001/* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt 010 * or http://forgerock.org/license/CDDLv1.0.html. 011 * See the License for the specific language governing permissions 012 * and limitations under the License. 013 * 014 * When distributing Covered Code, include this CDDL HEADER in each 015 * file and include the License file at legal-notices/CDDLv1_0.txt. 016 * If applicable, add the following below this CDDL HEADER, with the 017 * fields enclosed by brackets "[]" replaced with your own identifying 018 * information: 019 * Portions Copyright [yyyy] [name of copyright owner] 020 * 021 * CDDL HEADER END 022 * 023 * 024 * Copyright 2006-2010 Sun Microsystems, Inc. 025 * Portions Copyright 2015 ForgeRock AS 026 */ 027package org.opends.quicksetup; 028 029 030/** 031 * Class used to describe the Security Options specified by the user. 032 * 033 */ 034public class SecurityOptions 035{ 036 private boolean enableSSL; 037 private boolean enableStartTLS; 038 039 private int sslPort = 636; 040 041 /** Alias of a self-signed certificate. */ 042 public static final String SELF_SIGNED_CERT_ALIAS = "server-cert"; 043 044 /** 045 * The different type of security options that we can have. 046 */ 047 public enum CertificateType 048 { 049 /** 050 * No certificate to be used (and so no SSL and no Start TLS). 051 */ 052 NO_CERTIFICATE, 053 /** 054 * Use a newly created Self Signed Certificate. 055 */ 056 SELF_SIGNED_CERTIFICATE, 057 /** 058 * Use an existing JKS key store. 059 */ 060 JKS, 061 /** 062 * Use an existing JCEKS key store. 063 */ 064 JCEKS, 065 /** 066 * Use an existing PKCS#11 key store. 067 */ 068 PKCS11, 069 /** 070 * Use an existing PKCS#12 key store. 071 */ 072 PKCS12 073 } 074 075 private CertificateType certificateType; 076 private String keyStorePath; 077 private String keyStorePassword; 078 private String aliasToUse; 079 080 private SecurityOptions() 081 { 082 } 083 084 /** 085 * Creates a new instance of a SecurityOptions representing for no certificate 086 * (no SSL or Start TLS). 087 * 088 * @return a new instance of a SecurityOptions representing for no certificate 089 * (no SSL or Start TLS). 090 */ 091 public static SecurityOptions createNoCertificateOptions() 092 { 093 SecurityOptions ops = new SecurityOptions(); 094 ops.setCertificateType(CertificateType.NO_CERTIFICATE); 095 ops.setEnableSSL(false); 096 ops.setEnableStartTLS(false); 097 return ops; 098 } 099 100 /** 101 * Creates a new instance of a SecurityOptions using a self-signed 102 * certificate. 103 * 104 * @param enableSSL 105 * whether SSL is enabled or not. 106 * @param enableStartTLS 107 * whether Start TLS is enabled or not. 108 * @param sslPort 109 * the value of the LDAPS port. 110 * @return a new instance of a SecurityOptions using a self-signed 111 * certificate. 112 */ 113 public static SecurityOptions createSelfSignedCertificateOptions( 114 boolean enableSSL, boolean enableStartTLS, int sslPort) 115 { 116 return createSelfSignedCertificateOptions(enableSSL, enableStartTLS, sslPort, SELF_SIGNED_CERT_ALIAS); 117 } 118 119 /** 120 * Creates a new instance of a SecurityOptions using a self-signed 121 * certificate. 122 * 123 * @param enableSSL 124 * whether SSL is enabled or not. 125 * @param enableStartTLS 126 * whether Start TLS is enabled or not. 127 * @param sslPort 128 * the value of the LDAPS port. 129 * @param aliasToUse 130 * the alias of the certificate in the key store to be used. 131 * @return a new instance of a SecurityOptions using a self-signed 132 * certificate. 133 */ 134 public static SecurityOptions createSelfSignedCertificateOptions(boolean enableSSL, boolean enableStartTLS, 135 int sslPort, String aliasToUse) 136 { 137 return createOptionsForCertificatType( 138 CertificateType.SELF_SIGNED_CERTIFICATE, null, null, enableSSL, enableStartTLS, sslPort, aliasToUse); 139 } 140 141 /** 142 * Creates a new instance of a SecurityOptions using a Java Key Store. 143 * 144 * @param keystorePath 145 * the path of the key store. 146 * @param keystorePwd 147 * the password of the key store. 148 * @param enableSSL 149 * whether SSL is enabled or not. 150 * @param enableStartTLS 151 * whether Start TLS is enabled or not. 152 * @param sslPort 153 * the value of the LDAPS port. 154 * @param aliasToUse 155 * the alias of the certificate in the key store to be used. 156 * @return a new instance of a SecurityOptions using a Java Key Store. 157 */ 158 public static SecurityOptions createJKSCertificateOptions(String keystorePath, String keystorePwd, boolean enableSSL, 159 boolean enableStartTLS, int sslPort, String aliasToUse) 160 { 161 return createOptionsForCertificatType( 162 CertificateType.JKS, keystorePath, keystorePwd, enableSSL, enableStartTLS, sslPort, aliasToUse); 163 } 164 165 /** 166 * Creates a new instance of a SecurityOptions using a JCE Key Store. 167 * 168 * @param keystorePath 169 * the path of the key store. 170 * @param keystorePwd 171 * the password of the key store. 172 * @param enableSSL 173 * whether SSL is enabled or not. 174 * @param enableStartTLS 175 * whether Start TLS is enabled or not. 176 * @param sslPort 177 * the value of the LDAPS port. 178 * @param aliasToUse 179 * the alias of the certificate in the keystore to be used. 180 * @return a new instance of a SecurityOptions using a JCE Key Store. 181 */ 182 public static SecurityOptions createJCEKSCertificateOptions(String keystorePath, String keystorePwd, 183 boolean enableSSL, boolean enableStartTLS, int sslPort, String aliasToUse) 184 { 185 return createOptionsForCertificatType( 186 CertificateType.JCEKS, keystorePath, keystorePwd, enableSSL, enableStartTLS, sslPort, aliasToUse); 187 } 188 189 190 /** 191 * Creates a new instance of a SecurityOptions using a PKCS#11 Key Store. 192 * 193 * @param keystorePwd 194 * the password of the key store. 195 * @param enableSSL 196 * whether SSL is enabled or not. 197 * @param enableStartTLS 198 * whether Start TLS is enabled or not. 199 * @param sslPort 200 * the value of the LDAPS port. 201 * @param aliasToUse 202 * the alias of the certificate in the keystore to be used. 203 * @return a new instance of a SecurityOptions using a PKCS#11 Key Store. 204 */ 205 public static SecurityOptions createPKCS11CertificateOptions(String keystorePwd, boolean enableSSL, 206 boolean enableStartTLS, int sslPort, String aliasToUse) 207 { 208 return createOptionsForCertificatType( 209 CertificateType.PKCS11, null, keystorePwd, enableSSL, enableStartTLS, sslPort, aliasToUse); 210 } 211 212 /** 213 * Creates a new instance of a SecurityOptions using a PKCS#12 Key Store. 214 * 215 * @param keystorePath 216 * the path of the key store. 217 * @param keystorePwd 218 * the password of the key store. 219 * @param enableSSL 220 * whether SSL is enabled or not. 221 * @param enableStartTLS 222 * whether Start TLS is enabled or not. 223 * @param sslPort 224 * the value of the LDAPS port. 225 * @param aliasToUse 226 * the alias of the certificate in the keystore to be used. 227 * @return a new instance of a SecurityOptions using a PKCS#12 Key Store. 228 */ 229 public static SecurityOptions createPKCS12CertificateOptions( String keystorePath, String keystorePwd, 230 boolean enableSSL, boolean enableStartTLS, int sslPort, String aliasToUse) 231 { 232 return createOptionsForCertificatType( 233 CertificateType.PKCS12, keystorePath, keystorePwd, enableSSL, enableStartTLS, sslPort, aliasToUse); 234 } 235 236 /** 237 * Creates a new instance of a SecurityOptions using the provided type Key 238 * Store. 239 * 240 * @param certType 241 * The Key Store type. 242 * @param keystorePath 243 * The path of the key store (may be @null). 244 * @param keystorePwd 245 * The password of the key store. 246 * @param enableSSL 247 * Whether SSL is enabled or not. 248 * @param enableStartTLS 249 * Whether Start TLS is enabled or not. 250 * @param sslPort 251 * The value of the LDAPS port. 252 * @param aliasToUse 253 * The alias of the certificate in the keystore to be used. 254 * @return a new instance of a SecurityOptions. 255 */ 256 public static SecurityOptions createOptionsForCertificatType(CertificateType certType, String keystorePath, 257 String keystorePwd, boolean enableSSL, boolean enableStartTLS, int sslPort, String aliasToUse) 258 { 259 if (certType == CertificateType.NO_CERTIFICATE) 260 { 261 return createNoCertificateOptions(); 262 } 263 264 SecurityOptions ops = new SecurityOptions(); 265 if (keystorePath != null) 266 { 267 ops.setKeyStorePath(keystorePath); 268 } 269 if (keystorePwd != null) 270 { 271 ops.setKeyStorePassword(keystorePwd); 272 } 273 ops.setCertificateType(certType); 274 updateCertificateOptions(ops, enableSSL, enableStartTLS, sslPort, aliasToUse); 275 return ops; 276 } 277 278 /** 279 * Returns the CertificateType for this instance. 280 * @return the CertificateType for this instance. 281 */ 282 public CertificateType getCertificateType() 283 { 284 return certificateType; 285 } 286 287 /** 288 * Sets the CertificateType for this instance. 289 * @param certificateType the CertificateType for this instance. 290 */ 291 private void setCertificateType(CertificateType certificateType) 292 { 293 this.certificateType = certificateType; 294 } 295 296 /** 297 * Returns whether SSL is enabled or not. 298 * @return <CODE>true</CODE> if SSL is enabled and <CODE>false</CODE> 299 * otherwise. 300 */ 301 public boolean getEnableSSL() 302 { 303 return enableSSL; 304 } 305 306 /** 307 * Sets whether SSL is enabled or not. 308 * @param enableSSL whether SSL is enabled or not. 309 */ 310 private void setEnableSSL(boolean enableSSL) 311 { 312 this.enableSSL = enableSSL; 313 } 314 315 /** 316 * Returns whether StartTLS is enabled or not. 317 * @return <CODE>true</CODE> if StartTLS is enabled and <CODE>false</CODE> 318 * otherwise. 319 */ 320 public boolean getEnableStartTLS() 321 { 322 return enableStartTLS; 323 } 324 325 /** 326 * Sets whether StartTLS is enabled or not. 327 * @param enableStartTLS whether StartTLS is enabled or not. 328 */ 329 private void setEnableStartTLS(boolean enableStartTLS) 330 { 331 this.enableStartTLS = enableStartTLS; 332 } 333 334 /** 335 * Returns the key store password. 336 * @return the key store password. 337 */ 338 public String getKeystorePassword() 339 { 340 return keyStorePassword; 341 } 342 343 /** 344 * Sets the key store password. 345 * @param keyStorePassword the new key store password. 346 */ 347 private void setKeyStorePassword(String keyStorePassword) 348 { 349 this.keyStorePassword = keyStorePassword; 350 } 351 352 /** 353 * Returns the key store path. 354 * @return the key store path. 355 */ 356 public String getKeystorePath() 357 { 358 return keyStorePath; 359 } 360 361 /** 362 * Sets the key store path. 363 * @param keyStorePath the new key store path. 364 */ 365 private void setKeyStorePath(String keyStorePath) 366 { 367 this.keyStorePath = keyStorePath; 368 } 369 370 /** 371 * Updates the provided certificate options object with some parameters. 372 * @param ops the SecurityOptions object to be updated. 373 * @param enableSSL whether to enable SSL or not. 374 * @param enableStartTLS whether to enable StartTLS or not. 375 * @param sslPort the LDAPS port number. 376 * @param aliasToUse the name of the alias to be used. 377 */ 378 private static void updateCertificateOptions(SecurityOptions ops, 379 boolean enableSSL, boolean enableStartTLS, int sslPort, String aliasToUse) 380 { 381 if (!enableSSL && !enableStartTLS) 382 { 383 throw new IllegalArgumentException( 384 "You must enable SSL or StartTLS to use a certificate."); 385 } 386 ops.setEnableSSL(enableSSL); 387 ops.setEnableStartTLS(enableStartTLS); 388 ops.setSslPort(sslPort); 389 ops.setAliasToUse(aliasToUse); 390 } 391 392 /** 393 * Returns the SSL port. 394 * @return the SSL port. 395 */ 396 public int getSslPort() 397 { 398 return sslPort; 399 } 400 401 /** 402 * Sets the SSL port. 403 * @param sslPort the new SSL port. 404 */ 405 void setSslPort(int sslPort) 406 { 407 this.sslPort = sslPort; 408 } 409 410 /** 411 * Returns the alias of the certificate in the key store to be used. 412 * @return the alias of the certificate in the key store to be used. 413 */ 414 public String getAliasToUse() 415 { 416 return aliasToUse; 417 } 418 419 /** 420 * Sets the certificate alias name. 421 * @param aliasToUse the certificate alias name. 422 */ 423 void setAliasToUse(String aliasToUse) 424 { 425 this.aliasToUse = aliasToUse; 426 } 427 428}