org.digidoc4j

Class Configuration

java.lang.Object

org.digidoc4j.Configuration

All Implemented Interfaces:

java.io.Serializable

public class Configuration
extends java.lang.Object
implements java.io.Serializable

Possibility to create custom configurations for Container implementations.

It is possible to get the default Configuration object used in all containers by using getInstance(). This will return a singelton Configuration object used by default if no configuration is provided.

You can specify the configuration mode, either Configuration.Mode.TEST or Configuration.Mode.PROD configuration. Default is Configuration.Mode.PROD.

It is a good idea to use only a single configuration object for all the containers so the operation times would be faster.

It is also possible to set the mode using the System property. Setting the property "digidoc4j.mode" to "TEST" forces the default mode to Configuration.Mode.TEST mode

Configurations will be loaded from a file. The file must be in yaml format.

Required entries of the configuration file:

The configuration file must contain one or more Certificate Authorities under the heading DIGIDOC_CAS similar to following format (values are examples only):

 DIGIDOC_CAS:
 - DIGIDOC_CA:
     NAME: CA name
     TRADENAME: Tradename
     CERTS:
       - jar://certs/cert1.crt
       - jar://certs/cert2.crt
     OCSPS:
 

Each DIGIDOC_CA entry must contain one or more OCSP certificates under the heading "OCSPS" similar to following format (values are examples only):

       - OCSP:
         CA_CN: your certificate authority common name
         CA_CERT: jar://your ca_cn.crt
         CN: your common name
         CERTS:
         - jar://certs/Your first OCSP Certifications file.crt
         - jar://certs/Your second OCSP Certifications file.crt
         URL: http://ocsp.test.test
 

All entries must exist and be valid. Under CERTS must be at least one entry.

Optional entries of the configuration file:

• CANONICALIZATION_FACTORY_IMPL: Canonicalization factory implementation.
  Default value: "ee.sk.digidoc.factory.SAXDigiDocFactory"
• CONNECTION_TIMEOUT: TSL HTTP Connection timeout (milliseconds).
  Default value: 1000
• DIGIDOC_FACTORY_IMPL: Factory implementation.
  Default value: "ee.sk.digidoc.factory.SAXDigiDocFactory"
• DATAFILE_HASHCODE_MODE: Is the datafile containing only a hash (not the actual file)? Allowed values: true, false.
  Default value: "false"
• DIGIDOC_DF_CACHE_DIR: Temporary directory to use. Default: uses system's default temporary directory
• DIGIDOC_MAX_DATAFILE_CACHED: Maximum datafile size that will be cached in MB. Must be numeric. Set to -1 to cache all files. Set to 0 to prevent caching for all files
  Default value: "-1"
• DIGIDOC_NOTARY_IMPL: Notary implementation.
  Default value: "ee.sk.digidoc.factory.BouncyCastleNotaryFactory"
• DIGIDOC_OCSP_SIGN_CERT_SERIAL: OCSP Signing certificate serial number
• DIGIDOC_SECURITY_PROVIDER: Security provider.
  Default value: "org.bouncycastle.jce.provider.BouncyCastleProvider"
• DIGIDOC_SECURITY_PROVIDER_NAME: Name of the security provider.
  Default value: "BC"
• DIGIDOC_TSLFAC_IMPL: TSL Factory implementation.
  Default value: "ee.sk.digidoc.tsl.DigiDocTrustServiceFactory"
• DIGIDOC_USE_LOCAL_TSL: Use local TSL? Allowed values: true, false
  Default value: "true"
• KEY_USAGE_CHECK: Should key usage be checked? Allowed values: true, false.
  Default value: "false"
• DIGIDOC_PKCS12_CONTAINER: OCSP access certificate file
• DIGIDOC_PKCS12_PASSWD: OCSP access certificate password
• OCSP_SOURCE: Online Certificate Service Protocol source
• SIGN_OCSP_REQUESTS: Should OCSP requests be signed? Allowed values: true, false
• TSL_LOCATION: TSL Location
• TSP_SOURCE: Time Stamp Protocol source address
• VALIDATION_POLICY: Validation policy source file
• TSL_KEYSTORE_LOCATION: keystore location for tsl signing certificates
• TSL_KEYSTORE_PASSWORD: keystore password for the keystore in TSL_KEYSTORE_LOCATION
• TSL_CACHE_EXPIRATION_TIME: TSL cache expiration time in milliseconds
• HTTP_PROXY_HOST: network proxy host name
• HTTP_PROXY_PORT: network proxy port
• HTTP_PROXY_USER: network proxy user (for basic auth proxy)
• HTTP_PROXY_PASSWORD: network proxy password (for basic auth proxy)

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	Configuration.Mode Application mode

Field Summary

Fields

Modifier and Type	Field and Description
static long	CACHE_ALL_DATA_FILES
static long	CACHE_NO_DATA_FILES
static java.lang.String	DEFAULT_CANONICALIZATION_FACTORY_IMPLEMENTATION
static java.lang.String	DEFAULT_DATAFILE_HASHCODE_MODE
static java.lang.String	DEFAULT_FACTORY_IMPLEMENTATION
static java.lang.String	DEFAULT_KEY_USAGE_CHECK
static java.lang.String	DEFAULT_MAX_DATAFILE_CACHED
static java.lang.String	DEFAULT_NOTARY_IMPLEMENTATION
static java.lang.String	DEFAULT_SECURITY_PROVIDER
static java.lang.String	DEFAULT_SECURITY_PROVIDER_NAME
static java.util.List<java.lang.String>	DEFAULT_TRUESTED_TERRITORIES
static java.lang.String	DEFAULT_TSL_FACTORY_IMPLEMENTATION
static java.lang.String	DEFAULT_TSL_KEYSTORE_LOCATION
static java.lang.String	DEFAULT_USE_LOCAL_TSL
static long	ONE_MB_IN_BYTES
static java.lang.String	PROD_OCSP_URL
static java.lang.String	TEST_OCSP_URL

Constructor Summary

Constructors

Constructor and Description
Configuration() Create new configuration
Configuration(Configuration.Mode mode) Create new configuration for application mode specified

Method Summary

Modifier and Type	Method and Description
Configuration	copy() Clones configuration
void	enableBigFilesSupport(long maxFileSizeCachedInMB) Deprecated. obnoxious naming. Use setMaxFileSizeCachedInMemoryInMB(long) instead.
int	getConnectionTimeout() Get HTTP connection timeout
java.lang.String	getHttpProxyHost()
java.lang.String	getHttpProxyPassword()
java.lang.Integer	getHttpProxyPort()
java.lang.String	getHttpProxyUser()
static Configuration	getInstance() Getting the default Configuration object.
java.util.Hashtable<java.lang.String,java.lang.String>	getJDigiDocConfiguration() Returns configuration needed for JDigiDoc library
long	getMaxDataFileCachedInBytes() Get the maximum size of data files to be cached.
long	getMaxDataFileCachedInMB() Get the maximum size of data files to be cached.
java.lang.String	getOCSPAccessCertificateFileName() Get OCSP access certificate filename
char[]	getOCSPAccessCertificatePassword() Get OSCP access certificate password
java.lang.String	getOcspSource() Get the OCSP Source
int	getRevocationAndTimestampDeltaInMinutes()
int	getSocketTimeout() Get HTTP socket timeout
java.lang.String	getSslKeystorePassword()
java.lang.String	getSslKeystorePath()
java.lang.String	getSslKeystoreType()
java.lang.String	getSslTruststorePassword()
java.lang.String	getSslTruststorePath()
java.lang.String	getSslTruststoreType()
java.util.List<java.lang.String>	getTrustedTerritories()
TSLCertificateSource	getTSL() Loads TSL certificates If configuration mode is TEST then TSL signature is not checked.
long	getTslCacheExpirationTime() Returns TSL cache expiration time in milliseconds.
java.lang.String	getTslKeyStoreLocation() Get the Location to Keystore that holds potential TSL Signing certificates
java.lang.String	getTslKeyStorePassword() Get the password for Keystore that holds potential TSL Signing certificates
java.lang.String	getTslLocation()
java.lang.String	getTspSource() Get the TSP Source
java.lang.String	getValidationPolicy() Get the validation policy
boolean	hasToBeOCSPRequestSigned() Returns configuration item must be OCSP request signed.
boolean	isBigFilesSupportEnabled() Deprecated. obnoxious naming. Use storeDataFilesOnlyInMemory() instead.
boolean	isNetworkProxyEnabled()
boolean	isOCSPSigningConfigurationAvailable() Are requirements met for signing OCSP certificate?
boolean	isSslConfigurationEnabled()
boolean	isTest()
java.util.Hashtable<java.lang.String,java.lang.String>	loadConfiguration(java.io.InputStream stream) Add configuration settings from a stream.
java.util.Hashtable<java.lang.String,java.lang.String>	loadConfiguration(java.lang.String file) Add configuration settings from a file
void	setConnectionTimeout(int connectionTimeout) Set HTTP connection timeout
void	setHttpProxyHost(java.lang.String httpProxyHost)
void	setHttpProxyPassword(java.lang.String httpProxyPassword)
void	setHttpProxyPort(int httpProxyPort)
void	setHttpProxyUser(java.lang.String httpProxyUser)
void	setMaxFileSizeCachedInMemoryInMB(long maxFileSizeCachedInMB) Sets limit in MB when handling files are creating temporary file for streaming in container creation and adding data files.
void	setOCSPAccessCertificateFileName(java.lang.String fileName) Set OCSP access certificate filename
void	setOCSPAccessCertificatePassword(char[] password) Set OCSP access certificate password
void	setOcspSource(java.lang.String ocspSource) Set the OCSP source
void	setRevocationAndTimestampDeltaInMinutes(int timeInMinutes)
void	setSignOCSPRequests(boolean shouldSignOcspRequests)
void	setSocketTimeout(int socketTimeoutMilliseconds) Set HTTP socket timeout
void	setSslKeystorePassword(java.lang.String sslKeystorePassword)
void	setSslKeystorePath(java.lang.String sslKeystorePath)
void	setSslKeystoreType(java.lang.String sslKeystoreType)
void	setSslTruststorePassword(java.lang.String sslTruststorePassword)
void	setSslTruststorePath(java.lang.String sslTruststorePath)
void	setSslTruststoreType(java.lang.String sslTruststoreType)
void	setTrustedTerritories(java.lang.String... trustedTerritories)
void	setTSL(TSLCertificateSource certificateSource) Set the TSL certificate source.
void	setTslCacheExpirationTime(long cacheExpirationTimeInMilliseconds) Sets the expiration time for TSL cache in milliseconds.
void	setTslKeyStoreLocation(java.lang.String tslKeyStoreLocation) Set the KeyStore Location that holds potential TSL Signing certificates
void	setTslKeyStorePassword(java.lang.String tslKeyStorePassword) Set the password for Keystore that holds potential TSL Signing certificates
void	setTslLocation(java.lang.String tslLocation) Set the TSL location.
void	setTspSource(java.lang.String tspSource) Set the TSP Source
void	setValidationPolicy(java.lang.String validationPolicy) Set the validation policy
boolean	shouldValidateTslSignature()
boolean	storeDataFilesOnlyInMemory() If all the data files should be stored in memory.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ONE_MB_IN_BYTES

public static final long ONE_MB_IN_BYTES

See Also:

Constant Field Values

DEFAULT_CANONICALIZATION_FACTORY_IMPLEMENTATION

public static final java.lang.String DEFAULT_CANONICALIZATION_FACTORY_IMPLEMENTATION

See Also:

Constant Field Values

DEFAULT_SECURITY_PROVIDER

public static final java.lang.String DEFAULT_SECURITY_PROVIDER

See Also:

Constant Field Values

DEFAULT_SECURITY_PROVIDER_NAME

public static final java.lang.String DEFAULT_SECURITY_PROVIDER_NAME

See Also:

Constant Field Values

DEFAULT_NOTARY_IMPLEMENTATION

public static final java.lang.String DEFAULT_NOTARY_IMPLEMENTATION

See Also:

Constant Field Values

DEFAULT_TSL_FACTORY_IMPLEMENTATION

public static final java.lang.String DEFAULT_TSL_FACTORY_IMPLEMENTATION

See Also:

Constant Field Values

DEFAULT_FACTORY_IMPLEMENTATION

public static final java.lang.String DEFAULT_FACTORY_IMPLEMENTATION

See Also:

Constant Field Values

DEFAULT_KEY_USAGE_CHECK

public static final java.lang.String DEFAULT_KEY_USAGE_CHECK

See Also:

Constant Field Values

DEFAULT_DATAFILE_HASHCODE_MODE

public static final java.lang.String DEFAULT_DATAFILE_HASHCODE_MODE

See Also:

Constant Field Values

DEFAULT_USE_LOCAL_TSL

public static final java.lang.String DEFAULT_USE_LOCAL_TSL

See Also:

Constant Field Values

DEFAULT_MAX_DATAFILE_CACHED

public static final java.lang.String DEFAULT_MAX_DATAFILE_CACHED

See Also:

Constant Field Values

DEFAULT_TSL_KEYSTORE_LOCATION

public static final java.lang.String DEFAULT_TSL_KEYSTORE_LOCATION

See Also:

Constant Field Values

DEFAULT_TRUESTED_TERRITORIES

public static final java.util.List<java.lang.String> DEFAULT_TRUESTED_TERRITORIES

CACHE_ALL_DATA_FILES

public static final long CACHE_ALL_DATA_FILES

See Also:

Constant Field Values

CACHE_NO_DATA_FILES

public static final long CACHE_NO_DATA_FILES

See Also:

Constant Field Values

TEST_OCSP_URL

public static final java.lang.String TEST_OCSP_URL

See Also:

Constant Field Values

PROD_OCSP_URL

public static final java.lang.String PROD_OCSP_URL

See Also:

Constant Field Values

Constructor Detail

Configuration

public Configuration()

Create new configuration

Configuration

public Configuration(Configuration.Mode mode)

Create new configuration for application mode specified

Parameters:

mode - Application mode

Method Detail

getInstance

public static Configuration getInstance()

Getting the default Configuration object.
The default configuration object is a singelton, meaning that all the containers will use the same configuration object. It is a good idea to use only a single configuration object for all the containers so the operation times would be faster.

Returns:

default configuration.

isOCSPSigningConfigurationAvailable

public boolean isOCSPSigningConfigurationAvailable()

Are requirements met for signing OCSP certificate?

Returns:

value indicating if requirements are met

getOCSPAccessCertificateFileName

public java.lang.String getOCSPAccessCertificateFileName()

Get OCSP access certificate filename

Returns:

filename for the OCSP access certificate

getOCSPAccessCertificatePassword

public char[] getOCSPAccessCertificatePassword()

Get OSCP access certificate password

Returns:

password

setOCSPAccessCertificateFileName

public void setOCSPAccessCertificateFileName(java.lang.String fileName)

Set OCSP access certificate filename

Parameters:

fileName - filename for the OCSP access certficate

setOCSPAccessCertificatePassword

public void setOCSPAccessCertificatePassword(char[] password)

Set OCSP access certificate password

Parameters:

password - password to set

setSignOCSPRequests

public void setSignOCSPRequests(boolean shouldSignOcspRequests)

loadConfiguration

public java.util.Hashtable<java.lang.String,java.lang.String> loadConfiguration(java.io.InputStream stream)

Add configuration settings from a stream. After loading closes stream.

Parameters:

stream - Input stream

Returns:

configuration hashtable

loadConfiguration

public java.util.Hashtable<java.lang.String,java.lang.String> loadConfiguration(java.lang.String file)

Add configuration settings from a file

Parameters:

file - File name

Returns:

configuration hashtable

getJDigiDocConfiguration

public java.util.Hashtable<java.lang.String,java.lang.String> getJDigiDocConfiguration()

Returns configuration needed for JDigiDoc library

Returns:

configuration values

enableBigFilesSupport

@Deprecated
public void enableBigFilesSupport(long maxFileSizeCachedInMB)

Deprecated. obnoxious naming. Use setMaxFileSizeCachedInMemoryInMB(long) instead.

Enables big files support. Sets limit in MB when handling files are creating temporary file for streaming in container creation and adding data files.

Used by DigiDoc4J and by JDigiDoc.

Parameters:

maxFileSizeCachedInMB - Maximum size in MB.

setMaxFileSizeCachedInMemoryInMB

public void setMaxFileSizeCachedInMemoryInMB(long maxFileSizeCachedInMB)

Sets limit in MB when handling files are creating temporary file for streaming in container creation and adding data files.

Used by DigiDoc4J and by JDigiDoc.

Parameters:

maxFileSizeCachedInMB - maximum data file size in MB stored in memory.

isBigFilesSupportEnabled

@Deprecated
public boolean isBigFilesSupportEnabled()

Deprecated. obnoxious naming. Use storeDataFilesOnlyInMemory() instead.

Returns:

is big file support enabled

storeDataFilesOnlyInMemory

public boolean storeDataFilesOnlyInMemory()

If all the data files should be stored in memory. Default is true (data files are temporarily stored only in memory).

Returns:

true if everything is stored in memory, and false if data is temporarily stored on disk.

hasToBeOCSPRequestSigned

public boolean hasToBeOCSPRequestSigned()

Returns configuration item must be OCSP request signed. Reads it from configuration parameter SIGN_OCSP_REQUESTS. Default value is false for Configuration.Mode.PROD and false for Configuration.Mode.TEST

Returns:

must be OCSP request signed

getMaxDataFileCachedInMB

public long getMaxDataFileCachedInMB()

Get the maximum size of data files to be cached. Used by DigiDoc4J and by JDigiDoc.

Returns:

Size in MB. if size < 0 no caching is used

getMaxDataFileCachedInBytes

public long getMaxDataFileCachedInBytes()

Get the maximum size of data files to be cached. Used by DigiDoc4J and by JDigiDoc.

Returns:

Size in MB. if size < 0 no caching is used

getTslLocation

public java.lang.String getTslLocation()

setTSL

public void setTSL(TSLCertificateSource certificateSource)

Set the TSL certificate source.

Parameters:

certificateSource - TSL certificate source When certificateSource equals null then getTSL() will load the TSL according to the TSL location specified .

getTSL

public TSLCertificateSource getTSL()

Loads TSL certificates If configuration mode is TEST then TSL signature is not checked.

Returns:

TSL source

shouldValidateTslSignature

public boolean shouldValidateTslSignature()

setTslLocation

public void setTslLocation(java.lang.String tslLocation)

Set the TSL location. TSL can be loaded from file (file://) or from web (http://). If file protocol is used then first try is to locate file from this location if file does not exist then it tries to load relatively from classpath.

Setting new location clears old values

Windows wants it in file:DRIVE:/directories/tsl-file.xml format

Parameters:

tslLocation - TSL Location to be used

getTspSource

public java.lang.String getTspSource()

Get the TSP Source

Returns:

TSP Source

setConnectionTimeout

public void setConnectionTimeout(int connectionTimeout)

Set HTTP connection timeout

Parameters:

connectionTimeout - connection timeout in milliseconds

setSocketTimeout

public void setSocketTimeout(int socketTimeoutMilliseconds)

Set HTTP socket timeout

Parameters:

socketTimeoutMilliseconds - socket timeout in milliseconds

getConnectionTimeout

public int getConnectionTimeout()

Get HTTP connection timeout

Returns:

connection timeout in milliseconds

getSocketTimeout

public int getSocketTimeout()

Get HTTP socket timeout

Returns:

socket timeout in milliseconds

setTspSource

public void setTspSource(java.lang.String tspSource)

Set the TSP Source

Parameters:

tspSource - TSPSource to be used

getOcspSource

public java.lang.String getOcspSource()

Get the OCSP Source

Returns:

OCSP Source

setTslKeyStoreLocation

public void setTslKeyStoreLocation(java.lang.String tslKeyStoreLocation)

Set the KeyStore Location that holds potential TSL Signing certificates

Parameters:

tslKeyStoreLocation - KeyStore location to use

getTslKeyStoreLocation

public java.lang.String getTslKeyStoreLocation()

Get the Location to Keystore that holds potential TSL Signing certificates

Returns:

KeyStore Location

setTslKeyStorePassword

public void setTslKeyStorePassword(java.lang.String tslKeyStorePassword)

Set the password for Keystore that holds potential TSL Signing certificates

Parameters:

tslKeyStorePassword - Keystore password

getTslKeyStorePassword

public java.lang.String getTslKeyStorePassword()

Get the password for Keystore that holds potential TSL Signing certificates

Returns:

Tsl Keystore password

setTslCacheExpirationTime

public void setTslCacheExpirationTime(long cacheExpirationTimeInMilliseconds)

Sets the expiration time for TSL cache in milliseconds. If more time has passed from the cache's creation time time, then a fresh TSL is downloaded and cached, otherwise a cached copy is used.

Parameters:

cacheExpirationTimeInMilliseconds - cache expiration time in milliseconds

getTslCacheExpirationTime

public long getTslCacheExpirationTime()

Returns TSL cache expiration time in milliseconds.

Returns:

TSL cache expiration time in milliseconds.

setOcspSource

public void setOcspSource(java.lang.String ocspSource)

Set the OCSP source

Parameters:

ocspSource - OCSP Source to be used

getValidationPolicy

public java.lang.String getValidationPolicy()

Get the validation policy

Returns:

Validation policy

setValidationPolicy

public void setValidationPolicy(java.lang.String validationPolicy)

Set the validation policy

Parameters:

validationPolicy - Policy to be used

getRevocationAndTimestampDeltaInMinutes

public int getRevocationAndTimestampDeltaInMinutes()

setRevocationAndTimestampDeltaInMinutes

public void setRevocationAndTimestampDeltaInMinutes(int timeInMinutes)

getHttpProxyHost

public java.lang.String getHttpProxyHost()

setHttpProxyHost

public void setHttpProxyHost(java.lang.String httpProxyHost)

getHttpProxyPort

public java.lang.Integer getHttpProxyPort()

setHttpProxyPort

public void setHttpProxyPort(int httpProxyPort)

setHttpProxyUser

public void setHttpProxyUser(java.lang.String httpProxyUser)

getHttpProxyUser

public java.lang.String getHttpProxyUser()

setHttpProxyPassword

public void setHttpProxyPassword(java.lang.String httpProxyPassword)

getHttpProxyPassword

public java.lang.String getHttpProxyPassword()

isNetworkProxyEnabled

public boolean isNetworkProxyEnabled()

isSslConfigurationEnabled

public boolean isSslConfigurationEnabled()

setSslKeystorePath

public void setSslKeystorePath(java.lang.String sslKeystorePath)

getSslKeystorePath

public java.lang.String getSslKeystorePath()

setSslKeystoreType

public void setSslKeystoreType(java.lang.String sslKeystoreType)

getSslKeystoreType

public java.lang.String getSslKeystoreType()

setSslKeystorePassword

public void setSslKeystorePassword(java.lang.String sslKeystorePassword)

getSslKeystorePassword

public java.lang.String getSslKeystorePassword()

setSslTruststorePath

public void setSslTruststorePath(java.lang.String sslTruststorePath)

getSslTruststorePath

public java.lang.String getSslTruststorePath()

setSslTruststoreType

public void setSslTruststoreType(java.lang.String sslTruststoreType)

getSslTruststoreType

public java.lang.String getSslTruststoreType()

setSslTruststorePassword

public void setSslTruststorePassword(java.lang.String sslTruststorePassword)

getSslTruststorePassword

public java.lang.String getSslTruststorePassword()

setTrustedTerritories

public void setTrustedTerritories(java.lang.String... trustedTerritories)

getTrustedTerritories

public java.util.List<java.lang.String> getTrustedTerritories()

isTest

public boolean isTest()

Returns:

true when configuration is Configuration.Mode.TEST

See Also:

Configuration.Mode.TEST

copy

public Configuration copy()

Clones configuration

Returns:

new configuration object