Jake Slack | 03928ae | 2014-05-13 18:41:56 -0700 | [diff] [blame] | 1 | // |
| 2 | // ======================================================================== |
| 3 | // Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd. |
| 4 | // ------------------------------------------------------------------------ |
| 5 | // All rights reserved. This program and the accompanying materials |
| 6 | // are made available under the terms of the Eclipse Public License v1.0 |
| 7 | // and Apache License v2.0 which accompanies this distribution. |
| 8 | // |
| 9 | // The Eclipse Public License is available at |
| 10 | // http://www.eclipse.org/legal/epl-v10.html |
| 11 | // |
| 12 | // The Apache License v2.0 is available at |
| 13 | // http://www.opensource.org/licenses/apache2.0.php |
| 14 | // |
| 15 | // You may elect to redistribute this code under either of these licenses. |
| 16 | // ======================================================================== |
| 17 | // |
| 18 | |
| 19 | package org.eclipse.jetty.server.ssl; |
| 20 | |
| 21 | import java.io.File; |
| 22 | import java.security.SecureRandom; |
| 23 | import java.security.Security; |
| 24 | |
| 25 | import javax.net.ssl.KeyManagerFactory; |
| 26 | import javax.net.ssl.SSLContext; |
| 27 | import javax.net.ssl.SSLEngine; |
| 28 | import javax.net.ssl.TrustManagerFactory; |
| 29 | |
| 30 | import org.eclipse.jetty.server.Connector; |
| 31 | import org.eclipse.jetty.util.ssl.SslContextFactory; |
| 32 | |
| 33 | |
| 34 | /* ------------------------------------------------------------ */ |
| 35 | /** The interface for SSL connectors and their configuration methods. |
| 36 | * |
| 37 | */ |
| 38 | public interface SslConnector extends Connector |
| 39 | { |
| 40 | @Deprecated |
| 41 | public static final String DEFAULT_KEYSTORE_ALGORITHM=(Security.getProperty("ssl.KeyManagerFactory.algorithm")==null?"SunX509":Security.getProperty("ssl.KeyManagerFactory.algorithm")); |
| 42 | @Deprecated |
| 43 | public static final String DEFAULT_TRUSTSTORE_ALGORITHM=(Security.getProperty("ssl.TrustManagerFactory.algorithm")==null?"SunX509":Security.getProperty("ssl.TrustManagerFactory.algorithm")); |
| 44 | |
| 45 | /** Default value for the keystore location path. @deprecated */ |
| 46 | @Deprecated |
| 47 | public static final String DEFAULT_KEYSTORE = System.getProperty("user.home") + File.separator + ".keystore"; |
| 48 | |
| 49 | /** String name of key password property. @deprecated */ |
| 50 | @Deprecated |
| 51 | public static final String KEYPASSWORD_PROPERTY = "org.eclipse.jetty.ssl.keypassword"; |
| 52 | |
| 53 | /** String name of keystore password property. @deprecated */ |
| 54 | @Deprecated |
| 55 | public static final String PASSWORD_PROPERTY = "org.eclipse.jetty.ssl.password"; |
| 56 | |
| 57 | |
| 58 | /* ------------------------------------------------------------ */ |
| 59 | /** |
| 60 | * @return the instance of SslContextFactory associated with the connector |
| 61 | */ |
| 62 | public SslContextFactory getSslContextFactory(); |
| 63 | |
| 64 | /* ------------------------------------------------------------ */ |
| 65 | /** |
| 66 | * @return The array of Ciphersuite names to exclude from |
| 67 | * {@link SSLEngine#setEnabledCipherSuites(String[])} |
| 68 | * @deprecated |
| 69 | */ |
| 70 | @Deprecated |
| 71 | public abstract String[] getExcludeCipherSuites(); |
| 72 | |
| 73 | /* ------------------------------------------------------------ */ |
| 74 | /** |
| 75 | * @param cipherSuites The array of Ciphersuite names to exclude from |
| 76 | * {@link SSLEngine#setEnabledCipherSuites(String[])} |
| 77 | * @deprecated |
| 78 | */ |
| 79 | @Deprecated |
| 80 | public abstract void setExcludeCipherSuites(String[] cipherSuites); |
| 81 | |
| 82 | /* ------------------------------------------------------------ */ |
| 83 | /** |
| 84 | * @return The array of Ciphersuite names to include in |
| 85 | * {@link SSLEngine#setEnabledCipherSuites(String[])} |
| 86 | * @deprecated |
| 87 | */ |
| 88 | @Deprecated |
| 89 | public abstract String[] getIncludeCipherSuites(); |
| 90 | |
| 91 | /* ------------------------------------------------------------ */ |
| 92 | /** |
| 93 | * @param cipherSuites The array of Ciphersuite names to include in |
| 94 | * {@link SSLEngine#setEnabledCipherSuites(String[])} |
| 95 | * @deprecated |
| 96 | */ |
| 97 | @Deprecated |
| 98 | public abstract void setIncludeCipherSuites(String[] cipherSuites); |
| 99 | |
| 100 | /* ------------------------------------------------------------ */ |
| 101 | /** |
| 102 | * @param password The password for the key store |
| 103 | * @deprecated |
| 104 | */ |
| 105 | @Deprecated |
| 106 | public abstract void setPassword(String password); |
| 107 | |
| 108 | /* ------------------------------------------------------------ */ |
| 109 | /** |
| 110 | * @param password The password for the trust store |
| 111 | * @deprecated |
| 112 | */ |
| 113 | @Deprecated |
| 114 | public abstract void setTrustPassword(String password); |
| 115 | |
| 116 | /* ------------------------------------------------------------ */ |
| 117 | /** |
| 118 | * @param password The password (if any) for the specific key within |
| 119 | * the key store |
| 120 | * @deprecated |
| 121 | */ |
| 122 | @Deprecated |
| 123 | public abstract void setKeyPassword(String password); |
| 124 | |
| 125 | /* ------------------------------------------------------------ */ |
| 126 | /** |
| 127 | * @return The SSL protocol (default "TLS") passed to {@link SSLContext#getInstance(String, String)} |
| 128 | * @deprecated |
| 129 | */ |
| 130 | @Deprecated |
| 131 | public abstract String getProtocol(); |
| 132 | |
| 133 | /* ------------------------------------------------------------ */ |
| 134 | /** |
| 135 | * @param protocol The SSL protocol (default "TLS") passed to {@link SSLContext#getInstance(String, String)} |
| 136 | * @deprecated |
| 137 | */ |
| 138 | @Deprecated |
| 139 | public abstract void setProtocol(String protocol); |
| 140 | |
| 141 | /* ------------------------------------------------------------ */ |
| 142 | /** |
| 143 | * @param keystore The file or URL of the SSL Key store. |
| 144 | * @deprecated |
| 145 | */ |
| 146 | @Deprecated |
| 147 | public abstract void setKeystore(String keystore); |
| 148 | |
| 149 | /* ------------------------------------------------------------ */ |
| 150 | /** |
| 151 | * @return The file or URL of the SSL Key store. |
| 152 | * @deprecated |
| 153 | */ |
| 154 | @Deprecated |
| 155 | public abstract String getKeystore(); |
| 156 | |
| 157 | /* ------------------------------------------------------------ */ |
| 158 | /** |
| 159 | * @return The type of the key store (default "JKS") |
| 160 | * @deprecated |
| 161 | */ |
| 162 | @Deprecated |
| 163 | public abstract String getKeystoreType(); |
| 164 | |
| 165 | /* ------------------------------------------------------------ */ |
| 166 | /** |
| 167 | * @return True if SSL needs client authentication. |
| 168 | * @see SSLEngine#getNeedClientAuth() |
| 169 | * @deprecated |
| 170 | */ |
| 171 | @Deprecated |
| 172 | public abstract boolean getNeedClientAuth(); |
| 173 | |
| 174 | /* ------------------------------------------------------------ */ |
| 175 | /** |
| 176 | * @return True if SSL wants client authentication. |
| 177 | * @see SSLEngine#getWantClientAuth() |
| 178 | * @deprecated |
| 179 | */ |
| 180 | @Deprecated |
| 181 | public abstract boolean getWantClientAuth(); |
| 182 | |
| 183 | /* ------------------------------------------------------------ */ |
| 184 | /** |
| 185 | * @param needClientAuth True if SSL needs client authentication. |
| 186 | * @see SSLEngine#getNeedClientAuth() |
| 187 | * @deprecated |
| 188 | */ |
| 189 | @Deprecated |
| 190 | public abstract void setNeedClientAuth(boolean needClientAuth); |
| 191 | |
| 192 | /* ------------------------------------------------------------ */ |
| 193 | /** |
| 194 | * @param wantClientAuth True if SSL wants client authentication. |
| 195 | * @see SSLEngine#getWantClientAuth() |
| 196 | * @deprecated |
| 197 | */ |
| 198 | @Deprecated |
| 199 | public abstract void setWantClientAuth(boolean wantClientAuth); |
| 200 | |
| 201 | /* ------------------------------------------------------------ */ |
| 202 | /** |
| 203 | * @param keystoreType The type of the key store (default "JKS") |
| 204 | * @deprecated |
| 205 | */ |
| 206 | @Deprecated |
| 207 | public abstract void setKeystoreType(String keystoreType); |
| 208 | |
| 209 | /* ------------------------------------------------------------ */ |
| 210 | /** |
| 211 | * @return The SSL provider name, which if set is passed to |
| 212 | * {@link SSLContext#getInstance(String, String)} |
| 213 | * @deprecated |
| 214 | */ |
| 215 | @Deprecated |
| 216 | public abstract String getProvider(); |
| 217 | |
| 218 | /* ------------------------------------------------------------ */ |
| 219 | /** |
| 220 | * @return The algorithm name, which if set is passed to |
| 221 | * {@link SecureRandom#getInstance(String)} to obtain the {@link SecureRandom} |
| 222 | * instance passed to {@link SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)} |
| 223 | * @deprecated |
| 224 | */ |
| 225 | @Deprecated |
| 226 | public abstract String getSecureRandomAlgorithm(); |
| 227 | |
| 228 | /* ------------------------------------------------------------ */ |
| 229 | /** |
| 230 | * @return The algorithm name (default "SunX509") used by the {@link KeyManagerFactory} |
| 231 | * @deprecated |
| 232 | */ |
| 233 | @Deprecated |
| 234 | public abstract String getSslKeyManagerFactoryAlgorithm(); |
| 235 | |
| 236 | /* ------------------------------------------------------------ */ |
| 237 | /** |
| 238 | * @return The algorithm name (default "SunX509") used by the {@link TrustManagerFactory} |
| 239 | * @deprecated |
| 240 | */ |
| 241 | @Deprecated |
| 242 | public abstract String getSslTrustManagerFactoryAlgorithm(); |
| 243 | |
| 244 | /* ------------------------------------------------------------ */ |
| 245 | /** |
| 246 | * @return The file name or URL of the trust store location |
| 247 | * @deprecated |
| 248 | */ |
| 249 | @Deprecated |
| 250 | public abstract String getTruststore(); |
| 251 | |
| 252 | /* ------------------------------------------------------------ */ |
| 253 | /** |
| 254 | * @return The type of the trust store (default "JKS") |
| 255 | * @deprecated |
| 256 | */ |
| 257 | @Deprecated |
| 258 | public abstract String getTruststoreType(); |
| 259 | |
| 260 | /* ------------------------------------------------------------ */ |
| 261 | /** |
| 262 | * @param provider The SSL provider name, which if set is passed to |
| 263 | * {@link SSLContext#getInstance(String, String)} |
| 264 | * @deprecated |
| 265 | */ |
| 266 | @Deprecated |
| 267 | public abstract void setProvider(String provider); |
| 268 | |
| 269 | /* ------------------------------------------------------------ */ |
| 270 | /** |
| 271 | * @param algorithm The algorithm name, which if set is passed to |
| 272 | * {@link SecureRandom#getInstance(String)} to obtain the {@link SecureRandom} |
| 273 | * instance passed to {@link SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)} |
| 274 | * @deprecated |
| 275 | */ |
| 276 | @Deprecated |
| 277 | public abstract void setSecureRandomAlgorithm(String algorithm); |
| 278 | |
| 279 | /* ------------------------------------------------------------ */ |
| 280 | /** |
| 281 | * @param algorithm The algorithm name (default "SunX509") used by |
| 282 | * the {@link KeyManagerFactory} |
| 283 | * @deprecated |
| 284 | */ |
| 285 | @Deprecated |
| 286 | public abstract void setSslKeyManagerFactoryAlgorithm(String algorithm); |
| 287 | |
| 288 | /* ------------------------------------------------------------ */ |
| 289 | /** |
| 290 | * @param algorithm The algorithm name (default "SunX509") used by the {@link TrustManagerFactory} |
| 291 | * @deprecated |
| 292 | */ |
| 293 | @Deprecated |
| 294 | public abstract void setSslTrustManagerFactoryAlgorithm(String algorithm); |
| 295 | |
| 296 | /* ------------------------------------------------------------ */ |
| 297 | /** |
| 298 | * @param truststore The file name or URL of the trust store location |
| 299 | * @deprecated |
| 300 | */ |
| 301 | @Deprecated |
| 302 | public abstract void setTruststore(String truststore); |
| 303 | |
| 304 | /* ------------------------------------------------------------ */ |
| 305 | /** |
| 306 | * @param truststoreType The type of the trust store (default "JKS") |
| 307 | * @deprecated |
| 308 | */ |
| 309 | @Deprecated |
| 310 | public abstract void setTruststoreType(String truststoreType); |
| 311 | |
| 312 | /* ------------------------------------------------------------ */ |
| 313 | /** |
| 314 | * @param sslContext Set a preconfigured SSLContext |
| 315 | * @deprecated |
| 316 | */ |
| 317 | @Deprecated |
| 318 | public abstract void setSslContext(SSLContext sslContext); |
| 319 | |
| 320 | /* ------------------------------------------------------------ */ |
| 321 | /** |
| 322 | * @return The SSLContext |
| 323 | * @deprecated |
| 324 | */ |
| 325 | @Deprecated |
| 326 | public abstract SSLContext getSslContext(); |
| 327 | |
| 328 | |
| 329 | /* ------------------------------------------------------------ */ |
| 330 | /** |
| 331 | * @return True if SSL re-negotiation is allowed (default false) |
| 332 | * @deprecated |
| 333 | */ |
| 334 | @Deprecated |
| 335 | public boolean isAllowRenegotiate(); |
| 336 | |
| 337 | /* ------------------------------------------------------------ */ |
| 338 | /** |
| 339 | * Set if SSL re-negotiation is allowed. CVE-2009-3555 discovered |
| 340 | * a vulnerability in SSL/TLS with re-negotiation. If your JVM |
| 341 | * does not have CVE-2009-3555 fixed, then re-negotiation should |
| 342 | * not be allowed. |
| 343 | * @param allowRenegotiate true if re-negotiation is allowed (default false) |
| 344 | * @deprecated |
| 345 | */ |
| 346 | @Deprecated |
| 347 | public void setAllowRenegotiate(boolean allowRenegotiate); |
| 348 | } |