View Javadoc

1   /*
2    * $Id: TlsDirectTrustStore.java 19191 2010-08-25 21:05:23Z tcarlson $
3    * --------------------------------------------------------------------------------------
4    * Copyright (c) MuleSoft, Inc.  All rights reserved.  http://www.mulesoft.com
5    *
6    * The software in this package is published under the terms of the CPAL v1.0
7    * license, a copy of which has been included with this distribution in the
8    * LICENSE.txt file.
9    */
10  
11  package org.mule.api.security;
12  
13  import org.mule.api.security.provider.AutoDiscoverySecurityProviderFactory;
14  import org.mule.api.security.tls.TlsConfiguration;
15  
16  import javax.net.ssl.TrustManagerFactory;
17  
18  /**
19   * Configure direct trust stores.
20   * TLS/SSL connections are made to trusted systems - the public certificates of trusted systems are stored in 
21   * a keystore (called a trust store) and used to verify that the connection made to a remote system "really
22   * is" the expected identity.
23   * 
24   * <p>The information specified in this interface may be used to configure a trust store directly, or the
25   * values in the {@link TlsIndirectTrustStore} may be stored as property values and used later, or both.  
26   * It may therefore be specific to a single
27   * connector, or global to all connectors made by that protocol, or even (in the case of the SSL transport)
28   * become a global default value.  For more information see the documentation for the connector or protocol in
29   * question.  The comments in {@link TlsConfiguration} may also be useful.</p>
30   */
31  public interface TlsDirectTrustStore extends TlsIndirectTrustStore
32  {
33  
34      /**
35       * @return The type of keystore used to implement the trust store defined in {@link #getTrustStore()}
36       */
37      String getTrustStoreType();
38  
39      /**
40       * @param trustStoreType The type of keystore used to implement the trust store defined in 
41       * {@link #setTrustStore(String)}
42       */
43      void setTrustStoreType(String trustStoreType);
44  
45      /**
46       * @return The algorithm used by the trust store.  The default comes from 
47       * {@link AutoDiscoverySecurityProviderFactory}
48       */
49      String getTrustManagerAlgorithm();
50  
51      /**
52       * @param trustManagerAlgorithm The algorithm used by the trust store.  The default comes from 
53       * {@link AutoDiscoverySecurityProviderFactory}
54       */
55      void setTrustManagerAlgorithm(String trustManagerAlgorithm);
56  
57      /**
58       * @return Either the factory defined by {@link #setTrustManagerFactory(TrustManagerFactory)} or one
59       * constructed from the parameters in this interface ({@link #setTrustStoreType(String)} etc).
60       */
61      TrustManagerFactory getTrustManagerFactory();
62  
63      /**
64       * @param trustManagerFactory The source of trust information if the store is accessed directly
65       * (some connectors generate trust stores indirectly through System properties in which case this
66       * value will be ignored - see {@link TlsConfiguration}).
67       */
68      void setTrustManagerFactory(TrustManagerFactory trustManagerFactory);
69  
70      /**
71       * If the trust store is undefined and the trust store generated via System properties then the
72       * key store certificates defined via <b>TODO</b> can be used as a source of trust information.
73       * 
74       * @return true if the key store data should <em>not</em> be used when a trust store is otherwise 
75       * undefined
76       */
77      boolean isExplicitTrustStoreOnly();
78  
79      /**
80       * If the trust store is undefined and the trust store generated via System properties then the
81       * key store certificates defined via <b>TODO</b> can be used as a source of trust information.
82       * 
83       * @param explicitTrustStoreOnly true if the key store data should <em>not<em> be used when a trust 
84       * store is otherwise undefined
85       */
86      void setExplicitTrustStoreOnly(boolean explicitTrustStoreOnly);
87  
88      /**
89       * If a server socket is constructed directly (see {@link TlsConfiguration}) then this flag will
90       * control whether client authenticatin is required.  This does not apply to client connections.  
91       * 
92       * @return true if clients must be authenticated
93       */
94      boolean isRequireClientAuthentication();
95  
96      /**
97       * If a server socket is constructed directly (see {@link TlsConfiguration}) then this flag will
98       * control whether client authenticatin is required.  This does not apply to client connections.  
99       * 
100      * @param requireClientAuthentication true if clients must be authenticated
101      */
102     void setRequireClientAuthentication(boolean requireClientAuthentication);
103     
104 }
105 
106