001/*
002 * Copyright 2024 Ping Identity Corporation
003 * All Rights Reserved.
004 */
005/*
006 * Copyright 2024 Ping Identity Corporation
007 *
008 * Licensed under the Apache License, Version 2.0 (the "License");
009 * you may not use this file except in compliance with the License.
010 * You may obtain a copy of the License at
011 *
012 *    http://www.apache.org/licenses/LICENSE-2.0
013 *
014 * Unless required by applicable law or agreed to in writing, software
015 * distributed under the License is distributed on an "AS IS" BASIS,
016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
017 * See the License for the specific language governing permissions and
018 * limitations under the License.
019 */
020/*
021 * Copyright (C) 2024 Ping Identity Corporation
022 *
023 * This program is free software; you can redistribute it and/or modify
024 * it under the terms of the GNU General Public License (GPLv2 only)
025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
026 * as published by the Free Software Foundation.
027 *
028 * This program is distributed in the hope that it will be useful,
029 * but WITHOUT ANY WARRANTY; without even the implied warranty of
030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
031 * GNU General Public License for more details.
032 *
033 * You should have received a copy of the GNU General Public License
034 * along with this program; if not, see <http://www.gnu.org/licenses>.
035 */
036package com.unboundid.util.ssl;
037
038
039
040import java.io.File;
041import java.io.Serializable;
042import java.security.Provider;
043
044import com.unboundid.util.Mutable;
045import com.unboundid.util.NotNull;
046import com.unboundid.util.Nullable;
047import com.unboundid.util.ThreadSafety;
048import com.unboundid.util.ThreadSafetyLevel;
049import com.unboundid.util.Validator;
050
051
052
053/**
054 * This class provides a data structure with information about properties to
055 * use when accessing the {@link TrustStoreTrustManager}.
056 */
057@Mutable()
058@ThreadSafety(level=ThreadSafetyLevel.NOT_THREADSAFE)
059public final class TrustStoreTrustManagerProperties
060       implements Serializable
061{
062  /**
063   * The serial version UID for this serializable class.
064   */
065  private static final long serialVersionUID = 4782995125532803023L;
066
067
068
069  // Indicates whether to allow accessing a non-FIPS-compliant trust store
070  // when running in FIPS-compliant mode.
071  private boolean allowNonFIPSInFIPSMode;
072
073  // Indicates whether to reject certificates if the current time is outside
074  // the validity window for the certificate chain.
075  private boolean examineValidityDates;
076
077  // The PIN needed to access the contents of the trust store.
078  @Nullable private char[] trustStorePIN;
079
080  // The security provider to use to access the trust store.
081  @Nullable private Provider provider;
082
083  // The path to the trust store file.
084  @NotNull private String trustStorePath;
085
086  // The format to use for the trust store file.
087  @Nullable private String trustStoreFormat;
088
089
090
091  /**
092   * Creates a new set of trust manage provider properties for the specified
093   * trust store file.
094   *
095   * @param  trustStoreFile  The target trust store file.  It must not be
096   *                         {@code null}.
097   */
098  public TrustStoreTrustManagerProperties(@NotNull final File trustStoreFile)
099  {
100    this(trustStoreFile.getAbsolutePath());
101  }
102
103
104
105  /**
106   * Creates a new set of trust manage provider properties for the specified
107   * trust store file.
108   *
109   * @param  trustStorePath  The path to the target trust store file.  It must
110   *                         not be {@code null}.
111   */
112  public TrustStoreTrustManagerProperties(@NotNull final String trustStorePath)
113  {
114    Validator.ensureNotNull(trustStorePath);
115
116    this.trustStorePath = trustStorePath;
117
118    trustStorePIN = null;
119    trustStoreFormat = null;
120    provider = null;
121    examineValidityDates = true;
122    allowNonFIPSInFIPSMode = false;
123  }
124
125
126
127  /**
128   * Retrieves the path to the target trust store file.
129   *
130   * @return  The path to the target trust store file.
131   */
132  @NotNull()
133  public String getTrustStorePath()
134  {
135    return trustStorePath;
136  }
137
138
139
140  /**
141   * Specifies the target trust store file.
142   *
143   * @param  trustStoreFile  The target trust store file.  It must not be
144   *                         {@code null}.
145   */
146  public void setTrustStoreFile(@NotNull final File trustStoreFile)
147  {
148    Validator.ensureNotNull(trustStoreFile);
149    trustStorePath = trustStoreFile.getAbsolutePath();
150  }
151
152
153
154  /**
155   * Specifies the path to the target trust store file.
156   *
157   * @param  trustStorePath  The path to the target trust store file.  It must
158   *                         not be {@code null}.
159   */
160  public void setTrustStorePath(@NotNull final String trustStorePath)
161  {
162    Validator.ensureNotNull(trustStorePath);
163    this.trustStorePath = trustStorePath;
164  }
165
166
167
168  /**
169   * Retrieves the PIN needed to access the contents of the trust store, if
170   * specified.
171   *
172   * @return  The PIN needed to access the contents of the trust store, or
173   *          {@code null} if none has been specified.
174   */
175  @Nullable()
176  public char[] getTrustStorePIN()
177  {
178    return trustStorePIN;
179  }
180
181
182
183  /**
184   * Specifies the PIN needed to access the contents of the trust store.
185   *
186   * @param  trustStorePIN  The PIN needed to access the contents of the trust
187   *                        store.  It may be {@code null} if no PIN is needed.
188   */
189  public void setTrustStorePIN(@Nullable final char[] trustStorePIN)
190  {
191    this.trustStorePIN = trustStorePIN;
192  }
193
194
195
196  /**
197   * Specifies the PIN needed to access the contents of the trust store.
198   *
199   * @param  trustStorePIN  The PIN needed to access the contents of the trust
200   *                        store.  It may be {@code null} if no PIN is needed.
201   */
202  public void setTrustStorePIN(@Nullable final String trustStorePIN)
203  {
204    if (trustStorePIN == null)
205    {
206      this.trustStorePIN = null;
207    }
208    else
209    {
210      this.trustStorePIN = trustStorePIN.toCharArray();
211    }
212
213  }
214
215
216
217  /**
218   * Retrieves the format for the target trust store, if specified.
219   *
220   * @return  The format for the target trust store, or {@code null} if a
221   *          default format should be used.
222   */
223  @Nullable()
224  public String getTrustStoreFormat()
225  {
226    return trustStoreFormat;
227  }
228
229
230
231  /**
232   * Specifies the format for the target trust store.
233   *
234   * @param  trustStoreFormat  The format for the target trust store.  It may be
235   *                           {@code null} if a default format should be used.
236   */
237  public void setTrustStoreFormat(@Nullable final String trustStoreFormat)
238  {
239    this.trustStoreFormat = trustStoreFormat;
240  }
241
242
243
244  /**
245   * Indicates whether to reject a presented certificate chain if the current
246   * time is outside the validity window for any of the certificates in the
247   * chain.
248   *
249   * @return  {@code true} if the trust manager should reject the certificate
250   *          chain if the current time is outside the validity window for any
251   *          of the certificates in the chain, or {@code false} if not.
252   */
253  public boolean examineValidityDates()
254  {
255    return examineValidityDates;
256  }
257
258
259
260  /**
261   * Specifies whether to reject a presented certificate chain if the current
262   * time is outside the validity window for any of the certificates in the
263   * chain.
264   *
265   * @param  examineValidityDates  Indicates whether to reject a presented
266   *                               certificate chain if the current time is
267   *                               outside the validity window for any of the
268   *                               certificates in the chain.
269   */
270  public void setExamineValidityDates(final boolean examineValidityDates)
271  {
272    this.examineValidityDates = examineValidityDates;
273  }
274
275
276
277  /**
278   * Retrieves the security provider to use to access the trust store, if a
279   * non-default provider should be used.
280   *
281   * @return  The security provider to use to access the trust store, or
282   *          {@code null} if a default provider should be used.
283   */
284  @Nullable()
285  public Provider getProvider()
286  {
287    return provider;
288  }
289
290
291
292  /**
293   * Specifies the security provider to use to access the trust store.
294   *
295   * @param  provider  The security provider to use to access the trust store.
296   *                   It may be {@code null} if a default provider should be
297   *                   used.
298   */
299  public void setProvider(@Nullable final Provider provider)
300  {
301    this.provider = provider;
302  }
303
304
305
306  /**
307   * Indicates whether to allow access to a non-FIPS-compliant trust store even
308   * when operating in FIPS-compliant mode.
309   *
310   * @return  {@code true} if access to a non-FIPS-compliant trust store should
311   *          be allowed even when operating in FIPS-compliant mode, or
312   *          {@code false} if not.
313   */
314  public boolean allowNonFIPSInFIPSMode()
315  {
316    return allowNonFIPSInFIPSMode;
317  }
318
319
320
321  /**
322   * Specifies whether to allow access to a non-FIPS-compliant trust store even
323   * when operating in FIPS-compliant mode.
324   *
325   * @param  allowNonFIPSInFIPSMode  Indicates whether to allow access to a
326   *                                 non-FIPS-compliant trust store even when
327   *                                 operating in FIPS-compliant mode.
328   */
329  public void setAllowNonFIPSInFIPSMode(final boolean allowNonFIPSInFIPSMode)
330  {
331    this.allowNonFIPSInFIPSMode = allowNonFIPSInFIPSMode;
332  }
333
334
335
336  /**
337   * Retrieves a string representation of these properties.
338   *
339   * @return  A string representation of these properties.
340   */
341  @Override()
342  @NotNull()
343  public String toString()
344  {
345    final StringBuilder buffer = new StringBuilder();
346    toString(buffer);
347    return buffer.toString();
348  }
349
350
351
352  /**
353   * Appends a string representation of these properties to the provided buffer.
354   *
355   * @param  buffer  The buffer to which the information should be appended.
356   *                 It must not be {@code null}.
357   */
358  public void toString(@NotNull final StringBuilder buffer)
359  {
360    buffer.append("TrustStoreTrustManagerProperties(trustStorePath='");
361    buffer.append(trustStorePath);
362    buffer.append('\'');
363    buffer.append(", trustStorePINProvided=");
364    buffer.append(trustStorePIN != null);
365
366    if (trustStoreFormat != null)
367    {
368      buffer.append(", trustStoreFormat='");
369      buffer.append(trustStoreFormat);
370      buffer.append('\'');
371    }
372
373    buffer.append(", examineValidityDates=");
374    buffer.append(examineValidityDates);
375
376    if (provider != null)
377    {
378      buffer.append(", providerClass='");
379      buffer.append(provider.getClass().getName());
380      buffer.append('\'');
381    }
382
383    buffer.append(", allowNonFIPSInFIPSMode=");
384    buffer.append(allowNonFIPSInFIPSMode);
385    buffer.append(')');
386  }
387}