001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions Copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2006-2010 Sun Microsystems, Inc.
015 * Portions Copyright 2015-2016 ForgeRock AS.
016 */
017package org.opends.quicksetup;
018
019import java.util.Arrays;
020import java.util.Collection;
021import java.util.Set;
022import java.util.TreeSet;
023
024/** Class used to describe the Security Options specified by the user. */
025public class SecurityOptions
026{
027  private boolean enableSSL;
028  private boolean enableStartTLS;
029
030  private int sslPort = 636;
031
032  /** Alias of a self-signed certificate. */
033  public static final String SELF_SIGNED_CERT_ALIAS = "server-cert";
034  /** Alias of a self-signed certificate using elliptic curve. */
035  public static final String SELF_SIGNED_EC_CERT_ALIAS = SELF_SIGNED_CERT_ALIAS + "-ec";
036
037  /** The different type of security options that we can have. */
038  public enum CertificateType
039  {
040    /** No certificate to be used (and so no SSL and no Start TLS). */
041    NO_CERTIFICATE,
042    /** Use a newly created Self Signed Certificate. */
043    SELF_SIGNED_CERTIFICATE,
044    /** Use an existing JKS key store. */
045    JKS,
046    /** Use an existing JCEKS key store. */
047    JCEKS,
048    /** Use an existing PKCS#11 key store. */
049    PKCS11,
050    /** Use an existing PKCS#12 key store. */
051    PKCS12
052  }
053
054  private CertificateType certificateType;
055  private String keyStorePath;
056  private String keyStorePassword;
057  private final Set<String> aliasesToUse = new TreeSet<>();
058
059  private SecurityOptions()
060  {
061  }
062
063  /**
064   * Creates a new instance of a SecurityOptions representing for no certificate
065   * (no SSL or Start TLS).
066   *
067   * @return a new instance of a SecurityOptions representing for no certificate
068   *         (no SSL or Start TLS).
069   */
070  public static SecurityOptions createNoCertificateOptions()
071  {
072    SecurityOptions ops = new SecurityOptions();
073    ops.setCertificateType(CertificateType.NO_CERTIFICATE);
074    ops.setEnableSSL(false);
075    ops.setEnableStartTLS(false);
076    return ops;
077  }
078
079  /**
080   * Creates a new instance of a SecurityOptions using a self-signed
081   * certificate.
082   *
083   * @param enableSSL
084   *          whether SSL is enabled or not.
085   * @param enableStartTLS
086   *          whether Start TLS is enabled or not.
087   * @param sslPort
088   *          the value of the LDAPS port.
089   * @return a new instance of a SecurityOptions using a self-signed
090   *         certificate.
091   */
092  public static SecurityOptions createSelfSignedCertificateOptions(
093          boolean enableSSL, boolean enableStartTLS, int sslPort)
094  {
095    return createSelfSignedCertificateOptions(enableSSL, enableStartTLS, sslPort,
096        Arrays.asList(SELF_SIGNED_CERT_ALIAS));
097  }
098
099  /**
100   * Creates a new instance of a SecurityOptions using a self-signed
101   * certificate.
102   *
103   * @param enableSSL
104   *          whether SSL is enabled or not.
105   * @param enableStartTLS
106   *          whether Start TLS is enabled or not.
107   * @param sslPort
108   *          the value of the LDAPS port.
109   * @param aliasesToUse
110   *          the aliases of the certificates in the key store to be used.
111   * @return a new instance of a SecurityOptions using a self-signed
112   *         certificate.
113   */
114  private static SecurityOptions createSelfSignedCertificateOptions(boolean enableSSL, boolean enableStartTLS,
115      int sslPort, Collection<String> aliasesToUse)
116  {
117      return createOptionsForCertificatType(
118              CertificateType.SELF_SIGNED_CERTIFICATE, null, null, enableSSL, enableStartTLS, sslPort, aliasesToUse);
119  }
120
121  /**
122   * Creates a new instance of a SecurityOptions using a Java Key Store.
123   *
124   * @param keystorePath
125   *          the path of the key store.
126   * @param keystorePwd
127   *          the password of the key store.
128   * @param enableSSL
129   *          whether SSL is enabled or not.
130   * @param enableStartTLS
131   *          whether Start TLS is enabled or not.
132   * @param sslPort
133   *          the value of the LDAPS port.
134   * @param aliasesToUse
135   *          the aliases of the certificates in the key store to be used.
136   * @return a new instance of a SecurityOptions using a Java Key Store.
137   */
138  public static SecurityOptions createJKSCertificateOptions(String keystorePath, String keystorePwd, boolean enableSSL,
139      boolean enableStartTLS, int sslPort, Collection<String> aliasesToUse)
140  {
141    return createOptionsForCertificatType(
142            CertificateType.JKS, keystorePath, keystorePwd, enableSSL, enableStartTLS, sslPort, aliasesToUse);
143  }
144
145  /**
146   * Creates a new instance of a SecurityOptions using a JCE Key Store.
147   *
148   * @param keystorePath
149   *          the path of the key store.
150   * @param keystorePwd
151   *          the password of the key store.
152   * @param enableSSL
153   *          whether SSL is enabled or not.
154   * @param enableStartTLS
155   *          whether Start TLS is enabled or not.
156   * @param sslPort
157   *          the value of the LDAPS port.
158   * @param aliasesToUse
159   *          the aliases of the certificates in the keystore to be used.
160   * @return a new instance of a SecurityOptions using a JCE Key Store.
161   */
162  public static SecurityOptions createJCEKSCertificateOptions(String keystorePath, String keystorePwd,
163      boolean enableSSL, boolean enableStartTLS, int sslPort, Collection<String> aliasesToUse)
164  {
165    return createOptionsForCertificatType(
166            CertificateType.JCEKS, keystorePath, keystorePwd, enableSSL, enableStartTLS, sslPort, aliasesToUse);
167  }
168
169
170  /**
171   * Creates a new instance of a SecurityOptions using a PKCS#11 Key Store.
172   *
173   * @param keystorePwd
174   *          the password of the key store.
175   * @param enableSSL
176   *          whether SSL is enabled or not.
177   * @param enableStartTLS
178   *          whether Start TLS is enabled or not.
179   * @param sslPort
180   *          the value of the LDAPS port.
181   * @param aliasesToUse
182   *          the aliases of the certificates in the keystore to be used.
183   * @return a new instance of a SecurityOptions using a PKCS#11 Key Store.
184   */
185  public static SecurityOptions createPKCS11CertificateOptions(String keystorePwd, boolean enableSSL,
186      boolean enableStartTLS, int sslPort, Collection<String> aliasesToUse)
187  {
188    return createOptionsForCertificatType(
189            CertificateType.PKCS11, null, keystorePwd, enableSSL, enableStartTLS, sslPort, aliasesToUse);
190  }
191
192  /**
193   * Creates a new instance of a SecurityOptions using a PKCS#12 Key Store.
194   *
195   * @param keystorePath
196   *          the path of the key store.
197   * @param keystorePwd
198   *          the password of the key store.
199   * @param enableSSL
200   *          whether SSL is enabled or not.
201   * @param enableStartTLS
202   *          whether Start TLS is enabled or not.
203   * @param sslPort
204   *          the value of the LDAPS port.
205   * @param aliasesToUse
206   *          the aliases of the certificates in the keystore to be used.
207   * @return a new instance of a SecurityOptions using a PKCS#12 Key Store.
208   */
209  public static SecurityOptions createPKCS12CertificateOptions( String keystorePath, String keystorePwd,
210          boolean enableSSL, boolean enableStartTLS, int sslPort, Collection<String> aliasesToUse)
211  {
212    return createOptionsForCertificatType(
213            CertificateType.PKCS12, keystorePath, keystorePwd, enableSSL, enableStartTLS, sslPort, aliasesToUse);
214  }
215
216  /**
217   * Creates a new instance of a SecurityOptions using the provided type Key
218   * Store.
219   *
220   * @param certType
221   *          The Key Store type.
222   * @param keystorePath
223   *          The path of the key store (may be @null).
224   * @param keystorePwd
225   *          The password of the key store.
226   * @param enableSSL
227   *          Whether SSL is enabled or not.
228   * @param enableStartTLS
229   *          Whether Start TLS is enabled or not.
230   * @param sslPort
231   *          The value of the LDAPS port.
232   * @param aliasesToUse
233   *          The aliases of the certificates in the keystore to be used.
234   * @return a new instance of a SecurityOptions.
235   */
236  public static SecurityOptions createOptionsForCertificatType(CertificateType certType, String keystorePath,
237      String keystorePwd, boolean enableSSL, boolean enableStartTLS, int sslPort, Collection<String> aliasesToUse)
238  {
239      if (certType == CertificateType.NO_CERTIFICATE)
240      {
241        return createNoCertificateOptions();
242      }
243      else if ( certType.equals(CertificateType.SELF_SIGNED_CERTIFICATE) && aliasesToUse.isEmpty() )
244      {
245        aliasesToUse = Arrays.asList(SELF_SIGNED_CERT_ALIAS);
246      }
247
248      SecurityOptions ops = new SecurityOptions();
249      if (keystorePath != null)
250      {
251        ops.setKeyStorePath(keystorePath);
252      }
253      if (keystorePwd != null)
254      {
255        ops.setKeyStorePassword(keystorePwd);
256      }
257      ops.setCertificateType(certType);
258      updateCertificateOptions(ops, enableSSL, enableStartTLS, sslPort, aliasesToUse);
259      return ops;
260  }
261
262  /**
263   * Returns the CertificateType for this instance.
264   * @return the CertificateType for this instance.
265   */
266  public CertificateType getCertificateType()
267  {
268    return certificateType;
269  }
270
271  /**
272   * Sets the CertificateType for this instance.
273   * @param certificateType the CertificateType for this instance.
274   */
275  private void setCertificateType(CertificateType certificateType)
276  {
277    this.certificateType = certificateType;
278  }
279
280  /**
281   * Returns whether SSL is enabled or not.
282   * @return <CODE>true</CODE> if SSL is enabled and <CODE>false</CODE>
283   * otherwise.
284   */
285  public boolean getEnableSSL()
286  {
287    return enableSSL;
288  }
289
290  /**
291   * Sets whether SSL is enabled or not.
292   * @param enableSSL whether SSL is enabled or not.
293   */
294  private void setEnableSSL(boolean enableSSL)
295  {
296    this.enableSSL = enableSSL;
297  }
298
299  /**
300   * Returns whether StartTLS is enabled or not.
301   * @return <CODE>true</CODE> if StartTLS is enabled and <CODE>false</CODE>
302   * otherwise.
303   */
304  public boolean getEnableStartTLS()
305  {
306    return enableStartTLS;
307  }
308
309  /**
310   * Sets whether StartTLS is enabled or not.
311   * @param enableStartTLS whether StartTLS is enabled or not.
312   */
313  private void setEnableStartTLS(boolean enableStartTLS)
314  {
315    this.enableStartTLS = enableStartTLS;
316  }
317
318  /**
319   * Returns the key store password.
320   * @return the key store password.
321   */
322  public String getKeystorePassword()
323  {
324    return keyStorePassword;
325  }
326
327  /**
328   * Sets the key store password.
329   * @param keyStorePassword the new key store password.
330   */
331  private void setKeyStorePassword(String keyStorePassword)
332  {
333    this.keyStorePassword = keyStorePassword;
334  }
335
336  /**
337   * Returns the key store path.
338   * @return the key store path.
339   */
340  public String getKeystorePath()
341  {
342    return keyStorePath;
343  }
344
345  /**
346   * Sets the key store path.
347   * @param keyStorePath the new key store path.
348   */
349  private void setKeyStorePath(String keyStorePath)
350  {
351    this.keyStorePath = keyStorePath;
352  }
353
354  /**
355   * Updates the provided certificate options object with some parameters.
356   * @param ops the SecurityOptions object to be updated.
357   * @param enableSSL whether to enable SSL or not.
358   * @param enableStartTLS whether to enable StartTLS or not.
359   * @param sslPort the LDAPS port number.
360   * @param aliasToUse the name of the alias to be used.
361   */
362  private static void updateCertificateOptions(SecurityOptions ops,
363      boolean enableSSL, boolean enableStartTLS, int sslPort, Collection<String> aliasesToUse)
364  {
365    if (!enableSSL && !enableStartTLS)
366    {
367      throw new IllegalArgumentException(
368          "You must enable SSL or StartTLS to use a certificate.");
369    }
370    ops.setEnableSSL(enableSSL);
371    ops.setEnableStartTLS(enableStartTLS);
372    ops.setSslPort(sslPort);
373    ops.setAliasToUse(aliasesToUse);
374  }
375
376  /**
377   * Returns the SSL port.
378   * @return the SSL port.
379   */
380  public int getSslPort()
381  {
382    return sslPort;
383  }
384
385  /**
386   * Sets the SSL port.
387   * @param sslPort the new SSL port.
388   */
389  void setSslPort(int sslPort)
390  {
391    this.sslPort = sslPort;
392  }
393
394  /**
395   * Returns the alias of the certificate in the key store to be used.
396   * @return the alias of the certificate in the key store to be used.
397   */
398  public Set<String> getAliasesToUse()
399  {
400    return aliasesToUse;
401  }
402
403  /**
404   * Sets the certificates aliases name.
405   * @param aliasesToUse the certificates aliases name.
406   */
407  private void setAliasToUse(Collection<String> aliasesToUse)
408  {
409    this.aliasesToUse.clear();
410    this.aliasesToUse.addAll(aliasesToUse);
411  }
412
413}