Class Configuration
- All Implemented Interfaces:
Serializable
Container
implementations.
It is possible to get the default Configuration object used in all containers by using
getInstance()
. This will return a singelton Configuration object used by default
if no configuration is provided.
Configuration.Mode.TEST
or Configuration.Mode.PROD
configuration. Default is Configuration.Mode.PROD
.
It is a good idea to use only a single configuration object for all the containers so the operation times would be faster.
It is also possible to set the mode using the System property. Setting the property "digidoc4j.mode" to "TEST" forces the default mode toConfiguration.Mode.TEST
mode
Configurations will be loaded from a file. The file must be in yaml format.
Required entries of the configuration file:
The configuration file must contain one or more Certificate Authorities under the heading DIGIDOC_CAS similar to following format (values are examples only):
DIGIDOC_CAS: - DIGIDOC_CA: NAME: CA name TRADENAME: Tradename CERTS: - jar://certs/cert1.crt - jar://certs/cert2.crt OCSPS:Each DIGIDOC_CA entry must contain one or more OCSP certificates under the heading "OCSPS" similar to following format (values are examples only):
- OCSP: CA_CN: your certificate authority common name CA_CERT: jar://your ca_cn.crt CN: your common name CERTS: - jar://certs/Your first OCSP Certifications file.crt - jar://certs/Your second OCSP Certifications file.crt URL: http://ocsp.test.test
All entries must exist and be valid. Under CERTS must be at least one entry.
Optional entries of the configuration file:
- CANONICALIZATION_FACTORY_IMPL: Canonicalization factory implementation.
Default value: "org.digidoc4j.ddoc.c14n.TinyXMLCanonicalizer" - CONNECTION_TIMEOUT: TSL HTTP Connection timeout (milliseconds).
Default value: 60000 - SOCKET_TIMEOUT: TSL HTTP Socket timeout (milliseconds).
Default value: 60000 - DIGIDOC_FACTORY_IMPL: Factory implementation.
Default value: "org.digidoc4j.ddoc.factory.SAXDigiDocFactory" - DIGIDOC_DF_CACHE_DIR: Temporary directory to use. Default: uses system's default temporary directory
- DIGIDOC_MAX_DATAFILE_CACHED: Maximum datafile size that will be cached in MB.
Must be numeric. Set to -1 to cache all files. Set to 0 to prevent caching for all files
Default value: "-1" - DIGIDOC_NOTARY_IMPL: Notary implementation.
Default value: "org.digidoc4j.ddoc.factory.BouncyCastleNotaryFactory" - DIGIDOC_OCSP_SIGN_CERT_SERIAL: OCSP Signing certificate serial number
- DIGIDOC_SECURITY_PROVIDER: Security provider.
Default value: "org.bouncycastle.jce.provider.BouncyCastleProvider" - DIGIDOC_SECURITY_PROVIDER_NAME: Name of the security provider.
Default value: "BC" - DIGIDOC_TSLFAC_IMPL: TSL Factory implementation.
Default value: "org.digidoc4j.ddoc.tsl.DigiDocTrustServiceFactory" - DIGIDOC_USE_LOCAL_TSL: Use local TSL? Allowed values: true, false
Default value: "true" - KEY_USAGE_CHECK: Should key usage be checked? Allowed values: true, false.
Default value: "false" - DIGIDOC_PKCS12_CONTAINER: OCSP access certificate file
- DIGIDOC_PKCS12_PASSWD: OCSP access certificate password
- OCSP_SOURCE: Online Certificate Service Protocol source
- SIGN_OCSP_REQUESTS: Should OCSP requests be signed? Allowed values: true, false
- TSL_LOCATION: TSL Location - DEPRECATED: use LOTL_LOCATION instead
- TSP_SOURCE: Time Stamp Protocol source address
Default value for PROD mode: "http://tsa.sk.ee"
Default value for TEST mode: "http://tsa.demo.sk.ee/tsa" - TSP_SOURCE_FOR_ARCHIVE_TIMESTAMPS: Time Stamp Protocol source address for archive timestamps; falls back to TSP_SOURCE if not specified
- VALIDATION_POLICY: Validation policy source file
- LOTL_LOCATION: LOTL (List of Trusted Lists) location
- LOTL_TRUSTSTORE_PATH: path to the trust-store for LOTL signing certificates
- LOTL_TRUSTSTORE_TYPE: type of trust-store for LOTL signing certificates (default is "PKCS12")
- LOTL_TRUSTSTORE_PASSWORD: password for the truststore in LOTL_TRUSTSTORE_PATH
- LOTL_PIVOT_SUPPORT_ENABLED: whether to enable LOTL pivot support (default is "true" for PROD mode and "false" for TEST mode)
- TSL_KEYSTORE_LOCATION: keystore location for tsl signing certificates - DEPRECATED: use LOTL_TRUSTSTORE_PATH instead
- TSL_KEYSTORE_PASSWORD: keystore password for the keystore in TSL_KEYSTORE_LOCATION - DEPRECATED: use LOTL_TRUSTSTORE_PASSWORD instead
- TSL_CACHE_EXPIRATION_TIME: TSL cache expiration time in milliseconds
- TRUSTED_TERRITORIES: list of countries and territories to trust and load TSL certificates (for example, EE, LV, FR)
- REQUIRED_TERRITORIES: list of countries and territories that must be successfully loaded into the TSL (for example, EE, LV, FR) - used by the default TSL refresh callback
- HTTP_PROXY_HOST: network proxy host name
- HTTP_PROXY_PORT: network proxy port
- HTTP_PROXY_USER: network proxy user (for basic auth proxy)
- HTTP_PROXY_PASSWORD: network proxy password (for basic auth proxy)
- HTTPS_PROXY_HOST: https network proxy host name
- HTTPS_PROXY_PORT: https network proxy port
- HTTPS_PROXY_USER: https network proxy user (for basic auth proxy)
- HTTPS_PROXY_PASSWORD: https network proxy password (for basic auth proxy)
- SSL_KEYSTORE_PATH: SSL KeyStore path
- SSL_KEYSTORE_TYPE: SSL KeyStore type (default is "jks")
- SSL_KEYSTORE_PASSWORD: SSL KeyStore password (default is an empty string)
- SSL_TRUSTSTORE_PATH: SSL TrustStore path
- SSL_TRUSTSTORE_TYPE: SSL TrustStore type (default is "jks")
- SSL_TRUSTSTORE_PASSWORD: SSL TrustStore password (default is an empty string)
- SSL_PROTOCOL: SSL protocol (default is "TLSv1.2")
- SUPPORTED_SSL_PROTOCOLS: list of supported SSL protocols (by default uses implementation defaults)
- SUPPORTED_SSL_CIPHER_SUITES: list of supported SSL cipher suites (by default uses implementation defaults)
- ALLOWED_TS_AND_OCSP_RESPONSE_DELTA_IN_MINUTES: Allowed delay between timestamp and OCSP response in minutes.
- TEMP_FILE_MAX_AGE: Maximum age in milliseconds till TEMP files are deleted (works only when saving container).
- ALLOW_UNSAFE_INTEGER: Allows to use unsafe Integer because of few applications still struggle with the ASN.1 BER encoding rules for an INTEGER as described in: https://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf . NB! Strict Validation applied by default.
- ALLOWED_OCSP_RESPONDERS_FOR_TM: whitelist of OCSP responders for timemark validation (for example: SK OCSP RESPONDER 2011, ESTEID-SK OCSP RESPONDER, KLASS3-SK OCSP RESPONDER)
- ZIP_COMPRESSION_RATIO_CHECK_THRESHOLD_IN_BYTES: the threshold of how much memory (in bytes) are the unpacked contents of a ZIP-based container allowed to consume before ZIP compression ratio check kicks in
- MAX_ALLOWED_ZIP_COMPRESSION_RATIO: the maximum ratio of how much are the contents of a ZIP-based container allowed to expand on unpacking before the container is considered harmful.
- ARCHIVE_TIMESTAMP_DIGEST_ALGORITHM: default digest algorithm for archive timestamps
Possible values are the names ofDigestAlgorithm
enum values - ARCHIVE_TIMESTAMP_REFERENCE_DIGEST_ALGORITHM: default digest algorithm for references for archive timestamps
(e.g.
DataObjectReference
s inASiCArchiveManifest.xml
files)
Possible values are the names ofDigestAlgorithm
enum values
- See Also:
-
Nested Class Summary
Nested Classes -
Constructor Summary
ConstructorsConstructorDescriptionCreate new configurationCreate new configuration with application mode specified -
Method Summary
Modifier and TypeMethodDescriptioncopy()
Clones configurationDeprecated.Get the AIA OCSP source by issuer's CNReturns the currently set AIA source factory ornull
if no custom AIA source factory is set.Get allowed OCSP responders for timemark validation.Returns allowed delay between timestamp and OCSP response in minutes.Returns the digest algorithm for archive timestamps, if configured.Returns the reference digest algorithm for archive timestamps, if configured.Returns the currently set TSP source factory for archive timestamps ornull
if no custom TSP source factory is set.int
Get HTTP connection timeoutDatafile digest algorithm.Returns configuration needed for DDoc4J library.Returns the currently set OCSP source factory ornull
if no custom OCSP source factory is set.Get http proxy host.getHttpProxyHostFor
(ExternalConnectionType connectionType) Get http proxy host for specific external connection type.Get http proxy password.getHttpProxyPasswordFor
(ExternalConnectionType connectionType) Get http proxy password for specific type of external connections.Get http proxy port.getHttpProxyPortFor
(ExternalConnectionType connectionType) Get http proxy port for specific type of external connections.Get http proxy user.getHttpProxyUserFor
(ExternalConnectionType connectionType) Get http proxy user for specific type of external connections.getHttpsProxyHostFor
(ExternalConnectionType connectionType) Get HTTPS proxy password.getHttpsProxyPasswordFor
(ExternalConnectionType connectionType) Get HTTPS proxy password for specific type of external connections.getHttpsProxyPortFor
(ExternalConnectionType connectionType) Get HTTPS proxy user.getHttpsProxyUserFor
(ExternalConnectionType connectionType) Get HTTPS proxy user for specific type of external connections.static Configuration
Getting the default Configuration object.Get LOTL (List of Trusted Lists) location.Get the password for the trust-store that holds potential LOTL signing certificates.Get the path to the trust-store that holds potential LOTL signing certificates.Get the type of the trust-store that holds potential LOTL signing certificates.int
Get the maximum ratio of how much are the contents of a ZIP-based container allowed to expand on unpacking before the container is considered harmful.long
Get the maximum size of data files to be cached.long
Get the maximum size of data files to be cached.Get OCSP access certificate filenamechar[]
Get OSCP access certificate passwordGet OSCP access certificate password As StringReturns the currently set OCSP data loader factory ornull
if no custom data loader factory is set.Get the OCSP Sourceboolean
Get required territories.int
Revocation and timestamp delta in minutes.Signature digest algorithm.Signature profile.Returns the currently set TSP source factory for signature timestamps ornull
if no custom TSP source factory is set.Returns the currently set OCSP source factory for signing ornull
if no custom OCSP source factory is set.int
Get HTTP socket timeoutGet Ssl keystore password.getSslKeystorePasswordFor
(ExternalConnectionType connectionType) Get Ssl keystore password for specific type of external connections.Get SSL KeyStore path.getSslKeystorePathFor
(ExternalConnectionType connectionType) Get SSL KeyStore path for specific type of external connections.Get SSL KeyStore type.getSslKeystoreTypeFor
(ExternalConnectionType connectionType) Get SSL KeyStore type for specific type of external connections.Get SSL protocol.getSslProtocolFor
(ExternalConnectionType connectionType) Get SSL protocol for specific type of external connections.Get Ssl truststore password.getSslTruststorePasswordFor
(ExternalConnectionType connectionType) Get Ssl truststore password for specific type of external connections.Get SSL TrustStore pathgetSslTruststorePathFor
(ExternalConnectionType connectionType) Get SSL TrustStore path for specific type of external connections.Get SSL TrustStore type.getSslTruststoreTypeFor
(ExternalConnectionType connectionType) Get SSL TrustStore type for specific type of external connections.Get supported SSL cipher suites.getSupportedSslCipherSuitesFor
(ExternalConnectionType connectionType) Get supported SSL cipher suites for specific type of external connections.Get supported SSL protocols.getSupportedSslProtocolsFor
(ExternalConnectionType connectionType) Get supported SSL protocols for specific type of external connections.long
Get temp file max ageGet thread executor.Get trusted territories.getTSL()
Loads TSL certificates If configuration mode is TEST then TSL signature is not checked.long
Returns TSL cache expiration time in milliseconds.Deprecated.Prefer to usesetTslFileLoaderFactory(DSSFileLoaderFactory)
andgetTslFileLoaderFactory()
instead.Returns the currently set TSL file loader factory ornull
if no custom file loader factory is set.Deprecated.UsegetLotlTruststorePath()
instead.Deprecated.UsegetLotlTruststorePassword()
instead.Deprecated.UsegetLotlLocation()
instead.Returns the currently configured TSL refresh callback ornull
if no custom callback is configured.Returns the currently set TSP data loader factory ornull
if no custom data loader factory is set.Get the TSP SourcegetTspSourceByCountry
(String country) Get the TSP source by countryReturns the TSP source URL string for archive timestamps, if configured, otherwise returns the value ofgetTspSource()
.boolean
Get the AIA OCSP source by issuer's CNGet the validation policylong
Get the threshold of how much memory (in bytes) are the unpacked contents of a ZIP-based container allowed to consume before ZIP compression ratio check kicks in.boolean
Returns configuration item must be OCSP request signed.boolean
Get flag if AIA OCSP is preferred.boolean
Get flag if ASN1 Unsafe Integer is Allowed.boolean
Deprecated.Deprecated for removal.boolean
Get whether LOTL pivot support is enabledboolean
Is network proxy enabled?boolean
isNetworkProxyEnabledFor
(ExternalConnectionType connectionType) Is network proxy enabled for specific type of external connections?boolean
Get if OCSP nonce should be usedboolean
Are requirements met for signing OCSP certificate?boolean
isProxyOfType
(eu.europa.esig.dss.spi.client.http.Protocol protocol) boolean
isProxyOfTypeFor
(ExternalConnectionType connectionType, eu.europa.esig.dss.spi.client.http.Protocol protocol) boolean
Is ssl configuration enabled?boolean
isSslConfigurationEnabledFor
(ExternalConnectionType connectionType) Is ssl configuration enabled for specific type of external connections?boolean
isTest()
loadConfiguration
(InputStream stream) Add configuration settings from a stream.loadConfiguration
(String file) Add configuration settings from a fileloadConfiguration
(String file, boolean isReloadFromYaml) Add configuration settings from a filestatic Configuration
of
(Configuration.Mode mode) Create new configuration in static context with application mode specifiedvoid
setAiaDataLoaderFactory
(DataLoaderFactory aiaDataLoaderFactory) Deprecated.Prefer to usesetAiaSourceFactory(AIASourceFactory)
andgetAiaSourceFactory()
instead.void
setAiaSourceFactory
(AIASourceFactory aiaSourceFactory) Set an AIA source factory that manages the creation of custom AIA sources.void
setAllowASN1UnsafeInteger
(boolean isAllowed) Set flag if ASN1 Unsafe Integer is Allowed.void
setAllowedOcspRespondersForTM
(String... allowedOcspRespondersForTM) Set allowed OCSP responders common names for timemark validation.void
setAllowedTimestampAndOCSPResponseDeltaInMinutes
(int timeInMinutes) Set allowed delay between timestamp and OCSP response in minutes.void
setArchiveTimestampDigestAlgorithm
(DigestAlgorithm digestAlgorithm) Sets the digest algorithm for archive timestamps.void
setArchiveTimestampReferenceDigestAlgorithm
(DigestAlgorithm digestAlgorithm) Sets the reference digest algorithm for archive timestamps.void
setArchiveTspSourceFactory
(TSPSourceFactory archiveTspSourceFactory) Set a TSP source factory that manages the creation of custom TSP sources for archive timestamps.void
setConnectionTimeout
(int connectionTimeout) Set HTTP connection timeoutvoid
setDataFileDigestAlgorithm
(DigestAlgorithm digestAlgorithm) Set datafile digest algorithm.void
setExtendingOcspSourceFactory
(OCSPSourceFactory extendingOcspSourceFactory) Set an OCSP source factory that manages the creation of custom OCSP sources to be used for extending signatures.void
setFullReportNeeded
(boolean isFullReport) Deprecated.Deprecated for removal.void
setHttpProxyHost
(String httpProxyHost) Set HTTP network proxy host.void
setHttpProxyHostFor
(ExternalConnectionType connectionType, String httpProxyHost) Set HTTP network proxy host for specific type of external connections.void
setHttpProxyPassword
(String httpProxyPassword) Set HTTP network proxy password.void
setHttpProxyPasswordFor
(ExternalConnectionType connectionType, String httpProxyPassword) Set HTTP network proxy password for specific type of external connections.void
setHttpProxyPort
(int httpProxyPort) Set HTTP network proxy port.void
setHttpProxyPortFor
(ExternalConnectionType connectionType, int httpProxyPort) Set HTTP network proxy port for specific type of external connections.void
setHttpProxyUser
(String httpProxyUser) Set HTTP network proxy user name.void
setHttpProxyUserFor
(ExternalConnectionType connectionType, String httpProxyUser) Set HTTP network proxy user name for specific type of external connections.void
setHttpsProxyHost
(String httpsProxyHost) Set HTTPS network proxy host.void
setHttpsProxyHostFor
(ExternalConnectionType connectionType, String httpsProxyHost) Set HTTPS network proxy host for specific type of external connections.void
setHttpsProxyPassword
(String httpsProxyPassword) Set HTTPS network proxy password.void
setHttpsProxyPasswordFor
(ExternalConnectionType connectionType, String httpsProxyPassword) Set HTTPS network proxy password for specific type of external connections.void
setHttpsProxyPort
(int httpsProxyPort) Set HTTPS network proxy port.void
setHttpsProxyPortFor
(ExternalConnectionType connectionType, int httpsProxyPort) Set HTTPS network proxy port for specific type of external connections.void
setHttpsProxyUser
(String httpsProxyUser) Set HTTPS network proxy user name.void
setHttpsProxyUserFor
(ExternalConnectionType connectionType, String httpsProxyUser) Set HTTPS network proxy user name for specific type of external connections.void
setLotlLocation
(String lotlLocation) Set LOTL (List of Trusted Lists) location.void
setLotlPivotSupportEnabled
(boolean lotlPivotSupport) Set whether LOTL pivot support should be enabledvoid
setLotlTruststorePassword
(String lotlTruststorePassword) Set the password for the trust-store that holds potential LOTL signing certificates.void
setLotlTruststorePath
(String lotlTruststorePath) Set the path to the trust-store that holds potential LOTL signing certificates.void
setLotlTruststoreType
(String lotlTruststoreType) Set the type of the trust-store that holds potential LOTL signing certificates.void
setMaxAllowedZipCompressionRatio
(int maxAllowedZipCompressionRatio) Set the maximum ratio of how much are the contents of a ZIP-based container allowed to expand on unpacking before the container is considered harmful.void
setMaxFileSizeCachedInMemoryInMB
(long maxFileSizeCachedInMB) Sets limit in MB when handling files are creating temporary file for streaming in container creation and adding data files.void
setOCSPAccessCertificateFileName
(String fileName) Set OCSP access certificate filenamevoid
setOCSPAccessCertificatePassword
(char[] password) Set OCSP access certificate passwordvoid
setOcspDataLoaderFactory
(DataLoaderFactory ocspDataLoaderFactory) Set a data loader factory that manages the creation of custom data loaders for creating OCSP requests.void
setOcspSource
(String ocspSource) Set the OCSP sourcevoid
setPreferAiaOcsp
(boolean preferAiaOcsp) Set flag if AIA OCSP is preferred.void
setPrintValidationReport
(Boolean printValidationReport) void
setRequiredTerritories
(String... requiredTerritories) Set countries and territories (alpha-2 country codes) whose trusted lists must always be successfully loaded into the TSL.void
setRevocationAndTimestampDeltaInMinutes
(int timeInMinutes) Set Revocation and timestamp delta in minutes.void
setSignatureDigestAlgorithm
(DigestAlgorithm digestAlgorithm) Set signature digest algorithm.void
setSignatureProfile
(SignatureProfile signatureProfile) Set signature profile.void
setSignatureTspSourceFactory
(TSPSourceFactory signatureTspSourceFactory) Set a TSP source factory that manages the creation of custom TSP sources for signature timestamps.void
setSigningOcspSourceFactory
(OCSPSourceFactory signingOcspSourceFactory) Set an OCSP source factory that manages the creation of custom OCSP sources to be used for signing.void
setSignOCSPRequests
(boolean shouldSignOcspRequests) Set flag if OCSP requests should be signedvoid
setSocketTimeout
(int socketTimeoutMilliseconds) Set HTTP socket timeoutvoid
setSslKeystorePassword
(String sslKeystorePassword) Set SSL KeyStore password.void
setSslKeystorePasswordFor
(ExternalConnectionType connectionType, String sslKeystorePassword) Set SSL KeyStore password for specific type of external connections.void
setSslKeystorePath
(String sslKeystorePath) Set SSL KeyStore path.void
setSslKeystorePathFor
(ExternalConnectionType connectionType, String sslKeystorePath) Set SSL KeyStore path for specific type of external connections.void
setSslKeystoreType
(String sslKeystoreType) Set SSL KeyStore type.void
setSslKeystoreTypeFor
(ExternalConnectionType connectionType, String sslKeystoreType) Set SSL KeyStore type for specific type of external connections.void
setSslProtocol
(String sslProtocol) Set SSL protocol.void
setSslProtocolFor
(ExternalConnectionType connectionType, String sslProtocol) Set SSL protocol for specific type of external connections.void
setSslTruststorePassword
(String sslTruststorePassword) Set SSL TrustStore password.void
setSslTruststorePasswordFor
(ExternalConnectionType connectionType, String sslTruststorePassword) Set SSL TrustStore password for specific type of external connections.void
setSslTruststorePath
(String sslTruststorePath) Set SSL TrustStore path.void
setSslTruststorePathFor
(ExternalConnectionType connectionType, String sslTruststorePath) Set SSL TrustStore path for specific type of external connections.void
setSslTruststoreType
(String sslTruststoreType) Set SSL TrustStore type.void
setSslTruststoreTypeFor
(ExternalConnectionType connectionType, String sslTruststoreType) Set SSL TrustStore type for specific type of external connections.void
setSupportedSslCipherSuites
(List<String> supportedSslCipherSuites) Set supported SSL cipher suites.void
setSupportedSslCipherSuitesFor
(ExternalConnectionType connectionType, List<String> supportedSslCipherSuites) Set supported SSL cipher suites for specific type of external connections.void
setSupportedSslProtocols
(List<String> supportedSslProtocols) Set supported SSL protocols.void
setSupportedSslProtocolsFor
(ExternalConnectionType connectionType, List<String> supportedSslProtocols) Set supported SSL protocols for specific type of external connections.void
setTempFileMaxAge
(long tempFileMaxAgeInMillis) Set temp file max age in millisvoid
setThreadExecutor
(ExecutorService threadExecutor) Set thread executor service.void
setTrustedTerritories
(String... trustedTerritories) Set countries and territories (alpha-2 country codes) whom to trust and accept certificates.void
setTSL
(TSLCertificateSource certificateSource) Set the TSL certificate source.void
setTslCacheExpirationTime
(long cacheExpirationTimeInMilliseconds) Sets the expiration time for TSL cache in milliseconds.void
setTslDataLoaderFactory
(DataLoaderFactory tslDataLoaderFactory) Deprecated.Prefer to usesetTslFileLoaderFactory(DSSFileLoaderFactory)
andgetTslFileLoaderFactory()
instead.void
setTslFileLoaderFactory
(DSSFileLoaderFactory tslFileLoaderFactory) Set a file loader factory that manages the creation of custom file loaders for downloading TSL.void
setTslKeyStoreLocation
(String tslKeyStoreLocation) Deprecated.UsesetLotlTruststorePath(String)
instead.void
setTslKeyStorePassword
(String tslKeyStorePassword) Deprecated.UsesetLotlTruststorePassword(String)
instead.void
setTslLocation
(String tslLocation) Deprecated.UsesetLotlLocation(String)
instead.void
setTslRefreshCallback
(TSLRefreshCallback tslRefreshCallback) Sets a callback that validates the state of the TSL after each TSL refresh.void
setTspDataLoaderFactory
(DataLoaderFactory tspDataLoaderFactory) Set a data loader factory that manages the creation of custom data loaders for creating TSP requests.void
setTspSource
(String tspSource) Set the TSP Sourcevoid
setTspSourceForArchiveTimestamps
(String tspSource) Sets the TSP source URL string to be used for archive timestamps.void
setUseOcspNonce
(Boolean useOcspNonce) Set if nonce should be used in case of OCSP requestvoid
setValidationPolicy
(String validationPolicy) Set the validation policyvoid
setZipCompressionRatioCheckThresholdInBytes
(long zipCompressionRatioCheckThresholdInBytes) Set the threshold of how much memory (in bytes) are the unpacked contents of a ZIP-based container allowed to consume before ZIP compression ratio check kicks in.boolean
If all the data files should be stored in memory.
-
Constructor Details
-
Configuration
public Configuration()Create new configuration -
Configuration
Create new configuration with application mode specified- Parameters:
mode
- Application mode
-
-
Method Details
-
getInstance
Getting the default Configuration object.
The default configuration object is a singelton, meaning that all the containers will use the same registry object. It is a good idea to use only a single configuration object for all the containers so the operation times would be faster.
- Returns:
- default configuration.
-
of
Create new configuration in static context with application mode specified- Parameters:
mode
- Application mode
-
isOCSPSigningConfigurationAvailable
public boolean isOCSPSigningConfigurationAvailable()Are requirements met for signing OCSP certificate?- Returns:
- value indicating if requirements are met
-
getOCSPAccessCertificateFileName
Get OCSP access certificate filename- Returns:
- filename for the OCSP access certificate
-
getOCSPAccessCertificatePassword
public char[] getOCSPAccessCertificatePassword()Get OSCP access certificate password- Returns:
- password
-
getOCSPAccessCertificatePasswordAsString
Get OSCP access certificate password As String- Returns:
- password
-
setOCSPAccessCertificateFileName
Set OCSP access certificate filename- Parameters:
fileName
- filename for the OCSP access certficate
-
setOCSPAccessCertificatePassword
public void setOCSPAccessCertificatePassword(char[] password) Set OCSP access certificate password- Parameters:
password
- password to set
-
setSignOCSPRequests
public void setSignOCSPRequests(boolean shouldSignOcspRequests) Set flag if OCSP requests should be signed- Parameters:
shouldSignOcspRequests
- True if should sign, False otherwise
-
setOcspDataLoaderFactory
Set a data loader factory that manages the creation of custom data loaders for creating OCSP requests.- Parameters:
ocspDataLoaderFactory
- OCSP data loader factory.
-
getOcspDataLoaderFactory
Returns the currently set OCSP data loader factory ornull
if no custom data loader factory is set.- Returns:
- OCSP data loader factory.
-
loadConfiguration
Add configuration settings from a stream. After loading closes stream.- Parameters:
stream
- Input stream- Returns:
- configuration hashtable
-
loadConfiguration
Add configuration settings from a file- Parameters:
file
- File name- Returns:
- configuration hashtable
-
loadConfiguration
Add configuration settings from a file- Parameters:
file
- File nameisReloadFromYaml
- True if this is reloading call- Returns:
- configuration hashtable
-
getDDoc4JConfiguration
Returns configuration needed for DDoc4J library.- Returns:
- configuration values.
-
setMaxFileSizeCachedInMemoryInMB
public void setMaxFileSizeCachedInMemoryInMB(long maxFileSizeCachedInMB) Sets limit in MB when handling files are creating temporary file for streaming in container creation and adding data files. Used by DigiDoc4J and by DDoc4J.- Parameters:
maxFileSizeCachedInMB
- maximum data file size in MB stored in memory.
-
storeDataFilesOnlyInMemory
public boolean storeDataFilesOnlyInMemory()If all the data files should be stored in memory. Default is true (data files are temporarily stored only in memory).- Returns:
- true if everything is stored in memory, and false if data is temporarily stored on disk.
-
hasToBeOCSPRequestSigned
public boolean hasToBeOCSPRequestSigned()Returns configuration item must be OCSP request signed. Reads it from registry parameter SIGN_OCSP_REQUESTS. Default value is false forConfiguration.Mode.PROD
and false forConfiguration.Mode.TEST
- Returns:
- must be OCSP request signed
-
getMaxDataFileCachedInMB
public long getMaxDataFileCachedInMB()Get the maximum size of data files to be cached. Used by DigiDoc4J and by DDoc4J.- Returns:
- Size in MB. if size < 0, no caching is used
-
getMaxDataFileCachedInBytes
public long getMaxDataFileCachedInBytes()Get the maximum size of data files to be cached. Used by DigiDoc4J and by DDoc4J.- Returns:
- Size in MB. if size < 0, no caching is used
-
setLotlLocation
Set LOTL (List of Trusted Lists) location. LOTL can be loaded from file (file://) or from web (http://). If file protocol is used then first try is to locate file from this location if file does not exist then it tries to load relatively from classpath. Setting new location clears old values Windows wants it in file:DRIVE:/directories/lotl-file.xml format- Parameters:
lotlLocation
- LOTL location to be used
-
getLotlLocation
Get LOTL (List of Trusted Lists) location.- Returns:
- url
-
getTslLocation
Deprecated.UsegetLotlLocation()
instead.Get TSL location.- Returns:
- url
-
setTSL
Set the TSL certificate source.- Parameters:
certificateSource
- TSL certificate source When certificateSource equals null then getTSL() will load the TSL according to the TSL location specified .
-
getTSL
Loads TSL certificates If configuration mode is TEST then TSL signature is not checked.- Returns:
- TSL source
-
setTslLocation
Deprecated.UsesetLotlLocation(String)
instead.Set the TSL location. TSL can be loaded from file (file://) or from web (http://). If file protocol is used then first try is to locate file from this location if file does not exist then it tries to load relatively from classpath. Setting new location clears old values Windows wants it in file:DRIVE:/directories/tsl-file.xml format- Parameters:
tslLocation
- TSL Location to be used
-
setTslFileLoaderFactory
Set a file loader factory that manages the creation of custom file loaders for downloading TSL.- Parameters:
tslFileLoaderFactory
- TSL file loader factory.
-
getTslFileLoaderFactory
Returns the currently set TSL file loader factory ornull
if no custom file loader factory is set.- Returns:
- TSL file loader factory.
-
setTslRefreshCallback
Sets a callback that validates the state of the TSL after each TSL refresh. If no custom callback is configured, a default callback is used for TSL validation.- Parameters:
tslRefreshCallback
- a callback to validate TSL after a refresh
-
getTslRefreshCallback
Returns the currently configured TSL refresh callback ornull
if no custom callback is configured.- Returns:
- configured TSL refresh callback or
null
-
setTslDataLoaderFactory
Deprecated.Prefer to usesetTslFileLoaderFactory(DSSFileLoaderFactory)
andgetTslFileLoaderFactory()
instead. If a custom TSL file loader factory is configured, then a custom TSL data loader factory has no effect. If a data loader created by a custom TSL data loader factory does not implementDSSFileLoader
, then it is wrapped into aFileCacheDataLoader
.Set a data loader factory that manages the creation of custom data loaders for downloading TSL.- Parameters:
tslDataLoaderFactory
- TSL data loader factory.
-
getTslDataLoaderFactory
Deprecated.Prefer to usesetTslFileLoaderFactory(DSSFileLoaderFactory)
andgetTslFileLoaderFactory()
instead. If a custom TSL file loader factory is configured, then a custom TSL data loader factory has no effect. If a data loader created by a custom TSL data loader factory does not implementDSSFileLoader
, then it is wrapped into aFileCacheDataLoader
.Returns the currently set TSL data loader factory ornull
if no custom data loader factory is set.- Returns:
- TSL data loader factory.
-
setAiaDataLoaderFactory
Deprecated.Prefer to usesetAiaSourceFactory(AIASourceFactory)
andgetAiaSourceFactory()
instead. If a custom AIA source factory is configured, then a custom AIA data loader factory has no effect.Set a data loader factory that manages the creation of custom data loaders for accessing AIA certificate sources.- Parameters:
aiaDataLoaderFactory
- AIA data loader factory.
-
getAiaDataLoaderFactory
Deprecated.Prefer to usesetAiaSourceFactory(AIASourceFactory)
andgetAiaSourceFactory()
instead. If a custom AIA source factory is configured, then a custom AIA data loader factory has no effect.Returns the currently set AIA data loader factory ornull
if no custom data loader factory is set.- Returns:
- AIA data loader factory.
-
setAiaSourceFactory
Set an AIA source factory that manages the creation of custom AIA sources.- Parameters:
aiaSourceFactory
- AIA source factory
-
getAiaSourceFactory
Returns the currently set AIA source factory ornull
if no custom AIA source factory is set.- Returns:
- AIA source factory
-
setExtendingOcspSourceFactory
Set an OCSP source factory that manages the creation of custom OCSP sources to be used for extending signatures.- Parameters:
extendingOcspSourceFactory
- OCSP source factory
-
getExtendingOcspSourceFactory
Returns the currently set OCSP source factory ornull
if no custom OCSP source factory is set.- Returns:
- OCSP source factory
-
setSigningOcspSourceFactory
Set an OCSP source factory that manages the creation of custom OCSP sources to be used for signing.- Parameters:
signingOcspSourceFactory
- OCSP source factory
-
getSigningOcspSourceFactory
Returns the currently set OCSP source factory for signing ornull
if no custom OCSP source factory is set.- Returns:
- OCSP source factory
-
setArchiveTspSourceFactory
Set a TSP source factory that manages the creation of custom TSP sources for archive timestamps.- Parameters:
archiveTspSourceFactory
- TSP source factory
-
getArchiveTspSourceFactory
Returns the currently set TSP source factory for archive timestamps ornull
if no custom TSP source factory is set.- Returns:
- TSP source factory
-
setSignatureTspSourceFactory
Set a TSP source factory that manages the creation of custom TSP sources for signature timestamps.- Parameters:
signatureTspSourceFactory
- TSP source factory
-
getSignatureTspSourceFactory
Returns the currently set TSP source factory for signature timestamps ornull
if no custom TSP source factory is set.- Returns:
- TSP source factory
-
getTspSource
Get the TSP Source- Returns:
- TSP Source
-
getTspSourceForArchiveTimestamps
Returns the TSP source URL string for archive timestamps, if configured, otherwise returns the value ofgetTspSource()
.- Returns:
- TSP source URL string for archive timestamps, or
getTspSource()
- See Also:
-
getTspSourceByCountry
Get the TSP source by country- Parameters:
country
- to use tsp source- Returns:
- tspSource
-
setTspDataLoaderFactory
Set a data loader factory that manages the creation of custom data loaders for creating TSP requests.- Parameters:
tspDataLoaderFactory
- TSP data loader factory.
-
getTspDataLoaderFactory
Returns the currently set TSP data loader factory ornull
if no custom data loader factory is set.- Returns:
- TSP data loader factory.
-
setPreferAiaOcsp
public void setPreferAiaOcsp(boolean preferAiaOcsp) Set flag if AIA OCSP is preferred.- Parameters:
preferAiaOcsp
- - True when AIA OCSP is preferred
-
isAiaOcspPreferred
public boolean isAiaOcspPreferred()Get flag if AIA OCSP is preferred.- Returns:
- isAiaOcspPreferred boolean value.
-
getAiaOcspSourceByCN
Get the AIA OCSP source by issuer's CN- Parameters:
cn
- to use AIA OCSP source- Returns:
- ocspSource
-
getUseNonceForAiaOcspByCN
Get the AIA OCSP source by issuer's CN- Parameters:
cn
- to use AIA OCSP source- Returns:
- ocspSource
-
setTempFileMaxAge
public void setTempFileMaxAge(long tempFileMaxAgeInMillis) Set temp file max age in millis- Parameters:
tempFileMaxAgeInMillis
- max age in millis
-
getTempFileMaxAge
public long getTempFileMaxAge()Get temp file max age- Returns:
- temp file max age in millis
-
setConnectionTimeout
public void setConnectionTimeout(int connectionTimeout) Set HTTP connection timeout- Parameters:
connectionTimeout
- connection timeout in milliseconds
-
setSocketTimeout
public void setSocketTimeout(int socketTimeoutMilliseconds) Set HTTP socket timeout- Parameters:
socketTimeoutMilliseconds
- socket timeout in milliseconds
-
getConnectionTimeout
public int getConnectionTimeout()Get HTTP connection timeout- Returns:
- connection timeout in milliseconds
-
getSocketTimeout
public int getSocketTimeout()Get HTTP socket timeout- Returns:
- socket timeout in milliseconds
-
setTspSource
Set the TSP Source- Parameters:
tspSource
- TSPSource to be used
-
setTspSourceForArchiveTimestamps
Sets the TSP source URL string to be used for archive timestamps.- Parameters:
tspSource
- TSP source URL string for archive timestamps
-
getOcspSource
Get the OCSP Source- Returns:
- OCSP Source
-
setUseOcspNonce
Set if nonce should be used in case of OCSP request PS! Does not affect TM signature profiles in which occasion nonce is always used.- Parameters:
useOcspNonce
-
-
isOcspNonceUsed
public boolean isOcspNonceUsed()Get if OCSP nonce should be used- Returns:
- use OCSP nonce
-
setTslKeyStoreLocation
Deprecated.UsesetLotlTruststorePath(String)
instead.Set the KeyStore Location that holds potential TSL Signing certificates- Parameters:
tslKeyStoreLocation
- KeyStore location to use
-
getTslKeyStoreLocation
Deprecated.UsegetLotlTruststorePath()
instead.Get the Location to Keystore that holds potential TSL Signing certificates- Returns:
- KeyStore Location
-
setTslKeyStorePassword
Deprecated.UsesetLotlTruststorePassword(String)
instead.Set the password for Keystore that holds potential TSL Signing certificates- Parameters:
tslKeyStorePassword
- Keystore password
-
getTslKeyStorePassword
Deprecated.UsegetLotlTruststorePassword()
instead.Get the password for Keystore that holds potential TSL Signing certificates- Returns:
- Tsl Keystore password
-
setLotlTruststorePath
Set the path to the trust-store that holds potential LOTL signing certificates.- Parameters:
lotlTruststorePath
- LOTL trust-store path to use
-
getLotlTruststorePath
Get the path to the trust-store that holds potential LOTL signing certificates.- Returns:
- LOTL trust-store path
-
setLotlTruststoreType
Set the type of the trust-store that holds potential LOTL signing certificates. Default isPKCS12
.- Parameters:
lotlTruststoreType
- LOTL trust-store type to use
-
getLotlTruststoreType
Get the type of the trust-store that holds potential LOTL signing certificates.- Returns:
- LOTL trust-store type
-
setLotlTruststorePassword
Set the password for the trust-store that holds potential LOTL signing certificates.- Parameters:
lotlTruststorePassword
- LOTL trust-store password
-
getLotlTruststorePassword
Get the password for the trust-store that holds potential LOTL signing certificates.- Returns:
- LOTL trust-store password
-
setLotlPivotSupportEnabled
public void setLotlPivotSupportEnabled(boolean lotlPivotSupport) Set whether LOTL pivot support should be enabled- Parameters:
lotlPivotSupport
- whether LOTL pivot support should be enabled
-
isLotlPivotSupportEnabled
public boolean isLotlPivotSupportEnabled()Get whether LOTL pivot support is enabled- Returns:
- whether LOTL pivot support is enabled
-
setTslCacheExpirationTime
public void setTslCacheExpirationTime(long cacheExpirationTimeInMilliseconds) Sets the expiration time for TSL cache in milliseconds. If more time has passed from the cache's creation time time, then a fresh TSL is downloaded and cached, otherwise a cached copy is used.- Parameters:
cacheExpirationTimeInMilliseconds
- cache expiration time in milliseconds
-
getTslCacheExpirationTime
public long getTslCacheExpirationTime()Returns TSL cache expiration time in milliseconds.- Returns:
- TSL cache expiration time in milliseconds.
-
getAllowedTimestampAndOCSPResponseDeltaInMinutes
Returns allowed delay between timestamp and OCSP response in minutes.- Returns:
- Allowed delay between timestamp and OCSP response in minutes.
-
setAllowedTimestampAndOCSPResponseDeltaInMinutes
public void setAllowedTimestampAndOCSPResponseDeltaInMinutes(int timeInMinutes) Set allowed delay between timestamp and OCSP response in minutes.- Parameters:
timeInMinutes
- Allowed delay between timestamp and OCSP response in minutes
-
setOcspSource
Set the OCSP source- Parameters:
ocspSource
- OCSP Source to be used
-
getValidationPolicy
Get the validation policy- Returns:
- Validation policy
-
setValidationPolicy
Set the validation policy- Parameters:
validationPolicy
- Policy to be used
-
getPrintValidationReport
public boolean getPrintValidationReport()- Returns:
- whether to print validation report
-
setPrintValidationReport
- Parameters:
printValidationReport
- whether to print validation report
-
getRevocationAndTimestampDeltaInMinutes
public int getRevocationAndTimestampDeltaInMinutes()Revocation and timestamp delta in minutes.- Returns:
- timestamp delta in minutes.
-
setRevocationAndTimestampDeltaInMinutes
public void setRevocationAndTimestampDeltaInMinutes(int timeInMinutes) Set Revocation and timestamp delta in minutes.- Parameters:
timeInMinutes
- delta in minutes.
-
getSignatureProfile
Signature profile.- Returns:
- SignatureProfile.
-
setSignatureProfile
Set signature profile.- Parameters:
signatureProfile
- profile of the signature
-
getSignatureDigestAlgorithm
Signature digest algorithm.- Returns:
- DigestAlgorithm.
-
setSignatureDigestAlgorithm
Set signature digest algorithm.- Parameters:
digestAlgorithm
- digest algorithm of signature
-
getDataFileDigestAlgorithm
Datafile digest algorithm.- Returns:
- DigestAlgorithm.
-
setDataFileDigestAlgorithm
Set datafile digest algorithm.- Parameters:
digestAlgorithm
- digest algorithm of datafile
-
getArchiveTimestampDigestAlgorithm
Returns the digest algorithm for archive timestamps, if configured.- Returns:
- configured archive timestamp digest algorithm or
null
-
setArchiveTimestampDigestAlgorithm
Sets the digest algorithm for archive timestamps.- Parameters:
digestAlgorithm
- digest algorithm for archive timestamps
-
getArchiveTimestampReferenceDigestAlgorithm
Returns the reference digest algorithm for archive timestamps, if configured.- Returns:
- configured archive timestamp reference digest algorithm or
null
-
setArchiveTimestampReferenceDigestAlgorithm
Sets the reference digest algorithm for archive timestamps.- Parameters:
digestAlgorithm
- reference digest algorithm for archive timestamps
-
getHttpsProxyHost
- Returns:
- HTTPS proxy host
-
getHttpsProxyHostFor
- Parameters:
connectionType
- type of external connections.- Returns:
- HTTPS proxy host.
-
setHttpsProxyHost
Set HTTPS network proxy host.- Parameters:
httpsProxyHost
- https proxy host.
-
setHttpsProxyHostFor
Set HTTPS network proxy host for specific type of external connections. Overrides network proxy host set viasetHttpsProxyHost(String)
- Parameters:
connectionType
- type of external connections.httpsProxyHost
- https proxy host.
-
getHttpsProxyPort
- Returns:
- HTTPS proxy port
-
getHttpsProxyPortFor
- Parameters:
connectionType
- type of external connection- Returns:
- HTTPS proxy port
-
setHttpsProxyPort
public void setHttpsProxyPort(int httpsProxyPort) Set HTTPS network proxy port.- Parameters:
httpsProxyPort
- https proxy port.
-
setHttpsProxyPortFor
Set HTTPS network proxy port for specific type of external connections. Overrides network proxy port set viasetHttpsProxyPort(int)
- Parameters:
connectionType
- type of external connections.httpsProxyPort
- https proxy port.
-
setHttpsProxyUser
Set HTTPS network proxy user name.- Parameters:
httpsProxyUser
- username.
-
setHttpsProxyUserFor
Set HTTPS network proxy user name for specific type of external connections. Overrides network proxy user name set viasetHttpsProxyUser(String)
- Parameters:
connectionType
- type of external connections.httpsProxyUser
- username.
-
getHttpsProxyUser
Get HTTPS proxy user.- Returns:
- HTTPS proxy user.
-
getHttpsProxyUserFor
Get HTTPS proxy user for specific type of external connections.- Parameters:
connectionType
- type of external connections.- Returns:
- HTTPS proxy user.
-
setHttpsProxyPassword
Set HTTPS network proxy password.- Parameters:
httpsProxyPassword
- password.
-
setHttpsProxyPasswordFor
public void setHttpsProxyPasswordFor(ExternalConnectionType connectionType, String httpsProxyPassword) Set HTTPS network proxy password for specific type of external connections. Overrides network proxy password set viasetHttpsProxyPassword(String)
- Parameters:
connectionType
- type of external connections.httpsProxyPassword
- password.
-
getHttpsProxyPassword
Get HTTPS proxy password.- Returns:
- HTTPS proxy password.
-
getHttpsProxyPasswordFor
Get HTTPS proxy password for specific type of external connections.- Parameters:
connectionType
- type of external connections.- Returns:
- HTTPS proxy password.
-
getHttpProxyHost
Get http proxy host.- Returns:
- http proxy host.
-
getHttpProxyHostFor
Get http proxy host for specific external connection type.- Parameters:
connectionType
- type of external connections.- Returns:
- http proxy host.
-
setHttpProxyHost
Set HTTP network proxy host.- Parameters:
httpProxyHost
- http proxy host.
-
setHttpProxyHostFor
Set HTTP network proxy host for specific type of external connections. Overrides network proxy host set viasetHttpProxyHost(String)
- Parameters:
connectionType
- type of external connections.httpProxyHost
- http proxy host.
-
getHttpProxyPort
Get http proxy port.- Returns:
- http proxy port.
-
getHttpProxyPortFor
Get http proxy port for specific type of external connections.- Parameters:
connectionType
- type of external connections.- Returns:
- http proxy port.
-
setHttpProxyPort
public void setHttpProxyPort(int httpProxyPort) Set HTTP network proxy port.- Parameters:
httpProxyPort
- Port number.
-
setHttpProxyPortFor
Set HTTP network proxy port for specific type of external connections. Overrides network proxy port set viasetHttpProxyPort(int)
- Parameters:
connectionType
- type of external connections.httpProxyPort
- Port number.
-
setHttpProxyUser
Set HTTP network proxy user name.- Parameters:
httpProxyUser
- username.
-
setHttpProxyUserFor
Set HTTP network proxy user name for specific type of external connections. Overrides network proxy user name set viasetHttpProxyUser(String)
- Parameters:
connectionType
- type of external connections.httpProxyUser
- username.
-
getHttpProxyUser
Get http proxy user.- Returns:
- http proxy user.
-
getHttpProxyUserFor
Get http proxy user for specific type of external connections.- Parameters:
connectionType
- type of external connections.- Returns:
- http proxy user.
-
setHttpProxyPassword
Set HTTP network proxy password.- Parameters:
httpProxyPassword
- password.
-
setHttpProxyPasswordFor
public void setHttpProxyPasswordFor(ExternalConnectionType connectionType, String httpProxyPassword) Set HTTP network proxy password for specific type of external connections. Overrides network proxy password set viasetHttpProxyPassword(String)
- Parameters:
connectionType
- type of external connections.httpProxyPassword
- password.
-
getHttpProxyPassword
Get http proxy password.- Returns:
- http proxy password.
-
getHttpProxyPasswordFor
Get http proxy password for specific type of external connections.- Parameters:
connectionType
- type of external connections.- Returns:
- http proxy password.
-
isNetworkProxyEnabled
public boolean isNetworkProxyEnabled()Is network proxy enabled?- Returns:
- True if network proxy is enabled, otherwise False.
-
isNetworkProxyEnabledFor
Is network proxy enabled for specific type of external connections?- Parameters:
connectionType
- type of external connections.- Returns:
- True if network proxy is enabled, otherwise False.
-
isProxyOfType
public boolean isProxyOfType(eu.europa.esig.dss.spi.client.http.Protocol protocol) - Parameters:
protocol
- protocol- Returns:
- boolean
-
isProxyOfTypeFor
public boolean isProxyOfTypeFor(ExternalConnectionType connectionType, eu.europa.esig.dss.spi.client.http.Protocol protocol) - Parameters:
connectionType
- type of external connectionsprotocol
- protocol- Returns:
- boolean
-
isSslConfigurationEnabled
public boolean isSslConfigurationEnabled()Is ssl configuration enabled?- Returns:
- True if SSL configuration is enabled, otherwise False.
-
isSslConfigurationEnabledFor
Is ssl configuration enabled for specific type of external connections?- Parameters:
connectionType
- type of external connections.- Returns:
- True if SSL configuration is enabled, otherwise False.
-
setSslKeystorePath
Set SSL KeyStore path.- Parameters:
sslKeystorePath
- path to SSL keystore.
-
setSslKeystorePathFor
Set SSL KeyStore path for specific type of external connections. Overrides keystore path set viasetSslKeystorePath(String)
- Parameters:
connectionType
- type of external connections.sslKeystorePath
- path to SSL keystore.
-
getSslKeystorePath
Get SSL KeyStore path.- Returns:
- path to SSL keystore.
-
getSslKeystorePathFor
Get SSL KeyStore path for specific type of external connections.- Parameters:
connectionType
- type of external connections.- Returns:
- path to SSL keystore.
-
setSslKeystoreType
Set SSL KeyStore type. Default is "jks".- Parameters:
sslKeystoreType
- type of SSL keystore.
-
setSslKeystoreTypeFor
Set SSL KeyStore type for specific type of external connections. Overrides keystore type set viasetSslKeystoreType(String)
- Parameters:
connectionType
- type of external connections.sslKeystoreType
- type of SSL keystore.
-
getSslKeystoreType
Get SSL KeyStore type.- Returns:
- type of SSL keystore.
-
getSslKeystoreTypeFor
Get SSL KeyStore type for specific type of external connections.- Parameters:
connectionType
- type of external connections.- Returns:
- type of SSL keystore.
-
setSslKeystorePassword
Set SSL KeyStore password. Default is an empty string.- Parameters:
sslKeystorePassword
- SSL keystore password.
-
setSslKeystorePasswordFor
public void setSslKeystorePasswordFor(ExternalConnectionType connectionType, String sslKeystorePassword) Set SSL KeyStore password for specific type of external connections. Overrides keystore password set viasetSslKeystorePassword(String)
- Parameters:
connectionType
- type of external connections.sslKeystorePassword
- SSL keystore password.
-
getSslKeystorePassword
Get Ssl keystore password.- Returns:
- SSL keystore password.
-
getSslKeystorePasswordFor
Get Ssl keystore password for specific type of external connections.- Parameters:
connectionType
- type of external connections.- Returns:
- SSL keystore password.
-
setSslTruststorePath
Set SSL TrustStore path.- Parameters:
sslTruststorePath
- path to SSL truststore.
-
setSslTruststorePathFor
public void setSslTruststorePathFor(ExternalConnectionType connectionType, String sslTruststorePath) Set SSL TrustStore path for specific type of external connections. Overrides truststore path set viasetSslTruststorePath(String)
- Parameters:
connectionType
- type of external connections.sslTruststorePath
- path to SSL truststore.
-
getSslTruststorePath
Get SSL TrustStore path- Returns:
- path to SSL truststore.
-
getSslTruststorePathFor
Get SSL TrustStore path for specific type of external connections.- Parameters:
connectionType
- type of external connections.- Returns:
- path to SSL truststore.
-
setSslTruststoreType
Set SSL TrustStore type. Default is "jks".- Parameters:
sslTruststoreType
- type of SSL truststore.
-
setSslTruststoreTypeFor
public void setSslTruststoreTypeFor(ExternalConnectionType connectionType, String sslTruststoreType) Set SSL TrustStore type for specific type of external connections. Overrides truststore type set viasetSslTruststoreType(String)
- Parameters:
connectionType
- type of external connections.sslTruststoreType
- type of SSL truststore.
-
getSslTruststoreType
Get SSL TrustStore type.- Returns:
- type of SSL truststore.
-
getSslTruststoreTypeFor
Get SSL TrustStore type for specific type of external connections.- Parameters:
connectionType
- type of external connections.- Returns:
- type of SSL truststore.
-
setSslTruststorePassword
Set SSL TrustStore password. Default is an empty string.- Parameters:
sslTruststorePassword
- SSL truststore password.
-
setSslTruststorePasswordFor
public void setSslTruststorePasswordFor(ExternalConnectionType connectionType, String sslTruststorePassword) Set SSL TrustStore password for specific type of external connections. Overrides truststore password set viasetSslTruststorePassword(String)
- Parameters:
connectionType
- type of external connections.sslTruststorePassword
- SSL truststore password.
-
getSslTruststorePassword
Get Ssl truststore password.- Returns:
- SSL truststore password.
-
getSslTruststorePasswordFor
Get Ssl truststore password for specific type of external connections.- Parameters:
connectionType
- type of external connections.- Returns:
- SSL truststore password.
-
setSslProtocol
Set SSL protocol.- Parameters:
sslProtocol
- SSL protocol.
-
setSslProtocolFor
Set SSL protocol for specific type of external connections. Overrides SSL protocol set viasetSslProtocol(String)
- Parameters:
connectionType
- type of external connections.sslProtocol
- SSL protocol.
-
getSslProtocol
Get SSL protocol.- Returns:
- SSL protocol.
-
getSslProtocolFor
Get SSL protocol for specific type of external connections.- Parameters:
connectionType
- type of external connections.- Returns:
- SSL protocol.
-
setSupportedSslProtocols
Set supported SSL protocols.- Parameters:
supportedSslProtocols
- list of supported SSL protocols.
-
setSupportedSslProtocolsFor
public void setSupportedSslProtocolsFor(ExternalConnectionType connectionType, List<String> supportedSslProtocols) Set supported SSL protocols for specific type of external connections. Overrides SSL protocols set viasetSupportedSslProtocols(List)
- Parameters:
connectionType
- type of external connections.supportedSslProtocols
- list of supported SSL protocols.
-
getSupportedSslProtocols
Get supported SSL protocols.- Returns:
- list of supported SSL protocols.
-
getSupportedSslProtocolsFor
Get supported SSL protocols for specific type of external connections.- Parameters:
connectionType
- type of external connections.- Returns:
- list of supported SSL protocols.
-
setSupportedSslCipherSuites
Set supported SSL cipher suites.- Parameters:
supportedSslCipherSuites
- list of supported SSL cipher suites.
-
setSupportedSslCipherSuitesFor
public void setSupportedSslCipherSuitesFor(ExternalConnectionType connectionType, List<String> supportedSslCipherSuites) Set supported SSL cipher suites for specific type of external connections. Overrides SSL cipher suites set viasetSupportedSslCipherSuites(List)
- Parameters:
connectionType
- type of external connections.supportedSslCipherSuites
- list of supported SSL cipher suites.
-
getSupportedSslCipherSuites
Get supported SSL cipher suites.- Returns:
- list of supported SSL cipher suites.
-
getSupportedSslCipherSuitesFor
Get supported SSL cipher suites for specific type of external connections.- Parameters:
connectionType
- type of external connections.- Returns:
- list of supported SSL cipher suites.
-
setFullReportNeeded
Deprecated.Deprecated for removal. Enabling this feature can, in some cases, produce false negative validation results.Set flag if full report needed.- Parameters:
isFullReport
- needed value.
-
isFullReportNeeded
Deprecated.Deprecated for removal. Enabling this feature can, in some cases, produce false negative validation results.Get flag if full report needed.- Returns:
- isFullReport needed boolean value.
-
setAllowASN1UnsafeInteger
public void setAllowASN1UnsafeInteger(boolean isAllowed) Set flag if ASN1 Unsafe Integer is Allowed.- Parameters:
isAllowed
- - True when ASN1 Unsafe Integer is Allowed.
-
isASN1UnsafeIntegerAllowed
public boolean isASN1UnsafeIntegerAllowed()Get flag if ASN1 Unsafe Integer is Allowed.- Returns:
- isASN1UnsafeIntegerAllowed boolean value.
-
setThreadExecutor
Set thread executor service.- Parameters:
threadExecutor
- Thread executor service object.
-
getThreadExecutor
Get thread executor. It can be mull.- Returns:
- thread executor.
-
setTrustedTerritories
Set countries and territories (alpha-2 country codes) whom to trust and accept certificates. It is possible to accept signatures (and certificates) only from particular countries by filtering trusted territories. Only the TSL (and certificates) from those countries are then downloaded and others are skipped. For example, it is possible to trust signatures only from these three countries: Estonia, Latvia and France, and skip all other countries: "EE", "LV", "FR".- Parameters:
trustedTerritories
- list of alpha-2 country codes.
-
getTrustedTerritories
Get trusted territories.- Returns:
- list of trusted territories
-
setRequiredTerritories
Set countries and territories (alpha-2 country codes) whose trusted lists must always be successfully loaded into the TSL.This list is used by the default TSL refresh callback. If the trusted list of any of these territories fails to load, then the TSL refresh is considered to have been failed.
- Parameters:
requiredTerritories
- list of alpha-2 country codes.- See Also:
-
getRequiredTerritories
Get required territories.- Returns:
- list of required territories
- See Also:
-
setAllowedOcspRespondersForTM
Set allowed OCSP responders common names for timemark validation. For example: "SK OCSP RESPONDER 2011", "ESTEID-SK OCSP RESPONDER", "KLASS3-SK OCSP RESPONDER".- Parameters:
allowedOcspRespondersForTM
- list of OCSP responders.
-
getAllowedOcspRespondersForTM
Get allowed OCSP responders for timemark validation.- Returns:
- ocsp responders list.
-
setMaxAllowedZipCompressionRatio
public void setMaxAllowedZipCompressionRatio(int maxAllowedZipCompressionRatio) Set the maximum ratio of how much are the contents of a ZIP-based container allowed to expand on unpacking before the container is considered harmful.- Parameters:
maxAllowedZipCompressionRatio
- maximum ratio of how much are the contents of a ZIP-based container allowed to expand- See Also:
-
getMaxAllowedZipCompressionRatio
public int getMaxAllowedZipCompressionRatio()Get the maximum ratio of how much are the contents of a ZIP-based container allowed to expand on unpacking before the container is considered harmful.- Returns:
- maximum ratio of how much are the contents of a ZIP-based container allowed to expand
- See Also:
-
setZipCompressionRatioCheckThresholdInBytes
public void setZipCompressionRatioCheckThresholdInBytes(long zipCompressionRatioCheckThresholdInBytes) Set the threshold of how much memory (in bytes) are the unpacked contents of a ZIP-based container allowed to consume before ZIP compression ratio check kicks in.- Parameters:
zipCompressionRatioCheckThresholdInBytes
- threshold of how much memory are the unpacked contents of a ZIP-based container allowed to consume- See Also:
-
getZipCompressionRatioCheckThresholdInBytes
public long getZipCompressionRatioCheckThresholdInBytes()Get the threshold of how much memory (in bytes) are the unpacked contents of a ZIP-based container allowed to consume before ZIP compression ratio check kicks in.- Returns:
- threshold of how much memory are the unpacked contents of a ZIP-based container allowed to consume
- See Also:
-
isTest
public boolean isTest()- Returns:
- true when configuration is Configuration.Mode.TEST
- See Also:
-
copy
Clones configuration- Returns:
- new configuration object
-
setAiaSourceFactory(AIASourceFactory)
andgetAiaSourceFactory()
instead.