/*******************************************************************************
* Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
*
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
*
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
******************************************************************************/
/*
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
*
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
*
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
package at.gv.egovernment.moa.id.commons.utils.ssl;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Set;
import iaik.asn1.structures.AlgorithmID;
import iaik.pki.PKIProfile;
import iaik.pki.pathvalidation.ValidationProfile;
import iaik.pki.revocation.RevocationProfile;
import iaik.pki.revocation.RevocationSourceTypes;
import iaik.pki.store.truststore.TrustStoreProfile;
import iaik.pki.store.truststore.TrustStoreTypes;
/**
* Implementation of the PKIProfile
interface and subinterfaces
* providing information needed for certificate path validation.
*
* @author Paul Ivancsics
* @version $Id$
*/
public class PKIProfileImpl extends ObservableImpl
implements PKIProfile, RevocationProfile, TrustStoreProfile, ValidationProfile {
/**
* URI to the truststore
*/
private String trustStoreURI;
/**
* revocation checking;
*/
private boolean revocationChecking;
private String[] revocationCheckMethode = new String[] {RevocationSourceTypes.CRL};
protected String ocspRequestHashAlgorithm_ = null;
/**
* The trust profile identifier.
*/
private String id;
/**
* Create a new PKIProfileImpl
.
*
* @param trustStoreURI trust store URI
*/
public PKIProfileImpl(String trustStoreURI, boolean revocationChecking) {
this.trustStoreURI = trustStoreURI;
this.revocationChecking = revocationChecking;
String id = String.valueOf(System.currentTimeMillis());
setId("id-" + id);
}
/**
* @see iaik.pki.PKIProfile#getRevocationProfile()
*/
public RevocationProfile getRevocationProfile() {
return this;
}
/**
* @see iaik.pki.PKIProfile#getTrustStoreProfile()
*/
public TrustStoreProfile getTrustStoreProfile() {
return this;
}
/**
* @see iaik.pki.PKIProfile#getValidationProfile()
*/
public ValidationProfile getValidationProfile() {
return this;
}
/**
* @see iaik.pki.PKIProfile#useAuthorityInfoAccess()
*/
public boolean useAuthorityInfoAccess() {
return true;
}
/**
* @see iaik.pki.revocation.RevocationProfile#getMaxRevocationAge(java.lang.String)
*/
public long getMaxRevocationAge(String arg0) {
return 0L;
}
/**
* @see iaik.pki.revocation.RevocationProfile#getOCSPRequestHashAlgorithm()
*/
public String getOCSPRequestHashAlgorithm() {
if (ocspRequestHashAlgorithm_ == null) {
try
{
ocspRequestHashAlgorithm_ = AlgorithmID.sha1.getImplementationName();
}
catch (NoSuchAlgorithmException localNoSuchAlgorithmException) {}
}
return ocspRequestHashAlgorithm_;
}
public void setOCSPRequestHashAlgorithm(AlgorithmID paramAlgorithmID)
throws NoSuchAlgorithmException
{
if (paramAlgorithmID == null) {
throw new NullPointerException("Algorithm must not be null.");
}
ocspRequestHashAlgorithm_ = paramAlgorithmID.getImplementationName();
}
/**
* @see iaik.pki.revocation.RevocationProfile#getPreferredServiceOrder(java.security.cert.X509Certificate)
*/
public String[] getPreferredServiceOrder(X509Certificate arg0) {
return revocationCheckMethode;
}
public void setPreferredServiceOrder(String[] order) {
this.revocationCheckMethode = order;
}
/**
* @see iaik.pki.store.truststore.TrustStoreProfile#getType()
*/
public String getType() {
return TrustStoreTypes.DIRECTORY;
}
/**
* @see iaik.pki.store.truststore.TrustStoreProfile#getURI()
*/
public String getURI() {
return trustStoreURI;
}
/**
* @see iaik.pki.pathvalidation.ValidationProfile#getInitialAnyPolicyInhibit()
*/
public boolean getInitialAnyPolicyInhibit() {
return false;
}
/**
* @see iaik.pki.pathvalidation.ValidationProfile#getInitialExplicitPolicy()
*/
public boolean getInitialExplicitPolicy() {
return false;
}
/**
* @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicyMappingInhibit()
*/
public boolean getInitialPolicyMappingInhibit() {
return false;
}
/**
* @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicySet()
*/
public Set getInitialPolicySet() {
return Collections.EMPTY_SET;
}
/**
* @see iaik.pki.pathvalidation.ValidationProfile#getNameConstraintsProcessing()
*/
public boolean getNameConstraintsProcessing() {
return false;
}
/**
* @see iaik.pki.pathvalidation.ValidationProfile#getPolicyProcessing()
*/
public boolean getPolicyProcessing() {
return false;
}
/**
* @see iaik.pki.pathvalidation.ValidationProfile#getRevocationChecking()
*/
public boolean getRevocationChecking() {
return this.revocationChecking;
}
/**
* @see iaik.pki.store.truststore.TrustStoreProfile#getId()
*/
public String getId() {
return id;
}
/**
* Sets the trust profile identifier.
* @param id The id to set.
*/
public void setId(String id) {
this.id = id;
}
/* (non-Javadoc)
* @see iaik.pki.PKIProfile#autoAddCertificates()
*/
@Override
public int autoAddCertificates() {
return 1;
}
/* (non-Javadoc)
* @see iaik.pki.PKIProfile#getIndirectRevocationTrustStoreProfile()
*/
@Override
public TrustStoreProfile getIndirectRevocationTrustStoreProfile() {
return null;
}
}