001 /**
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements. See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License. You may obtain a copy of the License at
008 *
009 * http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017 package org.apache.geronimo.management.geronimo;
018
019 /**
020 * Common configuration settings for connectors that use SSL/TLS to conduct
021 * secure communications with clients.
022 *
023 * http://jakarta.apache.org/tomcat/tomcat-5.5-doc/ssl-howto.html
024 * http://mortbay.org/javadoc/org/mortbay/http/SslListener.html
025 *
026 * @version $Rev: 706640 $ $Date: 2008-10-21 14:44:05 +0000 (Tue, 21 Oct 2008) $
027 */
028 public interface SecureConnector extends WebConnector {
029 public final static String KEYSTORE_TYPE_JKS = "JKS";
030 public final static String KEYSTORE_TYPE_PKCS12 = "PKCS12";
031 public final static String ALGORITHM_TYPE_SUN = "SunX509";
032 public final static String ALGORITHM_TYPE_IBM = "IbmX509";
033 public final static String SECURE_PROTOCOL_TYPE_TLS = "TLS";
034 public final static String SECURE_PROTOCOL_TYPE_SSL = "SSL";
035
036 /**
037 * Gets the name of the keystore file that holds the server certificate
038 * (and by default, the trusted CA certificates used for client certificate
039 * authentication). This is relative to the Geronimo home directory.
040 */
041 public String getKeystoreFileName();
042 /**
043 * Sets the name of the keystore file that holds the server certificate
044 * (and by default, the trusted CA certificates used for client certificate
045 * authentication). This is relative to the Geronimo home directory.
046 */
047 public void setKeystoreFileName(String name);
048 /**
049 * Sets the password used to access the keystore, and by default, used to
050 * access the server private key inside the keystore. Not all connectors
051 * support configuring different passwords for those two features; if so,
052 * a separate PrivateKeyPassword should be defined in an
053 * implementation-specific connector interface.
054 */
055 public void setKeystorePassword(String password);
056 /**
057 * Gets the format of the entries in the keystore. The default format for
058 * Java keystores is JKS, though some connector implementations support
059 * PCKS12 (and possibly other formats).
060 */
061 public String getKeystoreType();
062 /**
063 * Sets the format of the entries in the keystore. The default format for
064 * Java keystores is JKS, though some connector implementations support
065 * PCKS12 (and possibly other formats).
066 */
067 public void setKeystoreType(String type);
068 /**
069 * Gets the certificate algorithm used to access the keystore. This may
070 * be different for different JVM vendors, but should not usually be
071 * changed otherwise.
072 */
073 public String getAlgorithm();
074 /**
075 * Sets the certificate algorithm used to access the keystore. This may
076 * be different for different JVM vendors, but should not usually be
077 * changed otherwise.
078 */
079 public void setAlgorithm(String algorithm);
080 /**
081 * Gets the protocol used for secure communication. This should usually
082 * be TLS, though some JVM implementations (particularly some of IBM's)
083 * may not be compatible with popular browsers unless this is changed to
084 * SSL.
085 */
086 public String getSecureProtocol();
087 /**
088 * Gets the protocol used for secure communication. This should usually
089 * be TLS, though some JVM implementations (particularly some of IBM's)
090 * may not be compatible with popular browsers unless this is changed to
091 * SSL. Don't change it if you're not having problems.
092 */
093 public void setSecureProtocol(String protocol);
094 /**
095 * Checks whether clients are required to authenticate using client
096 * certificates in order to connect using this connector. If enabled,
097 * client certificates are validated using the trust store, which defaults
098 * to the same keystore file, keystore type, and keystore password as the
099 * regular keystore. Some connector implementations may allow you to
100 * configure those 3 values separately to use a different trust store.
101 *
102 * todo: confirm that Jetty defaults to keystore not JVM default trust store
103 */
104 public boolean isClientAuthRequired();
105 /**
106 * Checks whether clients are required to authenticate using client
107 * certificates in order to connect using this connector. If enabled,
108 * client certificates are validated using the trust store, which defaults
109 * to the same keystore file, keystore type, and keystore password as the
110 * regular keystore. Some connector implementations may allow you to
111 * configure those 3 values separately to use a different trust store.
112 *
113 * todo: confirm that Jetty defaults to keystore not JVM default trust store
114 */
115 public void setClientAuthRequired(boolean clientCert);
116
117 // Jetty: integral/confidential separation
118 // Tomcat: trust keystore, trust password, trust keystore type, ciphers
119 }