001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions Copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2006-2010 Sun Microsystems, Inc. 015 * Portions Copyright 2015-2016 ForgeRock AS. 016 */ 017package org.opends.quicksetup; 018 019import java.util.Arrays; 020import java.util.Collection; 021import java.util.Set; 022import java.util.TreeSet; 023 024/** Class used to describe the Security Options specified by the user. */ 025public class SecurityOptions 026{ 027 private boolean enableSSL; 028 private boolean enableStartTLS; 029 030 private int sslPort = 636; 031 032 /** Alias of a self-signed certificate. */ 033 public static final String SELF_SIGNED_CERT_ALIAS = "server-cert"; 034 /** Alias of a self-signed certificate using elliptic curve. */ 035 public static final String SELF_SIGNED_EC_CERT_ALIAS = SELF_SIGNED_CERT_ALIAS + "-ec"; 036 037 /** The different type of security options that we can have. */ 038 public enum CertificateType 039 { 040 /** No certificate to be used (and so no SSL and no Start TLS). */ 041 NO_CERTIFICATE, 042 /** Use a newly created Self Signed Certificate. */ 043 SELF_SIGNED_CERTIFICATE, 044 /** Use an existing JKS key store. */ 045 JKS, 046 /** Use an existing JCEKS key store. */ 047 JCEKS, 048 /** Use an existing PKCS#11 key store. */ 049 PKCS11, 050 /** Use an existing PKCS#12 key store. */ 051 PKCS12 052 } 053 054 private CertificateType certificateType; 055 private String keyStorePath; 056 private String keyStorePassword; 057 private final Set<String> aliasesToUse = new TreeSet<>(); 058 059 private SecurityOptions() 060 { 061 } 062 063 /** 064 * Creates a new instance of a SecurityOptions representing for no certificate 065 * (no SSL or Start TLS). 066 * 067 * @return a new instance of a SecurityOptions representing for no certificate 068 * (no SSL or Start TLS). 069 */ 070 public static SecurityOptions createNoCertificateOptions() 071 { 072 SecurityOptions ops = new SecurityOptions(); 073 ops.setCertificateType(CertificateType.NO_CERTIFICATE); 074 ops.setEnableSSL(false); 075 ops.setEnableStartTLS(false); 076 return ops; 077 } 078 079 /** 080 * Creates a new instance of a SecurityOptions using a self-signed 081 * certificate. 082 * 083 * @param enableSSL 084 * whether SSL is enabled or not. 085 * @param enableStartTLS 086 * whether Start TLS is enabled or not. 087 * @param sslPort 088 * the value of the LDAPS port. 089 * @return a new instance of a SecurityOptions using a self-signed 090 * certificate. 091 */ 092 public static SecurityOptions createSelfSignedCertificateOptions( 093 boolean enableSSL, boolean enableStartTLS, int sslPort) 094 { 095 return createSelfSignedCertificateOptions(enableSSL, enableStartTLS, sslPort, 096 Arrays.asList(SELF_SIGNED_CERT_ALIAS)); 097 } 098 099 /** 100 * Creates a new instance of a SecurityOptions using a self-signed 101 * certificate. 102 * 103 * @param enableSSL 104 * whether SSL is enabled or not. 105 * @param enableStartTLS 106 * whether Start TLS is enabled or not. 107 * @param sslPort 108 * the value of the LDAPS port. 109 * @param aliasesToUse 110 * the aliases of the certificates in the key store to be used. 111 * @return a new instance of a SecurityOptions using a self-signed 112 * certificate. 113 */ 114 private static SecurityOptions createSelfSignedCertificateOptions(boolean enableSSL, boolean enableStartTLS, 115 int sslPort, Collection<String> aliasesToUse) 116 { 117 return createOptionsForCertificatType( 118 CertificateType.SELF_SIGNED_CERTIFICATE, null, null, enableSSL, enableStartTLS, sslPort, aliasesToUse); 119 } 120 121 /** 122 * Creates a new instance of a SecurityOptions using a Java Key Store. 123 * 124 * @param keystorePath 125 * the path of the key store. 126 * @param keystorePwd 127 * the password of the key store. 128 * @param enableSSL 129 * whether SSL is enabled or not. 130 * @param enableStartTLS 131 * whether Start TLS is enabled or not. 132 * @param sslPort 133 * the value of the LDAPS port. 134 * @param aliasesToUse 135 * the aliases of the certificates in the key store to be used. 136 * @return a new instance of a SecurityOptions using a Java Key Store. 137 */ 138 public static SecurityOptions createJKSCertificateOptions(String keystorePath, String keystorePwd, boolean enableSSL, 139 boolean enableStartTLS, int sslPort, Collection<String> aliasesToUse) 140 { 141 return createOptionsForCertificatType( 142 CertificateType.JKS, keystorePath, keystorePwd, enableSSL, enableStartTLS, sslPort, aliasesToUse); 143 } 144 145 /** 146 * Creates a new instance of a SecurityOptions using a JCE Key Store. 147 * 148 * @param keystorePath 149 * the path of the key store. 150 * @param keystorePwd 151 * the password of the key store. 152 * @param enableSSL 153 * whether SSL is enabled or not. 154 * @param enableStartTLS 155 * whether Start TLS is enabled or not. 156 * @param sslPort 157 * the value of the LDAPS port. 158 * @param aliasesToUse 159 * the aliases of the certificates in the keystore to be used. 160 * @return a new instance of a SecurityOptions using a JCE Key Store. 161 */ 162 public static SecurityOptions createJCEKSCertificateOptions(String keystorePath, String keystorePwd, 163 boolean enableSSL, boolean enableStartTLS, int sslPort, Collection<String> aliasesToUse) 164 { 165 return createOptionsForCertificatType( 166 CertificateType.JCEKS, keystorePath, keystorePwd, enableSSL, enableStartTLS, sslPort, aliasesToUse); 167 } 168 169 170 /** 171 * Creates a new instance of a SecurityOptions using a PKCS#11 Key Store. 172 * 173 * @param keystorePwd 174 * the password of the key store. 175 * @param enableSSL 176 * whether SSL is enabled or not. 177 * @param enableStartTLS 178 * whether Start TLS is enabled or not. 179 * @param sslPort 180 * the value of the LDAPS port. 181 * @param aliasesToUse 182 * the aliases of the certificates in the keystore to be used. 183 * @return a new instance of a SecurityOptions using a PKCS#11 Key Store. 184 */ 185 public static SecurityOptions createPKCS11CertificateOptions(String keystorePwd, boolean enableSSL, 186 boolean enableStartTLS, int sslPort, Collection<String> aliasesToUse) 187 { 188 return createOptionsForCertificatType( 189 CertificateType.PKCS11, null, keystorePwd, enableSSL, enableStartTLS, sslPort, aliasesToUse); 190 } 191 192 /** 193 * Creates a new instance of a SecurityOptions using a PKCS#12 Key Store. 194 * 195 * @param keystorePath 196 * the path of the key store. 197 * @param keystorePwd 198 * the password of the key store. 199 * @param enableSSL 200 * whether SSL is enabled or not. 201 * @param enableStartTLS 202 * whether Start TLS is enabled or not. 203 * @param sslPort 204 * the value of the LDAPS port. 205 * @param aliasesToUse 206 * the aliases of the certificates in the keystore to be used. 207 * @return a new instance of a SecurityOptions using a PKCS#12 Key Store. 208 */ 209 public static SecurityOptions createPKCS12CertificateOptions( String keystorePath, String keystorePwd, 210 boolean enableSSL, boolean enableStartTLS, int sslPort, Collection<String> aliasesToUse) 211 { 212 return createOptionsForCertificatType( 213 CertificateType.PKCS12, keystorePath, keystorePwd, enableSSL, enableStartTLS, sslPort, aliasesToUse); 214 } 215 216 /** 217 * Creates a new instance of a SecurityOptions using the provided type Key 218 * Store. 219 * 220 * @param certType 221 * The Key Store type. 222 * @param keystorePath 223 * The path of the key store (may be @null). 224 * @param keystorePwd 225 * The password of the key store. 226 * @param enableSSL 227 * Whether SSL is enabled or not. 228 * @param enableStartTLS 229 * Whether Start TLS is enabled or not. 230 * @param sslPort 231 * The value of the LDAPS port. 232 * @param aliasesToUse 233 * The aliases of the certificates in the keystore to be used. 234 * @return a new instance of a SecurityOptions. 235 */ 236 public static SecurityOptions createOptionsForCertificatType(CertificateType certType, String keystorePath, 237 String keystorePwd, boolean enableSSL, boolean enableStartTLS, int sslPort, Collection<String> aliasesToUse) 238 { 239 if (certType == CertificateType.NO_CERTIFICATE) 240 { 241 return createNoCertificateOptions(); 242 } 243 else if ( certType.equals(CertificateType.SELF_SIGNED_CERTIFICATE) && aliasesToUse.isEmpty() ) 244 { 245 aliasesToUse = Arrays.asList(SELF_SIGNED_CERT_ALIAS); 246 } 247 248 SecurityOptions ops = new SecurityOptions(); 249 if (keystorePath != null) 250 { 251 ops.setKeyStorePath(keystorePath); 252 } 253 if (keystorePwd != null) 254 { 255 ops.setKeyStorePassword(keystorePwd); 256 } 257 ops.setCertificateType(certType); 258 updateCertificateOptions(ops, enableSSL, enableStartTLS, sslPort, aliasesToUse); 259 return ops; 260 } 261 262 /** 263 * Returns the CertificateType for this instance. 264 * @return the CertificateType for this instance. 265 */ 266 public CertificateType getCertificateType() 267 { 268 return certificateType; 269 } 270 271 /** 272 * Sets the CertificateType for this instance. 273 * @param certificateType the CertificateType for this instance. 274 */ 275 private void setCertificateType(CertificateType certificateType) 276 { 277 this.certificateType = certificateType; 278 } 279 280 /** 281 * Returns whether SSL is enabled or not. 282 * @return <CODE>true</CODE> if SSL is enabled and <CODE>false</CODE> 283 * otherwise. 284 */ 285 public boolean getEnableSSL() 286 { 287 return enableSSL; 288 } 289 290 /** 291 * Sets whether SSL is enabled or not. 292 * @param enableSSL whether SSL is enabled or not. 293 */ 294 private void setEnableSSL(boolean enableSSL) 295 { 296 this.enableSSL = enableSSL; 297 } 298 299 /** 300 * Returns whether StartTLS is enabled or not. 301 * @return <CODE>true</CODE> if StartTLS is enabled and <CODE>false</CODE> 302 * otherwise. 303 */ 304 public boolean getEnableStartTLS() 305 { 306 return enableStartTLS; 307 } 308 309 /** 310 * Sets whether StartTLS is enabled or not. 311 * @param enableStartTLS whether StartTLS is enabled or not. 312 */ 313 private void setEnableStartTLS(boolean enableStartTLS) 314 { 315 this.enableStartTLS = enableStartTLS; 316 } 317 318 /** 319 * Returns the key store password. 320 * @return the key store password. 321 */ 322 public String getKeystorePassword() 323 { 324 return keyStorePassword; 325 } 326 327 /** 328 * Sets the key store password. 329 * @param keyStorePassword the new key store password. 330 */ 331 private void setKeyStorePassword(String keyStorePassword) 332 { 333 this.keyStorePassword = keyStorePassword; 334 } 335 336 /** 337 * Returns the key store path. 338 * @return the key store path. 339 */ 340 public String getKeystorePath() 341 { 342 return keyStorePath; 343 } 344 345 /** 346 * Sets the key store path. 347 * @param keyStorePath the new key store path. 348 */ 349 private void setKeyStorePath(String keyStorePath) 350 { 351 this.keyStorePath = keyStorePath; 352 } 353 354 /** 355 * Updates the provided certificate options object with some parameters. 356 * @param ops the SecurityOptions object to be updated. 357 * @param enableSSL whether to enable SSL or not. 358 * @param enableStartTLS whether to enable StartTLS or not. 359 * @param sslPort the LDAPS port number. 360 * @param aliasToUse the name of the alias to be used. 361 */ 362 private static void updateCertificateOptions(SecurityOptions ops, 363 boolean enableSSL, boolean enableStartTLS, int sslPort, Collection<String> aliasesToUse) 364 { 365 if (!enableSSL && !enableStartTLS) 366 { 367 throw new IllegalArgumentException( 368 "You must enable SSL or StartTLS to use a certificate."); 369 } 370 ops.setEnableSSL(enableSSL); 371 ops.setEnableStartTLS(enableStartTLS); 372 ops.setSslPort(sslPort); 373 ops.setAliasToUse(aliasesToUse); 374 } 375 376 /** 377 * Returns the SSL port. 378 * @return the SSL port. 379 */ 380 public int getSslPort() 381 { 382 return sslPort; 383 } 384 385 /** 386 * Sets the SSL port. 387 * @param sslPort the new SSL port. 388 */ 389 void setSslPort(int sslPort) 390 { 391 this.sslPort = sslPort; 392 } 393 394 /** 395 * Returns the alias of the certificate in the key store to be used. 396 * @return the alias of the certificate in the key store to be used. 397 */ 398 public Set<String> getAliasesToUse() 399 { 400 return aliasesToUse; 401 } 402 403 /** 404 * Sets the certificates aliases name. 405 * @param aliasesToUse the certificates aliases name. 406 */ 407 private void setAliasToUse(Collection<String> aliasesToUse) 408 { 409 this.aliasesToUse.clear(); 410 this.aliasesToUse.addAll(aliasesToUse); 411 } 412 413}