/*
* Tigase Jabber/XMPP Server
* Copyright (C) 2004-2012 "Artur Hefczyc" <artur.hefczyc@tigase.org>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, version 3 of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. Look for COPYING file in the top folder.
* If not, see http://www.gnu.org/licenses/.
*
* $Rev$
* Last modified by $Author$
* $Date$
*/
package tigase.io;
//~--- JDK imports ------------------------------------------------------------
import java.io.File;
import java.security.KeyStore;
import java.security.cert.CertificateParsingException;
import java.util.Map;
import javax.net.ssl.SSLContext;
//~--- interfaces -------------------------------------------------------------
/**
* Describe interface SSLContextContainerIfc here.
*
*
* Created: Tue Nov 20 11:43:32 2007
*
* @author <a href="mailto:artur.hefczyc@tigase.org">Artur Hefczyc</a>
* @version $Rev$
*/
public interface SSLContextContainerIfc {
/**
* Constant <code>ALLOW_INVALID_CERTS_KEY</code> is a key pointing to a
* configuration parameters specyfying if invalid certificates are
* acceptable by the server. Invalid certificates are expired ones or
* certificates issued for a different domain. This should be really set to
* <code>false</code> in any real deployment and can be set ot
* <code>true</code> in development invironment.
*/
public static final String ALLOW_INVALID_CERTS_KEY = "allow-invalid-certs";
/**
* Constant <code>ALLOW_INVALID_CERTS_VAL</code> is a default configuration
* parameter specifying if invalid certificates are acceptable by the
* server.
*
*/
public static final String ALLOW_INVALID_CERTS_VAL = "false";
/**
* Constant <code>ALLOW_SELF_SIGNED_CERTS_KEY</code> is a key pointing to a
* configuration parameter specifying if self-signed certificates are
* acceptable for the server.
*/
public static final String ALLOW_SELF_SIGNED_CERTS_KEY = "allow-self-signed-certs";
/**
* Constant <code>ALLOW_SELF_SIGNED_CERTS_VAL</code> is a default
* configuration value specifying if self-signed certificates are allowed by
* the server.
*/
public static final String ALLOW_SELF_SIGNED_CERTS_VAL = "true";
/** Field description */
public static final String CERT_ALIAS_KEY = "cert-alias";
/** Field description */
public static final String CERT_SAVE_TO_DISK_KEY = "cert-save-to-disk";
/**
* Constant <code>DEFAULT_DOMAIN_CERT_KEY</code> is a key pointing to the
* domain with default certificate.
*/
public static final String DEFAULT_DOMAIN_CERT_KEY = "ssl-def-cert-domain";
/**
* Constant <code>DEFAULT_DOMAIN_CERT_VAL</code> keeps default value for a
* domain with default certificate.
*/
public static final String DEFAULT_DOMAIN_CERT_VAL = "default";
/**
* Constant <code>JKS_KEYSTORE_FILE_KEY</code> is a key pointing to a JKS
* keystore file.
*/
public static final String JKS_KEYSTORE_FILE_KEY = "keys-store";
/**
* Constant <code>JKS_KEYSTORE_FILE_VAL</code> keeps default value for a JKS
* keystore file.
*/
public static final String JKS_KEYSTORE_FILE_VAL = "certs" + File.separator + "rsa-keystore";
/**
* Constant <code>JKS_KEYSTORE_PWD_KEY</code> is a key pointing to a private
* key password,
*/
public static final String JKS_KEYSTORE_PWD_KEY = "keys-store-password";
/**
* Constant <code>JKS_KEYSTORE_PWD_VAL</code> is a default private key
* password.
*/
public static final String JKS_KEYSTORE_PWD_VAL = "keystore";
/** Field description */
public static final String PEM_CERTIFICATE_KEY = "pem-certificate";
/**
* Constant <code>SERVER_CERTS_DIR_KEY</code> is a key pointing to a
* configuration parameter with directory names where all server
* certificates are stored. This can be a comma separated list of
* directories, instead of a single directory name. Certificates are stored
* in <code>*.pem</code> files where the first part of the file name is a
* domain name i.e.: <code>yourdomain.com.pem</code>. There is one exception
* though. The file named <code>default.pem</code> stores a certificate
* which is a default certificate for the server if certificate for specific
* domain is missing.
*/
public static final String SERVER_CERTS_LOCATION_KEY = "ssl-certs-location";
/**
* Constant <code>SERVER_CERTS_DIR_VAL</code> is a default directory name
* where all certificate files are stored.
*
*/
public static final String SERVER_CERTS_LOCATION_VAL = "certs/";
/**
* Constant <code>SSL_CONTAINER_CLASS_KEY</code> is a key pointing to a
* container implementation class. The class is loaded at startup time and
* initialized using configuration parameters. Some container
* implementations may accept different parameters set. Please refer to the
* implementation for more details.
*/
public static final String SSL_CONTAINER_CLASS_KEY = "ssl-container-class";
/**
* Constant <code>SSL_CONTAINER_CLASS_VAL</code> keeps default container
* implementation class loaded if none is specified in configuration file.
*/
public static final String SSL_CONTAINER_CLASS_VAL = SSLContextContainer.class.getName();
/**
* Constant <code>TRUSTED_CERTS_DIR_KEY</code> is a key pointing to a
* configuration parameter where all trusted certificates are stored. This
* can be a comma separated list of directories.
*/
public static final String TRUSTED_CERTS_DIR_KEY = "trusted-certs-dir";
/**
* Constant <code>TRUSTED_CERTS_DIR_VAL</code> is a default directory name
* where all trusted certificates are stored.
*/
public static final String TRUSTED_CERTS_DIR_VAL = "/etc/ssl/certs";
/**
* Constant <code>TRUSTSTORE_FILE_KEY</code> is a key pointing to a trust
* store file.
*/
public static final String TRUSTSTORE_FILE_KEY = "trusts-store";
/**
* Constant <code>TRUSTSTORE_FILE_VAL</code> is a default truststore file.
*/
public static final String TRUSTSTORE_FILE_VAL = "certs" + File.separator + "truststore";
/**
* Constant <code>TRUSTSTORE_PWD_KEY</code> is a key pointing to a trustore
* file password.
*/
public static final String TRUSTSTORE_PWD_KEY = "trusts-store-password";
/**
* Constant <code>TRUSTSTORE_PWD_VAL</code> is a default password for
* truststore file.
*/
public static final String TRUSTSTORE_PWD_VAL = "truststore";
// ~--- methods
// --------------------------------------------------------------
/**
* Method <code>addCertificates</code> allows to add more certificates at
* run time after the container has bee already initialized. This is to
* avoid server restart if there are certificates updates or new
* certificates for new virtual domain. The method should add new
* certificates or replace existing one if there is already a certificate
* for a domain.
*
* @param params
* a <code>Map</code> value with configuration parameters.
* @throws CertificateParsingException
*/
void addCertificates(Map<String, String> params) throws CertificateParsingException;
// ~--- get methods
// ----------------------------------------------------------
/**
* Method <code>getSSLContext</code> creates and returns new SSLContext for
* a given domain (hostname). For creation of the SSLContext a certificate
* associated with this domain (hostname) should be used. If there is no
* specific certificate for a given domain then default certificate should
* be used.
*
* @param protocol
* a <code>String</code> is either 'SSL' or 'TLS' value.
* @param hostname
* a <code>String</code> value keeps a hostname or domain for
* SSLContext.
* @return a <code>SSLContext</code> value
*/
SSLContext getSSLContext(String protocol, String hostname);
/**
* Returns a trust store with all trusted certificates.
*
* @return a KeyStore with all trusted certificates, the KeyStore can be
* empty but cannot be null.
*/
KeyStore getTrustStore();
// ~--- methods
// --------------------------------------------------------------
/**
* Method <code>init</code> method initializes the container. If the
* container has been already initialized then it should clear all the data
* and re-initialize the container with the "fresh" data. If there is only
* one certificate loaded it is a default one as well. Otherwise the
* certificate from <code>default.pem</code> file should be used as a
* default one. Default certificate can be also set through the settings in
* the <code>Map</code> given as a parameter.
* <code>DEFAULT_DOMAIN_CERT_KEY</code> points to the domain which holds
* default certificate.
*
* @param params
* a <code>Map</code> value
*/
void init(Map<String, Object> params);
}
// ~ Formatted in Sun Code Convention
// ~ Formatted by Jindent --- http://www.jindent.com