001/*
002 * Copyright 2024 Ping Identity Corporation
003 * All Rights Reserved.
004 */
005/*
006 * Copyright 2024 Ping Identity Corporation
007 *
008 * Licensed under the Apache License, Version 2.0 (the "License");
009 * you may not use this file except in compliance with the License.
010 * You may obtain a copy of the License at
011 *
012 *    http://www.apache.org/licenses/LICENSE-2.0
013 *
014 * Unless required by applicable law or agreed to in writing, software
015 * distributed under the License is distributed on an "AS IS" BASIS,
016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
017 * See the License for the specific language governing permissions and
018 * limitations under the License.
019 */
020/*
021 * Copyright (C) 2024 Ping Identity Corporation
022 *
023 * This program is free software; you can redistribute it and/or modify
024 * it under the terms of the GNU General Public License (GPLv2 only)
025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
026 * as published by the Free Software Foundation.
027 *
028 * This program is distributed in the hope that it will be useful,
029 * but WITHOUT ANY WARRANTY; without even the implied warranty of
030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
031 * GNU General Public License for more details.
032 *
033 * You should have received a copy of the GNU General Public License
034 * along with this program; if not, see <http://www.gnu.org/licenses>.
035 */
036package com.unboundid.util.ssl;
037
038
039
040import java.io.File;
041import java.io.Serializable;
042import java.security.Provider;
043
044import com.unboundid.util.Mutable;
045import com.unboundid.util.NotNull;
046import com.unboundid.util.Nullable;
047import com.unboundid.util.ThreadSafety;
048import com.unboundid.util.ThreadSafetyLevel;
049import com.unboundid.util.Validator;
050
051
052
053/**
054 * This class provides a data structure with information about properties to
055 * use when accessing the {@link KeyStoreKeyManager}.
056 */
057@Mutable()
058@ThreadSafety(level=ThreadSafetyLevel.NOT_THREADSAFE)
059public final class KeyStoreKeyManagerProperties
060       implements Serializable
061{
062  /**
063   * The serial version UID for this serializable class.
064   */
065  private static final long serialVersionUID = -115811521330361189L;
066
067
068
069  // Indicates whether to allow accessing a non-FIPS-compliant key store when
070  // running in FIPS-compliant mode.
071  private boolean allowNonFIPSInFIPSMode;
072
073  // Indicates whether to validate that the provided store is acceptable and can
074  // actually be used obtain a valid certificate.
075  private boolean validateKeyStore;
076
077  // The PIN needed to access the contents of the key store.
078  @Nullable private char[] keyStorePIN;
079
080  // The security provider to use to access the key store.
081  @Nullable private Provider provider;
082
083  // The alias for the target certificate in the key store.
084  @Nullable private String certificateAlias;
085
086  // The path to the key store file.
087  @NotNull private String keyStorePath;
088
089  // The format to use for the key store file.
090  @Nullable private String keyStoreFormat;
091
092
093
094  /**
095   * Creates a new set of key manage provider properties for the specified key
096   * store file.
097   *
098   * @param  keyStoreFile  The target key store file.  It must not be
099   *                       {@code null}.
100   */
101  public KeyStoreKeyManagerProperties(@NotNull final File keyStoreFile)
102  {
103    this(keyStoreFile.getAbsolutePath());
104  }
105
106
107
108  /**
109   * Creates a new set of key manage provider properties for the specified key
110   * store file.
111   *
112   * @param  keyStorePath  The path to the target key store file.  It must not
113   *                       be {@code null}.
114   */
115  public KeyStoreKeyManagerProperties(@NotNull final String keyStorePath)
116  {
117    Validator.ensureNotNull(keyStorePath);
118
119    this.keyStorePath = keyStorePath;
120
121    keyStorePIN = null;
122    keyStoreFormat = null;
123    certificateAlias = null;
124    provider = null;
125    validateKeyStore = false;
126    allowNonFIPSInFIPSMode = false;
127  }
128
129
130
131  /**
132   * Retrieves the path to the target key store file.
133   *
134   * @return  The path to the target key store file.
135   */
136  @NotNull()
137  public String getKeyStorePath()
138  {
139    return keyStorePath;
140  }
141
142
143
144  /**
145   * Specifies the target key store file.
146   *
147   * @param  keyStoreFile  The target key store file.  It must not be
148   *                       {@code null}.
149   */
150  public void setKeyStoreFile(@NotNull final File keyStoreFile)
151  {
152    Validator.ensureNotNull(keyStoreFile);
153    keyStorePath = keyStoreFile.getAbsolutePath();
154  }
155
156
157
158  /**
159   * Specifies the path to the target key store file.
160   *
161   * @param  keyStorePath  The path to the target key store file.  It must not
162   *                       be {@code null}.
163   */
164  public void setKeyStorePath(@NotNull final String keyStorePath)
165  {
166    Validator.ensureNotNull(keyStorePath);
167    this.keyStorePath = keyStorePath;
168  }
169
170
171
172  /**
173   * Retrieves the PIN needed to access the contents of the key store, if
174   * specified.
175   *
176   * @return  The PIN needed to access the contents of the key store, or
177   *          {@code null} if none has been specified.
178   */
179  @Nullable()
180  public char[] getKeyStorePIN()
181  {
182    return keyStorePIN;
183  }
184
185
186
187  /**
188   * Specifies the PIN needed to access the contents of the key store.
189   *
190   * @param  keyStorePIN  The PIN needed to access the contents of the key
191   *                      store.  It may be {@code null} if no PIN is needed.
192   */
193  public void setKeyStorePIN(@Nullable final char[] keyStorePIN)
194  {
195    this.keyStorePIN = keyStorePIN;
196  }
197
198
199
200  /**
201   * Specifies the PIN needed to access the contents of the key store.
202   *
203   * @param  keyStorePIN  The PIN needed to access the contents of the key
204   *                      store.  It may be {@code null} if no PIN is needed.
205   */
206  public void setKeyStorePIN(@Nullable final String keyStorePIN)
207  {
208    if (keyStorePIN == null)
209    {
210      this.keyStorePIN = null;
211    }
212    else
213    {
214      this.keyStorePIN = keyStorePIN.toCharArray();
215    }
216
217  }
218
219
220
221  /**
222   * Retrieves the format for the target key store, if specified.
223   *
224   * @return  The format for the target key store, or {@code null} if a default
225   *          format should be used.
226   */
227  @Nullable()
228  public String getKeyStoreFormat()
229  {
230    return keyStoreFormat;
231  }
232
233
234
235  /**
236   * Specifies the format for the target key store.
237   *
238   * @param  keyStoreFormat  The format for the target key store.  It may be
239   *                         {@code null} if a default format should be used.
240   */
241  public void setKeyStoreFormat(@Nullable final String keyStoreFormat)
242  {
243    this.keyStoreFormat = keyStoreFormat;
244  }
245
246
247
248  /**
249   * Retrieves the alias (nickname) of the certificate chain to use in the
250   * target key store, if specified.
251   *
252   * @return  The alias of the certificate chain to use in the target key store,
253   *          or {@code null} if any acceptable certificate found in the key
254   *          store may be used.
255   */
256  @Nullable()
257  public String getCertificateAlias()
258  {
259    return certificateAlias;
260  }
261
262
263
264  /**
265   * Specifies the alias (nickname) of the certificate chain ot use in the
266   * target key store.
267   *
268   * @param  certificateAlias  The alias of the certificate chain to use in the
269   *                           target key store.  It may be {@code null} if any
270   *                           acceptable certificate found in the key store may
271   *                           be used.
272   */
273  public void setCertificateAlias(@Nullable final String certificateAlias)
274  {
275    this.certificateAlias = certificateAlias;
276  }
277
278
279
280  /**
281   * Indicates whether to validate that the provided key store is acceptable and
282   * can actually be used to obtain a valid certificate chain.
283   *
284   * @return  {@code true} if the key store should be validated before
285   *          attempting to use it, or {@code false} if not.
286   */
287  public boolean validateKeyStore()
288  {
289    return validateKeyStore;
290  }
291
292
293
294  /**
295   * Specifies whether to validate that the provided key store is acceptable and
296   * can actually be used to obtain a valid certificate chain.
297   *
298   * @param  validateKeyStore  Indicates whether to validate that the provided
299   *                           key store is acceptable and can actually be used
300   *                           to obtain a valid certificate chain.  If a
301   *                           certificate alias was specified, then this will
302   *                           ensure that the key store contains a valid
303   *                           private key entry with that alias.  If no
304   *                           certificate alias was specified, then this will
305   *                           ensure that the key store contains at least one
306   *                           valid private key entry.
307   */
308  public void setValidateKeyStore(final boolean validateKeyStore)
309  {
310    this.validateKeyStore = validateKeyStore;
311  }
312
313
314
315  /**
316   * Retrieves the security provider to use to access the key store, if a
317   * non-default provider should be used.
318   *
319   * @return  The security provider to use to access the key store, or
320   *          {@code null} if a default provider should be used.
321   */
322  @Nullable()
323  public Provider getProvider()
324  {
325    return provider;
326  }
327
328
329
330  /**
331   * Specifies the security provider to use to access the key store.
332   *
333   * @param  provider  The security provider to use to access the key store.  It
334   *                   may be {@code null} if a default provider should be used.
335   */
336  public void setProvider(@Nullable final Provider provider)
337  {
338    this.provider = provider;
339  }
340
341
342
343  /**
344   * Indicates whether to allow access to a non-FIPS-compliant key store even
345   * when operating in FIPS-compliant mode.
346   *
347   * @return  {@code true} if access to a non-FIPS-compliant key store should be
348   *          allowed even when operating in FIPS-compliant mode, or
349   *          {@code false} if not.
350   */
351  public boolean allowNonFIPSInFIPSMode()
352  {
353    return allowNonFIPSInFIPSMode;
354  }
355
356
357
358  /**
359   * Specifies whether to allow access to a non-FIPS-compliant key store even
360   * when operating in FIPS-compliant mode.
361   *
362   * @param  allowNonFIPSInFIPSMode  Indicates whether to allow access to a
363   *                                 non-FIPS-compliant key store even when
364   *                                 operating in FIPS-compliant mode.
365   */
366  public void setAllowNonFIPSInFIPSMode(final boolean allowNonFIPSInFIPSMode)
367  {
368    this.allowNonFIPSInFIPSMode = allowNonFIPSInFIPSMode;
369  }
370
371
372
373  /**
374   * Retrieves a string representation of these properties.
375   *
376   * @return  A string representation of these properties.
377   */
378  @Override()
379  @NotNull()
380  public String toString()
381  {
382    final StringBuilder buffer = new StringBuilder();
383    toString(buffer);
384    return buffer.toString();
385  }
386
387
388
389  /**
390   * Appends a string representation of these properties to the provided buffer.
391   *
392   * @param  buffer  The buffer to which the information should be appended.
393   *                 It must not be {@code null}.
394   */
395  public void toString(@NotNull final StringBuilder buffer)
396  {
397    buffer.append("KeyStoreKeyManagerProperties(keyStorePath='");
398    buffer.append(keyStorePath);
399    buffer.append('\'');
400    buffer.append(", keyStorePINProvided=");
401    buffer.append(keyStorePIN != null);
402
403    if (keyStoreFormat != null)
404    {
405      buffer.append(", keyStoreFormat='");
406      buffer.append(keyStoreFormat);
407      buffer.append('\'');
408    }
409
410    if (certificateAlias != null)
411    {
412      buffer.append(", certificateAlias='");
413      buffer.append(certificateAlias);
414      buffer.append('\'');
415    }
416
417    buffer.append(", validateKeyStore=");
418    buffer.append(validateKeyStore);
419
420    if (provider != null)
421    {
422      buffer.append(", providerClass='");
423      buffer.append(provider.getClass().getName());
424      buffer.append('\'');
425    }
426
427    buffer.append(", allowNonFIPSInFIPSMode=");
428    buffer.append(allowNonFIPSInFIPSMode);
429    buffer.append(')');
430  }
431}