** | |
42 | * @return The algorithm used by the trust store. The default comes from | |
43 | * {@link AutoDiscoverySecurityProviderFactory} | |
44 | */ | |
45 | String getTrustManagerAlgorithm(); | |
46 | ||
47 | /** | |
48 | * @param trustManagerAlgorithm The algorithm used by the trust store. The default comes from | |
49 | * {@link AutoDiscoverySecurityProviderFactory} | |
50 | */ | |
51 | void setTrustManagerAlgorithm(String trustManagerAlgorithm); | |
52 | ||
53 | /** | |
54 | * @return Either the factory defined by {@link #setTrustManagerFactory(TrustManagerFactory)} or one | |
55 | * constructed from the parameters in this interface ({@link #setTrustStoreType(String)} etc). | |
56 | */ | |
57 | TrustManagerFactory getTrustManagerFactory(); | |
58 | ||
59 | /** | |
60 | * @param trustManagerFactory The source of trust information if the store is accessed directly | |
61 | * (some connectors generate trust stores indirectly through System properties in which case this | |
62 | * value will be ignored - see {@link TlsConfiguration}). | |
63 | */ | |
64 | void setTrustManagerFactory(TrustManagerFactory trustManagerFactory); | |
65 | ||
66 | /** | |
67 | * If the trust store is undefined and the trust store generated via System properties then the | |
68 | * key store certificates defined via <b>TODO</b> can be used as a source of trust information. | |
69 | * | |
70 | * @return true if the key store data should <em>not</em> be used when a trust store is otherwise | |
71 | * undefined | |
72 | */ | |
73 | boolean isExplicitTrustStoreOnly(); | |
74 | ||
75 | /** | |
76 | * If the trust store is undefined and the trust store generated via System properties then the | |
77 | * key store certificates defined via <b>TODO</b> can be used as a source of trust information. | |
78 | * | |
79 | * @param explicitTrustStoreOnly true if the key store data should <em>not<em> be used when a trust | |
80 | * store is otherwise undefined | |
81 | */ | |
82 | void setExplicitTrustStoreOnly(boolean explicitTrustStoreOnly); | |
83 | ||
84 | /** | |
85 | * If a server socket is constructed directly (see {@link TlsConfiguration}) then this flag will | |
86 | * control whether client authenticatin is required. This does not apply to client connections. | |
87 | * | |
88 | * @return true if clients must be authenticated | |
89 | */ | |
90 | boolean isRequireClientAuthentication(); | |
91 | ||
92 | /** | |
93 | * If a server socket is constructed directly (see {@link TlsConfiguration}) then this flag will | |
94 | * control whether client authenticatin is required. This does not apply to client connections. | |
95 | * | |
96 | * @param requireClientAuthentication true if clients must be authenticated | |
97 | */ | |
98 | void setRequireClientAuthentication(boolean requireClientAuthentication); | |
99 | ||
100 | } | |
101 | ||
102 |