software/webapp/src/main/java/org/apache/brooklyn/entity/proxy/ProxySslConfig.java

/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.apache.brooklyn.entity.proxy;

import java.io.Serializable;
import java.util.Map;

import org.apache.brooklyn.util.core.flags.FlagUtils;
import org.apache.brooklyn.util.core.flags.SetFromFlag;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.google.common.base.Objects;

public class ProxySslConfig implements Serializable {

    private static final long serialVersionUID = -2692754611458939617L;

    private static final Logger log = LoggerFactory.getLogger(ProxySslConfig.class);
    
    public static Builder builder() {
        return new Builder();
    }

    public static class Builder {
        @SetFromFlag protected String certificateSourceUrl;
        @SetFromFlag protected String keySourceUrl;
        @SetFromFlag protected String clientCertificateSourceUrl;
        @SetFromFlag protected String certificateDestination;
        @SetFromFlag protected String keyDestination;
        @SetFromFlag protected String clientCertificateDestination;
        @SetFromFlag protected boolean verifyClient = false;
        @SetFromFlag protected boolean targetIsSsl = false;
        @SetFromFlag protected boolean reuseSessions = false;

        public Builder certificateSourceUrl(String val) {
            certificateSourceUrl = val; return this;
        }
        public Builder keySourceUrl(String val) {
            keySourceUrl = val; return this;
        }
        public Builder clientCertificateSourceUrl(String val) {
            clientCertificateSourceUrl = val; return this;
        }
        public Builder certificateDestination(String val) {
            certificateDestination = val; return this;
        }
        public Builder keyDestination(String val) {
            keyDestination = val; return this;
        }
        public Builder clientCertificateDestination(String val) {
            clientCertificateDestination = val; return this;
        }
        public Builder verifyClient(boolean val) {
            verifyClient = val; return this;
        }
        public Builder targetIsSsl(boolean val) {
            targetIsSsl = val; return this;
        }
        public Builder reuseSessions(boolean val) {
            reuseSessions = val; return this;
        }
        public ProxySslConfig build() {
            ProxySslConfig result = new ProxySslConfig(this);
            return result;
        }
    }
    
    public static ProxySslConfig fromMap(Map<?,?> map) {
        Builder b = new Builder();
        Map<?, ?> unused = FlagUtils.setFieldsFromFlags(map, b);
        if (!unused.isEmpty()) log.warn("Unused flags when populating "+b+" (ignoring): "+unused);
        return b.build();
    }

    private String certificateSourceUrl;
    private String keySourceUrl;
    private String clientCertificateSourceUrl;
    private String certificateDestination;
    private String keyDestination;
    private String clientCertificateDestination;
    private boolean verifyClient = false;
    private boolean targetIsSsl = false;
    private boolean reuseSessions = false;

    public ProxySslConfig() { }

    protected ProxySslConfig(Builder builder) {
        certificateSourceUrl = builder.certificateSourceUrl;
        keySourceUrl = builder.keySourceUrl;
        clientCertificateSourceUrl = builder.clientCertificateSourceUrl;
        certificateDestination = builder.certificateDestination;
        keyDestination = builder.keyDestination;
        clientCertificateDestination = builder.clientCertificateDestination;
        verifyClient = builder.verifyClient;
        targetIsSsl = builder.targetIsSsl;
        reuseSessions = builder.reuseSessions;
    }

    /**
     * URL for the SSL certificates required at the server.
     * <p>
     * Corresponding nginx settings:
     * <pre>
     *     ssl                  on;
     *     ssl_certificate      www.example.com.crt;
     *     ssl_certificate_key  www.example.com.key;
     * </pre>
     * Okay (in nginx) for key to be null if certificate contains both as per setup at
     * http://nginx.org/en/docs/http/configuring_https_servers.html
     * <p>
     * Proxy object can be set on nginx instance to apply site-wide,
     * and to put multiple servers in the certificate file
     * <p>
     * The brooklyn entity will install the certificate/key(s) on the server.
     * (however it will not currently merge multiple certificates.
     * if conflicting certificates are attempted to be installed nginx will complain.)
     */
    public String getCertificateSourceUrl() {
        return certificateSourceUrl;
    }

    public void setCertificateSourceUrl(String certificateSourceUrl) {
        this.certificateSourceUrl = certificateSourceUrl;
    }

    /** @see #getCertificateSourceUrl()} */
    public String getKeySourceUrl() {
        return keySourceUrl;
    }

    public void setKeySourceUrl(String keySourceUrl) {
        this.keySourceUrl = keySourceUrl;
    }

    public String getClientCertificateSourceUrl() {
        return clientCertificateSourceUrl;
    }

    public void setClientCertificateSourceUrl(String clientCertificateSourceUrl) {
        this.clientCertificateSourceUrl = clientCertificateSourceUrl;
    }

    /**
     * Sets the {@code ssl_certificate_path} to be used within the generated
     * {@link LoadBalancer} configuration.
     * <p>
     * If set to null, Brooklyn will use an auto generated path.
     * <p>
     * If {@link #getCertificateSourceUrl() certificateSourceUrl} is set     *
     * then Brooklyn will copy the certificate the destination.
     * <p>
     * Setting this field is useful if there is a {@code certificate} on the
     * nginx machine you want to make use of.
     */
    public String getCertificateDestination() {
        return certificateDestination;
    }

    public void setCertificateDestination(String certificateDestination) {
        this.certificateDestination = certificateDestination;
    }

    /**
     * Sets the {@code ssl_certificate_key} path to be used within the generated
     * {@link LoadBalancer} configuration.
     * <p>
     * If set to null, Brooklyn will use an auto generated path.
     * <p>
     * If {@link #getKeySourceUrl() keySourceUrl} is set then Brooklyn will copy the
     * certificate to the destination.
     * <p>
     * Setting this field is useful if there is a {@code certificate_key} on the
     * nginx machine you want to make use of.
     */
    public String getKeyDestination() {
        return keyDestination;
    }

    public void setKeyDestination(String keyDestination) {
        this.keyDestination = keyDestination;
    }

    public String getClientCertificateDestination() {
        return clientCertificateDestination;
    }

    public void setClientCertificateDestination(String clientCertificateDestination) {
        this.clientCertificateDestination = clientCertificateDestination;
    }

    /**
     * Whether to verify the client using certificates; default false.
     */
    public boolean getVerifyClient() {
        return verifyClient;
    }

    public void setVerifyClient(boolean verifyClient) {
        this.verifyClient = verifyClient;
    }

    /**
     * Whether the downstream server (if mapping) also expects https; default false.
     */
    public boolean getTargetIsSsl() {
        return targetIsSsl;
    }

    public void setTargetIsSsl(boolean targetIsSsl) {
        this.targetIsSsl = targetIsSsl;
    }

    /**
     * Whether to reuse SSL validation in the server (performance).
     * <p>
     * Corresponds to nginx setting {@code proxy_ssl_session_reuse on|off}.
     */
    public boolean getReuseSessions() {
        return reuseSessions;
    }

    public void setReuseSessions(boolean reuseSessions) {
        this.reuseSessions = reuseSessions;
    }

    @Override
    public int hashCode() {
        return Objects.hashCode(certificateSourceUrl, keySourceUrl, certificateDestination, keyDestination,
                clientCertificateSourceUrl, clientCertificateDestination, verifyClient, reuseSessions, targetIsSsl);
    }

    @Override
    public boolean equals(Object obj) {
        if (obj == null)
            return false;
        if (getClass() != obj.getClass())
            return false;
        ProxySslConfig other = (ProxySslConfig) obj;

        return Objects.equal(certificateSourceUrl, other.certificateSourceUrl) &&
                Objects.equal(certificateDestination, other.certificateDestination) &&
                Objects.equal(keyDestination, other.keyDestination) &&
                Objects.equal(keySourceUrl, other.keySourceUrl) &&
                Objects.equal(clientCertificateSourceUrl, other.clientCertificateSourceUrl) &&
                Objects.equal(clientCertificateDestination, other.clientCertificateDestination) &&
                Objects.equal(verifyClient, other.verifyClient) &&
                Objects.equal(reuseSessions, other.reuseSessions) &&
                Objects.equal(targetIsSsl, other.targetIsSsl);
    }
}