001 /** 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 package org.apache.geronimo.management.geronimo; 018 019 /** 020 * Common configuration settings for connectors that use SSL/TLS to conduct 021 * secure communications with clients. 022 * 023 * http://jakarta.apache.org/tomcat/tomcat-5.5-doc/ssl-howto.html 024 * http://mortbay.org/javadoc/org/mortbay/http/SslListener.html 025 * 026 * @version $Rev: 706640 $ $Date: 2008-10-21 14:44:05 +0000 (Tue, 21 Oct 2008) $ 027 */ 028 public interface SecureConnector extends WebConnector { 029 public final static String KEYSTORE_TYPE_JKS = "JKS"; 030 public final static String KEYSTORE_TYPE_PKCS12 = "PKCS12"; 031 public final static String ALGORITHM_TYPE_SUN = "SunX509"; 032 public final static String ALGORITHM_TYPE_IBM = "IbmX509"; 033 public final static String SECURE_PROTOCOL_TYPE_TLS = "TLS"; 034 public final static String SECURE_PROTOCOL_TYPE_SSL = "SSL"; 035 036 /** 037 * Gets the name of the keystore file that holds the server certificate 038 * (and by default, the trusted CA certificates used for client certificate 039 * authentication). This is relative to the Geronimo home directory. 040 */ 041 public String getKeystoreFileName(); 042 /** 043 * Sets the name of the keystore file that holds the server certificate 044 * (and by default, the trusted CA certificates used for client certificate 045 * authentication). This is relative to the Geronimo home directory. 046 */ 047 public void setKeystoreFileName(String name); 048 /** 049 * Sets the password used to access the keystore, and by default, used to 050 * access the server private key inside the keystore. Not all connectors 051 * support configuring different passwords for those two features; if so, 052 * a separate PrivateKeyPassword should be defined in an 053 * implementation-specific connector interface. 054 */ 055 public void setKeystorePassword(String password); 056 /** 057 * Gets the format of the entries in the keystore. The default format for 058 * Java keystores is JKS, though some connector implementations support 059 * PCKS12 (and possibly other formats). 060 */ 061 public String getKeystoreType(); 062 /** 063 * Sets the format of the entries in the keystore. The default format for 064 * Java keystores is JKS, though some connector implementations support 065 * PCKS12 (and possibly other formats). 066 */ 067 public void setKeystoreType(String type); 068 /** 069 * Gets the certificate algorithm used to access the keystore. This may 070 * be different for different JVM vendors, but should not usually be 071 * changed otherwise. 072 */ 073 public String getAlgorithm(); 074 /** 075 * Sets the certificate algorithm used to access the keystore. This may 076 * be different for different JVM vendors, but should not usually be 077 * changed otherwise. 078 */ 079 public void setAlgorithm(String algorithm); 080 /** 081 * Gets the protocol used for secure communication. This should usually 082 * be TLS, though some JVM implementations (particularly some of IBM's) 083 * may not be compatible with popular browsers unless this is changed to 084 * SSL. 085 */ 086 public String getSecureProtocol(); 087 /** 088 * Gets the protocol used for secure communication. This should usually 089 * be TLS, though some JVM implementations (particularly some of IBM's) 090 * may not be compatible with popular browsers unless this is changed to 091 * SSL. Don't change it if you're not having problems. 092 */ 093 public void setSecureProtocol(String protocol); 094 /** 095 * Checks whether clients are required to authenticate using client 096 * certificates in order to connect using this connector. If enabled, 097 * client certificates are validated using the trust store, which defaults 098 * to the same keystore file, keystore type, and keystore password as the 099 * regular keystore. Some connector implementations may allow you to 100 * configure those 3 values separately to use a different trust store. 101 * 102 * todo: confirm that Jetty defaults to keystore not JVM default trust store 103 */ 104 public boolean isClientAuthRequired(); 105 /** 106 * Checks whether clients are required to authenticate using client 107 * certificates in order to connect using this connector. If enabled, 108 * client certificates are validated using the trust store, which defaults 109 * to the same keystore file, keystore type, and keystore password as the 110 * regular keystore. Some connector implementations may allow you to 111 * configure those 3 values separately to use a different trust store. 112 * 113 * todo: confirm that Jetty defaults to keystore not JVM default trust store 114 */ 115 public void setClientAuthRequired(boolean clientCert); 116 117 // Jetty: integral/confidential separation 118 // Tomcat: trust keystore, trust password, trust keystore type, ciphers 119 }