SecureConnector


1   /**
2    *  Licensed to the Apache Software Foundation (ASF) under one or more
3    *  contributor license agreements.  See the NOTICE file distributed with
4    *  this work for additional information regarding copyright ownership.
5    *  The ASF licenses this file to You under the Apache License, Version 2.0
6    *  (the "License"); you may not use this file except in compliance with
7    *  the License.  You may obtain a copy of the License at
8    *
9    *     http://www.apache.org/licenses/LICENSE-2.0
10   *
11   *  Unless required by applicable law or agreed to in writing, software
12   *  distributed under the License is distributed on an "AS IS" BASIS,
13   *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   *  See the License for the specific language governing permissions and
15   *  limitations under the License.
16   */
17  package org.apache.geronimo.management.geronimo;
18  
19  /**
20   * Common configuration settings for connectors that use SSL/TLS to conduct
21   * secure communications with clients.
22   *
23   * http://jakarta.apache.org/tomcat/tomcat-5.5-doc/ssl-howto.html
24   * http://mortbay.org/javadoc/org/mortbay/http/SslListener.html
25   * 
26   * @version $Rev: 476049 $ $Date: 2006-11-16 23:35:17 -0500 (Thu, 16 Nov 2006) $
27   */
28  public interface SecureConnector extends WebConnector {
29      public final static String   KEYSTORE_TYPE_JKS = "JKS";
30      public final static String   KEYSTORE_TYPE_PKCS12 = "PKCS12";
31      public final static String   ALGORITHM_TYPE_SUN = "SunX509";
32      public final static String   ALGORITHM_TYPE_IBM = "IbmX509";
33      public final static String   SECURE_PROTOCOL_TYPE_TLS = "TLS";
34      public final static String   SECURE_PROTOCOL_TYPE_SSL = "SSL";
35  
36      /**
37       * Gets the name of the keystore file that holds the server certificate
38       * (and by default, the trusted CA certificates used for client certificate
39       * authentication).  This is relative to the Geronimo home directory.
40       */
41      public String   getKeystoreFileName();
42      /**
43       * Sets the name of the keystore file that holds the server certificate
44       * (and by default, the trusted CA certificates used for client certificate
45       * authentication).  This is relative to the Geronimo home directory.
46       */
47      public void setKeystoreFileName(String   name);
48      /**
49       * Sets the password used to access the keystore, and by default, used to
50       * access the server private key inside the keystore.  Not all connectors
51       * support configuring different passwords for those two features; if so,
52       * a separate PrivateKeyPassword should be defined in an
53       * implementation-specific connector interface.
54       */
55      public void setKeystorePassword(String   password);
56      /**
57       * Gets the format of the entries in the keystore.  The default format for
58       * Java keystores is JKS, though some connector implementations support
59       * PCKS12 (and possibly other formats).
60       */
61      public String   getKeystoreType();
62      /**
63       * Sets the format of the entries in the keystore.  The default format for
64       * Java keystores is JKS, though some connector implementations support
65       * PCKS12 (and possibly other formats).
66       */
67      public void setKeystoreType(String   type);
68      /**
69       * Gets the certificate algorithm used to access the keystore.  This may
70       * be different for different JVM vendors, but should not usually be
71       * changed otherwise.
72       */
73      public String   getAlgorithm();
74      /**
75       * Sets the certificate algorithm used to access the keystore.  This may
76       * be different for different JVM vendors, but should not usually be
77       * changed otherwise.
78       */
79      public void setAlgorithm(String   algorithm);
80      /**
81       * Gets the protocol used for secure communication.  This should usually
82       * be TLS, though some JVM implementations (particularly some of IBM's)
83       * may not be compatible with popular browsers unless this is changed to
84       * SSL.
85       */
86      public String   getSecureProtocol();
87      /**
88       * Gets the protocol used for secure communication.  This should usually
89       * be TLS, though some JVM implementations (particularly some of IBM's)
90       * may not be compatible with popular browsers unless this is changed to
91       * SSL.  Don't change it if you're not having problems.
92       */
93      public void setSecureProtocol(String   protocol);
94      /**
95       * Checks whether clients are required to authenticate using client
96       * certificates in order to connect using this connector.  If enabled,
97       * client certificates are validated using the trust store, which defaults
98       * to the same keystore file, keystore type, and keystore password as the
99       * regular keystore.  Some connector implementations may allow you to
100      * configure those 3 values separately to use a different trust store.
101      *
102      * todo: confirm that Jetty defaults to keystore not JVM default trust store
103      */
104     public boolean isClientAuthRequired();
105     /**
106      * Checks whether clients are required to authenticate using client
107      * certificates in order to connect using this connector.  If enabled,
108      * client certificates are validated using the trust store, which defaults
109      * to the same keystore file, keystore type, and keystore password as the
110      * regular keystore.  Some connector implementations may allow you to
111      * configure those 3 values separately to use a different trust store.
112      *
113      * todo: confirm that Jetty defaults to keystore not JVM default trust store
114      */
115     public void setClientAuthRequired(boolean clientCert);
116 
117     // Jetty: integral/confidential separation
118     // Tomcat: trust keystore, trust password, trust keystore type, ciphers
119 }
120
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags