org.ops4j.pax.web.service.spi.config

Interface SecurityConfiguration

public interface SecurityConfiguration

Method Summary

Modifier and Type	Method and Description
String[]	getCiphersuiteExcluded() Get excluded cipher suites to not pass to SSLEngine Jetty: org.eclipse.jetty.util.ssl.SslContextFactory#DEFAULT_EXCLUDED_CIPHER_SUITES
String[]	getCiphersuiteIncluded() Get included cipher suites to specify in SSLEngine
String	getCrlPath() Get location of CRL list.
Long	getDigestAuthMaxNonceAge() Returns max nonce age for DIGEST authentication (in ms), defaults to 60s (60000ms)
Integer	getDigestAuthMaxNonceCount() Returns max nonce count for DIGEST authentication, defaults to 1024
String	getEncAlgorithm() Returns an algorithm ID to use for SecretKeyFactory.
Integer	getEncIterationCount() Returns an iteration count to use for PBE encryption
String	getEncMasterPassword() Returns plain text master password to use.
String	getEncMasterPasswordEnvVariable() Returns an environment variable name that holds plain text master password to use.
String	getEncMasterPasswordSystemProperty() Returns an system property name that holds plain text master password to use.
String	getEncOSGiDecryptorId() Returns a decryptor ID.
String	getEncPrefix() Returns a prefix for encrypted property values - defaults to ENC(
String	getEncProvider() Returns a provider to use for SecretKeyFactory.
String	getEncSuffix() Returns a prefix for encrypted property values - defaults to )
Boolean	getFormAuthRedirect() Returns whether to redirect (by default) or forward to error page during FORM authentication
Integer	getMaxCertPathLength() Return max length of cert path to use during certificate validation
String	getOcspResponderURL() Return URL for OCSP responder, though it doesn't seem to be used by Jetty.
String[]	getProtocolsExcluded() Get excluded protocols to not pass to SSLEngine Jetty: org.eclipse.jetty.util.ssl.SslContextFactory#DEFAULT_EXCLUDED_PROTOCOLS
String[]	getProtocolsIncluded() Get included protocols to specify in SSLEngine
String	getSecureRandomAlgorithm() Returns algorithm name to use in SecureRandom.getInstance(String)
String	getSslKeyAlias() Returns the alias of the ssl private key inside server keystore.
String	getSslKeyManagerFactoryAlgorithm() Returns the algorithm for private key.
String	getSslKeyPassword() Returns the password for ssl private key inside a keystore specified by getSslKeystore().
String	getSslKeystore() Returns the file path or URL to server keystore.
String	getSslKeystorePassword() Returns the password for entire keystore (not for the key inside it).
String	getSslKeystoreProvider() Returns the server keystore provider as specifed by KeyStore.getInstance(String, String)
String	getSslKeystoreType() Returns the server keystore type as specifed by KeyStore.getInstance(String, String)
String	getSslProtocol() Returns protocol name to use in SSLContext.
String	getSslProvider() Returns the name of SSL provider to use with secure connector/listener.
Integer	getSslRenegotiationLimit() Get limit of SSL renegotiations
Integer	getSslSessionCacheSize() Cache size for SSL Sessions as in SSLSessionContext
Boolean	getSslSessionsEnabled() Is SSL Session creation enabled? (as hint to SSLEngine.
Integer	getSslSessionTimeout() Timeout for SSL Sessions (in seconds) as in SSLSessionContext
String	getTrustManagerFactoryAlgorithm() Returns the algorithm for truststore entries.
String	getTruststore() Gets location of server truststore.
String	getTruststorePassword() Returns the password for entire truststore.
String	getTruststoreProvider() Returns the server truststore provider as specifed by KeyStore.getInstance(String, String)
String	getTruststoreType() Returns the server truststore type as specifed by KeyStore.getInstance(String, String)
Boolean	isClientAuthNeeded() Set client auth needed flag as in SSLEngine
Boolean	isClientAuthWanted() Set client auth wanted flag as in SSLEngine
Boolean	isEnableCRLDP() Should Certificate Revocation List Distribution Points support (CRLDP) be enabled? Jetty sets com.sun.security.enableCRLDP system property
Boolean	isEnableOCSP() Should On-Line Certificate Status Protocol (OCSP) be enabled? Jetty calls Security.setProperty(java.lang.String, java.lang.String) to set ocsp.enable property
Boolean	isEncEnabled() Checks if configuration values are expected to be encrypted - this triggers a configuration (or tracking) of Jasypt StringEncryptor (optional dependency)
Boolean	isSslRenegotiationAllowed() Is SSL renegotiation allowed?
Boolean	isValidateCerts() Should certificates in server keystore be validated when keystore is loaded? If true: Jetty will use org.eclipse.jetty.util.security.CertificateValidator, which underneath uses java.security.cert.CertPathValidator#validate).
Boolean	isValidatePeerCerts() Should certificates in server truststore be validated when truststore is loaded?

Method Detail

getSslProvider

String getSslProvider()

Returns the name of SSL provider to use with secure connector/listener.

Returns:

the name of SSL provider.

getSslKeystore

String getSslKeystore()

Returns the file path or URL to server keystore.

Returns:

path to the keystore.

getSslKeystorePassword

String getSslKeystorePassword()

Returns the password for entire keystore (not for the key inside it). Can be encrypted using Jasypt.

Returns:

the password for the keystore.

getSslKeyPassword

String getSslKeyPassword()

Returns the password for ssl private key inside a keystore specified by getSslKeystore(). Can be encrypted using Jasypt.

Returns:

the password for ssl private key.

getSslKeystoreType

String getSslKeystoreType()

Returns the server keystore type as specifed by KeyStore.getInstance(String, String)

Returns:

keystore type.

getSslKeystoreProvider

String getSslKeystoreProvider()

Returns the server keystore provider as specifed by KeyStore.getInstance(String, String)

Returns:

the name of SSL keystore provider.

getSslKeyManagerFactoryAlgorithm

String getSslKeyManagerFactoryAlgorithm()

Returns the algorithm for private key. If not specified, KeyManagerFactory will be used (OpenJDK: SunX509).

Returns:

getSslKeyAlias

String getSslKeyAlias()

Returns the alias of the ssl private key inside server keystore.

Returns:

the alias of the ssl private key.

getTruststore

String getTruststore()

Gets location of server truststore. Not mandatory. In such case, JVM default truststore will be used.

Returns:

getTruststorePassword

String getTruststorePassword()

Returns the password for entire truststore. Can be encrypted using Jasypt.

Returns:

getTruststoreType

String getTruststoreType()

Returns the server truststore type as specifed by KeyStore.getInstance(String, String)

Returns:

truststore type.

getTruststoreProvider

String getTruststoreProvider()

Returns the server truststore provider as specifed by KeyStore.getInstance(String, String)

Returns:

the name of SSL truststore provider.

getTrustManagerFactoryAlgorithm

String getTrustManagerFactoryAlgorithm()

Returns the algorithm for truststore entries. If not specified, TrustManagerFactory will be used (OpenJDK: SunX509).

Returns:

isClientAuthWanted

Boolean isClientAuthWanted()

Set client auth wanted flag as in SSLEngine

Returns:

true if we want client certificate authentication

isClientAuthNeeded

Boolean isClientAuthNeeded()

Set client auth needed flag as in SSLEngine

Returns:

getSslProtocol

String getSslProtocol()

Returns protocol name to use in SSLContext. Defaults to TLSv1.2

Returns:

getSecureRandomAlgorithm

String getSecureRandomAlgorithm()

Returns algorithm name to use in SecureRandom.getInstance(String)

Returns:

getProtocolsIncluded

String[] getProtocolsIncluded()

Get included protocols to specify in SSLEngine

Returns:

getProtocolsExcluded

String[] getProtocolsExcluded()

Get excluded protocols to not pass to SSLEngine Jetty: org.eclipse.jetty.util.ssl.SslContextFactory#DEFAULT_EXCLUDED_PROTOCOLS

Returns:

getCiphersuiteIncluded

String[] getCiphersuiteIncluded()

Get included cipher suites to specify in SSLEngine

Returns:

getCiphersuiteExcluded

String[] getCiphersuiteExcluded()

Get excluded cipher suites to not pass to SSLEngine Jetty: org.eclipse.jetty.util.ssl.SslContextFactory#DEFAULT_EXCLUDED_CIPHER_SUITES

Returns:

isSslRenegotiationAllowed

Boolean isSslRenegotiationAllowed()

Is SSL renegotiation allowed?

Returns:

getSslRenegotiationLimit

Integer getSslRenegotiationLimit()

Get limit of SSL renegotiations

Returns:

getSslSessionsEnabled

Boolean getSslSessionsEnabled()

Is SSL Session creation enabled? (as hint to SSLEngine.

Returns:

getSslSessionCacheSize

Integer getSslSessionCacheSize()

Cache size for SSL Sessions as in SSLSessionContext

Returns:

getSslSessionTimeout

Integer getSslSessionTimeout()

Timeout for SSL Sessions (in seconds) as in SSLSessionContext

Returns:

isValidateCerts

Boolean isValidateCerts()

Should certificates in server keystore be validated when keystore is loaded? If true:

• Jetty will use org.eclipse.jetty.util.security.CertificateValidator, which underneath uses java.security.cert.CertPathValidator#validate).

Returns:

isValidatePeerCerts

Boolean isValidatePeerCerts()

Should certificates in server truststore be validated when truststore is loaded?

Returns:

isEnableOCSP

Boolean isEnableOCSP()

Should On-Line Certificate Status Protocol (OCSP) be enabled?

• Jetty calls Security.setProperty(java.lang.String, java.lang.String) to set ocsp.enable property

Returns:

isEnableCRLDP

Boolean isEnableCRLDP()

Should Certificate Revocation List Distribution Points support (CRLDP) be enabled?

• Jetty sets com.sun.security.enableCRLDP system property

Returns:

getCrlPath

String getCrlPath()

Get location of CRL list. The list is loaded using CertificateFactory for X.509 CertificateFactory.

Returns:

getOcspResponderURL

String getOcspResponderURL()

Return URL for OCSP responder, though it doesn't seem to be used by Jetty.

Returns:

getMaxCertPathLength

Integer getMaxCertPathLength()

Return max length of cert path to use during certificate validation

Returns:

getDigestAuthMaxNonceAge

Long getDigestAuthMaxNonceAge()

Returns max nonce age for DIGEST authentication (in ms), defaults to 60s (60000ms)

Returns:

getDigestAuthMaxNonceCount

Integer getDigestAuthMaxNonceCount()

Returns max nonce count for DIGEST authentication, defaults to 1024

Returns:

getFormAuthRedirect

Boolean getFormAuthRedirect()

Returns whether to redirect (by default) or forward to error page during FORM authentication

Returns:

isEncEnabled

Boolean isEncEnabled()

Checks if configuration values are expected to be encrypted - this triggers a configuration (or tracking) of Jasypt StringEncryptor (optional dependency)

Returns:

getEncPrefix

String getEncPrefix()

Returns a prefix for encrypted property values - defaults to ENC(

Returns:

getEncSuffix

String getEncSuffix()

Returns a prefix for encrypted property values - defaults to )

Returns:

getEncProvider

String getEncProvider()

Returns a provider to use for SecretKeyFactory. Defaults (Oracle/OpenJDK) to SunJCE

Returns:

getEncAlgorithm

String getEncAlgorithm()

Returns an algorithm ID to use for SecretKeyFactory. Defaults to PBEWithHmacSHA256AndAES_128

Returns:

getEncMasterPassword

String getEncMasterPassword()

Returns plain text master password to use.

Returns:

getEncMasterPasswordEnvVariable

String getEncMasterPasswordEnvVariable()

Returns an environment variable name that holds plain text master password to use.

Returns:

getEncMasterPasswordSystemProperty

String getEncMasterPasswordSystemProperty()

Returns an system property name that holds plain text master password to use.

Returns:

getEncIterationCount

Integer getEncIterationCount()

Returns an iteration count to use for PBE encryption

Returns:

getEncOSGiDecryptorId

String getEncOSGiDecryptorId()

Returns a decryptor ID. This will be used to construct a (&(objectClass=org.jasypt.encryption.StringEncryptor)(decryptor=<decryptor ID>)) filter to lookup for encryptor/decryptor service.

Returns: