1 // 2 // ======================================================================== 3 // Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd. 4 // ------------------------------------------------------------------------ 5 // All rights reserved. This program and the accompanying materials 6 // are made available under the terms of the Eclipse Public License v1.0 7 // and Apache License v2.0 which accompanies this distribution. 8 // 9 // The Eclipse Public License is available at 10 // http://www.eclipse.org/legal/epl-v10.html 11 // 12 // The Apache License v2.0 is available at 13 // http://www.opensource.org/licenses/apache2.0.php 14 // 15 // You may elect to redistribute this code under either of these licenses. 16 // ======================================================================== 17 // 18 19 package org.eclipse.jetty.server.ssl; 20 21 import java.io.File; 22 import java.security.SecureRandom; 23 import java.security.Security; 24 25 import javax.net.ssl.KeyManagerFactory; 26 import javax.net.ssl.SSLContext; 27 import javax.net.ssl.SSLEngine; 28 import javax.net.ssl.TrustManagerFactory; 29 30 import org.eclipse.jetty.server.Connector; 31 import org.eclipse.jetty.util.ssl.SslContextFactory; 32 33 34 /* ------------------------------------------------------------ */ 35 /** The interface for SSL connectors and their configuration methods. 36 * 37 */ 38 public interface SslConnector extends Connector 39 { 40 @Deprecated 41 public static final String DEFAULT_KEYSTORE_ALGORITHM=(Security.getProperty("ssl.KeyManagerFactory.algorithm")==null?"SunX509":Security.getProperty("ssl.KeyManagerFactory.algorithm")); 42 @Deprecated 43 public static final String DEFAULT_TRUSTSTORE_ALGORITHM=(Security.getProperty("ssl.TrustManagerFactory.algorithm")==null?"SunX509":Security.getProperty("ssl.TrustManagerFactory.algorithm")); 44 45 /** Default value for the keystore location path. @deprecated */ 46 @Deprecated 47 public static final String DEFAULT_KEYSTORE = System.getProperty("user.home") + File.separator + ".keystore"; 48 49 /** String name of key password property. @deprecated */ 50 @Deprecated 51 public static final String KEYPASSWORD_PROPERTY = "org.eclipse.jetty.ssl.keypassword"; 52 53 /** String name of keystore password property. @deprecated */ 54 @Deprecated 55 public static final String PASSWORD_PROPERTY = "org.eclipse.jetty.ssl.password"; 56 57 58 /* ------------------------------------------------------------ */ 59 /** 60 * @return the instance of SslContextFactory associated with the connector 61 */ getSslContextFactory()62 public SslContextFactory getSslContextFactory(); 63 64 /* ------------------------------------------------------------ */ 65 /** 66 * @return The array of Ciphersuite names to exclude from 67 * {@link SSLEngine#setEnabledCipherSuites(String[])} 68 * @deprecated 69 */ 70 @Deprecated getExcludeCipherSuites()71 public abstract String[] getExcludeCipherSuites(); 72 73 /* ------------------------------------------------------------ */ 74 /** 75 * @param cipherSuites The array of Ciphersuite names to exclude from 76 * {@link SSLEngine#setEnabledCipherSuites(String[])} 77 * @deprecated 78 */ 79 @Deprecated setExcludeCipherSuites(String[] cipherSuites)80 public abstract void setExcludeCipherSuites(String[] cipherSuites); 81 82 /* ------------------------------------------------------------ */ 83 /** 84 * @return The array of Ciphersuite names to include in 85 * {@link SSLEngine#setEnabledCipherSuites(String[])} 86 * @deprecated 87 */ 88 @Deprecated getIncludeCipherSuites()89 public abstract String[] getIncludeCipherSuites(); 90 91 /* ------------------------------------------------------------ */ 92 /** 93 * @param cipherSuites The array of Ciphersuite names to include in 94 * {@link SSLEngine#setEnabledCipherSuites(String[])} 95 * @deprecated 96 */ 97 @Deprecated setIncludeCipherSuites(String[] cipherSuites)98 public abstract void setIncludeCipherSuites(String[] cipherSuites); 99 100 /* ------------------------------------------------------------ */ 101 /** 102 * @param password The password for the key store 103 * @deprecated 104 */ 105 @Deprecated setPassword(String password)106 public abstract void setPassword(String password); 107 108 /* ------------------------------------------------------------ */ 109 /** 110 * @param password The password for the trust store 111 * @deprecated 112 */ 113 @Deprecated setTrustPassword(String password)114 public abstract void setTrustPassword(String password); 115 116 /* ------------------------------------------------------------ */ 117 /** 118 * @param password The password (if any) for the specific key within 119 * the key store 120 * @deprecated 121 */ 122 @Deprecated setKeyPassword(String password)123 public abstract void setKeyPassword(String password); 124 125 /* ------------------------------------------------------------ */ 126 /** 127 * @return The SSL protocol (default "TLS") passed to {@link SSLContext#getInstance(String, String)} 128 * @deprecated 129 */ 130 @Deprecated getProtocol()131 public abstract String getProtocol(); 132 133 /* ------------------------------------------------------------ */ 134 /** 135 * @param protocol The SSL protocol (default "TLS") passed to {@link SSLContext#getInstance(String, String)} 136 * @deprecated 137 */ 138 @Deprecated setProtocol(String protocol)139 public abstract void setProtocol(String protocol); 140 141 /* ------------------------------------------------------------ */ 142 /** 143 * @param keystore The file or URL of the SSL Key store. 144 * @deprecated 145 */ 146 @Deprecated setKeystore(String keystore)147 public abstract void setKeystore(String keystore); 148 149 /* ------------------------------------------------------------ */ 150 /** 151 * @return The file or URL of the SSL Key store. 152 * @deprecated 153 */ 154 @Deprecated getKeystore()155 public abstract String getKeystore(); 156 157 /* ------------------------------------------------------------ */ 158 /** 159 * @return The type of the key store (default "JKS") 160 * @deprecated 161 */ 162 @Deprecated getKeystoreType()163 public abstract String getKeystoreType(); 164 165 /* ------------------------------------------------------------ */ 166 /** 167 * @return True if SSL needs client authentication. 168 * @see SSLEngine#getNeedClientAuth() 169 * @deprecated 170 */ 171 @Deprecated getNeedClientAuth()172 public abstract boolean getNeedClientAuth(); 173 174 /* ------------------------------------------------------------ */ 175 /** 176 * @return True if SSL wants client authentication. 177 * @see SSLEngine#getWantClientAuth() 178 * @deprecated 179 */ 180 @Deprecated getWantClientAuth()181 public abstract boolean getWantClientAuth(); 182 183 /* ------------------------------------------------------------ */ 184 /** 185 * @param needClientAuth True if SSL needs client authentication. 186 * @see SSLEngine#getNeedClientAuth() 187 * @deprecated 188 */ 189 @Deprecated setNeedClientAuth(boolean needClientAuth)190 public abstract void setNeedClientAuth(boolean needClientAuth); 191 192 /* ------------------------------------------------------------ */ 193 /** 194 * @param wantClientAuth True if SSL wants client authentication. 195 * @see SSLEngine#getWantClientAuth() 196 * @deprecated 197 */ 198 @Deprecated setWantClientAuth(boolean wantClientAuth)199 public abstract void setWantClientAuth(boolean wantClientAuth); 200 201 /* ------------------------------------------------------------ */ 202 /** 203 * @param keystoreType The type of the key store (default "JKS") 204 * @deprecated 205 */ 206 @Deprecated setKeystoreType(String keystoreType)207 public abstract void setKeystoreType(String keystoreType); 208 209 /* ------------------------------------------------------------ */ 210 /** 211 * @return The SSL provider name, which if set is passed to 212 * {@link SSLContext#getInstance(String, String)} 213 * @deprecated 214 */ 215 @Deprecated getProvider()216 public abstract String getProvider(); 217 218 /* ------------------------------------------------------------ */ 219 /** 220 * @return The algorithm name, which if set is passed to 221 * {@link SecureRandom#getInstance(String)} to obtain the {@link SecureRandom} 222 * instance passed to {@link SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)} 223 * @deprecated 224 */ 225 @Deprecated getSecureRandomAlgorithm()226 public abstract String getSecureRandomAlgorithm(); 227 228 /* ------------------------------------------------------------ */ 229 /** 230 * @return The algorithm name (default "SunX509") used by the {@link KeyManagerFactory} 231 * @deprecated 232 */ 233 @Deprecated getSslKeyManagerFactoryAlgorithm()234 public abstract String getSslKeyManagerFactoryAlgorithm(); 235 236 /* ------------------------------------------------------------ */ 237 /** 238 * @return The algorithm name (default "SunX509") used by the {@link TrustManagerFactory} 239 * @deprecated 240 */ 241 @Deprecated getSslTrustManagerFactoryAlgorithm()242 public abstract String getSslTrustManagerFactoryAlgorithm(); 243 244 /* ------------------------------------------------------------ */ 245 /** 246 * @return The file name or URL of the trust store location 247 * @deprecated 248 */ 249 @Deprecated getTruststore()250 public abstract String getTruststore(); 251 252 /* ------------------------------------------------------------ */ 253 /** 254 * @return The type of the trust store (default "JKS") 255 * @deprecated 256 */ 257 @Deprecated getTruststoreType()258 public abstract String getTruststoreType(); 259 260 /* ------------------------------------------------------------ */ 261 /** 262 * @param provider The SSL provider name, which if set is passed to 263 * {@link SSLContext#getInstance(String, String)} 264 * @deprecated 265 */ 266 @Deprecated setProvider(String provider)267 public abstract void setProvider(String provider); 268 269 /* ------------------------------------------------------------ */ 270 /** 271 * @param algorithm The algorithm name, which if set is passed to 272 * {@link SecureRandom#getInstance(String)} to obtain the {@link SecureRandom} 273 * instance passed to {@link SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)} 274 * @deprecated 275 */ 276 @Deprecated setSecureRandomAlgorithm(String algorithm)277 public abstract void setSecureRandomAlgorithm(String algorithm); 278 279 /* ------------------------------------------------------------ */ 280 /** 281 * @param algorithm The algorithm name (default "SunX509") used by 282 * the {@link KeyManagerFactory} 283 * @deprecated 284 */ 285 @Deprecated setSslKeyManagerFactoryAlgorithm(String algorithm)286 public abstract void setSslKeyManagerFactoryAlgorithm(String algorithm); 287 288 /* ------------------------------------------------------------ */ 289 /** 290 * @param algorithm The algorithm name (default "SunX509") used by the {@link TrustManagerFactory} 291 * @deprecated 292 */ 293 @Deprecated setSslTrustManagerFactoryAlgorithm(String algorithm)294 public abstract void setSslTrustManagerFactoryAlgorithm(String algorithm); 295 296 /* ------------------------------------------------------------ */ 297 /** 298 * @param truststore The file name or URL of the trust store location 299 * @deprecated 300 */ 301 @Deprecated setTruststore(String truststore)302 public abstract void setTruststore(String truststore); 303 304 /* ------------------------------------------------------------ */ 305 /** 306 * @param truststoreType The type of the trust store (default "JKS") 307 * @deprecated 308 */ 309 @Deprecated setTruststoreType(String truststoreType)310 public abstract void setTruststoreType(String truststoreType); 311 312 /* ------------------------------------------------------------ */ 313 /** 314 * @param sslContext Set a preconfigured SSLContext 315 * @deprecated 316 */ 317 @Deprecated setSslContext(SSLContext sslContext)318 public abstract void setSslContext(SSLContext sslContext); 319 320 /* ------------------------------------------------------------ */ 321 /** 322 * @return The SSLContext 323 * @deprecated 324 */ 325 @Deprecated getSslContext()326 public abstract SSLContext getSslContext(); 327 328 329 /* ------------------------------------------------------------ */ 330 /** 331 * @return True if SSL re-negotiation is allowed (default false) 332 * @deprecated 333 */ 334 @Deprecated isAllowRenegotiate()335 public boolean isAllowRenegotiate(); 336 337 /* ------------------------------------------------------------ */ 338 /** 339 * Set if SSL re-negotiation is allowed. CVE-2009-3555 discovered 340 * a vulnerability in SSL/TLS with re-negotiation. If your JVM 341 * does not have CVE-2009-3555 fixed, then re-negotiation should 342 * not be allowed. 343 * @param allowRenegotiate true if re-negotiation is allowed (default false) 344 * @deprecated 345 */ 346 @Deprecated setAllowRenegotiate(boolean allowRenegotiate)347 public void setAllowRenegotiate(boolean allowRenegotiate); 348 } 349