View Javadoc
1   /*
2    * Copyright (c) MuleSoft, Inc.  All rights reserved.  http://www.mulesoft.com
3    * The software in this package is published under the terms of the CPAL v1.0
4    * license, a copy of which has been included with this distribution in the
5    * LICENSE.txt file.
6    */
7   package org.mule.api.security;
8   
9   import org.mule.api.security.provider.AutoDiscoverySecurityProviderFactory;
10  import org.mule.api.security.tls.TlsConfiguration;
11  
12  import javax.net.ssl.TrustManagerFactory;
13  
14  /**
15   * Configure direct trust stores.
16   * TLS/SSL connections are made to trusted systems - the public certificates of trusted systems are stored in 
17   * a keystore (called a trust store) and used to verify that the connection made to a remote system "really
18   * is" the expected identity.
19   * 
20   * <p>The information specified in this interface may be used to configure a trust store directly, or the
21   * values in the {@link TlsIndirectTrustStore} may be stored as property values and used later, or both.  
22   * It may therefore be specific to a single
23   * connector, or global to all connectors made by that protocol, or even (in the case of the SSL transport)
24   * become a global default value.  For more information see the documentation for the connector or protocol in
25   * question.  The comments in {@link TlsConfiguration} may also be useful.</p>
26   */
27  public interface TlsDirectTrustStore extends TlsIndirectTrustStore
28  {
29  
30      /**
31       * @return The type of keystore used to implement the trust store defined in {@link #getTrustStore()}
32       */
33      String getTrustStoreType();
34  
35      /**
36       * @param trustStoreType The type of keystore used to implement the trust store defined in 
37       * {@link #setTrustStore(String)}
38       */
39      void setTrustStoreType(String trustStoreType);
40  
41      /**
42       * @return The algorithm used by the trust store.  The default comes from 
43       * {@link AutoDiscoverySecurityProviderFactory}
44       */
45      String getTrustManagerAlgorithm();
46  
47      /**
48       * @param trustManagerAlgorithm The algorithm used by the trust store.  The default comes from 
49       * {@link AutoDiscoverySecurityProviderFactory}
50       */
51      void setTrustManagerAlgorithm(String trustManagerAlgorithm);
52  
53      /**
54       * @return Either the factory defined by {@link #setTrustManagerFactory(TrustManagerFactory)} or one
55       * constructed from the parameters in this interface ({@link #setTrustStoreType(String)} etc).
56       */
57      TrustManagerFactory getTrustManagerFactory();
58  
59      /**
60       * @param trustManagerFactory The source of trust information if the store is accessed directly
61       * (some connectors generate trust stores indirectly through System properties in which case this
62       * value will be ignored - see {@link TlsConfiguration}).
63       */
64      void setTrustManagerFactory(TrustManagerFactory trustManagerFactory);
65  
66      /**
67       * If the trust store is undefined and the trust store generated via System properties then the
68       * key store certificates defined via <b>TODO</b> can be used as a source of trust information.
69       * 
70       * @return true if the key store data should <em>not</em> be used when a trust store is otherwise 
71       * undefined
72       */
73      boolean isExplicitTrustStoreOnly();
74  
75      /**
76       * If the trust store is undefined and the trust store generated via System properties then the
77       * key store certificates defined via <b>TODO</b> can be used as a source of trust information.
78       * 
79       * @param explicitTrustStoreOnly true if the key store data should <em>not<em> be used when a trust 
80       * store is otherwise undefined
81       */
82      void setExplicitTrustStoreOnly(boolean explicitTrustStoreOnly);
83  
84      /**
85       * If a server socket is constructed directly (see {@link TlsConfiguration}) then this flag will
86       * control whether client authenticatin is required.  This does not apply to client connections.  
87       * 
88       * @return true if clients must be authenticated
89       */
90      boolean isRequireClientAuthentication();
91  
92      /**
93       * If a server socket is constructed directly (see {@link TlsConfiguration}) then this flag will
94       * control whether client authenticatin is required.  This does not apply to client connections.  
95       * 
96       * @param requireClientAuthentication true if clients must be authenticated
97       */
98      void setRequireClientAuthentication(boolean requireClientAuthentication);
99      
100 }
101 
102