0001: /*************************************************************************
0002: * *
0003: * EJBCA: The OpenSource Certificate Authority *
0004: * *
0005: * This software is free software; you can redistribute it and/or *
0006: * modify it under the terms of the GNU Lesser General Public *
0007: * License as published by the Free Software Foundation; either *
0008: * version 2.1 of the License, or any later version. *
0009: * *
0010: * See terms of license at gnu.org. *
0011: * *
0012: *************************************************************************/package org.ejbca.core.model.ca.certificateprofiles;
0013:
0014: import java.io.Serializable;
0015: import java.util.ArrayList;
0016: import java.util.Collection;
0017: import java.util.Collections;
0018: import java.util.HashMap;
0019: import java.util.Iterator;
0020: import java.util.List;
0021: import java.util.StringTokenizer;
0022:
0023: import org.apache.commons.lang.StringUtils;
0024: import org.apache.log4j.Logger;
0025: import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
0026: import org.bouncycastle.asn1.x509.KeyPurposeId;
0027: import org.bouncycastle.asn1.x509.X509Extensions;
0028: import org.ejbca.core.ejb.ca.store.CertificateDataBean;
0029: import org.ejbca.core.model.InternalResources;
0030: import org.ejbca.core.model.UpgradeableDataHashMap;
0031: import org.ejbca.util.CertTools;
0032: import org.ejbca.util.dn.DNFieldExtractor;
0033:
0034: /**
0035: * CertificateProfile is a basic class used to customize a certificate
0036: * configuration or be inherited by fixed certificate profiles.
0037: *
0038: * @version $Id: CertificateProfile.java,v 1.34 2008/03/14 16:55:37 anatom Exp $
0039: */
0040: public class CertificateProfile extends UpgradeableDataHashMap
0041: implements Serializable, Cloneable {
0042: private static final Logger log = Logger
0043: .getLogger(CertificateProfile.class);
0044: /** Internal localization of logs and errors */
0045: private static final InternalResources intres = InternalResources
0046: .getInstance();
0047:
0048: // Default Values
0049: public static final float LATEST_VERSION = (float) 26.0;
0050:
0051: /**
0052: * Determines if a de-serialized file is compatible with this class.
0053: *
0054: * Maintainers must change this value if and only if the new version
0055: * of this class is not compatible with old versions. See Sun docs
0056: * for <a href=http://java.sun.com/products/jdk/1.1/docs/guide
0057: * /serialization/spec/version.doc.html> details. </a>
0058: *
0059: */
0060: private static final long serialVersionUID = -8069608639716545206L;
0061:
0062: /** KeyUsage constants */
0063: public static final int DIGITALSIGNATURE = 0;
0064: public static final int NONREPUDIATION = 1;
0065: public static final int KEYENCIPHERMENT = 2;
0066: public static final int DATAENCIPHERMENT = 3;
0067: public static final int KEYAGREEMENT = 4;
0068: public static final int KEYCERTSIGN = 5;
0069: public static final int CRLSIGN = 6;
0070: public static final int ENCIPHERONLY = 7;
0071: public static final int DECIPHERONLY = 8;
0072:
0073: /** Extended key usage constants */
0074: public static final int ANYEXTENDEDKEYUSAGE = 0;
0075: public static final int SERVERAUTH = 1;
0076: public static final int CLIENTAUTH = 2;
0077: public static final int CODESIGNING = 3;
0078: public static final int EMAILPROTECTION = 4;
0079: // The following three IPSec key usages are deprecated and replaced by IPSECIKE
0080: public static final int IPSECENDSYSTEM = 5;
0081: public static final int IPSECTUNNEL = 6;
0082: public static final int IPSECUSER = 7;
0083: public static final int TIMESTAMPING = 8;
0084: public static final int SMARTCARDLOGON = 9;
0085: public static final int OCSPSIGNING = 10;
0086: public static final int EFS_OBJECTID = 11;
0087: public static final int EFSR_OBJECTID = 12;
0088: public static final int IPSECIKE = 13;
0089: public static final int SCVPSERVER = 14;
0090: public static final int SCVPCLIENT = 15;
0091:
0092: /** Array of all OIDs for Extended Key Usage
0093: */
0094: public static final String[] EXTENDEDKEYUSAGEOIDSTRINGS = {
0095: KeyPurposeId.anyExtendedKeyUsage.getId(),
0096: KeyPurposeId.id_kp_serverAuth.getId(),
0097: KeyPurposeId.id_kp_clientAuth.getId(),
0098: KeyPurposeId.id_kp_codeSigning.getId(),
0099: KeyPurposeId.id_kp_emailProtection.getId(),
0100: KeyPurposeId.id_kp_ipsecEndSystem.getId(),
0101: KeyPurposeId.id_kp_ipsecTunnel.getId(),
0102: KeyPurposeId.id_kp_ipsecUser.getId(),
0103: KeyPurposeId.id_kp_timeStamping.getId(),
0104: KeyPurposeId.id_kp_smartcardlogon.getId(),
0105: KeyPurposeId.id_kp_OCSPSigning.getId(),
0106: CertTools.EFS_OBJECTID, CertTools.EFSR_OBJECTID,
0107: CertTools.id_kp_ipsecIKE, CertTools.id_kp_scvpServer,
0108: CertTools.id_kp_scvpClient };
0109:
0110: /** Microsoft Template Constants */
0111: public static final String MSTEMPL_DOMAINCONTROLLER = "DomainController";
0112:
0113: public static final String[] AVAILABLE_MSTEMPLATES = { MSTEMPL_DOMAINCONTROLLER };
0114:
0115: public static final String TRUE = "true";
0116: public static final String FALSE = "false";
0117:
0118: public static final int TYPE_ENDENTITY = CertificateDataBean.CERTTYPE_ENDENTITY;
0119: public static final int TYPE_SUBCA = CertificateDataBean.CERTTYPE_SUBCA;
0120: public static final int TYPE_ROOTCA = CertificateDataBean.CERTTYPE_ROOTCA;
0121: public static final int NUMBER_OF_TYPES = 3;
0122:
0123: /** Supported certificate versions. */
0124: public static final String VERSION_X509V3 = "X509v3";
0125: public static final String CERTIFICATEPROFILENAME = "CUSTOM";
0126:
0127: /** Constant indicating that any CA can be used with this certificate profile.*/
0128: public static final int ANYCA = -1;
0129:
0130: /** Contant holding the default available bit lengths for certificate profiles */
0131: public static final int[] DEFAULTBITLENGTHS = { 0, 192, 239, 256,
0132: 384, 512, 1024, 2048, 4096 };
0133:
0134: // Profile fields
0135: protected static final String CERTVERSION = "certversion";
0136: protected static final String VALIDITY = "validity";
0137: protected static final String ALLOWVALIDITYOVERRIDE = "allowvalidityoverride";
0138: protected static final String ALLOWKEYUSAGEOVERRIDE = "allowkeyusageoverride";
0139: protected static final String ALLOWEXTENSIONOVERRIDE = "allowextensionoverride";
0140: protected static final String AVAILABLEBITLENGTHS = "availablebitlengths";
0141: protected static final String MINIMUMAVAILABLEBITLENGTH = "minimumavailablebitlength";
0142: protected static final String MAXIMUMAVAILABLEBITLENGTH = "maximumavailablebitlength";
0143: public static final String TYPE = "type";
0144: protected static final String AVAILABLECAS = "availablecas";
0145: protected static final String USEDPUBLISHERS = "usedpublishers";
0146: protected static final String USECNPOSTFIX = "usecnpostfix";
0147: protected static final String CNPOSTFIX = "cnpostfix";
0148: protected static final String USESUBJECTDNSUBSET = "usesubjectdnsubset";
0149: protected static final String SUBJECTDNSUBSET = "subjectdnsubset";
0150: protected static final String USESUBJECTALTNAMESUBSET = "usesubjectaltnamesubset";
0151: protected static final String SUBJECTALTNAMESUBSET = "subjectaltnamesubset";
0152: protected static final String USEDCERTIFICATEEXTENSIONS = "usedcertificateextensions";
0153: //
0154: // CRL extensions
0155: protected static final String USECRLNUMBER = "usecrlnumber";
0156: protected static final String CRLNUMBERCRITICAL = "crlnumbercritical";
0157: protected static final String USECRLDISTRIBUTIONPOINTONCRL = "usecrldistributionpointoncrl";
0158: //
0159: // Certificate extensions
0160: protected static final String USEBASICCONSTRAINTS = "usebasicconstrants";
0161: protected static final String BASICCONSTRAINTSCRITICAL = "basicconstraintscritical";
0162: protected static final String USEPATHLENGTHCONSTRAINT = "usepathlengthconstraint";
0163: protected static final String PATHLENGTHCONSTRAINT = "pathlengthconstraint";
0164: protected static final String USEKEYUSAGE = "usekeyusage";
0165: protected static final String KEYUSAGECRITICAL = "keyusagecritical";
0166: protected static final String KEYUSAGE = "keyusage";
0167: protected static final String USESUBJECTKEYIDENTIFIER = "usesubjectkeyidentifier";
0168: protected static final String SUBJECTKEYIDENTIFIERCRITICAL = "subjectkeyidentifiercritical";
0169: protected static final String USEAUTHORITYKEYIDENTIFIER = "useauthoritykeyidentifier";
0170: protected static final String AUTHORITYKEYIDENTIFIERCRITICAL = "authoritykeyidentifiercritical";
0171: protected static final String USESUBJECTALTERNATIVENAME = "usesubjectalternativename";
0172: protected static final String SUBJECTALTERNATIVENAMECRITICAL = "subjectalternativenamecritical";
0173: protected static final String USECRLDISTRIBUTIONPOINT = "usecrldistributionpoint";
0174: protected static final String USEDEFAULTCRLDISTRIBUTIONPOINT = "usedefaultcrldistributionpoint";
0175: protected static final String CRLDISTRIBUTIONPOINTCRITICAL = "crldistributionpointcritical";
0176: protected static final String CRLDISTRIBUTIONPOINTURI = "crldistributionpointuri";
0177: protected static final String CRLISSUER = "crlissuer";
0178: protected static final String USEFRESHESTCRL = "usefreshestcrl";
0179: protected static final String USECADEFINEDFRESHESTCRL = "usecadefinedfreshestcrl";
0180: protected static final String FRESHESTCRLURI = "freshestcrluri";
0181: protected static final String USECERTIFICATEPOLICIES = "usecertificatepolicies";
0182: protected static final String CERTIFICATEPOLICIESCRITICAL = "certificatepoliciescritical";
0183: /** Policy containing oid, User Notice and Cps Url */
0184: protected static final String CERTIFICATE_POLICIES = "certificatepolicies";
0185: protected static final String USEEXTENDEDKEYUSAGE = "useextendedkeyusage";
0186: protected static final String EXTENDEDKEYUSAGE = "extendedkeyusage";
0187: protected static final String EXTENDEDKEYUSAGECRITICAL = "extendedkeyusagecritical";
0188: protected static final String USEOCSPNOCHECK = "useocspnocheck";
0189: protected static final String USEAUTHORITYINFORMATIONACCESS = "useauthorityinformationaccess";
0190: protected static final String USEOCSPSERVICELOCATOR = "useocspservicelocator";
0191: protected static final String USEDEFAULTOCSPSERVICELOCATOR = "usedefaultocspservicelocator";
0192: protected static final String OCSPSERVICELOCATORURI = "ocspservicelocatoruri";
0193: protected static final String USECAISSUERS = "usecaissuersuri";
0194: protected static final String CAISSUERS = "caissuers";
0195: protected static final String USEMICROSOFTTEMPLATE = "usemicrosofttemplate";
0196: protected static final String MICROSOFTTEMPLATE = "microsofttemplate";
0197: protected static final String USEQCSTATEMENT = "useqcstatement";
0198: protected static final String USEPKIXQCSYNTAXV2 = "usepkixqcsyntaxv2";
0199: protected static final String QCSTATEMENTCRITICAL = "useqcstatementcritical";
0200: protected static final String QCSTATEMENTRANAME = "useqcstatementraname";
0201: protected static final String QCSSEMANTICSID = "useqcsematicsid";
0202: protected static final String USEQCETSIQCCOMPLIANCE = "useqcetsiqccompliance";
0203: protected static final String USEQCETSIVALUELIMIT = "useqcetsivaluelimit";
0204: protected static final String QCETSIVALUELIMIT = "qcetsivaluelimit";
0205: protected static final String QCETSIVALUELIMITEXP = "qcetsivaluelimitexp";
0206: protected static final String QCETSIVALUELIMITCURRENCY = "qcetsivaluelimitcurrency";
0207: protected static final String USEQCETSISIGNATUREDEVICE = "useqcetsisignaturedevice";
0208: protected static final String USEQCCUSTOMSTRING = "useqccustomstring";
0209: protected static final String QCCUSTOMSTRINGOID = "qccustomstringoid";
0210: protected static final String QCCUSTOMSTRINGTEXT = "qccustomstringtext";
0211: protected static final String USESUBJECTDIRATTRIBUTES = "usesubjectdirattributes";
0212:
0213: /** Constants holding the use properties for certificate extensions */
0214: protected static final HashMap useStandardCertificateExtensions = new HashMap();
0215: {
0216: useStandardCertificateExtensions.put(USEBASICCONSTRAINTS,
0217: X509Extensions.BasicConstraints.getId());
0218: useStandardCertificateExtensions.put(USEKEYUSAGE,
0219: X509Extensions.KeyUsage.getId());
0220: useStandardCertificateExtensions.put(USESUBJECTKEYIDENTIFIER,
0221: X509Extensions.SubjectKeyIdentifier.getId());
0222: useStandardCertificateExtensions.put(USEAUTHORITYKEYIDENTIFIER,
0223: X509Extensions.AuthorityKeyIdentifier.getId());
0224: useStandardCertificateExtensions.put(USESUBJECTALTERNATIVENAME,
0225: X509Extensions.SubjectAlternativeName.getId());
0226: useStandardCertificateExtensions.put(USECRLDISTRIBUTIONPOINT,
0227: X509Extensions.CRLDistributionPoints.getId());
0228: useStandardCertificateExtensions.put(USEFRESHESTCRL,
0229: X509Extensions.FreshestCRL.getId());
0230: useStandardCertificateExtensions.put(USECERTIFICATEPOLICIES,
0231: X509Extensions.CertificatePolicies.getId());
0232: useStandardCertificateExtensions.put(USEEXTENDEDKEYUSAGE,
0233: X509Extensions.ExtendedKeyUsage.getId());
0234: useStandardCertificateExtensions.put(USEQCSTATEMENT,
0235: X509Extensions.QCStatements.getId());
0236: useStandardCertificateExtensions.put(USESUBJECTDIRATTRIBUTES,
0237: X509Extensions.SubjectDirectoryAttributes.getId());
0238: useStandardCertificateExtensions.put(
0239: USEAUTHORITYINFORMATIONACCESS,
0240: X509Extensions.AuthorityInfoAccess.getId());
0241: useStandardCertificateExtensions.put(USEOCSPNOCHECK,
0242: OCSPObjectIdentifiers.id_pkix_ocsp_nocheck.getId());
0243: useStandardCertificateExtensions.put(USEMICROSOFTTEMPLATE,
0244: CertTools.OID_MSTEMPLATE);
0245: }
0246:
0247: // Old values used to upgrade from v22 to v23
0248: protected static final String CERTIFICATEPOLICYID = "certificatepolicyid";
0249: /** Policy Notice Url to CPS field alias in the data structure */
0250: protected static final String POLICY_NOTICE_CPS_URL = "policynoticecpsurl";
0251: /** Policy Notice User Notice field alias in the data structure */
0252: protected static final String POLICY_NOTICE_UNOTICE_TEXT = "policynoticeunoticetext";
0253:
0254: // Public Methods
0255:
0256: /**
0257: * Creates a new instance of CertificateProfile
0258: *
0259: * These settings are general for all sub-profiles, only differing values are overridden
0260: * in the sub-profiles. If changing any present value here you must therefore go through all
0261: * sub-profiles and add an override there.
0262: * I.e. only add new values here, don't change any present settings.
0263: */
0264: public CertificateProfile() {
0265: setCertificateVersion(VERSION_X509V3);
0266: setValidity(730);
0267: setAllowValidityOverride(false);
0268:
0269: setAllowExtensionOverride(false);
0270:
0271: setUseBasicConstraints(true);
0272: setBasicConstraintsCritical(true);
0273:
0274: setUseSubjectKeyIdentifier(true);
0275: setSubjectKeyIdentifierCritical(false);
0276:
0277: setUseAuthorityKeyIdentifier(true);
0278: setAuthorityKeyIdentifierCritical(false);
0279:
0280: setUseSubjectAlternativeName(true);
0281: setSubjectAlternativeNameCritical(false);
0282:
0283: setUseCRLDistributionPoint(false);
0284: setUseDefaultCRLDistributionPoint(false);
0285: setCRLDistributionPointCritical(false);
0286: setCRLDistributionPointURI("");
0287: setUseCRLDistributionPointOnCRL(false);
0288: setUseFreshestCRL(false);
0289: setUseCADefinedFreshestCRL(false);
0290: setFreshestCRLURI("");
0291:
0292: setUseCertificatePolicies(false);
0293: setCertificatePoliciesCritical(false);
0294: ArrayList policies = new ArrayList();
0295: setCertificatePolicies(policies);
0296:
0297: setType(TYPE_ENDENTITY);
0298:
0299: setAvailableBitLengths(DEFAULTBITLENGTHS);
0300:
0301: setUseKeyUsage(true);
0302: setKeyUsage(new boolean[9]);
0303: setAllowKeyUsageOverride(true);
0304: setKeyUsageCritical(true);
0305:
0306: setUseExtendedKeyUsage(false);
0307: setExtendedKeyUsage(new ArrayList());
0308: setExtendedKeyUsageCritical(false);
0309:
0310: ArrayList availablecas = new ArrayList();
0311: availablecas.add(new Integer(ANYCA));
0312: setAvailableCAs(availablecas);
0313:
0314: setPublisherList(new ArrayList());
0315:
0316: setUseCaIssuers(false);
0317: setCaIssuers(new ArrayList());
0318:
0319: setUseOcspNoCheck(false);
0320: setUseOCSPServiceLocator(false);
0321: setUseDefaultOCSPServiceLocator(false);
0322: setOCSPServiceLocatorURI("");
0323:
0324: setUseMicrosoftTemplate(false);
0325: setMicrosoftTemplate("");
0326:
0327: setUseCNPostfix(false);
0328: setCNPostfix("");
0329:
0330: setUseSubjectDNSubSet(false);
0331: setSubjectDNSubSet(new ArrayList());
0332: setUseSubjectAltNameSubSet(false);
0333: setSubjectAltNameSubSet(new ArrayList());
0334:
0335: setUsePathLengthConstraint(false);
0336: setPathLengthConstraint(0);
0337:
0338: setUseQCStatement(false);
0339: setUsePkixQCSyntaxV2(false);
0340: setQCStatementCritical(false);
0341: setQCStatementRAName(null);
0342: setQCSemanticsId(null);
0343: setUseQCEtsiQCCompliance(false);
0344: setUseQCEtsiSignatureDevice(false);
0345: setUseQCEtsiValueLimit(false);
0346: setQCEtsiValueLimit(0);
0347: setQCEtsiValueLimitExp(0);
0348: setQCEtsiValueLimitCurrency(null);
0349: setUseQCCustomString(false);
0350: setQCCustomStringOid(null);
0351: setQCCustomStringText(null);
0352:
0353: setUseSubjectDirAttributes(false);
0354: setUseAuthorityInformationAccess(false);
0355: setUseCRLDistributionPointOnCRL(false);
0356: setUseOcspNoCheck(false);
0357: setUseFreshestCRL(false);
0358:
0359: setUsedCertificateExtensions(new ArrayList());
0360:
0361: }
0362:
0363: // Public Methods.
0364: /** Returns the version of the certificate, should be one of the VERSION_ constants defined in CertificateProfile class. */
0365: public String getCertificateVersion() {
0366: return (String) data.get(CERTVERSION);
0367: }
0368:
0369: /**
0370: * Returns the version of the certificate, should be one of the VERSION_ constants defined in
0371: * CertificateProfile class.
0372: */
0373: public void setCertificateVersion(String version) {
0374: data.put(CERTVERSION, version);
0375: }
0376:
0377: public long getValidity() {
0378: return ((Long) data.get(VALIDITY)).longValue();
0379: }
0380:
0381: public void setValidity(long validity) {
0382: data.put(VALIDITY, new Long(validity));
0383: }
0384:
0385: /**
0386: * If validity override is allowed, a certificate can have a shorter validity than the one specefied in
0387: * the certificate profile, but never longer. A certificate created with validity override can hava a
0388: * starting point in the future.
0389: * @return true if validity override is allowed
0390: */
0391: public boolean getAllowValidityOverride() {
0392: return ((Boolean) data.get(ALLOWVALIDITYOVERRIDE))
0393: .booleanValue();
0394: }
0395:
0396: /**
0397: * If validity override is allowed, a certificate can have a shorter validity than the one specefied in
0398: * the certificate profile, but never longer. A certificate created with validity override can hava a
0399: * starting point in the future.
0400: */
0401: public void setAllowValidityOverride(boolean allowvalidityoverride) {
0402: data.put(ALLOWVALIDITYOVERRIDE, Boolean
0403: .valueOf(allowvalidityoverride));
0404: }
0405:
0406: /** If extension override is allowed, the X509 certificate extension created in a certificate can
0407: * some from the request sent by the user. If the request contains an extension than will be used instead of the one defined in the profile.
0408: * If the request does not caontain an extension, the one defined in the profile will be used.
0409: */
0410: public boolean getAllowExtensionOverride() {
0411: Object d = data.get(ALLOWEXTENSIONOVERRIDE);
0412: if (d == null)
0413: return false;
0414: return ((Boolean) d).booleanValue();
0415: }
0416:
0417: /** @see #getAllowExtensionOverride() */
0418: public void setAllowExtensionOverride(boolean allowextensionoverride) {
0419: data.put(ALLOWEXTENSIONOVERRIDE, Boolean
0420: .valueOf(allowextensionoverride));
0421: }
0422:
0423: public boolean getUseBasicConstraints() {
0424: return ((Boolean) data.get(USEBASICCONSTRAINTS)).booleanValue();
0425: }
0426:
0427: public void setUseBasicConstraints(boolean usebasicconstraints) {
0428: data.put(USEBASICCONSTRAINTS, Boolean
0429: .valueOf(usebasicconstraints));
0430: }
0431:
0432: public boolean getBasicConstraintsCritical() {
0433: return ((Boolean) data.get(BASICCONSTRAINTSCRITICAL))
0434: .booleanValue();
0435: }
0436:
0437: public void setBasicConstraintsCritical(
0438: boolean basicconstraintscritical) {
0439: data.put(BASICCONSTRAINTSCRITICAL, Boolean
0440: .valueOf(basicconstraintscritical));
0441: }
0442:
0443: public boolean getUseKeyUsage() {
0444: return ((Boolean) data.get(USEKEYUSAGE)).booleanValue();
0445: }
0446:
0447: public void setUseKeyUsage(boolean usekeyusage) {
0448: data.put(USEKEYUSAGE, Boolean.valueOf(usekeyusage));
0449: }
0450:
0451: public boolean getKeyUsageCritical() {
0452: return ((Boolean) data.get(KEYUSAGECRITICAL)).booleanValue();
0453: }
0454:
0455: public void setKeyUsageCritical(boolean keyusagecritical) {
0456: data.put(KEYUSAGECRITICAL, Boolean.valueOf(keyusagecritical));
0457: }
0458:
0459: public boolean getUseSubjectKeyIdentifier() {
0460: return ((Boolean) data.get(USESUBJECTKEYIDENTIFIER))
0461: .booleanValue();
0462: }
0463:
0464: public void setUseSubjectKeyIdentifier(
0465: boolean usesubjectkeyidentifier) {
0466: data.put(USESUBJECTKEYIDENTIFIER, Boolean
0467: .valueOf(usesubjectkeyidentifier));
0468: }
0469:
0470: public boolean getSubjectKeyIdentifierCritical() {
0471: return ((Boolean) data.get(SUBJECTKEYIDENTIFIERCRITICAL))
0472: .booleanValue();
0473: }
0474:
0475: public void setSubjectKeyIdentifierCritical(
0476: boolean subjectkeyidentifiercritical) {
0477: data.put(SUBJECTKEYIDENTIFIERCRITICAL, Boolean
0478: .valueOf(subjectkeyidentifiercritical));
0479: }
0480:
0481: public boolean getUseAuthorityKeyIdentifier() {
0482: return ((Boolean) data.get(USEAUTHORITYKEYIDENTIFIER))
0483: .booleanValue();
0484: }
0485:
0486: public void setUseAuthorityKeyIdentifier(
0487: boolean useauthoritykeyidentifier) {
0488: data.put(USEAUTHORITYKEYIDENTIFIER, Boolean
0489: .valueOf(useauthoritykeyidentifier));
0490: }
0491:
0492: public boolean getAuthorityKeyIdentifierCritical() {
0493: return ((Boolean) data.get(AUTHORITYKEYIDENTIFIERCRITICAL))
0494: .booleanValue();
0495: }
0496:
0497: public void setAuthorityKeyIdentifierCritical(
0498: boolean authoritykeyidentifiercritical) {
0499: data.put(AUTHORITYKEYIDENTIFIERCRITICAL, Boolean
0500: .valueOf(authoritykeyidentifiercritical));
0501: }
0502:
0503: public boolean getUseSubjectAlternativeName() {
0504: return ((Boolean) data.get(USESUBJECTALTERNATIVENAME))
0505: .booleanValue();
0506: }
0507:
0508: public void setUseSubjectAlternativeName(
0509: boolean usesubjectalternativename) {
0510: data.put(USESUBJECTALTERNATIVENAME, Boolean
0511: .valueOf(usesubjectalternativename));
0512: }
0513:
0514: public boolean getSubjectAlternativeNameCritical() {
0515: return ((Boolean) data.get(SUBJECTALTERNATIVENAMECRITICAL))
0516: .booleanValue();
0517: }
0518:
0519: public void setSubjectAlternativeNameCritical(
0520: boolean subjectalternativenamecritical) {
0521: data.put(SUBJECTALTERNATIVENAMECRITICAL, Boolean
0522: .valueOf(subjectalternativenamecritical));
0523: }
0524:
0525: public boolean getUseCRLDistributionPoint() {
0526: return ((Boolean) data.get(USECRLDISTRIBUTIONPOINT))
0527: .booleanValue();
0528: }
0529:
0530: public void setUseCRLDistributionPoint(
0531: boolean usecrldistributionpoint) {
0532: data.put(USECRLDISTRIBUTIONPOINT, Boolean
0533: .valueOf(usecrldistributionpoint));
0534: }
0535:
0536: public boolean getUseDefaultCRLDistributionPoint() {
0537: return ((Boolean) data.get(USEDEFAULTCRLDISTRIBUTIONPOINT))
0538: .booleanValue();
0539: }
0540:
0541: public void setUseDefaultCRLDistributionPoint(
0542: boolean usedefaultcrldistributionpoint) {
0543: data.put(USEDEFAULTCRLDISTRIBUTIONPOINT, Boolean
0544: .valueOf(usedefaultcrldistributionpoint));
0545: }
0546:
0547: public boolean getCRLDistributionPointCritical() {
0548: return ((Boolean) data.get(CRLDISTRIBUTIONPOINTCRITICAL))
0549: .booleanValue();
0550: }
0551:
0552: public void setCRLDistributionPointCritical(
0553: boolean crldistributionpointcritical) {
0554: data.put(CRLDISTRIBUTIONPOINTCRITICAL, Boolean
0555: .valueOf(crldistributionpointcritical));
0556: }
0557:
0558: public String getCRLDistributionPointURI() {
0559: return (String) data.get(CRLDISTRIBUTIONPOINTURI);
0560: }
0561:
0562: public void setCRLDistributionPointURI(
0563: String crldistributionpointuri) {
0564: if (crldistributionpointuri == null)
0565: data.put(CRLDISTRIBUTIONPOINTURI, "");
0566: else
0567: data.put(CRLDISTRIBUTIONPOINTURI, crldistributionpointuri);
0568: }
0569:
0570: public String getCRLIssuer() {
0571: return (String) data.get(CRLISSUER);
0572: }
0573:
0574: public void setCRLIssuer(String crlissuer) {
0575: if (crlissuer == null)
0576: data.put(CRLISSUER, "");
0577: else
0578: data.put(CRLISSUER, crlissuer);
0579: }
0580:
0581: public boolean getUseFreshestCRL() {
0582: Object obj = data.get(USEFRESHESTCRL);
0583: if (obj == null) {
0584: return false;
0585: } else {
0586: return ((Boolean) obj).booleanValue();
0587: }
0588: }
0589:
0590: public boolean getUseCRLDistributionPointOnCRL() {
0591: Object obj = data.get(USECRLDISTRIBUTIONPOINTONCRL);
0592: if (obj == null) {
0593: return false;
0594: } else {
0595: return ((Boolean) obj).booleanValue();
0596: }
0597: }
0598:
0599: public void setUseCRLDistributionPointOnCRL(
0600: boolean usecrldistributionpointoncrl) {
0601: data.put(USECRLDISTRIBUTIONPOINTONCRL, Boolean
0602: .valueOf(usecrldistributionpointoncrl));
0603: }
0604:
0605: public void setUseFreshestCRL(boolean usefreshestcrl) {
0606: data.put(USEFRESHESTCRL, Boolean.valueOf(usefreshestcrl));
0607: }
0608:
0609: public boolean getUseCADefinedFreshestCRL() {
0610: Object obj = data.get(USECADEFINEDFRESHESTCRL);
0611: if (obj == null) {
0612: return false;
0613: } else {
0614: return ((Boolean) obj).booleanValue();
0615: }
0616: }
0617:
0618: public void setUseCADefinedFreshestCRL(
0619: boolean usecadefinedfreshestcrl) {
0620: data.put(USECADEFINEDFRESHESTCRL, Boolean
0621: .valueOf(usecadefinedfreshestcrl));
0622: }
0623:
0624: public String getFreshestCRLURI() {
0625: return ((String) data.get(FRESHESTCRLURI));
0626: }
0627:
0628: public void setFreshestCRLURI(String freshestcrluri) {
0629: if (freshestcrluri == null) {
0630: data.put(FRESHESTCRLURI, "");
0631: } else {
0632: data.put(FRESHESTCRLURI, freshestcrluri);
0633: }
0634: }
0635:
0636: public boolean getUseCertificatePolicies() {
0637: return ((Boolean) data.get(USECERTIFICATEPOLICIES))
0638: .booleanValue();
0639: }
0640:
0641: public void setUseCertificatePolicies(boolean usecertificatepolicies) {
0642: data.put(USECERTIFICATEPOLICIES, Boolean
0643: .valueOf(usecertificatepolicies));
0644: }
0645:
0646: public boolean getCertificatePoliciesCritical() {
0647: return ((Boolean) data.get(CERTIFICATEPOLICIESCRITICAL))
0648: .booleanValue();
0649: }
0650:
0651: public void setCertificatePoliciesCritical(
0652: boolean certificatepoliciescritical) {
0653: data.put(CERTIFICATEPOLICIESCRITICAL, Boolean
0654: .valueOf(certificatepoliciescritical));
0655: }
0656:
0657: public List getCertificatePolicies() {
0658: List l = (List) data.get(CERTIFICATE_POLICIES);
0659: if (l == null) {
0660: l = new ArrayList();
0661: }
0662: return l;
0663: }
0664:
0665: public void addCertificatePolicy(CertificatePolicy policy) {
0666: if (data.get(CERTIFICATE_POLICIES) == null) {
0667: setCertificatePolicies(new ArrayList());
0668: }
0669: ((List) data.get(CERTIFICATE_POLICIES)).add(policy);
0670: }
0671:
0672: public void setCertificatePolicies(List policies) {
0673: if (policies == null) {
0674: data.put(CERTIFICATE_POLICIES, new ArrayList(0));
0675: } else {
0676: data.put(CERTIFICATE_POLICIES, policies);
0677: }
0678: }
0679:
0680: public void removeCertificatePolicy(CertificatePolicy policy) {
0681: if (data.get(CERTIFICATE_POLICIES) != null) {
0682: ((List) data.get(CERTIFICATE_POLICIES)).remove(policy);
0683: }
0684: }
0685:
0686: public int getType() {
0687: return ((Integer) data.get(TYPE)).intValue();
0688: }
0689:
0690: public void setType(int type) {
0691: data.put(TYPE, new Integer(type));
0692: }
0693:
0694: public boolean isTypeCA() {
0695: return ((Integer) data.get(TYPE)).intValue() == TYPE_SUBCA;
0696: }
0697:
0698: public boolean isTypeRootCA() {
0699: return ((Integer) data.get(TYPE)).intValue() == TYPE_ROOTCA;
0700: }
0701:
0702: public boolean isTypeEndEntity() {
0703: return ((Integer) data.get(TYPE)).intValue() == TYPE_ENDENTITY;
0704: }
0705:
0706: public int[] getAvailableBitLengths() {
0707: ArrayList availablebitlengths = (ArrayList) data
0708: .get(AVAILABLEBITLENGTHS);
0709: int[] returnval = new int[availablebitlengths.size()];
0710:
0711: for (int i = 0; i < availablebitlengths.size(); i++) {
0712: returnval[i] = ((Integer) availablebitlengths.get(i))
0713: .intValue();
0714: }
0715:
0716: return returnval;
0717: }
0718:
0719: public void setAvailableBitLengths(int[] availablebitlengths) {
0720: ArrayList availbitlengths = new ArrayList(
0721: availablebitlengths.length);
0722:
0723: int minimumavailablebitlength = 99999999;
0724: int maximumavailablebitlength = 0;
0725:
0726: for (int i = 0; i < availablebitlengths.length; i++) {
0727: if (availablebitlengths[i] > maximumavailablebitlength)
0728: maximumavailablebitlength = availablebitlengths[i];
0729: if (availablebitlengths[i] < minimumavailablebitlength)
0730: minimumavailablebitlength = availablebitlengths[i];
0731:
0732: availbitlengths.add(new Integer(availablebitlengths[i]));
0733: }
0734: data.put(AVAILABLEBITLENGTHS, availbitlengths);
0735: data.put(MINIMUMAVAILABLEBITLENGTH, new Integer(
0736: minimumavailablebitlength));
0737: data.put(MAXIMUMAVAILABLEBITLENGTH, new Integer(
0738: maximumavailablebitlength));
0739: }
0740:
0741: public int getMinimumAvailableBitLength() {
0742: return ((Integer) data.get(MINIMUMAVAILABLEBITLENGTH))
0743: .intValue();
0744: }
0745:
0746: public int getMaximumAvailableBitLength() {
0747: return ((Integer) data.get(MAXIMUMAVAILABLEBITLENGTH))
0748: .intValue();
0749: }
0750:
0751: public boolean[] getKeyUsage() {
0752: ArrayList keyusage = (ArrayList) data.get(KEYUSAGE);
0753: boolean[] returnval = new boolean[keyusage.size()];
0754:
0755: for (int i = 0; i < keyusage.size(); i++) {
0756: returnval[i] = ((Boolean) keyusage.get(i)).booleanValue();
0757: }
0758:
0759: return returnval;
0760: }
0761:
0762: public boolean getKeyUsage(int keyusageconstant) {
0763: return ((Boolean) ((ArrayList) data.get(KEYUSAGE))
0764: .get(keyusageconstant)).booleanValue();
0765: }
0766:
0767: public void setKeyUsage(boolean[] keyusage) {
0768: ArrayList keyuse = new ArrayList(keyusage.length);
0769:
0770: for (int i = 0; i < keyusage.length; i++) {
0771: keyuse.add(Boolean.valueOf(keyusage[i]));
0772: }
0773: data.put(KEYUSAGE, keyuse);
0774: }
0775:
0776: public void setKeyUsage(int keyusageconstant, boolean value) {
0777: ((ArrayList) data.get(KEYUSAGE)).set(keyusageconstant, Boolean
0778: .valueOf(value));
0779: }
0780:
0781: public void setAllowKeyUsageOverride(boolean override) {
0782: data.put(ALLOWKEYUSAGEOVERRIDE, Boolean.valueOf(override));
0783: }
0784:
0785: public boolean getAllowKeyUsageOverride() {
0786: return ((Boolean) data.get(ALLOWKEYUSAGEOVERRIDE))
0787: .booleanValue();
0788: }
0789:
0790: public void setUseExtendedKeyUsage(boolean use) {
0791: data.put(USEEXTENDEDKEYUSAGE, Boolean.valueOf(use));
0792: }
0793:
0794: public boolean getUseExtendedKeyUsage() {
0795: return ((Boolean) data.get(USEEXTENDEDKEYUSAGE)).booleanValue();
0796: }
0797:
0798: public void setExtendedKeyUsageCritical(boolean critical) {
0799: data.put(EXTENDEDKEYUSAGECRITICAL, Boolean.valueOf(critical));
0800: }
0801:
0802: public boolean getExtendedKeyUsageCritical() {
0803: return ((Boolean) data.get(EXTENDEDKEYUSAGECRITICAL))
0804: .booleanValue();
0805: }
0806:
0807: /**
0808: * Extended Key Usage is an arraylist of constant Integers.
0809: */
0810: public void setExtendedKeyUsage(ArrayList extendedkeyusage) {
0811: data.put(EXTENDEDKEYUSAGE, extendedkeyusage);
0812: }
0813:
0814: /**
0815: * Extended Key Usage is an arraylist of constant Integers.
0816: */
0817: public ArrayList getExtendedKeyUsage() {
0818: return (ArrayList) data.get(EXTENDEDKEYUSAGE);
0819: }
0820:
0821: public boolean getUseMicrosoftTemplate() {
0822: return ((Boolean) data.get(USEMICROSOFTTEMPLATE))
0823: .booleanValue();
0824: }
0825:
0826: public void setUseMicrosoftTemplate(boolean use) {
0827: data.put(USEMICROSOFTTEMPLATE, Boolean.valueOf(use));
0828: }
0829:
0830: public String getMicrosoftTemplate() {
0831: return (String) data.get(MICROSOFTTEMPLATE);
0832: }
0833:
0834: public void setMicrosoftTemplate(String mstemplate) {
0835: data.put(MICROSOFTTEMPLATE, mstemplate);
0836: }
0837:
0838: public boolean getUseCNPostfix() {
0839: return ((Boolean) data.get(USECNPOSTFIX)).booleanValue();
0840: }
0841:
0842: public void setUseCNPostfix(boolean use) {
0843: data.put(USECNPOSTFIX, Boolean.valueOf(use));
0844: }
0845:
0846: public String getCNPostfix() {
0847: return (String) data.get(CNPOSTFIX);
0848: }
0849:
0850: public void setCNPostfix(String cnpostfix) {
0851: data.put(CNPOSTFIX, cnpostfix);
0852:
0853: }
0854:
0855: public boolean getUseSubjectDNSubSet() {
0856: return ((Boolean) data.get(USESUBJECTDNSUBSET)).booleanValue();
0857: }
0858:
0859: public void setUseSubjectDNSubSet(boolean use) {
0860: data.put(USESUBJECTDNSUBSET, Boolean.valueOf(use));
0861: }
0862:
0863: /**
0864: * Returns a collection of Integer (DNFieldExtractor constants) indicating
0865: * which subject dn fields that should be used in certificate.
0866: *
0867: */
0868: public Collection getSubjectDNSubSet() {
0869: return (Collection) data.get(SUBJECTDNSUBSET);
0870: }
0871:
0872: /**
0873: * Should contain a collection of Integer (DNFieldExtractor constants) indicating
0874: * which subject dn fields that should be used in certificate.
0875: *
0876: */
0877: public void setSubjectDNSubSet(Collection subjectdns) {
0878: data.put(SUBJECTDNSUBSET, subjectdns);
0879:
0880: }
0881:
0882: /**
0883: * Method taking a full user dn and returns a DN only containing the
0884: * DN fields specified in the subjectdn sub set array.
0885: *
0886: * @param dn
0887: * @return a subset of original DN
0888: */
0889:
0890: public String createSubjectDNSubSet(String dn) {
0891: DNFieldExtractor extractor = new DNFieldExtractor(dn,
0892: DNFieldExtractor.TYPE_SUBJECTDN);
0893: return constructUserData(extractor, getSubjectDNSubSet(), true);
0894: }
0895:
0896: public boolean getUseSubjectAltNameSubSet() {
0897: return ((Boolean) data.get(USESUBJECTALTNAMESUBSET))
0898: .booleanValue();
0899: }
0900:
0901: public void setUseSubjectAltNameSubSet(boolean use) {
0902: data.put(USESUBJECTALTNAMESUBSET, Boolean.valueOf(use));
0903: }
0904:
0905: /**
0906: * Returns a collection of Integer (DNFieldExtractor constants) indicating
0907: * which subject altnames fields that should be used in certificate.
0908: *
0909: */
0910: public Collection getSubjectAltNameSubSet() {
0911: return (Collection) data.get(SUBJECTALTNAMESUBSET);
0912: }
0913:
0914: /**
0915: * Returns a collection of Integer (DNFieldExtractor constants) indicating
0916: * which subject altnames fields that should be used in certificate.
0917: *
0918: */
0919: public void setSubjectAltNameSubSet(Collection subjectaltnames) {
0920: data.put(SUBJECTALTNAMESUBSET, subjectaltnames);
0921:
0922: }
0923:
0924: /**
0925: * Method taking a full user dn and returns a AltName only containing the
0926: * AltName fields specified in the subjectaltname sub set array.
0927: *
0928: * @param dn
0929: * @return a subset of original DN
0930: */
0931: public String createSubjectAltNameSubSet(String subjectaltname) {
0932: DNFieldExtractor extractor = new DNFieldExtractor(
0933: subjectaltname, DNFieldExtractor.TYPE_SUBJECTALTNAME);
0934: return constructUserData(extractor, getSubjectAltNameSubSet(),
0935: false);
0936: }
0937:
0938: /**
0939: * Help method converting a full DN or Subject Alt Name to one usng only specified fields
0940: * @param extractor
0941: * @param usefields
0942: * @return
0943: */
0944: protected String constructUserData(DNFieldExtractor extractor,
0945: Collection usefields, boolean subjectdn) {
0946: String retval = "";
0947:
0948: if (usefields instanceof List) {
0949: Collections.sort((List) usefields);
0950: }
0951: Iterator iter = usefields.iterator();
0952: String dnField = null;
0953: while (iter.hasNext()) {
0954: Integer next = (Integer) iter.next();
0955: dnField = extractor.getFieldString(next.intValue());
0956: if (StringUtils.isNotEmpty(dnField)) {
0957: if (retval.length() == 0)
0958: retval += dnField; // first item, don't start with a comma
0959: else
0960: retval += "," + dnField;
0961: }
0962: }
0963:
0964: log.debug("CertificateProfile: constructed DN or AltName: "
0965: + retval);
0966: return retval;
0967: }
0968:
0969: /**
0970: * Returns an ArrayList of OID.strings defined in constant EXTENDEDKEYUSAGEOIDSTRINGS.
0971: */
0972: public ArrayList getExtendedKeyUsageAsOIDStrings() {
0973: ArrayList returnval = new ArrayList();
0974: ArrayList eku = (ArrayList) data.get(EXTENDEDKEYUSAGE);
0975: Iterator i = eku.iterator();
0976: while (i.hasNext())
0977: returnval.add(EXTENDEDKEYUSAGEOIDSTRINGS[((Integer) i
0978: .next()).intValue()]);
0979:
0980: return returnval;
0981: }
0982:
0983: /**
0984: * Returns a Collections of caids (Integer), indicating which CAs the profile should
0985: * be applicable to.
0986: *
0987: * If it contains the constant ANYCA then the profile is applicable to all CAs
0988: */
0989: public Collection getAvailableCAs() {
0990: return (Collection) data.get(AVAILABLECAS);
0991: }
0992:
0993: /**
0994: * Saves the CertificateProfile's list of CAs the cert profile is applicable to.
0995: *
0996: * @param availablecas a Collection of caids (Integer)
0997: */
0998:
0999: public void setAvailableCAs(Collection availablecas) {
1000: data.put(AVAILABLECAS, availablecas);
1001: }
1002:
1003: public boolean isApplicableToAnyCA() {
1004: return ((Collection) data.get(AVAILABLECAS))
1005: .contains(new Integer(ANYCA));
1006: }
1007:
1008: /**
1009: * Returns a Collection of publisher id's (Integer) indicating which publishers a certificate
1010: * created with this profile should be published to.
1011: */
1012:
1013: public Collection getPublisherList() {
1014: return (Collection) data.get(USEDPUBLISHERS);
1015: }
1016:
1017: /**
1018: * Saves the CertificateProfile's list of publishers that certificates created with this profile
1019: * should be published to.
1020: *
1021: * @param publishers a Collection of publisherids (Integer)
1022: */
1023:
1024: public void setPublisherList(Collection publisher) {
1025: data.put(USEDPUBLISHERS, publisher);
1026: }
1027:
1028: /**
1029: * Method indicating that Path Length Constain should be used in the BasicConstaint
1030: *
1031: */
1032: public boolean getUsePathLengthConstraint() {
1033: return ((Boolean) data.get(USEPATHLENGTHCONSTRAINT))
1034: .booleanValue();
1035: }
1036:
1037: /**
1038: * Method indicating that Path Length Constain should be used in the BasicConstaint
1039: *
1040: */
1041: public void setUsePathLengthConstraint(boolean use) {
1042: data.put(USEPATHLENGTHCONSTRAINT, Boolean.valueOf(use));
1043: }
1044:
1045: public int getPathLengthConstraint() {
1046: return ((Integer) data.get(PATHLENGTHCONSTRAINT)).intValue();
1047: }
1048:
1049: public void setPathLengthConstraint(int pathlength) {
1050: data.put(PATHLENGTHCONSTRAINT, new Integer(pathlength));
1051: }
1052:
1053: /**
1054: * @deprecated setUseAuthorityInformationAccess in combination with getOCSPServiceLocator and getCaIssuer instead
1055: * @param use
1056: */
1057: public void setUseCaIssuers(boolean use) {
1058: data.put(USECAISSUERS, Boolean.valueOf(use));
1059: }
1060:
1061: /**
1062: * @deprecated setUseAuthorityInformationAccess in combination with getOCSPServiceLocator and getCaIssuer instead
1063: * @return
1064: */
1065: public boolean getUseCaIssuers() {
1066: if (data.get(USECAISSUERS) == null) {
1067: return false;
1068: } else {
1069: return ((Boolean) data.get(USECAISSUERS)).booleanValue();
1070: }
1071: }
1072:
1073: public void setCaIssuers(List caIssuers) {
1074: data.put(CAISSUERS, caIssuers);
1075: }
1076:
1077: public void addCaIssuer(String caIssuer) {
1078: if (data.get(CAISSUERS) == null) {
1079: List caIssuers = new ArrayList();
1080:
1081: caIssuers.add(caIssuers);
1082: this .setCaIssuers(caIssuers);
1083: } else {
1084: ((List) data.get(CAISSUERS)).add(caIssuer);
1085: }
1086: }
1087:
1088: public List getCaIssuers() {
1089: if (data.get(CAISSUERS) == null) {
1090: return new ArrayList();
1091: } else {
1092: return (List) data.get(CAISSUERS);
1093: }
1094: }
1095:
1096: public void removeCaIssuer(String caIssuer) {
1097: if (data.get(CAISSUERS) != null) {
1098: ((List) data.get(CAISSUERS)).remove(caIssuer);
1099: }
1100: }
1101:
1102: public boolean getUseOcspNoCheck() {
1103: if (data.get(USEOCSPNOCHECK) == null) {
1104: return false;
1105: } else {
1106: return ((Boolean) data.get(USEOCSPNOCHECK)).booleanValue();
1107: }
1108: }
1109:
1110: public void setUseOcspNoCheck(boolean useocspnocheck) {
1111: data.put(USEOCSPNOCHECK, Boolean.valueOf(useocspnocheck));
1112: }
1113:
1114: public boolean getUseAuthorityInformationAccess() {
1115: return ((Boolean) data.get(USEAUTHORITYINFORMATIONACCESS))
1116: .booleanValue();
1117: }
1118:
1119: public void setUseAuthorityInformationAccess(
1120: boolean useauthorityinformationaccess) {
1121: data.put(USEAUTHORITYINFORMATIONACCESS, Boolean
1122: .valueOf(useauthorityinformationaccess));
1123: }
1124:
1125: /** @deprecated setUseAuthorityInformationAccess in combination with getOCSPServiceLocator and getCaIssuer instead */
1126: public boolean getUseOCSPServiceLocator() {
1127: return ((Boolean) data.get(USEOCSPSERVICELOCATOR))
1128: .booleanValue();
1129: }
1130:
1131: /** @deprecated setUseAuthorityInformationAccess in combination with getOCSPServiceLocator and getCaIssuer instead */
1132: public void setUseOCSPServiceLocator(boolean useocspservicelocator) {
1133: data.put(USEOCSPSERVICELOCATOR, Boolean
1134: .valueOf(useocspservicelocator));
1135: }
1136:
1137: public boolean getUseDefaultOCSPServiceLocator() {
1138: return ((Boolean) data.get(USEDEFAULTOCSPSERVICELOCATOR))
1139: .booleanValue();
1140: }
1141:
1142: public void setUseDefaultOCSPServiceLocator(
1143: boolean usedefaultocspservicelocator) {
1144: data.put(USEDEFAULTOCSPSERVICELOCATOR, Boolean
1145: .valueOf(usedefaultocspservicelocator));
1146: }
1147:
1148: public String getOCSPServiceLocatorURI() {
1149: return (String) data.get(OCSPSERVICELOCATORURI);
1150: }
1151:
1152: public void setOCSPServiceLocatorURI(String ocspservicelocatoruri) {
1153: if (ocspservicelocatoruri == null)
1154: data.put(OCSPSERVICELOCATORURI, "");
1155: else
1156: data.put(OCSPSERVICELOCATORURI, ocspservicelocatoruri);
1157: }
1158:
1159: public boolean getUseQCStatement() {
1160: return ((Boolean) data.get(USEQCSTATEMENT)).booleanValue();
1161: }
1162:
1163: public void setUseQCStatement(boolean useqcstatement) {
1164: data.put(USEQCSTATEMENT, Boolean.valueOf(useqcstatement));
1165: }
1166:
1167: public boolean getUsePkixQCSyntaxV2() {
1168: return ((Boolean) data.get(USEPKIXQCSYNTAXV2)).booleanValue();
1169: }
1170:
1171: public void setUsePkixQCSyntaxV2(boolean pkixqcsyntaxv2) {
1172: data.put(USEPKIXQCSYNTAXV2, Boolean.valueOf(pkixqcsyntaxv2));
1173: }
1174:
1175: public boolean getQCStatementCritical() {
1176: return ((Boolean) data.get(QCSTATEMENTCRITICAL)).booleanValue();
1177: }
1178:
1179: public void setQCStatementCritical(boolean qcstatementcritical) {
1180: data.put(QCSTATEMENTCRITICAL, Boolean
1181: .valueOf(qcstatementcritical));
1182: }
1183:
1184: public String getQCStatementRAName() {
1185: return (String) data.get(QCSTATEMENTRANAME);
1186: }
1187:
1188: public void setQCStatementRAName(String qcstatementraname) {
1189: if (qcstatementraname == null)
1190: data.put(QCSTATEMENTRANAME, "");
1191: else
1192: data.put(QCSTATEMENTRANAME, qcstatementraname);
1193: }
1194:
1195: public String getQCSemanticsId() {
1196: return (String) data.get(QCSSEMANTICSID);
1197: }
1198:
1199: public void setQCSemanticsId(String qcsemanticsid) {
1200: if (qcsemanticsid == null)
1201: data.put(QCSSEMANTICSID, "");
1202: else
1203: data.put(QCSSEMANTICSID, qcsemanticsid);
1204: }
1205:
1206: public boolean getUseQCEtsiQCCompliance() {
1207: return ((Boolean) data.get(USEQCETSIQCCOMPLIANCE))
1208: .booleanValue();
1209: }
1210:
1211: public void setUseQCEtsiQCCompliance(boolean useqcetsiqccompliance) {
1212: data.put(USEQCETSIQCCOMPLIANCE, Boolean
1213: .valueOf(useqcetsiqccompliance));
1214: }
1215:
1216: public boolean getUseQCEtsiValueLimit() {
1217: return ((Boolean) data.get(USEQCETSIVALUELIMIT)).booleanValue();
1218: }
1219:
1220: public void setUseQCEtsiValueLimit(boolean useqcetsivaluelimit) {
1221: data.put(USEQCETSIVALUELIMIT, Boolean
1222: .valueOf(useqcetsivaluelimit));
1223: }
1224:
1225: public int getQCEtsiValueLimit() {
1226: return ((Integer) data.get(QCETSIVALUELIMIT)).intValue();
1227: }
1228:
1229: public void setQCEtsiValueLimit(int qcetsivaluelimit) {
1230: data.put(QCETSIVALUELIMIT, new Integer(qcetsivaluelimit));
1231: }
1232:
1233: public int getQCEtsiValueLimitExp() {
1234: return ((Integer) data.get(QCETSIVALUELIMITEXP)).intValue();
1235: }
1236:
1237: public void setQCEtsiValueLimitExp(int qcetsivaluelimitexp) {
1238: data.put(QCETSIVALUELIMITEXP, new Integer(qcetsivaluelimitexp));
1239: }
1240:
1241: public String getQCEtsiValueLimitCurrency() {
1242: return (String) data.get(QCETSIVALUELIMITCURRENCY);
1243: }
1244:
1245: public void setQCEtsiValueLimitCurrency(
1246: String qcetsicaluelimitcurrency) {
1247: if (qcetsicaluelimitcurrency == null)
1248: data.put(QCETSIVALUELIMITCURRENCY, "");
1249: else
1250: data
1251: .put(QCETSIVALUELIMITCURRENCY,
1252: qcetsicaluelimitcurrency);
1253: }
1254:
1255: public boolean getUseQCEtsiSignatureDevice() {
1256: return ((Boolean) data.get(USEQCETSISIGNATUREDEVICE))
1257: .booleanValue();
1258: }
1259:
1260: public void setUseQCEtsiSignatureDevice(
1261: boolean useqcetsisignaturedevice) {
1262: data.put(USEQCETSISIGNATUREDEVICE, Boolean
1263: .valueOf(useqcetsisignaturedevice));
1264: }
1265:
1266: public boolean getUseQCCustomString() {
1267: return ((Boolean) data.get(USEQCCUSTOMSTRING)).booleanValue();
1268: }
1269:
1270: public void setUseQCCustomString(boolean useqccustomstring) {
1271: data.put(USEQCCUSTOMSTRING, Boolean.valueOf(useqccustomstring));
1272: }
1273:
1274: public String getQCCustomStringOid() {
1275: return (String) data.get(QCCUSTOMSTRINGOID);
1276: }
1277:
1278: public void setQCCustomStringOid(String qccustomstringoid) {
1279: if (qccustomstringoid == null)
1280: data.put(QCCUSTOMSTRINGOID, "");
1281: else
1282: data.put(QCCUSTOMSTRINGOID, qccustomstringoid);
1283: }
1284:
1285: public String getQCCustomStringText() {
1286: return (String) data.get(QCCUSTOMSTRINGTEXT);
1287: }
1288:
1289: public void setQCCustomStringText(String qccustomstringtext) {
1290: if (qccustomstringtext == null)
1291: data.put(QCCUSTOMSTRINGTEXT, "");
1292: else
1293: data.put(QCCUSTOMSTRINGTEXT, qccustomstringtext);
1294: }
1295:
1296: public boolean getUseSubjectDirAttributes() {
1297: return ((Boolean) data.get(USESUBJECTDIRATTRIBUTES))
1298: .booleanValue();
1299: }
1300:
1301: public void setUseSubjectDirAttributes(boolean use) {
1302: data.put(USESUBJECTDIRATTRIBUTES, Boolean.valueOf(use));
1303: }
1304:
1305: /**
1306: * Method returning a list of (Integers) of ids of
1307: * used CUSTOM certificate extensions. I.e. those custom certificate extensions selected for
1308: * this profile. Never null.
1309: *
1310: * Autoupgradable method
1311: */
1312: public List getUsedCertificateExtensions() {
1313: if (data.get(USEDCERTIFICATEEXTENSIONS) == null) {
1314: return new ArrayList();
1315: }
1316:
1317: return (List) data.get(USEDCERTIFICATEEXTENSIONS);
1318: }
1319:
1320: /**
1321: * Method setting a list of used certificate extensions
1322: * a list of Integers containing CertificateExtension Id is expected
1323: * @param usedCertificateExtensions
1324: */
1325: public void setUsedCertificateExtensions(
1326: List usedCertificateExtensions) {
1327: if (usedCertificateExtensions == null)
1328: data.put(USEDCERTIFICATEEXTENSIONS, new ArrayList());
1329: else
1330: data.put(USEDCERTIFICATEEXTENSIONS,
1331: usedCertificateExtensions);
1332: }
1333:
1334: /** Function that looks up in the profile all certificate extensions that we should use
1335: * if the value si that we should use it, the oid for this extension is returned in the list
1336: * @return List of oid Strings for standard certificate extensions that should be used
1337: */
1338: public List getUsedStandardCertificateExtensions() {
1339: ArrayList ret = new ArrayList();
1340: Iterator iter = useStandardCertificateExtensions.keySet()
1341: .iterator();
1342: while (iter.hasNext()) {
1343: String s = (String) iter.next();
1344: if ((data.get(s) != null)
1345: && ((Boolean) data.get(s)).booleanValue()) {
1346: ret.add(useStandardCertificateExtensions.get(s));
1347: log.debug("Using standard certificate extension: " + s);
1348: } else {
1349: log.debug("Not using standard certificate extensions: "
1350: + s);
1351: }
1352: }
1353: return ret;
1354: }
1355:
1356: public Object clone() throws CloneNotSupportedException {
1357: CertificateProfile clone = new CertificateProfile();
1358: HashMap clonedata = (HashMap) clone.saveData();
1359:
1360: Iterator i = (data.keySet()).iterator();
1361: while (i.hasNext()) {
1362: Object key = i.next();
1363: clonedata.put(key, data.get(key));
1364: }
1365:
1366: clone.loadData(clonedata);
1367: return clone;
1368: }
1369:
1370: /** Implementation of UpgradableDataHashMap function getLatestVersion */
1371: public float getLatestVersion() {
1372: return LATEST_VERSION;
1373: }
1374:
1375: /**
1376: * Implementation of UpgradableDataHashMap function upgrade.
1377: */
1378: public void upgrade() {
1379: log.debug(">upgrade");
1380: if (Float.compare(LATEST_VERSION, getVersion()) != 0) {
1381: // New version of the class, upgrade
1382: String msg = intres.getLocalizedMessage(
1383: "certprofile.upgrade", new Float(getVersion()));
1384: log.info(msg);
1385:
1386: if (data.get(ALLOWKEYUSAGEOVERRIDE) == null)
1387: data.put(ALLOWKEYUSAGEOVERRIDE, Boolean.TRUE);
1388: if (data.get(USEEXTENDEDKEYUSAGE) == null)
1389: data.put(USEEXTENDEDKEYUSAGE, Boolean.FALSE);
1390: if (data.get(EXTENDEDKEYUSAGE) == null)
1391: data.put(EXTENDEDKEYUSAGE, new ArrayList());
1392: if (data.get(EXTENDEDKEYUSAGECRITICAL) == null)
1393: data.put(EXTENDEDKEYUSAGECRITICAL, Boolean.FALSE);
1394: if (data.get(AVAILABLECAS) == null) {
1395: ArrayList availablecas = new ArrayList();
1396: availablecas.add(new Integer(ANYCA));
1397: data.put(AVAILABLECAS, availablecas);
1398: }
1399: if (data.get(USEDPUBLISHERS) == null) {
1400: data.put(USEDPUBLISHERS, new ArrayList());
1401: }
1402: if (data.get(USEOCSPSERVICELOCATOR) == null) {
1403: // setUseOCSPServiceLocator(false);
1404: data.put(USEOCSPSERVICELOCATOR, Boolean.valueOf(false));
1405: setOCSPServiceLocatorURI("");
1406: }
1407:
1408: if (data.get(USEMICROSOFTTEMPLATE) == null) {
1409: setUseMicrosoftTemplate(false);
1410: setMicrosoftTemplate("");
1411: }
1412:
1413: if (data.get(USECNPOSTFIX) == null) {
1414: setUseCNPostfix(false);
1415: setCNPostfix("");
1416: }
1417:
1418: if (data.get(USESUBJECTDNSUBSET) == null) {
1419: setUseSubjectDNSubSet(false);
1420: setSubjectDNSubSet(new ArrayList());
1421: setUseSubjectAltNameSubSet(false);
1422: setSubjectAltNameSubSet(new ArrayList());
1423: }
1424:
1425: if (data.get(USEPATHLENGTHCONSTRAINT) == null) {
1426: setUsePathLengthConstraint(false);
1427: setPathLengthConstraint(0);
1428: }
1429:
1430: if (data.get(USEQCSTATEMENT) == null) {
1431: setUseQCStatement(false);
1432: setUsePkixQCSyntaxV2(false);
1433: setQCStatementCritical(false);
1434: setQCStatementRAName(null);
1435: setQCSemanticsId(null);
1436: setUseQCEtsiQCCompliance(false);
1437: setUseQCEtsiSignatureDevice(false);
1438: setUseQCEtsiValueLimit(false);
1439: setQCEtsiValueLimit(0);
1440: setQCEtsiValueLimitExp(0);
1441: setQCEtsiValueLimitCurrency(null);
1442: }
1443:
1444: if (data.get(USEDEFAULTCRLDISTRIBUTIONPOINT) == null) {
1445: setUseDefaultCRLDistributionPoint(false);
1446: setUseDefaultOCSPServiceLocator(false);
1447: }
1448:
1449: if (data.get(USEQCCUSTOMSTRING) == null) {
1450: setUseQCCustomString(false);
1451: setQCCustomStringOid(null);
1452: setQCCustomStringText(null);
1453: }
1454: if (data.get(USESUBJECTDIRATTRIBUTES) == null) {
1455: setUseSubjectDirAttributes(false);
1456: }
1457: if (data.get(ALLOWVALIDITYOVERRIDE) == null) {
1458: setAllowValidityOverride(false);
1459: }
1460:
1461: if (data.get(CRLISSUER) == null) {
1462: setCRLIssuer(null); // v20
1463: }
1464:
1465: if (data.get(USEOCSPNOCHECK) == null) {
1466: setUseOcspNoCheck(false); // v21
1467: }
1468: if (data.get(USEFRESHESTCRL) == null) {
1469: setUseFreshestCRL(false); // v22
1470: setUseCADefinedFreshestCRL(false);
1471: setFreshestCRLURI(null);
1472: }
1473:
1474: if (data.get(CERTIFICATE_POLICIES) == null) { // v23
1475: if (data.get(CERTIFICATEPOLICYID) != null) {
1476: String ids = (String) data.get(CERTIFICATEPOLICYID);
1477: String unotice = null;
1478: String cpsuri = null;
1479: if (data.get(POLICY_NOTICE_UNOTICE_TEXT) != null) {
1480: unotice = (String) data
1481: .get(POLICY_NOTICE_UNOTICE_TEXT);
1482: }
1483: if (data.get(POLICY_NOTICE_CPS_URL) != null) {
1484: cpsuri = (String) data
1485: .get(POLICY_NOTICE_CPS_URL);
1486: }
1487: // Only the first policy could have user notice and cpsuri in the old scheme
1488: StringTokenizer tokenizer = new StringTokenizer(
1489: ids, ";", false);
1490: if (tokenizer.hasMoreTokens()) {
1491: String id = tokenizer.nextToken();
1492: CertificatePolicy newpolicy = null;
1493: if (StringUtils.isNotEmpty(unotice)) {
1494: newpolicy = new CertificatePolicy(id,
1495: CertificatePolicy.id_qt_unotice,
1496: unotice);
1497: addCertificatePolicy(newpolicy);
1498: }
1499: if (StringUtils.isNotEmpty(cpsuri)) {
1500: newpolicy = new CertificatePolicy(id,
1501: CertificatePolicy.id_qt_cps, cpsuri);
1502: addCertificatePolicy(newpolicy);
1503: }
1504: // If it was a lonely policy id
1505: if (newpolicy == null) {
1506: newpolicy = new CertificatePolicy(id, null,
1507: null);
1508: addCertificatePolicy(newpolicy);
1509: }
1510: }
1511: while (tokenizer.hasMoreTokens()) {
1512: String id = tokenizer.nextToken();
1513: CertificatePolicy newpolicy = new CertificatePolicy(
1514: id, null, null);
1515: addCertificatePolicy(newpolicy);
1516: }
1517: }
1518:
1519: if (data.get(USECRLDISTRIBUTIONPOINTONCRL) == null) {
1520: setUseCRLDistributionPointOnCRL(false); // v24
1521: }
1522: if (data.get(USECAISSUERS) == null) {
1523: //setUseCaIssuers(false); // v24
1524: data.put(USECAISSUERS, Boolean.valueOf(false)); // v24
1525: setCaIssuers(new ArrayList());
1526: }
1527: if ((data.get(USEOCSPSERVICELOCATOR) != null)
1528: || (data.get(USECAISSUERS) != null)) {
1529: setUseAuthorityInformationAccess(true); // v25
1530: } else {
1531: setUseAuthorityInformationAccess(false);
1532: }
1533:
1534: if (data.get(ALLOWEXTENSIONOVERRIDE) == null) {
1535: setAllowExtensionOverride(false); // v26
1536: }
1537:
1538: }
1539: data.put(VERSION, new Float(LATEST_VERSION));
1540: }
1541: log.debug("<upgrade");
1542: }
1543:
1544: }
|