001/* 002 * Copyright 2024 Ping Identity Corporation 003 * All Rights Reserved. 004 */ 005/* 006 * Copyright 2024 Ping Identity Corporation 007 * 008 * Licensed under the Apache License, Version 2.0 (the "License"); 009 * you may not use this file except in compliance with the License. 010 * You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, software 015 * distributed under the License is distributed on an "AS IS" BASIS, 016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 017 * See the License for the specific language governing permissions and 018 * limitations under the License. 019 */ 020/* 021 * Copyright (C) 2024 Ping Identity Corporation 022 * 023 * This program is free software; you can redistribute it and/or modify 024 * it under the terms of the GNU General Public License (GPLv2 only) 025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only) 026 * as published by the Free Software Foundation. 027 * 028 * This program is distributed in the hope that it will be useful, 029 * but WITHOUT ANY WARRANTY; without even the implied warranty of 030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 031 * GNU General Public License for more details. 032 * 033 * You should have received a copy of the GNU General Public License 034 * along with this program; if not, see <http://www.gnu.org/licenses>. 035 */ 036package com.unboundid.util.ssl; 037 038 039 040import java.io.File; 041import java.io.Serializable; 042import java.security.Provider; 043 044import com.unboundid.util.Mutable; 045import com.unboundid.util.NotNull; 046import com.unboundid.util.Nullable; 047import com.unboundid.util.ThreadSafety; 048import com.unboundid.util.ThreadSafetyLevel; 049import com.unboundid.util.Validator; 050 051 052 053/** 054 * This class provides a data structure with information about properties to 055 * use when accessing the {@link TrustStoreTrustManager}. 056 */ 057@Mutable() 058@ThreadSafety(level=ThreadSafetyLevel.NOT_THREADSAFE) 059public final class TrustStoreTrustManagerProperties 060 implements Serializable 061{ 062 /** 063 * The serial version UID for this serializable class. 064 */ 065 private static final long serialVersionUID = 4782995125532803023L; 066 067 068 069 // Indicates whether to allow accessing a non-FIPS-compliant trust store 070 // when running in FIPS-compliant mode. 071 private boolean allowNonFIPSInFIPSMode; 072 073 // Indicates whether to reject certificates if the current time is outside 074 // the validity window for the certificate chain. 075 private boolean examineValidityDates; 076 077 // The PIN needed to access the contents of the trust store. 078 @Nullable private char[] trustStorePIN; 079 080 // The security provider to use to access the trust store. 081 @Nullable private Provider provider; 082 083 // The path to the trust store file. 084 @NotNull private String trustStorePath; 085 086 // The format to use for the trust store file. 087 @Nullable private String trustStoreFormat; 088 089 090 091 /** 092 * Creates a new set of trust manage provider properties for the specified 093 * trust store file. 094 * 095 * @param trustStoreFile The target trust store file. It must not be 096 * {@code null}. 097 */ 098 public TrustStoreTrustManagerProperties(@NotNull final File trustStoreFile) 099 { 100 this(trustStoreFile.getAbsolutePath()); 101 } 102 103 104 105 /** 106 * Creates a new set of trust manage provider properties for the specified 107 * trust store file. 108 * 109 * @param trustStorePath The path to the target trust store file. It must 110 * not be {@code null}. 111 */ 112 public TrustStoreTrustManagerProperties(@NotNull final String trustStorePath) 113 { 114 Validator.ensureNotNull(trustStorePath); 115 116 this.trustStorePath = trustStorePath; 117 118 trustStorePIN = null; 119 trustStoreFormat = null; 120 provider = null; 121 examineValidityDates = true; 122 allowNonFIPSInFIPSMode = false; 123 } 124 125 126 127 /** 128 * Retrieves the path to the target trust store file. 129 * 130 * @return The path to the target trust store file. 131 */ 132 @NotNull() 133 public String getTrustStorePath() 134 { 135 return trustStorePath; 136 } 137 138 139 140 /** 141 * Specifies the target trust store file. 142 * 143 * @param trustStoreFile The target trust store file. It must not be 144 * {@code null}. 145 */ 146 public void setTrustStoreFile(@NotNull final File trustStoreFile) 147 { 148 Validator.ensureNotNull(trustStoreFile); 149 trustStorePath = trustStoreFile.getAbsolutePath(); 150 } 151 152 153 154 /** 155 * Specifies the path to the target trust store file. 156 * 157 * @param trustStorePath The path to the target trust store file. It must 158 * not be {@code null}. 159 */ 160 public void setTrustStorePath(@NotNull final String trustStorePath) 161 { 162 Validator.ensureNotNull(trustStorePath); 163 this.trustStorePath = trustStorePath; 164 } 165 166 167 168 /** 169 * Retrieves the PIN needed to access the contents of the trust store, if 170 * specified. 171 * 172 * @return The PIN needed to access the contents of the trust store, or 173 * {@code null} if none has been specified. 174 */ 175 @Nullable() 176 public char[] getTrustStorePIN() 177 { 178 return trustStorePIN; 179 } 180 181 182 183 /** 184 * Specifies the PIN needed to access the contents of the trust store. 185 * 186 * @param trustStorePIN The PIN needed to access the contents of the trust 187 * store. It may be {@code null} if no PIN is needed. 188 */ 189 public void setTrustStorePIN(@Nullable final char[] trustStorePIN) 190 { 191 this.trustStorePIN = trustStorePIN; 192 } 193 194 195 196 /** 197 * Specifies the PIN needed to access the contents of the trust store. 198 * 199 * @param trustStorePIN The PIN needed to access the contents of the trust 200 * store. It may be {@code null} if no PIN is needed. 201 */ 202 public void setTrustStorePIN(@Nullable final String trustStorePIN) 203 { 204 if (trustStorePIN == null) 205 { 206 this.trustStorePIN = null; 207 } 208 else 209 { 210 this.trustStorePIN = trustStorePIN.toCharArray(); 211 } 212 213 } 214 215 216 217 /** 218 * Retrieves the format for the target trust store, if specified. 219 * 220 * @return The format for the target trust store, or {@code null} if a 221 * default format should be used. 222 */ 223 @Nullable() 224 public String getTrustStoreFormat() 225 { 226 return trustStoreFormat; 227 } 228 229 230 231 /** 232 * Specifies the format for the target trust store. 233 * 234 * @param trustStoreFormat The format for the target trust store. It may be 235 * {@code null} if a default format should be used. 236 */ 237 public void setTrustStoreFormat(@Nullable final String trustStoreFormat) 238 { 239 this.trustStoreFormat = trustStoreFormat; 240 } 241 242 243 244 /** 245 * Indicates whether to reject a presented certificate chain if the current 246 * time is outside the validity window for any of the certificates in the 247 * chain. 248 * 249 * @return {@code true} if the trust manager should reject the certificate 250 * chain if the current time is outside the validity window for any 251 * of the certificates in the chain, or {@code false} if not. 252 */ 253 public boolean examineValidityDates() 254 { 255 return examineValidityDates; 256 } 257 258 259 260 /** 261 * Specifies whether to reject a presented certificate chain if the current 262 * time is outside the validity window for any of the certificates in the 263 * chain. 264 * 265 * @param examineValidityDates Indicates whether to reject a presented 266 * certificate chain if the current time is 267 * outside the validity window for any of the 268 * certificates in the chain. 269 */ 270 public void setExamineValidityDates(final boolean examineValidityDates) 271 { 272 this.examineValidityDates = examineValidityDates; 273 } 274 275 276 277 /** 278 * Retrieves the security provider to use to access the trust store, if a 279 * non-default provider should be used. 280 * 281 * @return The security provider to use to access the trust store, or 282 * {@code null} if a default provider should be used. 283 */ 284 @Nullable() 285 public Provider getProvider() 286 { 287 return provider; 288 } 289 290 291 292 /** 293 * Specifies the security provider to use to access the trust store. 294 * 295 * @param provider The security provider to use to access the trust store. 296 * It may be {@code null} if a default provider should be 297 * used. 298 */ 299 public void setProvider(@Nullable final Provider provider) 300 { 301 this.provider = provider; 302 } 303 304 305 306 /** 307 * Indicates whether to allow access to a non-FIPS-compliant trust store even 308 * when operating in FIPS-compliant mode. 309 * 310 * @return {@code true} if access to a non-FIPS-compliant trust store should 311 * be allowed even when operating in FIPS-compliant mode, or 312 * {@code false} if not. 313 */ 314 public boolean allowNonFIPSInFIPSMode() 315 { 316 return allowNonFIPSInFIPSMode; 317 } 318 319 320 321 /** 322 * Specifies whether to allow access to a non-FIPS-compliant trust store even 323 * when operating in FIPS-compliant mode. 324 * 325 * @param allowNonFIPSInFIPSMode Indicates whether to allow access to a 326 * non-FIPS-compliant trust store even when 327 * operating in FIPS-compliant mode. 328 */ 329 public void setAllowNonFIPSInFIPSMode(final boolean allowNonFIPSInFIPSMode) 330 { 331 this.allowNonFIPSInFIPSMode = allowNonFIPSInFIPSMode; 332 } 333 334 335 336 /** 337 * Retrieves a string representation of these properties. 338 * 339 * @return A string representation of these properties. 340 */ 341 @Override() 342 @NotNull() 343 public String toString() 344 { 345 final StringBuilder buffer = new StringBuilder(); 346 toString(buffer); 347 return buffer.toString(); 348 } 349 350 351 352 /** 353 * Appends a string representation of these properties to the provided buffer. 354 * 355 * @param buffer The buffer to which the information should be appended. 356 * It must not be {@code null}. 357 */ 358 public void toString(@NotNull final StringBuilder buffer) 359 { 360 buffer.append("TrustStoreTrustManagerProperties(trustStorePath='"); 361 buffer.append(trustStorePath); 362 buffer.append('\''); 363 buffer.append(", trustStorePINProvided="); 364 buffer.append(trustStorePIN != null); 365 366 if (trustStoreFormat != null) 367 { 368 buffer.append(", trustStoreFormat='"); 369 buffer.append(trustStoreFormat); 370 buffer.append('\''); 371 } 372 373 buffer.append(", examineValidityDates="); 374 buffer.append(examineValidityDates); 375 376 if (provider != null) 377 { 378 buffer.append(", providerClass='"); 379 buffer.append(provider.getClass().getName()); 380 buffer.append('\''); 381 } 382 383 buffer.append(", allowNonFIPSInFIPSMode="); 384 buffer.append(allowNonFIPSInFIPSMode); 385 buffer.append(')'); 386 } 387}