001: /**
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */package org.apache.geronimo.management.geronimo;
017:
018: /**
019: * Common configuration settings for connectors that use SSL/TLS to conduct
020: * secure communications with clients.
021: *
022: * http://jakarta.apache.org/tomcat/tomcat-5.5-doc/ssl-howto.html
023: * http://mortbay.org/javadoc/org/mortbay/http/SslListener.html
024: *
025: * @version $Rev: 476049 $ $Date: 2006-11-16 20:35:17 -0800 (Thu, 16 Nov 2006) $
026: */
027: public interface SecureConnector extends WebConnector {
028: public final static String KEYSTORE_TYPE_JKS = "JKS";
029: public final static String KEYSTORE_TYPE_PKCS12 = "PKCS12";
030: public final static String ALGORITHM_TYPE_SUN = "SunX509";
031: public final static String ALGORITHM_TYPE_IBM = "IbmX509";
032: public final static String SECURE_PROTOCOL_TYPE_TLS = "TLS";
033: public final static String SECURE_PROTOCOL_TYPE_SSL = "SSL";
034:
035: /**
036: * Gets the name of the keystore file that holds the server certificate
037: * (and by default, the trusted CA certificates used for client certificate
038: * authentication). This is relative to the Geronimo home directory.
039: */
040: public String getKeystoreFileName();
041:
042: /**
043: * Sets the name of the keystore file that holds the server certificate
044: * (and by default, the trusted CA certificates used for client certificate
045: * authentication). This is relative to the Geronimo home directory.
046: */
047: public void setKeystoreFileName(String name);
048:
049: /**
050: * Sets the password used to access the keystore, and by default, used to
051: * access the server private key inside the keystore. Not all connectors
052: * support configuring different passwords for those two features; if so,
053: * a separate PrivateKeyPassword should be defined in an
054: * implementation-specific connector interface.
055: */
056: public void setKeystorePassword(String password);
057:
058: /**
059: * Gets the format of the entries in the keystore. The default format for
060: * Java keystores is JKS, though some connector implementations support
061: * PCKS12 (and possibly other formats).
062: */
063: public String getKeystoreType();
064:
065: /**
066: * Sets the format of the entries in the keystore. The default format for
067: * Java keystores is JKS, though some connector implementations support
068: * PCKS12 (and possibly other formats).
069: */
070: public void setKeystoreType(String type);
071:
072: /**
073: * Gets the certificate algorithm used to access the keystore. This may
074: * be different for different JVM vendors, but should not usually be
075: * changed otherwise.
076: */
077: public String getAlgorithm();
078:
079: /**
080: * Sets the certificate algorithm used to access the keystore. This may
081: * be different for different JVM vendors, but should not usually be
082: * changed otherwise.
083: */
084: public void setAlgorithm(String algorithm);
085:
086: /**
087: * Gets the protocol used for secure communication. This should usually
088: * be TLS, though some JVM implementations (particularly some of IBM's)
089: * may not be compatible with popular browsers unless this is changed to
090: * SSL.
091: */
092: public String getSecureProtocol();
093:
094: /**
095: * Gets the protocol used for secure communication. This should usually
096: * be TLS, though some JVM implementations (particularly some of IBM's)
097: * may not be compatible with popular browsers unless this is changed to
098: * SSL. Don't change it if you're not having problems.
099: */
100: public void setSecureProtocol(String protocol);
101:
102: /**
103: * Checks whether clients are required to authenticate using client
104: * certificates in order to connect using this connector. If enabled,
105: * client certificates are validated using the trust store, which defaults
106: * to the same keystore file, keystore type, and keystore password as the
107: * regular keystore. Some connector implementations may allow you to
108: * configure those 3 values separately to use a different trust store.
109: *
110: * todo: confirm that Jetty defaults to keystore not JVM default trust store
111: */
112: public boolean isClientAuthRequired();
113:
114: /**
115: * Checks whether clients are required to authenticate using client
116: * certificates in order to connect using this connector. If enabled,
117: * client certificates are validated using the trust store, which defaults
118: * to the same keystore file, keystore type, and keystore password as the
119: * regular keystore. Some connector implementations may allow you to
120: * configure those 3 values separately to use a different trust store.
121: *
122: * todo: confirm that Jetty defaults to keystore not JVM default trust store
123: */
124: public void setClientAuthRequired(boolean clientCert);
125:
126: // Jetty: integral/confidential separation
127: // Tomcat: trust keystore, trust password, trust keystore type, ciphers
128: }
|