TlsPolicyDescriptor.java

/*
 * Copyright (C) 2014 Intel Corporation
 * All rights reserved.
 */
package com.intel.mtwilson.tls.policy;

import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper;
import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement;
import com.intel.dcsg.cpg.validation.Regex;
import com.intel.dcsg.cpg.validation.Unchecked;
import java.util.Collection;
import java.util.Map;

/**
 *
 * @author jbuhacoff
 */
@JacksonXmlRootElement(localName="tlsPolicyDescriptor")
public class TlsPolicyDescriptor {
    private String policyType; // INSECURE, TRUST_FIRST_CERTIFICATE, public-key, public-key-digest, certificate, certificate-digest
    private String ciphers; // comma-separated AES128-SHA, EDH-DSS-CBC-SHA, NULL-MD5 etc.  with ! prefix to mean exclude  for example !NULL  means exclude null ciphers,  !DES  means exclude ciphers with DES,  !MD5 means exclude ciphers with MD5 hashing, etc.  and + means "at least" so +AES128  means "AES128 or greater" and no prefix means exact match so "AES128" would not match AES256 but "AES" would match both AES128 and AES256, similarly "SHA" matches SHA-1 and any SHA-2 algorithm
    private String protocols; // comma-separated ssl, ssl2, ssl3, tls, tls1.2, tls1.3,  with ! to mean exclude for example !SSLv2 means don't allow ssl2, and "ssl" matches any ssl and "tls" matches any tls version;  -ssl  means don't include ssl but if one is added later it's ok,  whereas !ssl would not allow any to be added (-ssl,ssl3 means ssl3 but not others, whereas !ssl,ssl3 means no ssl at all)
    private TlsProtection protection; // encryption, integrity, authentication, forwardSecrecy
    private Map<String,String> metadata; // digestAlgorithm (MD5, SHA-1, SHA-256, etc), encoding (base64 or hex)
    @JacksonXmlElementWrapper(localName="data")
    @JacksonXmlProperty(localName="item")
    private Collection<String> data; // certificates, certificate digests, public keys, or public key digests

    @Regex("(?:[a-zA-Z0-9_-]+)")
    public String getPolicyType() {
        return policyType;
    }

    public void setPolicyType(String name) {
        this.policyType = name;
    }

    @Regex("(?:[a-zA-Z0-9,!_+-]+)")
    public String getCiphers() {
        return ciphers;
    }

    public void setCiphers(String ciphers) {
        this.ciphers = ciphers;
    }

    @Regex("(?:[a-zA-Z0-9,.!_+-]+)")
    public String getProtocols() {
        return protocols;
    }

    public void setProtocols(String protocols) {
        this.protocols = protocols;
    }

    public TlsProtection getProtection() {
        return protection;
    }

    public void setProtection(TlsProtection protection) {
        this.protection = protection;
    }

    @Unchecked
    public Collection<String> getData() {
        return data;
    }

    public void setData(Collection<String> data) {
        this.data = data;
    }

    @Unchecked
    public Map<String, String> getMeta() {
        return metadata;
    }

    public void setMeta(Map<String, String> meta) {
        this.metadata = meta;
    }
    
    
}