/*
* Copyright 2015 dc-square GmbH
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.hivemq.spi.services.configuration.entity;
import com.hivemq.spi.annotations.Immutable;
import com.hivemq.spi.annotations.NotNull;
import com.hivemq.spi.annotations.Nullable;
import java.util.List;
import static com.google.common.base.Preconditions.checkNotNull;
/**
* The TLS configuration
*
* @author Dominik Obermaier
* @author Christoph Schäbel
* @since 3.0
*/
@Immutable
public class Tls {
/**
* The X509 client certificate authentication mode.
*/
public enum ClientAuthMode {
/**
* Clients are not allowed to send X509 client certificates
*/
NONE("none"),
/**
* Clients can send X509 client certificates but they're not required to do so
*/
OPTIONAL("optional"),
/**
* Clients must send X509 client certificates
*/
REQUIRED("required");
private final String clientAuthMode;
private ClientAuthMode(final String clientAuthMode) {
this.clientAuthMode = clientAuthMode;
}
/**
* @return the client authentication mode
*/
public String getClientAuthMode() {
return clientAuthMode;
}
@Override
public String toString() {
return clientAuthMode;
}
}
private final String keystorePath;
private final String keystorePassword;
private final String keystoreType;
private final String privateKeyPassword;
private final String truststorePath;
private final String truststorePassword;
private final String truststoreType;
private final Integer handshakeTimeout;
private final ClientAuthMode clientAuthMode;
private final List<String> protocols;
private final List<String> cipherSuites;
/**
* Creates a new TLS configuration
*
* @param keystorePath the path to the keystore
* @param keystorePassword the password for the keystore
* @param keystoreType the keystore type. When in doubt, use <b>JKS</b>
* @param privateKeyPassword the password to the private key
* @param truststorePath the path to the truststore
* @param truststorePassword the password for the truststore
* @param truststoreType the truststore type. When in doubt, use <b>JKS</b>
* @param handshakeTimeout the TLS handshake timeout
* @param clientAuthMode the client authentication mode
* @param protocols the supported protocols. <code>null</code> means that all enabled protocols by the JVM are enabled
* @param cipherSuites the supported cipher suites. <code>null</code> means that all enabled cipher suites by the JVM are enabled
*/
public Tls(@NotNull final String keystorePath,
@NotNull final String keystorePassword, @NotNull final String keystoreType,
final String privateKeyPassword,
@Nullable final String truststorePath,
@Nullable final String truststorePassword,
@Nullable final String truststoreType, final int handshakeTimeout, @NotNull final ClientAuthMode clientAuthMode,
@Nullable final List<String> protocols, @Nullable final List<String> cipherSuites) {
checkNotNull(clientAuthMode, "clientAuthMode must not be null");
checkNotNull(protocols, "protocols must not be null");
checkNotNull(cipherSuites, "cipher suites must not be null");
this.keystorePath = keystorePath;
this.keystorePassword = keystorePassword;
this.keystoreType = keystoreType;
this.privateKeyPassword = privateKeyPassword;
this.truststorePath = truststorePath;
this.truststorePassword = truststorePassword;
this.truststoreType = truststoreType;
this.handshakeTimeout = handshakeTimeout;
this.clientAuthMode = clientAuthMode;
this.protocols = protocols;
this.cipherSuites = cipherSuites;
}
/**
* @return the keystore path
*/
public String getKeystorePath() {
return keystorePath;
}
/**
* @return the keystore password
*/
public String getKeystorePassword() {
return keystorePassword;
}
/**
* @return the keystore type
*/
public String getKeystoreType() {
return keystoreType;
}
/**
* @return the password of the private key
*/
public String getPrivateKeyPassword() {
return privateKeyPassword;
}
/**
* @return the truststore path
*/
@Nullable
public String getTruststorePath() {
return truststorePath;
}
/**
* @return the truststore password
*/
@Nullable
public String getTruststorePassword() {
return truststorePassword;
}
/**
* @return the truststore type
*/
@Nullable
public String getTruststoreType() {
return truststoreType;
}
/**
* @return the TLS handshake timeout
*/
public int getHandshakeTimeout() {
return handshakeTimeout;
}
/**
* @return the client authentication mode
*/
public ClientAuthMode getClientAuthMode() {
return clientAuthMode;
}
/**
* @return the enabled TLS protocols
*/
public List<String> getProtocols() {
return protocols;
}
/**
* @return the enabled cipher suites
*/
public List<String> getCipherSuites() {
return cipherSuites;
}
@Override
public boolean equals(final Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;
final Tls tls = (Tls) o;
if (cipherSuites != null ? !cipherSuites.equals(tls.cipherSuites) : tls.cipherSuites != null) return false;
if (clientAuthMode != tls.clientAuthMode) return false;
if (handshakeTimeout != null ? !handshakeTimeout.equals(tls.handshakeTimeout) : tls.handshakeTimeout != null)
return false;
if (keystorePassword != null ? !keystorePassword.equals(tls.keystorePassword) : tls.keystorePassword != null)
return false;
if (keystorePath != null ? !keystorePath.equals(tls.keystorePath) : tls.keystorePath != null) return false;
if (keystoreType != null ? !keystoreType.equals(tls.keystoreType) : tls.keystoreType != null) return false;
if (privateKeyPassword != null ? !privateKeyPassword.equals(tls.privateKeyPassword) : tls.privateKeyPassword != null)
return false;
if (protocols != null ? !protocols.equals(tls.protocols) : tls.protocols != null) return false;
if (truststorePassword != null ? !truststorePassword.equals(tls.truststorePassword) : tls.truststorePassword != null)
return false;
if (truststorePath != null ? !truststorePath.equals(tls.truststorePath) : tls.truststorePath != null)
return false;
if (truststoreType != null ? !truststoreType.equals(tls.truststoreType) : tls.truststoreType != null)
return false;
return true;
}
@Override
public int hashCode() {
int result = keystorePath != null ? keystorePath.hashCode() : 0;
result = 31 * result + (keystorePassword != null ? keystorePassword.hashCode() : 0);
result = 31 * result + (keystoreType != null ? keystoreType.hashCode() : 0);
result = 31 * result + (privateKeyPassword != null ? privateKeyPassword.hashCode() : 0);
result = 31 * result + (truststorePath != null ? truststorePath.hashCode() : 0);
result = 31 * result + (truststorePassword != null ? truststorePassword.hashCode() : 0);
result = 31 * result + (truststoreType != null ? truststoreType.hashCode() : 0);
result = 31 * result + (handshakeTimeout != null ? handshakeTimeout.hashCode() : 0);
result = 31 * result + (clientAuthMode != null ? clientAuthMode.hashCode() : 0);
result = 31 * result + (protocols != null ? protocols.hashCode() : 0);
result = 31 * result + (cipherSuites != null ? cipherSuites.hashCode() : 0);
return result;
}
}