apis/rackspace-cloudloadbalancers/src/main/java/org/jclouds/rackspace/cloudloadbalancers/v1/domain/SSLTermination.java

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.jclouds.rackspace.cloudloadbalancers.v1.domain;

import java.beans.ConstructorProperties;

import javax.inject.Named;

import com.google.common.base.MoreObjects;
import com.google.common.base.Objects;
import com.google.common.base.MoreObjects.ToStringHelper;
import com.google.common.base.Optional;

/**
 * The SSL Termination feature allows a load balancer user to terminate SSL traffic at the load balancer layer versus 
 * at the web server layer. A user may choose to configure SSL Termination using a key and an SSL certificate or an 
 * (Intermediate) SSL certificate.
 * <p/> 
 * When SSL Termination is configured on a load balancer, a secure shadow server is created that listens only for 
 * secure traffic on a user-specified port. This shadow server is only visible to and manageable by the system. 
 * Existing or updated attributes on a load balancer with SSL Termination will also apply to its shadow server. 
 * For example, if Connection Logging is enabled on an SSL load balancer, it will also be enabled on the shadow server 
 * and Cloud Files logs will contain log files for both.
 * <p/>
 * Notes
 * <ol>
 * <li>SSL Termination may only be configured on load balancers with non-secure protocols. For example, SSL Termination 
 * can be applied to an HTTP load balancer, but not to an HTTPS load balancer.</li>
 * <li>SSL-terminated load balancers decrypt the traffic at the traffic manager and pass unencrypted traffic to the 
 * back-end node. Because of this, the customer's back-end nodes don't know what protocol the client requested. 
 * Therefore the X-Forwarded-Proto (XFP) header has been added for identifying the originating protocol of an HTTP 
 * request as "http" or "https" depending on what protocol the client requested.</li>
 * <li>Not every service will return certificates in the proper order. Please verify that your chain of certificates 
 * matches that of walking up the chain from the domain to the CA root.</li>
 * </ol>
 * 
 * Warning
 * <ol>
 * <li>If SSL is enabled on a load balancer that is configured with nodes that are NOT in the same datacenter, then 
 * decrypted traffic will be sent in clear text over the public internet to the external node(s) and will no longer 
 * be secure.</li>
 * </ol>
 * 
 * <table border="1">
 *   <caption>
 *     Optional SSL Attributes
 *   </caption>
 *   <thead>
 *     <tr align="center">
 *       <td>Optional SSL Attributes</td>
 *       <td>Non-SSL Traffic</td>
 *       <td>SSL Traffic</td>
 *     </tr>
 *   </thead>
 *   <tbody>
 *     <tr align="left">
 *       <td><code class="code">enabled</code> = <code class="code">true</code> (default)</td>
 *       <td>Yes</td>
 *       <td>Yes</td>
 *     </tr>
 *     <tr align="left">
 *       <td><code class="code">enabled</code> = <code class="code">false</code></td>
 *       <td>Yes</td>
 *       <td>No</td>
 *     </tr>
 *     <tr align="left">
 *       <td><code class="code">secureTrafficOnly</code> = <code class="code">true</code></td>
 *       <td>No</td>
 *       <td>Yes</td>
 *     </tr>
 *     <tr align="left">
 *       <td><code class="code">secureTrafficOnly</code> = <code class="code">false</code> (default)</td>
 *       <td>Yes</td>
 *       <td>Yes</td>
 *     </tr>
 *     <tr align="left">
 *       <td>
 *         <p><code class="code">enabled</code> = <code class="code">true</code></p>
 *         <p><code class="code">secureTrafficOnly</code> = <code class="code">true</code></p>
 *     </td>
 *       <td>No</td>
 *       <td>Yes</td>
 *     </tr>
 *     <tr align="left">
 *       <td>
 *         <p><code class="code">enabled</code> = <code class="code">true</code></p>
 *         <p><code class="code">secureTrafficOnly</code> = <code class="code">false</code></p>
 *       </td>
 *       <td>Yes</td>
 *       <td>Yes</td>
 *     </tr>
 *     <tr align="left">
 *       <td>
 *         <p><code class="code">enabled</code> = <code class="code">false</code></p>
 *         <p><code class="code">secureTrafficOnly</code> = <code class="code">false</code></p>
 *       </td>
 *       <td>Yes</td>
 *       <td>No</td>
 *     </tr>
 *     <tr align="left">
 *       <td>
 *         <p><code class="code">enabled</code> = <code class="code">false</code></p>
 *         <p><code class="code">secureTrafficOnly</code> = <code class="code">true</code></p>
 *       </td>
 *       <td>Yes</td>
 *       <td>No</td>
 *     </tr>
 *   </tbody>
 * </table>
 */
public class SSLTermination {
   private final boolean enabled;
   private final boolean secureTrafficOnly;
   private final int securePort;
   private final Optional<String> certificate;
   @Named("privatekey")
   private final Optional<String> privateKey;
   private final Optional<String> intermediateCertificate;

   @ConstructorProperties({ "enabled", "secureTrafficOnly", "securePort", "certificate", "privatekey",
         "intermediateCertificate" })
   protected SSLTermination(boolean enabled, boolean secureTrafficOnly, int securePort, String certificate,
         String privateKey, String intermediateCertificate) {
      this.enabled = enabled;
      this.secureTrafficOnly = secureTrafficOnly;
      this.securePort = securePort;
      this.certificate = Optional.fromNullable(certificate);
      this.privateKey = Optional.fromNullable(privateKey);
      this.intermediateCertificate = Optional.fromNullable(intermediateCertificate);
   }

   public boolean getEnabled() {
      return this.enabled;
   }

   public boolean getSecureTrafficOnly() {
      return this.secureTrafficOnly;
   }

   public int getSecurePort() {
      return this.securePort;
   }

   public Optional<String> getCertificate() {
      return this.certificate;
   }

   public Optional<String> getPrivateKey() {
      return this.privateKey;
   }

   public Optional<String> getIntermediateCertificate() {
      return this.intermediateCertificate;
   }

   @Override
   public int hashCode() {
      return Objects.hashCode(enabled, secureTrafficOnly, securePort, certificate, privateKey, intermediateCertificate);
   }

   @Override
   public boolean equals(Object obj) {
      if (this == obj)
         return true;
      if (obj == null || getClass() != obj.getClass())
         return false;
      SSLTermination that = SSLTermination.class.cast(obj);

      return Objects.equal(this.enabled, that.enabled) && Objects.equal(this.secureTrafficOnly, that.secureTrafficOnly)
            && Objects.equal(this.securePort, that.securePort) && Objects.equal(this.certificate, that.certificate)
            && Objects.equal(this.privateKey, that.privateKey)
            && Objects.equal(this.intermediateCertificate, that.intermediateCertificate);
   }

   protected ToStringHelper string() {
      return MoreObjects.toStringHelper(this).omitNullValues().add("enabled", enabled)
            .add("secureTrafficOnly", secureTrafficOnly).add("securePort", securePort)
            .add("certificate", certificate.orNull()).add("privateKey", privateKey.orNull())
            .add("intermediateCertificate", intermediateCertificate.orNull());
   }

   @Override
   public String toString() {
      return string().toString();
   }

   public static class Builder {
      private boolean enabled;
      private boolean secureTrafficOnly;
      private int securePort;
      private String certificate;
      private String privateKey;
      private String intermediateCertificate;

      /**
       * Required. Determines if the load balancer is enabled to terminate SSL traffic.
       * </p>
       * If enabled = false, the load balancer will retain its specified SSL attributes, but will not terminate SSL traffic.
       */
      public Builder enabled(boolean enabled) {
         this.enabled = enabled;
         return this;
      }

      /**
       * Required. Determines if the load balancer may accept only secure traffic.
       * </p>
       * If secureTrafficOnly = true, the load balancer will not accept non-secure traffic.
       */
      public Builder secureTrafficOnly(boolean secureTrafficOnly) {
         this.secureTrafficOnly = secureTrafficOnly;
         return this;
      }

      /**
       * Required. The port on which the SSL termination load balancer will listen for secure traffic.
       * </p>
       * The securePort must be unique to the existing LB protocol/port combination. For example, port 443.
       */
      public Builder securePort(int securePort) {
         this.securePort = securePort;
         return this;
      }

      /**
       * Required. The certificate used for SSL termination.
       * </p>
       * The certificate is validated and verified against the key and intermediate certificate if provided.
       * </p>
       * All requests to SSL termination require the key/certificates to be in "proper" format, meaning that all raw 
       * line feed characters should be wrapped in a newline character. So if the user pastes in the key from a 
       * mykey.key file, it will not properly handle the field. For example, use string.replaceAll("\n", "\\n").
       */
      public Builder certificate(String certificate) {
         this.certificate = certificate;
         return this;
      }

      /**
       * Required. The private key for the SSL certificate.
       * </p>
       * The private key is validated and verified against the provided certificate(s).
       * 
       * @see SSLTermination#certificate(String)
       */
      public Builder privatekey(String privateKey) {
         this.privateKey = privateKey;
         return this;
      }

      /**
       * Optional only when configuring Intermediate SSL Termination. The user's intermediate certificate used for SSL
       * termination.
       * </p>
       * The intermediate certificate is validated and verified against the key and certificate credentials provided.
       * </p>
       * A user may only provide an intermediateCertificate when accompanied by a certificate, private key, and 
       * securePort. It may not be added to an existing SSL configuration as a single attribute in a future request.
       * 
       * @see SSLTermination#certificate(String)
       */
      public Builder intermediateCertificate(String intermediateCertificate) {
         this.intermediateCertificate = intermediateCertificate;
         return this;
      }

      public SSLTermination build() {
         return new SSLTermination(enabled, secureTrafficOnly, securePort, certificate, privateKey,
               intermediateCertificate);
      }

      public Builder from(SSLTermination in) {
         return this.enabled(in.getEnabled()).secureTrafficOnly(in.getSecureTrafficOnly())
               .securePort(in.getSecurePort()).certificate(in.getCertificate().orNull())
               .privatekey(in.getPrivateKey().orNull())
               .intermediateCertificate(in.getIntermediateCertificate().orNull());
      }
   }

   public static Builder builder() {
      return new Builder();
   }

   public Builder toBuilder() {
      return new Builder().from(this);
   }
}