001/* 002 * Copyright 2024 Ping Identity Corporation 003 * All Rights Reserved. 004 */ 005/* 006 * Copyright 2024 Ping Identity Corporation 007 * 008 * Licensed under the Apache License, Version 2.0 (the "License"); 009 * you may not use this file except in compliance with the License. 010 * You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, software 015 * distributed under the License is distributed on an "AS IS" BASIS, 016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 017 * See the License for the specific language governing permissions and 018 * limitations under the License. 019 */ 020/* 021 * Copyright (C) 2024 Ping Identity Corporation 022 * 023 * This program is free software; you can redistribute it and/or modify 024 * it under the terms of the GNU General Public License (GPLv2 only) 025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only) 026 * as published by the Free Software Foundation. 027 * 028 * This program is distributed in the hope that it will be useful, 029 * but WITHOUT ANY WARRANTY; without even the implied warranty of 030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 031 * GNU General Public License for more details. 032 * 033 * You should have received a copy of the GNU General Public License 034 * along with this program; if not, see <http://www.gnu.org/licenses>. 035 */ 036package com.unboundid.util.ssl; 037 038 039 040import java.io.File; 041import java.io.Serializable; 042import java.security.Provider; 043 044import com.unboundid.util.Mutable; 045import com.unboundid.util.NotNull; 046import com.unboundid.util.Nullable; 047import com.unboundid.util.ThreadSafety; 048import com.unboundid.util.ThreadSafetyLevel; 049import com.unboundid.util.Validator; 050 051 052 053/** 054 * This class provides a data structure with information about properties to 055 * use when accessing the {@link KeyStoreKeyManager}. 056 */ 057@Mutable() 058@ThreadSafety(level=ThreadSafetyLevel.NOT_THREADSAFE) 059public final class KeyStoreKeyManagerProperties 060 implements Serializable 061{ 062 /** 063 * The serial version UID for this serializable class. 064 */ 065 private static final long serialVersionUID = -115811521330361189L; 066 067 068 069 // Indicates whether to allow accessing a non-FIPS-compliant key store when 070 // running in FIPS-compliant mode. 071 private boolean allowNonFIPSInFIPSMode; 072 073 // Indicates whether to validate that the provided store is acceptable and can 074 // actually be used obtain a valid certificate. 075 private boolean validateKeyStore; 076 077 // The PIN needed to access the contents of the key store. 078 @Nullable private char[] keyStorePIN; 079 080 // The security provider to use to access the key store. 081 @Nullable private Provider provider; 082 083 // The alias for the target certificate in the key store. 084 @Nullable private String certificateAlias; 085 086 // The path to the key store file. 087 @NotNull private String keyStorePath; 088 089 // The format to use for the key store file. 090 @Nullable private String keyStoreFormat; 091 092 093 094 /** 095 * Creates a new set of key manage provider properties for the specified key 096 * store file. 097 * 098 * @param keyStoreFile The target key store file. It must not be 099 * {@code null}. 100 */ 101 public KeyStoreKeyManagerProperties(@NotNull final File keyStoreFile) 102 { 103 this(keyStoreFile.getAbsolutePath()); 104 } 105 106 107 108 /** 109 * Creates a new set of key manage provider properties for the specified key 110 * store file. 111 * 112 * @param keyStorePath The path to the target key store file. It must not 113 * be {@code null}. 114 */ 115 public KeyStoreKeyManagerProperties(@NotNull final String keyStorePath) 116 { 117 Validator.ensureNotNull(keyStorePath); 118 119 this.keyStorePath = keyStorePath; 120 121 keyStorePIN = null; 122 keyStoreFormat = null; 123 certificateAlias = null; 124 provider = null; 125 validateKeyStore = false; 126 allowNonFIPSInFIPSMode = false; 127 } 128 129 130 131 /** 132 * Retrieves the path to the target key store file. 133 * 134 * @return The path to the target key store file. 135 */ 136 @NotNull() 137 public String getKeyStorePath() 138 { 139 return keyStorePath; 140 } 141 142 143 144 /** 145 * Specifies the target key store file. 146 * 147 * @param keyStoreFile The target key store file. It must not be 148 * {@code null}. 149 */ 150 public void setKeyStoreFile(@NotNull final File keyStoreFile) 151 { 152 Validator.ensureNotNull(keyStoreFile); 153 keyStorePath = keyStoreFile.getAbsolutePath(); 154 } 155 156 157 158 /** 159 * Specifies the path to the target key store file. 160 * 161 * @param keyStorePath The path to the target key store file. It must not 162 * be {@code null}. 163 */ 164 public void setKeyStorePath(@NotNull final String keyStorePath) 165 { 166 Validator.ensureNotNull(keyStorePath); 167 this.keyStorePath = keyStorePath; 168 } 169 170 171 172 /** 173 * Retrieves the PIN needed to access the contents of the key store, if 174 * specified. 175 * 176 * @return The PIN needed to access the contents of the key store, or 177 * {@code null} if none has been specified. 178 */ 179 @Nullable() 180 public char[] getKeyStorePIN() 181 { 182 return keyStorePIN; 183 } 184 185 186 187 /** 188 * Specifies the PIN needed to access the contents of the key store. 189 * 190 * @param keyStorePIN The PIN needed to access the contents of the key 191 * store. It may be {@code null} if no PIN is needed. 192 */ 193 public void setKeyStorePIN(@Nullable final char[] keyStorePIN) 194 { 195 this.keyStorePIN = keyStorePIN; 196 } 197 198 199 200 /** 201 * Specifies the PIN needed to access the contents of the key store. 202 * 203 * @param keyStorePIN The PIN needed to access the contents of the key 204 * store. It may be {@code null} if no PIN is needed. 205 */ 206 public void setKeyStorePIN(@Nullable final String keyStorePIN) 207 { 208 if (keyStorePIN == null) 209 { 210 this.keyStorePIN = null; 211 } 212 else 213 { 214 this.keyStorePIN = keyStorePIN.toCharArray(); 215 } 216 217 } 218 219 220 221 /** 222 * Retrieves the format for the target key store, if specified. 223 * 224 * @return The format for the target key store, or {@code null} if a default 225 * format should be used. 226 */ 227 @Nullable() 228 public String getKeyStoreFormat() 229 { 230 return keyStoreFormat; 231 } 232 233 234 235 /** 236 * Specifies the format for the target key store. 237 * 238 * @param keyStoreFormat The format for the target key store. It may be 239 * {@code null} if a default format should be used. 240 */ 241 public void setKeyStoreFormat(@Nullable final String keyStoreFormat) 242 { 243 this.keyStoreFormat = keyStoreFormat; 244 } 245 246 247 248 /** 249 * Retrieves the alias (nickname) of the certificate chain to use in the 250 * target key store, if specified. 251 * 252 * @return The alias of the certificate chain to use in the target key store, 253 * or {@code null} if any acceptable certificate found in the key 254 * store may be used. 255 */ 256 @Nullable() 257 public String getCertificateAlias() 258 { 259 return certificateAlias; 260 } 261 262 263 264 /** 265 * Specifies the alias (nickname) of the certificate chain ot use in the 266 * target key store. 267 * 268 * @param certificateAlias The alias of the certificate chain to use in the 269 * target key store. It may be {@code null} if any 270 * acceptable certificate found in the key store may 271 * be used. 272 */ 273 public void setCertificateAlias(@Nullable final String certificateAlias) 274 { 275 this.certificateAlias = certificateAlias; 276 } 277 278 279 280 /** 281 * Indicates whether to validate that the provided key store is acceptable and 282 * can actually be used to obtain a valid certificate chain. 283 * 284 * @return {@code true} if the key store should be validated before 285 * attempting to use it, or {@code false} if not. 286 */ 287 public boolean validateKeyStore() 288 { 289 return validateKeyStore; 290 } 291 292 293 294 /** 295 * Specifies whether to validate that the provided key store is acceptable and 296 * can actually be used to obtain a valid certificate chain. 297 * 298 * @param validateKeyStore Indicates whether to validate that the provided 299 * key store is acceptable and can actually be used 300 * to obtain a valid certificate chain. If a 301 * certificate alias was specified, then this will 302 * ensure that the key store contains a valid 303 * private key entry with that alias. If no 304 * certificate alias was specified, then this will 305 * ensure that the key store contains at least one 306 * valid private key entry. 307 */ 308 public void setValidateKeyStore(final boolean validateKeyStore) 309 { 310 this.validateKeyStore = validateKeyStore; 311 } 312 313 314 315 /** 316 * Retrieves the security provider to use to access the key store, if a 317 * non-default provider should be used. 318 * 319 * @return The security provider to use to access the key store, or 320 * {@code null} if a default provider should be used. 321 */ 322 @Nullable() 323 public Provider getProvider() 324 { 325 return provider; 326 } 327 328 329 330 /** 331 * Specifies the security provider to use to access the key store. 332 * 333 * @param provider The security provider to use to access the key store. It 334 * may be {@code null} if a default provider should be used. 335 */ 336 public void setProvider(@Nullable final Provider provider) 337 { 338 this.provider = provider; 339 } 340 341 342 343 /** 344 * Indicates whether to allow access to a non-FIPS 140-2-compliant key store 345 * even when operating in FIPS-compliant mode. 346 * 347 * @return {@code true} if access to a non-FIPS-compliant key store should be 348 * allowed even when operating in FIPS-compliant mode, or 349 * {@code false} if not. 350 */ 351 public boolean allowNonFIPSInFIPSMode() 352 { 353 return allowNonFIPSInFIPSMode; 354 } 355 356 357 358 /** 359 * Specifies whether to allow access to a non-FIPS 140-2 compliant key store 360 * even when operating in FIPS-compliant mode. 361 * 362 * @param allowNonFIPSInFIPSMode Indicates whether to allow access to a 363 * non-FIPS-compliant key store even when 364 * operating in FIPS-compliant mode. 365 */ 366 public void setAllowNonFIPSInFIPSMode(final boolean allowNonFIPSInFIPSMode) 367 { 368 this.allowNonFIPSInFIPSMode = allowNonFIPSInFIPSMode; 369 } 370 371 372 373 /** 374 * Retrieves a string representation of these properties. 375 * 376 * @return A string representation of these properties. 377 */ 378 @Override() 379 @NotNull() 380 public String toString() 381 { 382 final StringBuilder buffer = new StringBuilder(); 383 toString(buffer); 384 return buffer.toString(); 385 } 386 387 388 389 /** 390 * Appends a string representation of these properties to the provided buffer. 391 * 392 * @param buffer The buffer to which the information should be appended. 393 * It must not be {@code null}. 394 */ 395 public void toString(@NotNull final StringBuilder buffer) 396 { 397 buffer.append("KeyStoreKeyManagerProperties(keyStorePath='"); 398 buffer.append(keyStorePath); 399 buffer.append('\''); 400 buffer.append(", keyStorePINProvided="); 401 buffer.append(keyStorePIN != null); 402 403 if (keyStoreFormat != null) 404 { 405 buffer.append(", keyStoreFormat='"); 406 buffer.append(keyStoreFormat); 407 buffer.append('\''); 408 } 409 410 if (certificateAlias != null) 411 { 412 buffer.append(", certificateAlias='"); 413 buffer.append(certificateAlias); 414 buffer.append('\''); 415 } 416 417 buffer.append(", validateKeyStore="); 418 buffer.append(validateKeyStore); 419 420 if (provider != null) 421 { 422 buffer.append(", providerClass='"); 423 buffer.append(provider.getClass().getName()); 424 buffer.append('\''); 425 } 426 427 buffer.append(", allowNonFIPSInFIPSMode="); 428 buffer.append(allowNonFIPSInFIPSMode); 429 buffer.append(')'); 430 } 431}