TlsDirectTrustStore.java example

Explorer
MULE-master
- mule-mule-4.x
/*
 * Copyright (c) MuleSoft, Inc.  All rights reserved.  http://www.mulesoft.com
 * The software in this package is published under the terms of the CPAL v1.0
 * license, a copy of which has been included with this distribution in the
 * LICENSE.txt file.
 */
package org.mule.runtime.core.api.security;

import org.mule.runtime.core.api.security.tls.TlsConfiguration;

import javax.net.ssl.TrustManagerFactory;

/**
 * Configure direct trust stores. TLS/SSL connections are made to trusted systems - the public certificates of trusted systems are
 * stored in a keystore (called a trust store) and used to verify that the connection made to a remote system "really is" the
 * expected identity.
 * 
 * <p>
 * The information specified in this interface may be used to configure a trust store directly, or the values in the
 * {@link TlsIndirectTrustStore} may be stored as property values and used later, or both. It may therefore be specific to a
 * single connector, or global to all connectors made by that protocol, or even (in the case of the SSL transport) become a global
 * default value. For more information see the documentation for the connector or protocol in question. The comments in
 * {@link TlsConfiguration} may also be useful.
 * </p>
 */
public interface TlsDirectTrustStore extends TlsIndirectTrustStore {

  /**
   * @return The type of keystore used to implement the trust store defined in {@link #getTrustStore()}
   */
  String getTrustStoreType();

  /**
   * @param trustStoreType The type of keystore used to implement the trust store defined in {@link #setTrustStore(String)}
   */
  void setTrustStoreType(String trustStoreType);

  /**
   * @return The algorithm used by the trust store.
   */
  String getTrustManagerAlgorithm();

  /**
   * @param trustManagerAlgorithm The algorithm used by the trust store.
   */
  void setTrustManagerAlgorithm(String trustManagerAlgorithm);

  /**
   * @return Either the factory defined by {@link #setTrustManagerFactory(TrustManagerFactory)} or one constructed from the
   *         parameters in this interface ({@link #setTrustStoreType(String)} etc).
   */
  TrustManagerFactory getTrustManagerFactory();

  /**
   * @param trustManagerFactory The source of trust information if the store is accessed directly (some connectors generate trust
   *        stores indirectly through System properties in which case this value will be ignored - see {@link TlsConfiguration}).
   */
  void setTrustManagerFactory(TrustManagerFactory trustManagerFactory);

  /**
   * If the trust store is undefined and the trust store generated via System properties then the key store certificates defined
   * via <b>TODO</b> can be used as a source of trust information.
   * 
   * @return true if the key store data should <em>not</em> be used when a trust store is otherwise undefined
   */
  boolean isExplicitTrustStoreOnly();

  /**
   * If the trust store is undefined and the trust store generated via System properties then the key store certificates defined
   * via <b>TODO</b> can be used as a source of trust information.
   * 
   * @param explicitTrustStoreOnly true if the key store data should <em>not<em> be used when a trust store is otherwise undefined
   */
  void setExplicitTrustStoreOnly(boolean explicitTrustStoreOnly);

  /**
   * If a server socket is constructed directly (see {@link TlsConfiguration}) then this flag will control whether client
   * authenticatin is required. This does not apply to client connections.
   * 
   * @return true if clients must be authenticated
   */
  boolean isRequireClientAuthentication();

  /**
   * If a server socket is constructed directly (see {@link TlsConfiguration}) then this flag will control whether client
   * authenticatin is required. This does not apply to client connections.
   * 
   * @param requireClientAuthentication true if clients must be authenticated
   */
  void setRequireClientAuthentication(boolean requireClientAuthentication);

}