1 /* 2 * Copyright (c) MuleSoft, Inc. All rights reserved. http://www.mulesoft.com 3 * The software in this package is published under the terms of the CPAL v1.0 4 * license, a copy of which has been included with this distribution in the 5 * LICENSE.txt file. 6 */ 7 package org.mule.api.security; 8 9 import org.mule.api.security.provider.AutoDiscoverySecurityProviderFactory; 10 import org.mule.api.security.tls.TlsConfiguration; 11 12 import javax.net.ssl.TrustManagerFactory; 13 14 /** 15 * Configure direct trust stores. 16 * TLS/SSL connections are made to trusted systems - the public certificates of trusted systems are stored in 17 * a keystore (called a trust store) and used to verify that the connection made to a remote system "really 18 * is" the expected identity. 19 * 20 * <p>The information specified in this interface may be used to configure a trust store directly, or the 21 * values in the {@link TlsIndirectTrustStore} may be stored as property values and used later, or both. 22 * It may therefore be specific to a single 23 * connector, or global to all connectors made by that protocol, or even (in the case of the SSL transport) 24 * become a global default value. For more information see the documentation for the connector or protocol in 25 * question. The comments in {@link TlsConfiguration} may also be useful.</p> 26 */ 27 public interface TlsDirectTrustStore extends TlsIndirectTrustStore 28 { 29 30 /** 31 * @return The type of keystore used to implement the trust store defined in {@link #getTrustStore()} 32 */ 33 String getTrustStoreType(); 34 35 /** 36 * @param trustStoreType The type of keystore used to implement the trust store defined in 37 * {@link #setTrustStore(String)} 38 */ 39 void setTrustStoreType(String trustStoreType); 40 41 /** 42 * @return The algorithm used by the trust store. The default comes from 43 * {@link AutoDiscoverySecurityProviderFactory} 44 */ 45 String getTrustManagerAlgorithm(); 46 47 /** 48 * @param trustManagerAlgorithm The algorithm used by the trust store. The default comes from 49 * {@link AutoDiscoverySecurityProviderFactory} 50 */ 51 void setTrustManagerAlgorithm(String trustManagerAlgorithm); 52 53 /** 54 * @return Either the factory defined by {@link #setTrustManagerFactory(TrustManagerFactory)} or one 55 * constructed from the parameters in this interface ({@link #setTrustStoreType(String)} etc). 56 */ 57 TrustManagerFactory getTrustManagerFactory(); 58 59 /** 60 * @param trustManagerFactory The source of trust information if the store is accessed directly 61 * (some connectors generate trust stores indirectly through System properties in which case this 62 * value will be ignored - see {@link TlsConfiguration}). 63 */ 64 void setTrustManagerFactory(TrustManagerFactory trustManagerFactory); 65 66 /** 67 * If the trust store is undefined and the trust store generated via System properties then the 68 * key store certificates defined via <b>TODO</b> can be used as a source of trust information. 69 * 70 * @return true if the key store data should <em>not</em> be used when a trust store is otherwise 71 * undefined 72 */ 73 boolean isExplicitTrustStoreOnly(); 74 75 /** 76 * If the trust store is undefined and the trust store generated via System properties then the 77 * key store certificates defined via <b>TODO</b> can be used as a source of trust information. 78 * 79 * @param explicitTrustStoreOnly true if the key store data should <em>not<em> be used when a trust 80 * store is otherwise undefined 81 */ 82 void setExplicitTrustStoreOnly(boolean explicitTrustStoreOnly); 83 84 /** 85 * If a server socket is constructed directly (see {@link TlsConfiguration}) then this flag will 86 * control whether client authenticatin is required. This does not apply to client connections. 87 * 88 * @return true if clients must be authenticated 89 */ 90 boolean isRequireClientAuthentication(); 91 92 /** 93 * If a server socket is constructed directly (see {@link TlsConfiguration}) then this flag will 94 * control whether client authenticatin is required. This does not apply to client connections. 95 * 96 * @param requireClientAuthentication true if clients must be authenticated 97 */ 98 void setRequireClientAuthentication(boolean requireClientAuthentication); 99 100 } 101 102