1 /* 2 * $Id: TlsDirectTrustStore.java 19191 2010-08-25 21:05:23Z tcarlson $ 3 * -------------------------------------------------------------------------------------- 4 * Copyright (c) MuleSoft, Inc. All rights reserved. http://www.mulesoft.com 5 * 6 * The software in this package is published under the terms of the CPAL v1.0 7 * license, a copy of which has been included with this distribution in the 8 * LICENSE.txt file. 9 */ 10 11 package org.mule.api.security; 12 13 import org.mule.api.security.provider.AutoDiscoverySecurityProviderFactory; 14 import org.mule.api.security.tls.TlsConfiguration; 15 16 import javax.net.ssl.TrustManagerFactory; 17 18 /** 19 * Configure direct trust stores. 20 * TLS/SSL connections are made to trusted systems - the public certificates of trusted systems are stored in 21 * a keystore (called a trust store) and used to verify that the connection made to a remote system "really 22 * is" the expected identity. 23 * 24 * <p>The information specified in this interface may be used to configure a trust store directly, or the 25 * values in the {@link TlsIndirectTrustStore} may be stored as property values and used later, or both. 26 * It may therefore be specific to a single 27 * connector, or global to all connectors made by that protocol, or even (in the case of the SSL transport) 28 * become a global default value. For more information see the documentation for the connector or protocol in 29 * question. The comments in {@link TlsConfiguration} may also be useful.</p> 30 */ 31 public interface TlsDirectTrustStore extends TlsIndirectTrustStore 32 { 33 34 /** 35 * @return The type of keystore used to implement the trust store defined in {@link #getTrustStore()} 36 */ 37 String getTrustStoreType(); 38 39 /** 40 * @param trustStoreType The type of keystore used to implement the trust store defined in 41 * {@link #setTrustStore(String)} 42 */ 43 void setTrustStoreType(String trustStoreType); 44 45 /** 46 * @return The algorithm used by the trust store. The default comes from 47 * {@link AutoDiscoverySecurityProviderFactory} 48 */ 49 String getTrustManagerAlgorithm(); 50 51 /** 52 * @param trustManagerAlgorithm The algorithm used by the trust store. The default comes from 53 * {@link AutoDiscoverySecurityProviderFactory} 54 */ 55 void setTrustManagerAlgorithm(String trustManagerAlgorithm); 56 57 /** 58 * @return Either the factory defined by {@link #setTrustManagerFactory(TrustManagerFactory)} or one 59 * constructed from the parameters in this interface ({@link #setTrustStoreType(String)} etc). 60 */ 61 TrustManagerFactory getTrustManagerFactory(); 62 63 /** 64 * @param trustManagerFactory The source of trust information if the store is accessed directly 65 * (some connectors generate trust stores indirectly through System properties in which case this 66 * value will be ignored - see {@link TlsConfiguration}). 67 */ 68 void setTrustManagerFactory(TrustManagerFactory trustManagerFactory); 69 70 /** 71 * If the trust store is undefined and the trust store generated via System properties then the 72 * key store certificates defined via <b>TODO</b> can be used as a source of trust information. 73 * 74 * @return true if the key store data should <em>not</em> be used when a trust store is otherwise 75 * undefined 76 */ 77 boolean isExplicitTrustStoreOnly(); 78 79 /** 80 * If the trust store is undefined and the trust store generated via System properties then the 81 * key store certificates defined via <b>TODO</b> can be used as a source of trust information. 82 * 83 * @param explicitTrustStoreOnly true if the key store data should <em>not<em> be used when a trust 84 * store is otherwise undefined 85 */ 86 void setExplicitTrustStoreOnly(boolean explicitTrustStoreOnly); 87 88 /** 89 * If a server socket is constructed directly (see {@link TlsConfiguration}) then this flag will 90 * control whether client authenticatin is required. This does not apply to client connections. 91 * 92 * @return true if clients must be authenticated 93 */ 94 boolean isRequireClientAuthentication(); 95 96 /** 97 * If a server socket is constructed directly (see {@link TlsConfiguration}) then this flag will 98 * control whether client authenticatin is required. This does not apply to client connections. 99 * 100 * @param requireClientAuthentication true if clients must be authenticated 101 */ 102 void setRequireClientAuthentication(boolean requireClientAuthentication); 103 104 } 105 106