Source code

001// ***************************************************************************************************************************
002// * Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements.  See the NOTICE file *
003// * distributed with this work for additional information regarding copyright ownership.  The ASF licenses this file        *
004// * to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance            *
005// * with the License.  You may obtain a copy of the License at                                                              *
006// *                                                                                                                         *
007// *  http://www.apache.org/licenses/LICENSE-2.0                                                                             *
008// *                                                                                                                         *
009// * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an  *
010// * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the License for the        *
011// * specific language governing permissions and limitations under the License.                                              *
012// ***************************************************************************************************************************
013package org.apache.juneau.rest.client;
014
015import static org.apache.juneau.internal.StringUtils.*;
016
017/**
018 * SSL configuration options that get passed to {@link RestClientBuilder#enableSSL(SSLOpts)}.
019 */
020public class SSLOpts {
021
022   private String protocols = getDefaultProtocols();
023   private CertValidate certValidate = CertValidate.DEFAULT;
024   private HostVerify hostVerify = HostVerify.DEFAULT;
025
026   /**
027    * Reusable SSL options for lenient SSL (no cert validation or hostname verification).
028    */
029   public static final SSLOpts LAX = new SSLOpts(null, CertValidate.LAX, HostVerify.LAX);
030
031   /**
032    * Reusable SSL options for normal SSL (default cert validation and hostname verification).
033    */
034   public static final SSLOpts DEFAULT = new SSLOpts(null, CertValidate.DEFAULT, HostVerify.DEFAULT);
035
036   /**
037    * Constructor.
038    */
039   public SSLOpts() {}
040
041   /**
042    * Constructor.
043    * 
044    * @param protocols
045    *    A comma-delimited list of supported SSL protocols.
046    *    If <jk>null</jk>, uses the value returned by {@link #getDefaultProtocols()}.
047    * @param certValidate Certificate validation setting.
048    * @param hostVerify Host verification setting.
049    */
050   public SSLOpts(String protocols, CertValidate certValidate, HostVerify hostVerify) {
051      if (protocols != null)
052         this.protocols = protocols;
053      this.certValidate = certValidate;
054      this.hostVerify = hostVerify;
055   }
056
057   /**
058    * Returns the default list of SSL protocols to support when the <code>protocols</code> parameter on the constructor
059    * is <jk>null</jk>.
060    * 
061    * <p>
062    * The default value is <jk>"SSL_TLS,TLS,SSL"</js> unless overridden by one of the following system properties:
063    * <ul>
064    *    <li><js>"transport.client.protocol"</js>
065    * </ul>
066    * 
067    * <p>
068    * Subclasses can override this method to provide their own logic for determining default supported protocols.
069    * 
070    * @return The comma-delimited list of supported protocols.
071    */
072   protected String getDefaultProtocols() {
073      String sp = System.getProperty("transport.client.protocol");
074      if (isEmpty(sp))
075         sp = "SSL_TLS,TLS,SSL";
076      return sp;
077   }
078
079
080   //--------------------------------------------------------------------------------
081   // Bean properties
082   //--------------------------------------------------------------------------------
083
084   /**
085    * Bean property getter:  <property>protocols</property>.
086    * 
087    * @return The value of the <property>protocols</property> property on this bean, or <jk>null</jk> if it is not set.
088    */
089   public String getProtocols() {
090      return protocols;
091   }
092
093   /**
094    * Bean property setter:  <property>protocols</property>.
095    * 
096    * @param protocols The new value for the <property>protocols</property> property on this bean.
097    * @return This object (for method chaining).
098    */
099   public SSLOpts setProtocols(String protocols) {
100      this.protocols = protocols;
101      return this;
102   }
103
104   /**
105    * Bean property getter:  <property>certValidate</property>.
106    * 
107    * @return The value of the <property>certValidate</property> property on this bean, or <jk>null</jk> if it is not set.
108    */
109   public CertValidate getCertValidate() {
110      return certValidate;
111   }
112
113   /**
114    * Bean property setter:  <property>certValidate</property>.
115    * 
116    * @param certValidate The new value for the <property>certValidate</property> property on this bean.
117    * @return This object (for method chaining).
118    */
119   public SSLOpts setCertValidate(CertValidate certValidate) {
120      this.certValidate = certValidate;
121      return this;
122   }
123
124   /**
125    * Bean property getter:  <property>hostVerify</property>.
126    * 
127    * @return The value of the <property>hostVerify</property> property on this bean, or <jk>null</jk> if it is not set.
128    */
129   public HostVerify getHostVerify() {
130      return hostVerify;
131   }
132
133   /**
134    * Bean property setter:  <property>hostVerify</property>.
135    * 
136    * @param hostVerify The new value for the <property>hostVerify</property> property on this bean.
137    * @return This object (for method chaining).
138    */
139   public SSLOpts setHostVerify(HostVerify hostVerify) {
140      this.hostVerify = hostVerify;
141      return this;
142   }
143
144
145   //--------------------------------------------------------------------------------
146   // Enums
147   //--------------------------------------------------------------------------------
148
149   /**
150    * Certificate validation options.
151    * 
152    * <p>
153    * Used as enum for {@link SSLOpts#getCertValidate()} property.
154    */
155   public static enum CertValidate {
156
157      /**
158       * Verify that the certificate is valid, but allow for self-signed certificates.
159       */
160      LAX,
161
162      /**
163       * Do normal certificate chain validation.
164       */
165      DEFAULT
166   }
167
168   /**
169    * Certificate host verification options.
170    * 
171    * <p>
172    * Used as enum for {@link SSLOpts#getHostVerify()} property.
173    */
174   public enum HostVerify {
175
176      /**
177       * Don't verify the hostname in the certificate.
178       */
179      LAX,
180
181      /**
182       * Do normal hostname verification.
183       */
184      DEFAULT
185   }
186}