001/*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License").  You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
010 * or http://forgerock.org/license/CDDLv1.0.html.
011 * See the License for the specific language governing permissions
012 * and limitations under the License.
013 *
014 * When distributing Covered Code, include this CDDL HEADER in each
015 * file and include the License file at legal-notices/CDDLv1_0.txt.
016 * If applicable, add the following below this CDDL HEADER, with the
017 * fields enclosed by brackets "[]" replaced with your own identifying
018 * information:
019 *      Portions Copyright [yyyy] [name of copyright owner]
020 *
021 * CDDL HEADER END
022 *
023 *
024 *      Copyright 2006-2010 Sun Microsystems, Inc.
025 *      Portions Copyright 2015 ForgeRock AS
026 */
027package org.opends.quicksetup;
028
029
030/**
031 * Class used to describe the Security Options specified by the user.
032 *
033 */
034public class SecurityOptions
035{
036  private boolean enableSSL;
037  private boolean enableStartTLS;
038
039  private int sslPort = 636;
040
041  /** Alias of a self-signed certificate. */
042  public static final String SELF_SIGNED_CERT_ALIAS = "server-cert";
043
044  /**
045   * The different type of security options that we can have.
046   */
047  public enum CertificateType
048  {
049    /**
050     * No certificate to be used (and so no SSL and no Start TLS).
051     */
052    NO_CERTIFICATE,
053    /**
054     * Use a newly created Self Signed Certificate.
055     */
056    SELF_SIGNED_CERTIFICATE,
057    /**
058     * Use an existing JKS key store.
059     */
060    JKS,
061    /**
062     * Use an existing JCEKS key store.
063     */
064    JCEKS,
065    /**
066     * Use an existing PKCS#11 key store.
067     */
068    PKCS11,
069    /**
070     * Use an existing PKCS#12 key store.
071     */
072    PKCS12
073  }
074
075  private CertificateType certificateType;
076  private String keyStorePath;
077  private String keyStorePassword;
078  private String aliasToUse;
079
080  private SecurityOptions()
081  {
082  }
083
084  /**
085   * Creates a new instance of a SecurityOptions representing for no certificate
086   * (no SSL or Start TLS).
087   *
088   * @return a new instance of a SecurityOptions representing for no certificate
089   *         (no SSL or Start TLS).
090   */
091  public static SecurityOptions createNoCertificateOptions()
092  {
093    SecurityOptions ops = new SecurityOptions();
094    ops.setCertificateType(CertificateType.NO_CERTIFICATE);
095    ops.setEnableSSL(false);
096    ops.setEnableStartTLS(false);
097    return ops;
098  }
099
100  /**
101   * Creates a new instance of a SecurityOptions using a self-signed
102   * certificate.
103   *
104   * @param enableSSL
105   *          whether SSL is enabled or not.
106   * @param enableStartTLS
107   *          whether Start TLS is enabled or not.
108   * @param sslPort
109   *          the value of the LDAPS port.
110   * @return a new instance of a SecurityOptions using a self-signed
111   *         certificate.
112   */
113  public static SecurityOptions createSelfSignedCertificateOptions(
114          boolean enableSSL, boolean enableStartTLS, int sslPort)
115  {
116    return createSelfSignedCertificateOptions(enableSSL, enableStartTLS, sslPort, SELF_SIGNED_CERT_ALIAS);
117  }
118
119  /**
120   * Creates a new instance of a SecurityOptions using a self-signed
121   * certificate.
122   *
123   * @param enableSSL
124   *          whether SSL is enabled or not.
125   * @param enableStartTLS
126   *          whether Start TLS is enabled or not.
127   * @param sslPort
128   *          the value of the LDAPS port.
129   * @param aliasToUse
130   *          the alias of the certificate in the key store to be used.
131   * @return a new instance of a SecurityOptions using a self-signed
132   *         certificate.
133   */
134  public static SecurityOptions createSelfSignedCertificateOptions(boolean enableSSL, boolean enableStartTLS,
135      int sslPort, String aliasToUse)
136  {
137      return createOptionsForCertificatType(
138              CertificateType.SELF_SIGNED_CERTIFICATE, null, null, enableSSL, enableStartTLS, sslPort, aliasToUse);
139  }
140
141  /**
142   * Creates a new instance of a SecurityOptions using a Java Key Store.
143   *
144   * @param keystorePath
145   *          the path of the key store.
146   * @param keystorePwd
147   *          the password of the key store.
148   * @param enableSSL
149   *          whether SSL is enabled or not.
150   * @param enableStartTLS
151   *          whether Start TLS is enabled or not.
152   * @param sslPort
153   *          the value of the LDAPS port.
154   * @param aliasToUse
155   *          the alias of the certificate in the key store to be used.
156   * @return a new instance of a SecurityOptions using a Java Key Store.
157   */
158  public static SecurityOptions createJKSCertificateOptions(String keystorePath, String keystorePwd, boolean enableSSL,
159      boolean enableStartTLS, int sslPort, String aliasToUse)
160  {
161    return createOptionsForCertificatType(
162            CertificateType.JKS, keystorePath, keystorePwd, enableSSL, enableStartTLS, sslPort, aliasToUse);
163  }
164
165  /**
166   * Creates a new instance of a SecurityOptions using a JCE Key Store.
167   *
168   * @param keystorePath
169   *          the path of the key store.
170   * @param keystorePwd
171   *          the password of the key store.
172   * @param enableSSL
173   *          whether SSL is enabled or not.
174   * @param enableStartTLS
175   *          whether Start TLS is enabled or not.
176   * @param sslPort
177   *          the value of the LDAPS port.
178   * @param aliasToUse
179   *          the alias of the certificate in the keystore to be used.
180   * @return a new instance of a SecurityOptions using a JCE Key Store.
181   */
182  public static SecurityOptions createJCEKSCertificateOptions(String keystorePath, String keystorePwd,
183      boolean enableSSL, boolean enableStartTLS, int sslPort, String aliasToUse)
184  {
185    return createOptionsForCertificatType(
186            CertificateType.JCEKS, keystorePath, keystorePwd, enableSSL, enableStartTLS, sslPort, aliasToUse);
187  }
188
189
190  /**
191   * Creates a new instance of a SecurityOptions using a PKCS#11 Key Store.
192   *
193   * @param keystorePwd
194   *          the password of the key store.
195   * @param enableSSL
196   *          whether SSL is enabled or not.
197   * @param enableStartTLS
198   *          whether Start TLS is enabled or not.
199   * @param sslPort
200   *          the value of the LDAPS port.
201   * @param aliasToUse
202   *          the alias of the certificate in the keystore to be used.
203   * @return a new instance of a SecurityOptions using a PKCS#11 Key Store.
204   */
205  public static SecurityOptions createPKCS11CertificateOptions(String keystorePwd, boolean enableSSL,
206      boolean enableStartTLS, int sslPort, String aliasToUse)
207  {
208    return createOptionsForCertificatType(
209            CertificateType.PKCS11, null, keystorePwd, enableSSL, enableStartTLS, sslPort, aliasToUse);
210  }
211
212  /**
213   * Creates a new instance of a SecurityOptions using a PKCS#12 Key Store.
214   *
215   * @param keystorePath
216   *          the path of the key store.
217   * @param keystorePwd
218   *          the password of the key store.
219   * @param enableSSL
220   *          whether SSL is enabled or not.
221   * @param enableStartTLS
222   *          whether Start TLS is enabled or not.
223   * @param sslPort
224   *          the value of the LDAPS port.
225   * @param aliasToUse
226   *          the alias of the certificate in the keystore to be used.
227   * @return a new instance of a SecurityOptions using a PKCS#12 Key Store.
228   */
229  public static SecurityOptions createPKCS12CertificateOptions( String keystorePath, String keystorePwd,
230          boolean enableSSL, boolean enableStartTLS, int sslPort, String aliasToUse)
231  {
232    return createOptionsForCertificatType(
233            CertificateType.PKCS12, keystorePath, keystorePwd, enableSSL, enableStartTLS, sslPort, aliasToUse);
234  }
235
236  /**
237   * Creates a new instance of a SecurityOptions using the provided type Key
238   * Store.
239   *
240   * @param certType
241   *          The Key Store type.
242   * @param keystorePath
243   *          The path of the key store (may be @null).
244   * @param keystorePwd
245   *          The password of the key store.
246   * @param enableSSL
247   *          Whether SSL is enabled or not.
248   * @param enableStartTLS
249   *          Whether Start TLS is enabled or not.
250   * @param sslPort
251   *          The value of the LDAPS port.
252   * @param aliasToUse
253   *          The alias of the certificate in the keystore to be used.
254   * @return a new instance of a SecurityOptions.
255   */
256  public static SecurityOptions createOptionsForCertificatType(CertificateType certType, String keystorePath,
257      String keystorePwd, boolean enableSSL, boolean enableStartTLS, int sslPort, String aliasToUse)
258  {
259      if (certType == CertificateType.NO_CERTIFICATE)
260      {
261        return createNoCertificateOptions();
262      }
263
264      SecurityOptions ops = new SecurityOptions();
265      if (keystorePath != null)
266      {
267        ops.setKeyStorePath(keystorePath);
268      }
269      if (keystorePwd != null)
270      {
271        ops.setKeyStorePassword(keystorePwd);
272      }
273      ops.setCertificateType(certType);
274      updateCertificateOptions(ops, enableSSL, enableStartTLS, sslPort, aliasToUse);
275      return ops;
276  }
277
278  /**
279   * Returns the CertificateType for this instance.
280   * @return the CertificateType for this instance.
281   */
282  public CertificateType getCertificateType()
283  {
284    return certificateType;
285  }
286
287  /**
288   * Sets the CertificateType for this instance.
289   * @param certificateType the CertificateType for this instance.
290   */
291  private void setCertificateType(CertificateType certificateType)
292  {
293    this.certificateType = certificateType;
294  }
295
296  /**
297   * Returns whether SSL is enabled or not.
298   * @return <CODE>true</CODE> if SSL is enabled and <CODE>false</CODE>
299   * otherwise.
300   */
301  public boolean getEnableSSL()
302  {
303    return enableSSL;
304  }
305
306  /**
307   * Sets whether SSL is enabled or not.
308   * @param enableSSL whether SSL is enabled or not.
309   */
310  private void setEnableSSL(boolean enableSSL)
311  {
312    this.enableSSL = enableSSL;
313  }
314
315  /**
316   * Returns whether StartTLS is enabled or not.
317   * @return <CODE>true</CODE> if StartTLS is enabled and <CODE>false</CODE>
318   * otherwise.
319   */
320  public boolean getEnableStartTLS()
321  {
322    return enableStartTLS;
323  }
324
325  /**
326   * Sets whether StartTLS is enabled or not.
327   * @param enableStartTLS whether StartTLS is enabled or not.
328   */
329  private void setEnableStartTLS(boolean enableStartTLS)
330  {
331    this.enableStartTLS = enableStartTLS;
332  }
333
334  /**
335   * Returns the key store password.
336   * @return the key store password.
337   */
338  public String getKeystorePassword()
339  {
340    return keyStorePassword;
341  }
342
343  /**
344   * Sets the key store password.
345   * @param keyStorePassword the new key store password.
346   */
347  private void setKeyStorePassword(String keyStorePassword)
348  {
349    this.keyStorePassword = keyStorePassword;
350  }
351
352  /**
353   * Returns the key store path.
354   * @return the key store path.
355   */
356  public String getKeystorePath()
357  {
358    return keyStorePath;
359  }
360
361  /**
362   * Sets the key store path.
363   * @param keyStorePath the new key store path.
364   */
365  private void setKeyStorePath(String keyStorePath)
366  {
367    this.keyStorePath = keyStorePath;
368  }
369
370  /**
371   * Updates the provided certificate options object with some parameters.
372   * @param ops the SecurityOptions object to be updated.
373   * @param enableSSL whether to enable SSL or not.
374   * @param enableStartTLS whether to enable StartTLS or not.
375   * @param sslPort the LDAPS port number.
376   * @param aliasToUse the name of the alias to be used.
377   */
378  private static void updateCertificateOptions(SecurityOptions ops,
379      boolean enableSSL, boolean enableStartTLS, int sslPort, String aliasToUse)
380  {
381    if (!enableSSL && !enableStartTLS)
382    {
383      throw new IllegalArgumentException(
384          "You must enable SSL or StartTLS to use a certificate.");
385    }
386    ops.setEnableSSL(enableSSL);
387    ops.setEnableStartTLS(enableStartTLS);
388    ops.setSslPort(sslPort);
389    ops.setAliasToUse(aliasToUse);
390  }
391
392  /**
393   * Returns the SSL port.
394   * @return the SSL port.
395   */
396  public int getSslPort()
397  {
398    return sslPort;
399  }
400
401  /**
402   * Sets the SSL port.
403   * @param sslPort the new SSL port.
404   */
405  void setSslPort(int sslPort)
406  {
407    this.sslPort = sslPort;
408  }
409
410  /**
411   * Returns the alias of the certificate in the key store to be used.
412   * @return the alias of the certificate in the key store to be used.
413   */
414  public String getAliasToUse()
415  {
416    return aliasToUse;
417  }
418
419  /**
420   * Sets the certificate alias name.
421   * @param aliasToUse the certificate alias name.
422   */
423  void setAliasToUse(String aliasToUse)
424  {
425    this.aliasToUse = aliasToUse;
426  }
427
428}