1147N/A/*
1147N/A * CDDL HEADER START
1147N/A *
1147N/A * The contents of this file are subject to the terms of the
1147N/A * Common Development and Distribution License, Version 1.0 only
1147N/A * (the "License"). You may not use this file except in compliance
1147N/A * with the License.
1147N/A *
6983N/A * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
6983N/A * or http://forgerock.org/license/CDDLv1.0.html.
1147N/A * See the License for the specific language governing permissions
1147N/A * and limitations under the License.
1147N/A *
1147N/A * When distributing Covered Code, include this CDDL HEADER in each
6983N/A * file and include the License file at legal-notices/CDDLv1_0.txt.
6983N/A * If applicable, add the following below this CDDL HEADER, with the
6983N/A * fields enclosed by brackets "[]" replaced with your own identifying
6983N/A * information:
1147N/A * Portions Copyright [yyyy] [name of copyright owner]
1147N/A *
1147N/A * CDDL HEADER END
1147N/A *
1147N/A *
5064N/A * Copyright 2006-2010 Sun Microsystems, Inc.
1147N/A */
1147N/Apackage org.opends.quicksetup;
1147N/A
1147N/A/**
1147N/A * Class used to describe the Security Options specified by the user.
1147N/A *
1147N/A */
1147N/Apublic class SecurityOptions
1147N/A{
1147N/A private boolean enableSSL;
1147N/A private boolean enableStartTLS;
1147N/A
1147N/A private int sslPort = 636;
1147N/A
4937N/A /** Alias of a self-signed certificate. */
4937N/A public static final String SELF_SIGNED_CERT_ALIAS = "server-cert";
4937N/A
1147N/A /**
1147N/A * The different type of security options that we can have.
1147N/A */
1147N/A public enum CertificateType
1147N/A {
1147N/A /**
1147N/A * No certificate to be used (and so no SSL and no Start TLS).
1147N/A */
1147N/A NO_CERTIFICATE,
1147N/A /**
1147N/A * Use a newly created Self Signed Certificate.
1147N/A */
1147N/A SELF_SIGNED_CERTIFICATE,
1147N/A /**
4937N/A * Use an existing JKS key store.
1147N/A */
1147N/A JKS,
1147N/A /**
4937N/A * Use an existing JCEKS key store.
3850N/A */
3850N/A JCEKS,
3850N/A /**
4937N/A * Use an existing PKCS#11 key store.
1147N/A */
1147N/A PKCS11,
1147N/A /**
4937N/A * Use an existing PKCS#12 key store.
1147N/A */
1147N/A PKCS12
1147N/A }
1147N/A
1147N/A private CertificateType certificateType;
1147N/A private String keyStorePath;
1147N/A private String keyStorePassword;
1147N/A private String aliasToUse;
1147N/A
1147N/A private SecurityOptions()
1147N/A {
1147N/A }
1147N/A
1147N/A /**
1147N/A * Creates a new instance of a SecurityOptions representing for no certificate
1147N/A * (no SSL or Start TLS).
1147N/A * @return a new instance of a SecurityOptions representing for no certificate
1147N/A * (no SSL or Start TLS).
1147N/A */
1147N/A public static SecurityOptions createNoCertificateOptions()
1147N/A {
1147N/A SecurityOptions ops = new SecurityOptions();
1147N/A ops.setCertificateType(CertificateType.NO_CERTIFICATE);
1147N/A ops.setEnableSSL(false);
1147N/A ops.setEnableStartTLS(false);
1147N/A return ops;
1147N/A }
1147N/A
1147N/A /**
1147N/A * Creates a new instance of a SecurityOptions using a self-signed
1147N/A * certificate.
1147N/A * @param enableSSL whether SSL is enabled or not.
1147N/A * @param enableStartTLS whether Start TLS is enabled or not.
1147N/A * @param sslPort the value of the LDAPS port.
1147N/A * @return a new instance of a SecurityOptions using a self-signed
1147N/A * certificate.
1147N/A */
1509N/A public static SecurityOptions createSelfSignedCertificateOptions(
1147N/A boolean enableSSL, boolean enableStartTLS, int sslPort)
1147N/A {
5064N/A
5064N/A return createSelfSignedCertificateOptions(enableSSL, enableStartTLS,
5064N/A sslPort, SELF_SIGNED_CERT_ALIAS);
5064N/A }
5064N/A
5064N/A /**
5064N/A * Creates a new instance of a SecurityOptions using a self-signed
5064N/A * certificate.
5064N/A * @param enableSSL whether SSL is enabled or not.
5064N/A * @param enableStartTLS whether Start TLS is enabled or not.
5064N/A * @param sslPort the value of the LDAPS port.
5064N/A * @param aliasToUse the alias of the certificate in the key store to be used.
5064N/A * @return a new instance of a SecurityOptions using a self-signed
5064N/A * certificate.
5064N/A */
5064N/A public static SecurityOptions createSelfSignedCertificateOptions(
5064N/A boolean enableSSL, boolean enableStartTLS, int sslPort, String aliasToUse)
5064N/A {
1147N/A SecurityOptions ops = new SecurityOptions();
1147N/A ops.setCertificateType(CertificateType.SELF_SIGNED_CERTIFICATE);
4937N/A updateCertificateOptions(ops, enableSSL, enableStartTLS, sslPort,
5064N/A aliasToUse);
1147N/A return ops;
1147N/A }
1147N/A
1147N/A /**
1147N/A * Creates a new instance of a SecurityOptions using a Java Key Store.
1147N/A * @param keystorePath the path of the key store.
1147N/A * @param keystorePwd the password of the key store.
1147N/A * @param enableSSL whether SSL is enabled or not.
1147N/A * @param enableStartTLS whether Start TLS is enabled or not.
1147N/A * @param sslPort the value of the LDAPS port.
4929N/A * @param aliasToUse the alias of the certificate in the key store to be used.
1147N/A * @return a new instance of a SecurityOptions using a Java Key Store.
1147N/A */
1147N/A public static SecurityOptions createJKSCertificateOptions(String keystorePath,
1147N/A String keystorePwd, boolean enableSSL, boolean enableStartTLS,
1147N/A int sslPort, String aliasToUse)
1147N/A {
1147N/A SecurityOptions ops = new SecurityOptions();
1147N/A ops.setCertificateType(CertificateType.JKS);
1147N/A ops.setKeyStorePath(keystorePath);
1147N/A ops.setKeyStorePassword(keystorePwd);
1147N/A updateCertificateOptions(ops, enableSSL, enableStartTLS, sslPort,
1147N/A aliasToUse);
1147N/A return ops;
1147N/A }
1147N/A
1147N/A /**
3850N/A * Creates a new instance of a SecurityOptions using a JCE Key Store.
3850N/A * @param keystorePath the path of the key store.
3850N/A * @param keystorePwd the password of the key store.
3850N/A * @param enableSSL whether SSL is enabled or not.
3850N/A * @param enableStartTLS whether Start TLS is enabled or not.
3850N/A * @param sslPort the value of the LDAPS port.
3850N/A * @param aliasToUse the alias of the certificate in the keystore to be used.
3850N/A * @return a new instance of a SecurityOptions using a JCE Key Store.
3850N/A */
3850N/A public static SecurityOptions createJCEKSCertificateOptions(
3850N/A String keystorePath,
3850N/A String keystorePwd, boolean enableSSL, boolean enableStartTLS,
3850N/A int sslPort, String aliasToUse)
3850N/A {
3850N/A SecurityOptions ops = new SecurityOptions();
3850N/A ops.setCertificateType(CertificateType.JCEKS);
3850N/A ops.setKeyStorePath(keystorePath);
3850N/A ops.setKeyStorePassword(keystorePwd);
3850N/A updateCertificateOptions(ops, enableSSL, enableStartTLS, sslPort,
3850N/A aliasToUse);
3850N/A return ops;
3850N/A }
3850N/A
3850N/A
3850N/A /**
1147N/A * Creates a new instance of a SecurityOptions using a PKCS#11 Key Store.
1147N/A * @param keystorePwd the password of the key store.
1147N/A * @param enableSSL whether SSL is enabled or not.
1147N/A * @param enableStartTLS whether Start TLS is enabled or not.
1147N/A * @param sslPort the value of the LDAPS port.
1147N/A * @param aliasToUse the alias of the certificate in the keystore to be used.
1147N/A * @return a new instance of a SecurityOptions using a PKCS#11 Key Store.
1147N/A */
1147N/A public static SecurityOptions createPKCS11CertificateOptions(
1147N/A String keystorePwd, boolean enableSSL, boolean enableStartTLS,
1147N/A int sslPort, String aliasToUse)
1147N/A {
1147N/A SecurityOptions ops = new SecurityOptions();
1147N/A ops.setCertificateType(CertificateType.PKCS11);
1147N/A ops.setKeyStorePassword(keystorePwd);
1147N/A updateCertificateOptions(ops, enableSSL, enableStartTLS, sslPort,
1147N/A aliasToUse);
1147N/A return ops;
1147N/A }
1147N/A
1147N/A /**
1147N/A * Creates a new instance of a SecurityOptions using a PKCS#12 Key Store.
1147N/A * @param keystorePath the path of the key store.
1147N/A * @param keystorePwd the password of the key store.
1147N/A * @param enableSSL whether SSL is enabled or not.
1147N/A * @param enableStartTLS whether Start TLS is enabled or not.
1147N/A * @param sslPort the value of the LDAPS port.
1147N/A * @param aliasToUse the alias of the certificate in the keystore to be used.
1147N/A * @return a new instance of a SecurityOptions using a PKCS#12 Key Store.
1147N/A */
1147N/A public static SecurityOptions createPKCS12CertificateOptions(
1147N/A String keystorePath, String keystorePwd, boolean enableSSL,
1147N/A boolean enableStartTLS, int sslPort, String aliasToUse)
1147N/A {
1147N/A SecurityOptions ops = new SecurityOptions();
1147N/A ops.setCertificateType(CertificateType.PKCS12);
1147N/A ops.setKeyStorePath(keystorePath);
1147N/A ops.setKeyStorePassword(keystorePwd);
1147N/A updateCertificateOptions(ops, enableSSL, enableStartTLS, sslPort,
1147N/A aliasToUse);
1147N/A return ops;
1147N/A }
1147N/A
1147N/A /**
1147N/A * Returns the CertificateType for this instance.
1147N/A * @return the CertificateType for this instance.
1147N/A */
1147N/A public CertificateType getCertificateType()
1147N/A {
1147N/A return certificateType;
1147N/A }
1147N/A
1147N/A /**
1147N/A * Sets the CertificateType for this instance.
1147N/A * @param certificateType the CertificateType for this instance.
1147N/A */
1147N/A private void setCertificateType(CertificateType certificateType)
1147N/A {
1147N/A this.certificateType = certificateType;
1147N/A }
1147N/A
1147N/A /**
1147N/A * Returns whether SSL is enabled or not.
1147N/A * @return <CODE>true</CODE> if SSL is enabled and <CODE>false</CODE>
1147N/A * otherwise.
1147N/A */
1147N/A public boolean getEnableSSL()
1147N/A {
1147N/A return enableSSL;
1147N/A }
1147N/A
1147N/A /**
1147N/A * Sets whether SSL is enabled or not.
1147N/A * @param enableSSL whether SSL is enabled or not.
1147N/A */
1147N/A private void setEnableSSL(boolean enableSSL)
1147N/A {
1147N/A this.enableSSL = enableSSL;
1147N/A }
1147N/A
1147N/A /**
1147N/A * Returns whether StartTLS is enabled or not.
1147N/A * @return <CODE>true</CODE> if StartTLS is enabled and <CODE>false</CODE>
1147N/A * otherwise.
1147N/A */
1147N/A public boolean getEnableStartTLS()
1147N/A {
1147N/A return enableStartTLS;
1147N/A }
1147N/A
1147N/A /**
1147N/A * Sets whether StartTLS is enabled or not.
1147N/A * @param enableStartTLS whether StartTLS is enabled or not.
1147N/A */
1147N/A private void setEnableStartTLS(boolean enableStartTLS)
1147N/A {
1147N/A this.enableStartTLS = enableStartTLS;
1147N/A }
1147N/A
1147N/A /**
1147N/A * Returns the key store password.
1147N/A * @return the key store password.
1147N/A */
1147N/A public String getKeystorePassword()
1147N/A {
1147N/A return keyStorePassword;
1147N/A }
1147N/A
1147N/A /**
1147N/A * Sets the key store password.
1502N/A * @param keyStorePassword the new key store password.
1147N/A */
1147N/A private void setKeyStorePassword(String keyStorePassword)
1147N/A {
1147N/A this.keyStorePassword = keyStorePassword;
1147N/A }
1147N/A
1147N/A /**
1147N/A * Returns the key store path.
1147N/A * @return the key store path.
1147N/A */
1147N/A public String getKeystorePath()
1147N/A {
1147N/A return keyStorePath;
1147N/A }
1147N/A
1147N/A /**
1147N/A * Sets the key store path.
1147N/A * @param keyStorePath the new key store path.
1147N/A */
1147N/A private void setKeyStorePath(String keyStorePath)
1147N/A {
1147N/A this.keyStorePath = keyStorePath;
1147N/A }
1147N/A
1147N/A /**
1147N/A * Updates the provided certificate options object with some parameters.
1147N/A * @param ops the SecurityOptions object to be updated.
1147N/A * @param enableSSL whether to enable SSL or not.
1147N/A * @param enableStartTLS whether to enable StartTLS or not.
1147N/A * @param sslPort the LDAPS port number.
1147N/A * @param aliasToUse the name of the alias to be used.
1147N/A */
1147N/A private static void updateCertificateOptions(SecurityOptions ops,
1147N/A boolean enableSSL, boolean enableStartTLS, int sslPort, String aliasToUse)
1147N/A {
1147N/A if (!enableSSL && !enableStartTLS)
1147N/A {
1147N/A throw new IllegalArgumentException(
1147N/A "You must enable SSL or StartTLS to use a certificate.");
1147N/A }
1147N/A ops.setEnableSSL(enableSSL);
1147N/A ops.setEnableStartTLS(enableStartTLS);
1147N/A ops.setSslPort(sslPort);
1147N/A ops.setAliasToUse(aliasToUse);
1147N/A }
1147N/A
1147N/A /**
1147N/A * Returns the SSL port.
1147N/A * @return the SSL port.
1147N/A */
1147N/A public int getSslPort()
1147N/A {
1147N/A return sslPort;
1147N/A }
1147N/A
1147N/A /**
1147N/A * Sets the SSL port.
1147N/A * @param sslPort the new SSL port.
1147N/A */
1147N/A void setSslPort(int sslPort)
1147N/A {
1147N/A this.sslPort = sslPort;
1147N/A }
1147N/A
1147N/A /**
4929N/A * Returns the alias of the certificate in the key store to be used.
4929N/A * @return the alias of the certificate in the key store to be used.
1147N/A */
1147N/A public String getAliasToUse()
1147N/A {
1147N/A return aliasToUse;
1147N/A }
1147N/A
1147N/A /**
1147N/A * Sets the certificate alias name.
1147N/A * @param aliasToUse the certificate alias name.
1147N/A */
1147N/A void setAliasToUse(String aliasToUse)
1147N/A {
1147N/A this.aliasToUse = aliasToUse;
1147N/A }
1147N/A}