org.digidoc4j

Class Configuration

java.lang.Object

org.digidoc4j.Configuration

All Implemented Interfaces:

Serializable

public class Configuration
extends Object
implements Serializable

Possibility to create custom configurations for Container implementations.

It is possible to get the default Configuration object used in all containers by using getInstance(). This will return a singelton Configuration object used by default if no configuration is provided.

You can specify the configuration mode, either Configuration.Mode.TEST or Configuration.Mode.PROD configuration. Default is Configuration.Mode.PROD.

It is a good idea to use only a single configuration object for all the containers so the operation times would be faster.

It is also possible to set the mode using the System property. Setting the property "digidoc4j.mode" to "TEST" forces the default mode to Configuration.Mode.TEST mode

Configurations will be loaded from a file. The file must be in yaml format.

Required entries of the configuration file:

The configuration file must contain one or more Certificate Authorities under the heading DIGIDOC_CAS similar to following format (values are examples only):

 DIGIDOC_CAS:
 - DIGIDOC_CA:
     NAME: CA name
     TRADENAME: Tradename
     CERTS:
       - jar://certs/cert1.crt
       - jar://certs/cert2.crt
     OCSPS:
 

Each DIGIDOC_CA entry must contain one or more OCSP certificates under the heading "OCSPS" similar to following format (values are examples only):

       - OCSP:
         CA_CN: your certificate authority common name
         CA_CERT: jar://your ca_cn.crt
         CN: your common name
         CERTS:
         - jar://certs/Your first OCSP Certifications file.crt
         - jar://certs/Your second OCSP Certifications file.crt
         URL: http://ocsp.test.test
 

All entries must exist and be valid. Under CERTS must be at least one entry.

Optional entries of the configuration file:

• CANONICALIZATION_FACTORY_IMPL: Canonicalization factory implementation.
  Default value:
• CONNECTION_TIMEOUT: TSL HTTP Connection timeout (milliseconds).
  Default value: 60000
• SOCKET_TIMEOUT: TSL HTTP Socket timeout (milliseconds).
  Default value: 60000
• DIGIDOC_FACTORY_IMPL: Factory implementation.
  Default value:
• DIGIDOC_DF_CACHE_DIR: Temporary directory to use. Default: uses system's default temporary directory
• DIGIDOC_MAX_DATAFILE_CACHED: Maximum datafile size that will be cached in MB. Must be numeric. Set to -1 to cache all files. Set to 0 to prevent caching for all files
  Default value:
• DIGIDOC_NOTARY_IMPL: Notary implementation.
  Default value:
• DIGIDOC_OCSP_SIGN_CERT_SERIAL: OCSP Signing certificate serial number
• DIGIDOC_SECURITY_PROVIDER: Security provider.
  Default value:
• DIGIDOC_SECURITY_PROVIDER_NAME: Name of the security provider.
  Default value:
• DIGIDOC_TSLFAC_IMPL: TSL Factory implementation.
  Default value:
• DIGIDOC_USE_LOCAL_TSL: Use local TSL? Allowed values: true, false
  Default value:
• KEY_USAGE_CHECK: Should key usage be checked? Allowed values: true, false.
  Default value:
• DIGIDOC_PKCS12_CONTAINER: OCSP access certificate file
• DIGIDOC_PKCS12_PASSWD: OCSP access certificate password
• OCSP_SOURCE: Online Certificate Service Protocol source
• SIGN_OCSP_REQUESTS: Should OCSP requests be signed? Allowed values: true, false
• TSL_LOCATION: TSL Location - DEPRECATED: use LOTL_LOCATION instead
• TSP_SOURCE: Time Stamp Protocol source address
• VALIDATION_POLICY: Validation policy source file
• LOTL_LOCATION: LOTL (List of Trusted Lists) location
• LOTL_TRUSTSTORE_PATH: path to the trust-store for LOTL signing certificates
• LOTL_TRUSTSTORE_TYPE: type of trust-store for LOTL signing certificates (default is "PKCS12")
• LOTL_TRUSTSTORE_PASSWORD: password for the truststore in LOTL_TRUSTSTORE_PATH
• LOTL_PIVOT_SUPPORT_ENABLED: whether to enable LOTL pivot support (default is "true" for PROD mode and "false" for TEST mode)
• TSL_KEYSTORE_LOCATION: keystore location for tsl signing certificates - DEPRECATED: use LOTL_TRUSTSTORE_PATH instead
• TSL_KEYSTORE_PASSWORD: keystore password for the keystore in TSL_KEYSTORE_LOCATION - DEPRECATED: use LOTL_TRUSTSTORE_PASSWORD instead
• TSL_CACHE_EXPIRATION_TIME: TSL cache expiration time in milliseconds
• TRUSTED_TERRITORIES: list of countries and territories to trust and load TSL certificates (for example, EE, LV, FR)
• REQUIRED_TERRITORIES: list of countries and territories that must be successfully loaded into the TSL (for example, EE, LV, FR) - used by the default TSL refresh callback
• HTTP_PROXY_HOST: network proxy host name
• HTTP_PROXY_PORT: network proxy port
• HTTP_PROXY_USER: network proxy user (for basic auth proxy)
• HTTP_PROXY_PASSWORD: network proxy password (for basic auth proxy)
• HTTPS_PROXY_HOST: https network proxy host name
• HTTPS_PROXY_PORT: https network proxy port
• HTTPS_PROXY_USER: https network proxy user (for basic auth proxy)
• HTTPS_PROXY_PASSWORD: https network proxy password (for basic auth proxy)
• SSL_KEYSTORE_PATH: SSL KeyStore path
• SSL_KEYSTORE_TYPE: SSL KeyStore type (default is "jks")
• SSL_KEYSTORE_PASSWORD: SSL KeyStore password (default is an empty string)
• SSL_TRUSTSTORE_PATH: SSL TrustStore path
• SSL_TRUSTSTORE_TYPE: SSL TrustStore type (default is "jks")
• SSL_TRUSTSTORE_PASSWORD: SSL TrustStore password (default is an empty string)
• SSL_PROTOCOL: SSL protocol (default is "TLSv1.2")
• SUPPORTED_SSL_PROTOCOLS: list of supported SSL protocols (by default uses implementation defaults)
• SUPPORTED_SSL_CIPHER_SUITES: list of supported SSL cipher suites (by default uses implementation defaults)
• ALLOWED_TS_AND_OCSP_RESPONSE_DELTA_IN_MINUTES: Allowed delay between timestamp and OCSP response in minutes.
• TEMP_FILE_MAX_AGE: Maximum age in milliseconds till TEMP files are deleted (works only when saving container).
• ALLOW_UNSAFE_INTEGER: Allows to use unsafe Integer because of few applications still struggle with the ASN.1 BER encoding rules for an INTEGER as described in: https://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf. NB! Strict Validation applied by default.
• ALLOWED_OCSP_RESPONDERS_FOR_TM: whitelist of OCSP responders for timemark validation (for example: SK OCSP RESPONDER 2011, ESTEID-SK OCSP RESPONDER, KLASS3-SK OCSP RESPONDER)
• ZIP_COMPRESSION_RATIO_CHECK_THRESHOLD_IN_BYTES: the threshold of how much memory (in bytes) are the unpacked contents of a ZIP-based container allowed to consume before ZIP compression ratio check kicks in
• MAX_ALLOWED_ZIP_COMPRESSION_RATIO: the maximum ratio of how much are the contents of a ZIP-based container allowed to expand on unpacking before the container is considered harmful.

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	Configuration.Mode Application mode

Constructor Summary

Constructors

Constructor and Description
Configuration() Create new configuration
Configuration(Configuration.Mode mode) Create new configuration with application mode specified

Method Summary

Modifier and Type	Method and Description
Configuration	copy() Clones configuration
DataLoaderFactory	getAiaDataLoaderFactory() Deprecated. Prefer to use setAiaSourceFactory(AIASourceFactory) and getAiaSourceFactory() instead. If a custom AIA source factory is configured, then a custom AIA data loader factory has no effect.
String	getAiaOcspSourceByCN(String cn) Get the AIA OCSP source by issuer's CN
AIASourceFactory	getAiaSourceFactory() Returns the currently set AIA source factory or null if no custom AIA source factory is set.
List<String>	getAllowedOcspRespondersForTM() Get allowed OCSP responders for timemark validation.
Integer	getAllowedTimestampAndOCSPResponseDeltaInMinutes() Returns allowed delay between timestamp and OCSP response in minutes.
int	getConnectionTimeout() Get HTTP connection timeout
DigestAlgorithm	getDataFileDigestAlgorithm() Datafile digest algorithm.
Hashtable<String,String>	getDDoc4JConfiguration() Returns configuration needed for DDoc4J library.
String	getHttpProxyHost() Get http proxy host.
String	getHttpProxyHostFor(ExternalConnectionType connectionType) Get http proxy host for specific external connection type.
String	getHttpProxyPassword() Get http proxy password.
String	getHttpProxyPasswordFor(ExternalConnectionType connectionType) Get http proxy password for specific type of external connections.
Integer	getHttpProxyPort() Get http proxy port.
Integer	getHttpProxyPortFor(ExternalConnectionType connectionType) Get http proxy port for specific type of external connections.
String	getHttpProxyUser() Get http proxy user.
String	getHttpProxyUserFor(ExternalConnectionType connectionType) Get http proxy user for specific type of external connections.
String	getHttpsProxyHost()
String	getHttpsProxyHostFor(ExternalConnectionType connectionType)
String	getHttpsProxyPassword() Get HTTPS proxy password.
String	getHttpsProxyPasswordFor(ExternalConnectionType connectionType) Get HTTPS proxy password for specific type of external connections.
Integer	getHttpsProxyPort()
Integer	getHttpsProxyPortFor(ExternalConnectionType connectionType)
String	getHttpsProxyUser() Get HTTPS proxy user.
String	getHttpsProxyUserFor(ExternalConnectionType connectionType) Get HTTPS proxy user for specific type of external connections.
static Configuration	getInstance() Getting the default Configuration object.
String	getLotlLocation() Get LOTL (List of Trusted Lists) location.
String	getLotlTruststorePassword() Get the password for the trust-store that holds potential LOTL signing certificates.
String	getLotlTruststorePath() Get the path to the trust-store that holds potential LOTL signing certificates.
String	getLotlTruststoreType() Get the type of the trust-store that holds potential LOTL signing certificates.
int	getMaxAllowedZipCompressionRatio() Get the maximum ratio of how much are the contents of a ZIP-based container allowed to expand on unpacking before the container is considered harmful.
long	getMaxDataFileCachedInBytes() Get the maximum size of data files to be cached.
long	getMaxDataFileCachedInMB() Get the maximum size of data files to be cached.
String	getOCSPAccessCertificateFileName() Get OCSP access certificate filename
char[]	getOCSPAccessCertificatePassword() Get OSCP access certificate password
String	getOCSPAccessCertificatePasswordAsString() Get OSCP access certificate password As String
DataLoaderFactory	getOcspDataLoaderFactory() Returns the currently set OCSP data loader factory or null if no custom data loader factory is set.
String	getOcspSource() Get the OCSP Source
boolean	getPrintValidationReport()
List<String>	getRequiredTerritories() Get required territories.
int	getRevocationAndTimestampDeltaInMinutes() Revocation and timestamp delta in minutes.
DigestAlgorithm	getSignatureDigestAlgorithm() Signature digest algorithm.
SignatureProfile	getSignatureProfile() Signature profile.
int	getSocketTimeout() Get HTTP socket timeout
String	getSslKeystorePassword() Get Ssl keystore password.
String	getSslKeystorePasswordFor(ExternalConnectionType connectionType) Get Ssl keystore password for specific type of external connections.
String	getSslKeystorePath() Get SSL KeyStore path.
String	getSslKeystorePathFor(ExternalConnectionType connectionType) Get SSL KeyStore path for specific type of external connections.
String	getSslKeystoreType() Get SSL KeyStore type.
String	getSslKeystoreTypeFor(ExternalConnectionType connectionType) Get SSL KeyStore type for specific type of external connections.
String	getSslProtocol() Get SSL protocol.
String	getSslProtocolFor(ExternalConnectionType connectionType) Get SSL protocol for specific type of external connections.
String	getSslTruststorePassword() Get Ssl truststore password.
String	getSslTruststorePasswordFor(ExternalConnectionType connectionType) Get Ssl truststore password for specific type of external connections.
String	getSslTruststorePath() Get SSL TrustStore path
String	getSslTruststorePathFor(ExternalConnectionType connectionType) Get SSL TrustStore path for specific type of external connections.
String	getSslTruststoreType() Get SSL TrustStore type.
String	getSslTruststoreTypeFor(ExternalConnectionType connectionType) Get SSL TrustStore type for specific type of external connections.
List<String>	getSupportedSslCipherSuites() Get supported SSL cipher suites.
List<String>	getSupportedSslCipherSuitesFor(ExternalConnectionType connectionType) Get supported SSL cipher suites for specific type of external connections.
List<String>	getSupportedSslProtocols() Get supported SSL protocols.
List<String>	getSupportedSslProtocolsFor(ExternalConnectionType connectionType) Get supported SSL protocols for specific type of external connections.
long	getTempFileMaxAge() Get temp file max age
ExecutorService	getThreadExecutor() Get thread executor.
List<String>	getTrustedTerritories() Get trusted territories.
TSLCertificateSource	getTSL() Loads TSL certificates If configuration mode is TEST then TSL signature is not checked.
long	getTslCacheExpirationTime() Returns TSL cache expiration time in milliseconds.
DataLoaderFactory	getTslDataLoaderFactory() Deprecated. Prefer to use setTslFileLoaderFactory(DSSFileLoaderFactory) and getTslFileLoaderFactory() instead. If a custom TSL file loader factory is configured, then a custom TSL data loader factory has no effect. If a data loader created by a custom TSL data loader factory does not implement DSSFileLoader, then it is wrapped into a FileCacheDataLoader.
DSSFileLoaderFactory	getTslFileLoaderFactory() Returns the currently set TSL file loader factory or null if no custom file loader factory is set.
String	getTslKeyStoreLocation() Deprecated. Use getLotlTruststorePath() instead.
String	getTslKeyStorePassword() Deprecated. Use getLotlTruststorePassword() instead.
String	getTslLocation() Deprecated. Use getLotlLocation() instead.
TSLRefreshCallback	getTslRefreshCallback() Returns the currently configured TSL refresh callback or null if no custom callback is configured.
DataLoaderFactory	getTspDataLoaderFactory() Returns the currently set TSP data loader factory or null if no custom data loader factory is set.
String	getTspSource() Get the TSP Source
String	getTspSourceByCountry(String country) Get the TSP source by country
boolean	getUseNonceForAiaOcspByCN(String cn) Get the AIA OCSP source by issuer's CN
String	getValidationPolicy() Get the validation policy
long	getZipCompressionRatioCheckThresholdInBytes() Get the threshold of how much memory (in bytes) are the unpacked contents of a ZIP-based container allowed to consume before ZIP compression ratio check kicks in.
boolean	hasToBeOCSPRequestSigned() Returns configuration item must be OCSP request signed.
boolean	isAiaOcspPreferred() Get flag if AIA OCSP is preferred.
boolean	isASN1UnsafeIntegerAllowed() Get flag if ASN1 Unsafe Integer is Allowed.
boolean	isFullReportNeeded() Deprecated. Deprecated for removal. Enabling this feature can, in some cases, produce false negative validation results.
boolean	isLotlPivotSupportEnabled() Get whether LOTL pivot support is enabled
boolean	isNetworkProxyEnabled() Is network proxy enabled?
boolean	isNetworkProxyEnabledFor(ExternalConnectionType connectionType) Is network proxy enabled for specific type of external connections?
boolean	isOcspNonceUsed() Get if OCSP nonce should be used
boolean	isOCSPSigningConfigurationAvailable() Are requirements met for signing OCSP certificate?
boolean	isProxyOfType(eu.europa.esig.dss.spi.client.http.Protocol protocol)
boolean	isProxyOfTypeFor(ExternalConnectionType connectionType, eu.europa.esig.dss.spi.client.http.Protocol protocol)
boolean	isSslConfigurationEnabled() Is ssl configuration enabled?
boolean	isSslConfigurationEnabledFor(ExternalConnectionType connectionType) Is ssl configuration enabled for specific type of external connections?
boolean	isTest()
Hashtable<String,String>	loadConfiguration(InputStream stream) Add configuration settings from a stream.
Hashtable<String,String>	loadConfiguration(String file) Add configuration settings from a file
Hashtable<String,String>	loadConfiguration(String file, boolean isReloadFromYaml) Add configuration settings from a file
static Configuration	of(Configuration.Mode mode) Create new configuration in static context with application mode specified
void	setAiaDataLoaderFactory(DataLoaderFactory aiaDataLoaderFactory) Deprecated. Prefer to use setAiaSourceFactory(AIASourceFactory) and getAiaSourceFactory() instead. If a custom AIA source factory is configured, then a custom AIA data loader factory has no effect.
void	setAiaSourceFactory(AIASourceFactory aiaSourceFactory) Set an AIA source factory that manages the creation of custom AIA sources.
void	setAllowASN1UnsafeInteger(boolean isAllowed) Set flag if ASN1 Unsafe Integer is Allowed.
void	setAllowedOcspRespondersForTM(String... allowedOcspRespondersForTM) Set allowed OCSP responders common names for timemark validation.
void	setAllowedTimestampAndOCSPResponseDeltaInMinutes(int timeInMinutes) Set allowed delay between timestamp and OCSP response in minutes.
void	setConnectionTimeout(int connectionTimeout) Set HTTP connection timeout
void	setDataFileDigestAlgorithm(DigestAlgorithm digestAlgorithm) Set datafile digest algorithm.
void	setFullReportNeeded(boolean isFullReport) Deprecated. Deprecated for removal. Enabling this feature can, in some cases, produce false negative validation results.
void	setHttpProxyHost(String httpProxyHost) Set HTTP network proxy host.
void	setHttpProxyHostFor(ExternalConnectionType connectionType, String httpProxyHost) Set HTTP network proxy host for specific type of external connections.
void	setHttpProxyPassword(String httpProxyPassword) Set HTTP network proxy password.
void	setHttpProxyPasswordFor(ExternalConnectionType connectionType, String httpProxyPassword) Set HTTP network proxy password for specific type of external connections.
void	setHttpProxyPort(int httpProxyPort) Set HTTP network proxy port.
void	setHttpProxyPortFor(ExternalConnectionType connectionType, int httpProxyPort) Set HTTP network proxy port for specific type of external connections.
void	setHttpProxyUser(String httpProxyUser) Set HTTP network proxy user name.
void	setHttpProxyUserFor(ExternalConnectionType connectionType, String httpProxyUser) Set HTTP network proxy user name for specific type of external connections.
void	setHttpsProxyHost(String httpsProxyHost) Set HTTPS network proxy host.
void	setHttpsProxyHostFor(ExternalConnectionType connectionType, String httpsProxyHost) Set HTTPS network proxy host for specific type of external connections.
void	setHttpsProxyPassword(String httpsProxyPassword) Set HTTPS network proxy password.
void	setHttpsProxyPasswordFor(ExternalConnectionType connectionType, String httpsProxyPassword) Set HTTPS network proxy password for specific type of external connections.
void	setHttpsProxyPort(int httpsProxyPort) Set HTTPS network proxy port.
void	setHttpsProxyPortFor(ExternalConnectionType connectionType, int httpsProxyPort) Set HTTPS network proxy port for specific type of external connections.
void	setHttpsProxyUser(String httpsProxyUser) Set HTTPS network proxy user name.
void	setHttpsProxyUserFor(ExternalConnectionType connectionType, String httpsProxyUser) Set HTTPS network proxy user name for specific type of external connections.
void	setLotlLocation(String lotlLocation) Set LOTL (List of Trusted Lists) location.
void	setLotlPivotSupportEnabled(boolean lotlPivotSupport) Set whether LOTL pivot support should be enabled
void	setLotlTruststorePassword(String lotlTruststorePassword) Set the password for the trust-store that holds potential LOTL signing certificates.
void	setLotlTruststorePath(String lotlTruststorePath) Set the path to the trust-store that holds potential LOTL signing certificates.
void	setLotlTruststoreType(String lotlTruststoreType) Set the type of the trust-store that holds potential LOTL signing certificates.
void	setMaxAllowedZipCompressionRatio(int maxAllowedZipCompressionRatio) Set the maximum ratio of how much are the contents of a ZIP-based container allowed to expand on unpacking before the container is considered harmful.
void	setMaxFileSizeCachedInMemoryInMB(long maxFileSizeCachedInMB) Sets limit in MB when handling files are creating temporary file for streaming in container creation and adding data files.
void	setOCSPAccessCertificateFileName(String fileName) Set OCSP access certificate filename
void	setOCSPAccessCertificatePassword(char[] password) Set OCSP access certificate password
void	setOcspDataLoaderFactory(DataLoaderFactory ocspDataLoaderFactory) Set a data loader factory that manages the creation of custom data loaders for creating OCSP requests.
void	setOcspSource(String ocspSource) Set the OCSP source
void	setPreferAiaOcsp(boolean preferAiaOcsp) Set flag if AIA OCSP is preferred.
void	setPrintValidationReport(Boolean printValidationReport)
void	setRequiredTerritories(String... requiredTerritories) Set countries and territories (alpha-2 country codes) whose trusted lists must always be successfully loaded into the TSL.
void	setRevocationAndTimestampDeltaInMinutes(int timeInMinutes) Set Revocation and timestamp delta in minutes.
void	setSignatureDigestAlgorithm(DigestAlgorithm digestAlgorithm) Set signature digest algorithm.
void	setSignatureProfile(SignatureProfile signatureProfile) Set signature profile.
void	setSignOCSPRequests(boolean shouldSignOcspRequests) Set flag if OCSP requests should be signed
void	setSocketTimeout(int socketTimeoutMilliseconds) Set HTTP socket timeout
void	setSslKeystorePassword(String sslKeystorePassword) Set SSL KeyStore password.
void	setSslKeystorePasswordFor(ExternalConnectionType connectionType, String sslKeystorePassword) Set SSL KeyStore password for specific type of external connections.
void	setSslKeystorePath(String sslKeystorePath) Set SSL KeyStore path.
void	setSslKeystorePathFor(ExternalConnectionType connectionType, String sslKeystorePath) Set SSL KeyStore path for specific type of external connections.
void	setSslKeystoreType(String sslKeystoreType) Set SSL KeyStore type.
void	setSslKeystoreTypeFor(ExternalConnectionType connectionType, String sslKeystoreType) Set SSL KeyStore type for specific type of external connections.
void	setSslProtocol(String sslProtocol) Set SSL protocol.
void	setSslProtocolFor(ExternalConnectionType connectionType, String sslProtocol) Set SSL protocol for specific type of external connections.
void	setSslTruststorePassword(String sslTruststorePassword) Set SSL TrustStore password.
void	setSslTruststorePasswordFor(ExternalConnectionType connectionType, String sslTruststorePassword) Set SSL TrustStore password for specific type of external connections.
void	setSslTruststorePath(String sslTruststorePath) Set SSL TrustStore path.
void	setSslTruststorePathFor(ExternalConnectionType connectionType, String sslTruststorePath) Set SSL TrustStore path for specific type of external connections.
void	setSslTruststoreType(String sslTruststoreType) Set SSL TrustStore type.
void	setSslTruststoreTypeFor(ExternalConnectionType connectionType, String sslTruststoreType) Set SSL TrustStore type for specific type of external connections.
void	setSupportedSslCipherSuites(List<String> supportedSslCipherSuites) Set supported SSL cipher suites.
void	setSupportedSslCipherSuitesFor(ExternalConnectionType connectionType, List<String> supportedSslCipherSuites) Set supported SSL cipher suites for specific type of external connections.
void	setSupportedSslProtocols(List<String> supportedSslProtocols) Set supported SSL protocols.
void	setSupportedSslProtocolsFor(ExternalConnectionType connectionType, List<String> supportedSslProtocols) Set supported SSL protocols for specific type of external connections.
void	setTempFileMaxAge(long tempFileMaxAgeInMillis) Set temp file max age in millis
void	setThreadExecutor(ExecutorService threadExecutor) Set thread executor service.
void	setTrustedTerritories(String... trustedTerritories) Set countries and territories (alpha-2 country codes) whom to trust and accept certificates.
void	setTSL(TSLCertificateSource certificateSource) Set the TSL certificate source.
void	setTslCacheExpirationTime(long cacheExpirationTimeInMilliseconds) Sets the expiration time for TSL cache in milliseconds.
void	setTslDataLoaderFactory(DataLoaderFactory tslDataLoaderFactory) Deprecated. Prefer to use setTslFileLoaderFactory(DSSFileLoaderFactory) and getTslFileLoaderFactory() instead. If a custom TSL file loader factory is configured, then a custom TSL data loader factory has no effect. If a data loader created by a custom TSL data loader factory does not implement DSSFileLoader, then it is wrapped into a FileCacheDataLoader.
void	setTslFileLoaderFactory(DSSFileLoaderFactory tslFileLoaderFactory) Set a file loader factory that manages the creation of custom file loaders for downloading TSL.
void	setTslKeyStoreLocation(String tslKeyStoreLocation) Deprecated. Use setLotlTruststorePath(String) instead.
void	setTslKeyStorePassword(String tslKeyStorePassword) Deprecated. Use setLotlTruststorePassword(String) instead.
void	setTslLocation(String tslLocation) Deprecated. Use setLotlLocation(String) instead.
void	setTslRefreshCallback(TSLRefreshCallback tslRefreshCallback) Sets a callback that validates the state of the TSL after each TSL refresh.
void	setTspDataLoaderFactory(DataLoaderFactory tspDataLoaderFactory) Set a data loader factory that manages the creation of custom data loaders for creating TSP requests.
void	setTspSource(String tspSource) Set the TSP Source
void	setUseOcspNonce(Boolean useOcspNonce) Set if nonce should be used in case of OCSP request PS! Does not affect TM signature profiles in which occasion nonce is always used.
void	setValidationPolicy(String validationPolicy) Set the validation policy
void	setZipCompressionRatioCheckThresholdInBytes(long zipCompressionRatioCheckThresholdInBytes) Set the threshold of how much memory (in bytes) are the unpacked contents of a ZIP-based container allowed to consume before ZIP compression ratio check kicks in.
boolean	storeDataFilesOnlyInMemory() If all the data files should be stored in memory.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Configuration

public Configuration()

Create new configuration

Configuration

public Configuration(Configuration.Mode mode)

Create new configuration with application mode specified

Parameters:

mode - Application mode

Method Detail

getInstance

public static Configuration getInstance()

Getting the default Configuration object.

The default configuration object is a singelton, meaning that all the containers will use the same registry object. It is a good idea to use only a single configuration object for all the containers so the operation times would be faster.

Returns:

default configuration.

of

public static Configuration of(Configuration.Mode mode)

Create new configuration in static context with application mode specified

Parameters:

mode - Application mode

isOCSPSigningConfigurationAvailable

public boolean isOCSPSigningConfigurationAvailable()

Are requirements met for signing OCSP certificate?

Returns:

value indicating if requirements are met

getOCSPAccessCertificateFileName

public String getOCSPAccessCertificateFileName()

Get OCSP access certificate filename

Returns:

filename for the OCSP access certificate

getOCSPAccessCertificatePassword

public char[] getOCSPAccessCertificatePassword()

Get OSCP access certificate password

Returns:

password

getOCSPAccessCertificatePasswordAsString

public String getOCSPAccessCertificatePasswordAsString()

Get OSCP access certificate password As String

Returns:

password

setOCSPAccessCertificateFileName

public void setOCSPAccessCertificateFileName(String fileName)

Set OCSP access certificate filename

Parameters:

fileName - filename for the OCSP access certficate

setOCSPAccessCertificatePassword

public void setOCSPAccessCertificatePassword(char[] password)

Set OCSP access certificate password

Parameters:

password - password to set

setSignOCSPRequests

public void setSignOCSPRequests(boolean shouldSignOcspRequests)

Set flag if OCSP requests should be signed

Parameters:

shouldSignOcspRequests - True if should sign, False otherwise

setOcspDataLoaderFactory

public void setOcspDataLoaderFactory(DataLoaderFactory ocspDataLoaderFactory)

Set a data loader factory that manages the creation of custom data loaders for creating OCSP requests.

Parameters:

ocspDataLoaderFactory - OCSP data loader factory.

getOcspDataLoaderFactory

public DataLoaderFactory getOcspDataLoaderFactory()

Returns the currently set OCSP data loader factory or null if no custom data loader factory is set.

Returns:

OCSP data loader factory.

loadConfiguration

public Hashtable<String,String> loadConfiguration(InputStream stream)

Add configuration settings from a stream. After loading closes stream.

Parameters:

stream - Input stream

Returns:

configuration hashtable

loadConfiguration

public Hashtable<String,String> loadConfiguration(String file)

Add configuration settings from a file

Parameters:

file - File name

Returns:

configuration hashtable

loadConfiguration

public Hashtable<String,String> loadConfiguration(String file,
                                                  boolean isReloadFromYaml)

Add configuration settings from a file

Parameters:

file - File name

isReloadFromYaml - True if this is reloading call

Returns:

configuration hashtable

getDDoc4JConfiguration

public Hashtable<String,String> getDDoc4JConfiguration()

Returns configuration needed for DDoc4J library.

Returns:

configuration values.

setMaxFileSizeCachedInMemoryInMB

public void setMaxFileSizeCachedInMemoryInMB(long maxFileSizeCachedInMB)

Sets limit in MB when handling files are creating temporary file for streaming in container creation and adding data files.

Used by DigiDoc4J and by DDoc4J.

Parameters:

maxFileSizeCachedInMB - maximum data file size in MB stored in memory.

storeDataFilesOnlyInMemory

public boolean storeDataFilesOnlyInMemory()

If all the data files should be stored in memory. Default is true (data files are temporarily stored only in memory).

Returns:

true if everything is stored in memory, and false if data is temporarily stored on disk.

hasToBeOCSPRequestSigned

public boolean hasToBeOCSPRequestSigned()

Returns configuration item must be OCSP request signed. Reads it from registry parameter SIGN_OCSP_REQUESTS. Default value is false for Configuration.Mode.PROD and false for Configuration.Mode.TEST

Returns:

must be OCSP request signed

getMaxDataFileCachedInMB

public long getMaxDataFileCachedInMB()

Get the maximum size of data files to be cached. Used by DigiDoc4J and by DDoc4J.

Returns:

Size in MB. if size < 0 no caching is used

getMaxDataFileCachedInBytes

public long getMaxDataFileCachedInBytes()

Get the maximum size of data files to be cached. Used by DigiDoc4J and by DDoc4J.

Returns:

Size in MB. if size < 0 no caching is used

setLotlLocation

public void setLotlLocation(String lotlLocation)

Set LOTL (List of Trusted Lists) location. LOTL can be loaded from file (file://) or from web (http://). If file protocol is used then first try is to locate file from this location if file does not exist then it tries to load relatively from classpath.

Setting new location clears old values

Windows wants it in file:DRIVE:/directories/lotl-file.xml format

Parameters:

lotlLocation - LOTL location to be used

getLotlLocation

public String getLotlLocation()

Get LOTL (List of Trusted Lists) location.

Returns:

url

getTslLocation

@Deprecated
public String getTslLocation()

Deprecated. Use getLotlLocation() instead.

Get TSL location.

Returns:

url

setTSL

public void setTSL(TSLCertificateSource certificateSource)

Set the TSL certificate source.

Parameters:

certificateSource - TSL certificate source When certificateSource equals null then getTSL() will load the TSL according to the TSL location specified .

getTSL

public TSLCertificateSource getTSL()

Loads TSL certificates If configuration mode is TEST then TSL signature is not checked.

Returns:

TSL source

setTslLocation

@Deprecated
public void setTslLocation(String tslLocation)

Deprecated. Use setLotlLocation(String) instead.

Set the TSL location. TSL can be loaded from file (file://) or from web (http://). If file protocol is used then first try is to locate file from this location if file does not exist then it tries to load relatively from classpath.

Setting new location clears old values

Windows wants it in file:DRIVE:/directories/tsl-file.xml format

Parameters:

tslLocation - TSL Location to be used

setTslFileLoaderFactory

public void setTslFileLoaderFactory(DSSFileLoaderFactory tslFileLoaderFactory)

Set a file loader factory that manages the creation of custom file loaders for downloading TSL.

Parameters:

tslFileLoaderFactory - TSL file loader factory.

getTslFileLoaderFactory

public DSSFileLoaderFactory getTslFileLoaderFactory()

Returns the currently set TSL file loader factory or null if no custom file loader factory is set.

Returns:

TSL file loader factory.

setTslRefreshCallback

public void setTslRefreshCallback(TSLRefreshCallback tslRefreshCallback)

Sets a callback that validates the state of the TSL after each TSL refresh. If no custom callback is configured, a default callback is used for TSL validation.

Parameters:

tslRefreshCallback - a callback to validate TSL after a refresh

getTslRefreshCallback

public TSLRefreshCallback getTslRefreshCallback()

Returns the currently configured TSL refresh callback or null if no custom callback is configured.

Returns:

configured TSL refresh callback or null

setTslDataLoaderFactory

@Deprecated
public void setTslDataLoaderFactory(DataLoaderFactory tslDataLoaderFactory)

Deprecated. Prefer to use setTslFileLoaderFactory(DSSFileLoaderFactory) and getTslFileLoaderFactory() instead. If a custom TSL file loader factory is configured, then a custom TSL data loader factory has no effect. If a data loader created by a custom TSL data loader factory does not implement DSSFileLoader, then it is wrapped into a FileCacheDataLoader.

Set a data loader factory that manages the creation of custom data loaders for downloading TSL.

Parameters:

tslDataLoaderFactory - TSL data loader factory.

getTslDataLoaderFactory

@Deprecated
public DataLoaderFactory getTslDataLoaderFactory()

Deprecated. Prefer to use setTslFileLoaderFactory(DSSFileLoaderFactory) and getTslFileLoaderFactory() instead. If a custom TSL file loader factory is configured, then a custom TSL data loader factory has no effect. If a data loader created by a custom TSL data loader factory does not implement DSSFileLoader, then it is wrapped into a FileCacheDataLoader.

Returns the currently set TSL data loader factory or null if no custom data loader factory is set.

Returns:

TSL data loader factory.

setAiaDataLoaderFactory

@Deprecated
public void setAiaDataLoaderFactory(DataLoaderFactory aiaDataLoaderFactory)

Deprecated. Prefer to use setAiaSourceFactory(AIASourceFactory) and getAiaSourceFactory() instead. If a custom AIA source factory is configured, then a custom AIA data loader factory has no effect.

Set a data loader factory that manages the creation of custom data loaders for accessing AIA certificate sources.

Parameters:

aiaDataLoaderFactory - AIA data loader factory.

getAiaDataLoaderFactory

@Deprecated
public DataLoaderFactory getAiaDataLoaderFactory()

Deprecated. Prefer to use setAiaSourceFactory(AIASourceFactory) and getAiaSourceFactory() instead. If a custom AIA source factory is configured, then a custom AIA data loader factory has no effect.

Returns the currently set AIA data loader factory or null if no custom data loader factory is set.

Returns:

AIA data loader factory.

setAiaSourceFactory

public void setAiaSourceFactory(AIASourceFactory aiaSourceFactory)

Set an AIA source factory that manages the creation of custom AIA sources.

Parameters:

aiaSourceFactory - AIA source factory

getAiaSourceFactory

public AIASourceFactory getAiaSourceFactory()

Returns the currently set AIA source factory or null if no custom AIA source factory is set.

Returns:

AIA source factory

getTspSource

public String getTspSource()

Get the TSP Source

Returns:

TSP Source

getTspSourceByCountry

public String getTspSourceByCountry(String country)

Get the TSP source by country

Parameters:

country - to use tsp source

Returns:

tspSource

setTspDataLoaderFactory

public void setTspDataLoaderFactory(DataLoaderFactory tspDataLoaderFactory)

Set a data loader factory that manages the creation of custom data loaders for creating TSP requests.

Parameters:

tspDataLoaderFactory - TSP data loader factory.

getTspDataLoaderFactory

public DataLoaderFactory getTspDataLoaderFactory()

Returns the currently set TSP data loader factory or null if no custom data loader factory is set.

Returns:

TSP data loader factory.

setPreferAiaOcsp

public void setPreferAiaOcsp(boolean preferAiaOcsp)

Set flag if AIA OCSP is preferred.

Parameters:

preferAiaOcsp - - True when AIA OCSP is preferred

isAiaOcspPreferred

public boolean isAiaOcspPreferred()

Get flag if AIA OCSP is preferred.

Returns:

isAiaOcspPreferred boolean value.

getAiaOcspSourceByCN

public String getAiaOcspSourceByCN(String cn)

Get the AIA OCSP source by issuer's CN

Parameters:

cn - to use AIA OCSP source

Returns:

ocspSource

getUseNonceForAiaOcspByCN

public boolean getUseNonceForAiaOcspByCN(String cn)

Get the AIA OCSP source by issuer's CN

Parameters:

cn - to use AIA OCSP source

Returns:

ocspSource

setTempFileMaxAge

public void setTempFileMaxAge(long tempFileMaxAgeInMillis)

Set temp file max age in millis

Parameters:

tempFileMaxAgeInMillis - max age in millis

getTempFileMaxAge

public long getTempFileMaxAge()

Get temp file max age

Returns:

temp file max age in millis

setConnectionTimeout

public void setConnectionTimeout(int connectionTimeout)

Set HTTP connection timeout

Parameters:

connectionTimeout - connection timeout in milliseconds

setSocketTimeout

public void setSocketTimeout(int socketTimeoutMilliseconds)

Set HTTP socket timeout

Parameters:

socketTimeoutMilliseconds - socket timeout in milliseconds

getConnectionTimeout

public int getConnectionTimeout()

Get HTTP connection timeout

Returns:

connection timeout in milliseconds

getSocketTimeout

public int getSocketTimeout()

Get HTTP socket timeout

Returns:

socket timeout in milliseconds

setTspSource

public void setTspSource(String tspSource)

Set the TSP Source

Parameters:

tspSource - TSPSource to be used

getOcspSource

public String getOcspSource()

Get the OCSP Source

Returns:

OCSP Source

setUseOcspNonce

public void setUseOcspNonce(Boolean useOcspNonce)

Set if nonce should be used in case of OCSP request

PS! Does not affect TM signature profiles in which occasion nonce is always used.

Parameters:

useOcspNonce -

isOcspNonceUsed

public boolean isOcspNonceUsed()

Get if OCSP nonce should be used

Returns:

use OCSP nonce

setTslKeyStoreLocation

@Deprecated
public void setTslKeyStoreLocation(String tslKeyStoreLocation)

Deprecated. Use setLotlTruststorePath(String) instead.

Set the KeyStore Location that holds potential TSL Signing certificates

Parameters:

tslKeyStoreLocation - KeyStore location to use

getTslKeyStoreLocation

@Deprecated
public String getTslKeyStoreLocation()

Deprecated. Use getLotlTruststorePath() instead.

Get the Location to Keystore that holds potential TSL Signing certificates

Returns:

KeyStore Location

setTslKeyStorePassword

@Deprecated
public void setTslKeyStorePassword(String tslKeyStorePassword)

Deprecated. Use setLotlTruststorePassword(String) instead.

Set the password for Keystore that holds potential TSL Signing certificates

Parameters:

tslKeyStorePassword - Keystore password

getTslKeyStorePassword

@Deprecated
public String getTslKeyStorePassword()

Deprecated. Use getLotlTruststorePassword() instead.

Get the password for Keystore that holds potential TSL Signing certificates

Returns:

Tsl Keystore password

setLotlTruststorePath

public void setLotlTruststorePath(String lotlTruststorePath)

Set the path to the trust-store that holds potential LOTL signing certificates.

Parameters:

lotlTruststorePath - LOTL trust-store path to use

getLotlTruststorePath

public String getLotlTruststorePath()

Get the path to the trust-store that holds potential LOTL signing certificates.

Returns:

LOTL trust-store path

setLotlTruststoreType

public void setLotlTruststoreType(String lotlTruststoreType)

Set the type of the trust-store that holds potential LOTL signing certificates. Default is PKCS12.

Parameters:

lotlTruststoreType - LOTL trust-store type to use

getLotlTruststoreType

public String getLotlTruststoreType()

Get the type of the trust-store that holds potential LOTL signing certificates.

Returns:

LOTL trust-store type

setLotlTruststorePassword

public void setLotlTruststorePassword(String lotlTruststorePassword)

Set the password for the trust-store that holds potential LOTL signing certificates.

Parameters:

lotlTruststorePassword - LOTL trust-store password

getLotlTruststorePassword

public String getLotlTruststorePassword()

Get the password for the trust-store that holds potential LOTL signing certificates.

Returns:

LOTL trust-store password

setLotlPivotSupportEnabled

public void setLotlPivotSupportEnabled(boolean lotlPivotSupport)

Set whether LOTL pivot support should be enabled

Parameters:

lotlPivotSupport - whether LOTL pivot support should be enabled

isLotlPivotSupportEnabled

public boolean isLotlPivotSupportEnabled()

Get whether LOTL pivot support is enabled

Returns:

whether LOTL pivot support is enabled

setTslCacheExpirationTime

public void setTslCacheExpirationTime(long cacheExpirationTimeInMilliseconds)

Sets the expiration time for TSL cache in milliseconds. If more time has passed from the cache's creation time time, then a fresh TSL is downloaded and cached, otherwise a cached copy is used.

Parameters:

cacheExpirationTimeInMilliseconds - cache expiration time in milliseconds

getTslCacheExpirationTime

public long getTslCacheExpirationTime()

Returns TSL cache expiration time in milliseconds.

Returns:

TSL cache expiration time in milliseconds.

getAllowedTimestampAndOCSPResponseDeltaInMinutes

public Integer getAllowedTimestampAndOCSPResponseDeltaInMinutes()

Returns allowed delay between timestamp and OCSP response in minutes.

Returns:

Allowed delay between timestamp and OCSP response in minutes.

setAllowedTimestampAndOCSPResponseDeltaInMinutes

public void setAllowedTimestampAndOCSPResponseDeltaInMinutes(int timeInMinutes)

Set allowed delay between timestamp and OCSP response in minutes.

Parameters:

timeInMinutes - Allowed delay between timestamp and OCSP response in minutes

setOcspSource

public void setOcspSource(String ocspSource)

Set the OCSP source

Parameters:

ocspSource - OCSP Source to be used

getValidationPolicy

public String getValidationPolicy()

Get the validation policy

Returns:

Validation policy

setValidationPolicy

public void setValidationPolicy(String validationPolicy)

Set the validation policy

Parameters:

validationPolicy - Policy to be used

getPrintValidationReport

public boolean getPrintValidationReport()

Returns:

whether to print validation report

setPrintValidationReport

public void setPrintValidationReport(Boolean printValidationReport)

Parameters:

printValidationReport - whether to print validation report

getRevocationAndTimestampDeltaInMinutes

public int getRevocationAndTimestampDeltaInMinutes()

Revocation and timestamp delta in minutes.

Returns:

timestamp delta in minutes.

setRevocationAndTimestampDeltaInMinutes

public void setRevocationAndTimestampDeltaInMinutes(int timeInMinutes)

Set Revocation and timestamp delta in minutes.

Parameters:

timeInMinutes - delta in minutes.

getSignatureProfile

public SignatureProfile getSignatureProfile()

Signature profile.

Returns:

SignatureProfile.

setSignatureProfile

public void setSignatureProfile(SignatureProfile signatureProfile)

Set signature profile.

Parameters:

signatureProfile - profile of the signature

getSignatureDigestAlgorithm

public DigestAlgorithm getSignatureDigestAlgorithm()

Signature digest algorithm.

Returns:

DigestAlgorithm.

setSignatureDigestAlgorithm

public void setSignatureDigestAlgorithm(DigestAlgorithm digestAlgorithm)

Set signature digest algorithm.

Parameters:

digestAlgorithm - digest algorithm of signature

getDataFileDigestAlgorithm

public DigestAlgorithm getDataFileDigestAlgorithm()

Datafile digest algorithm.

Returns:

DigestAlgorithm.

setDataFileDigestAlgorithm

public void setDataFileDigestAlgorithm(DigestAlgorithm digestAlgorithm)

Set datafile digest algorithm.

Parameters:

digestAlgorithm - digest algorithm of datafile

getHttpsProxyHost

public String getHttpsProxyHost()

Returns:

HTTPS proxy host

getHttpsProxyHostFor

public String getHttpsProxyHostFor(ExternalConnectionType connectionType)

Parameters:

connectionType - type of external connections.

Returns:

HTTPS proxy host.

setHttpsProxyHost

public void setHttpsProxyHost(String httpsProxyHost)

Set HTTPS network proxy host.

Parameters:

httpsProxyHost - https proxy host.

setHttpsProxyHostFor

public void setHttpsProxyHostFor(ExternalConnectionType connectionType,
                                 String httpsProxyHost)

Set HTTPS network proxy host for specific type of external connections. Overrides network proxy host set via setHttpsProxyHost(String)

Parameters:

connectionType - type of external connections.

httpsProxyHost - https proxy host.

getHttpsProxyPort

public Integer getHttpsProxyPort()

Returns:

HTTPS proxy port

getHttpsProxyPortFor

public Integer getHttpsProxyPortFor(ExternalConnectionType connectionType)

Parameters:

connectionType - type of external connection

Returns:

HTTPS proxy port

setHttpsProxyPort

public void setHttpsProxyPort(int httpsProxyPort)

Set HTTPS network proxy port.

Parameters:

httpsProxyPort - https proxy port.

setHttpsProxyPortFor

public void setHttpsProxyPortFor(ExternalConnectionType connectionType,
                                 int httpsProxyPort)

Set HTTPS network proxy port for specific type of external connections. Overrides network proxy port set via setHttpsProxyPort(int)

Parameters:

connectionType - type of external connections.

httpsProxyPort - https proxy port.

setHttpsProxyUser

public void setHttpsProxyUser(String httpsProxyUser)

Set HTTPS network proxy user name.

Parameters:

httpsProxyUser - username.

setHttpsProxyUserFor

public void setHttpsProxyUserFor(ExternalConnectionType connectionType,
                                 String httpsProxyUser)

Set HTTPS network proxy user name for specific type of external connections. Overrides network proxy user name set via setHttpsProxyUser(String)

Parameters:

connectionType - type of external connections.

httpsProxyUser - username.

getHttpsProxyUser

public String getHttpsProxyUser()

Get HTTPS proxy user.

Returns:

HTTPS proxy user.

getHttpsProxyUserFor

public String getHttpsProxyUserFor(ExternalConnectionType connectionType)

Get HTTPS proxy user for specific type of external connections.

Parameters:

connectionType - type of external connections.

Returns:

HTTPS proxy user.

setHttpsProxyPassword

public void setHttpsProxyPassword(String httpsProxyPassword)

Set HTTPS network proxy password.

Parameters:

httpsProxyPassword - password.

setHttpsProxyPasswordFor

public void setHttpsProxyPasswordFor(ExternalConnectionType connectionType,
                                     String httpsProxyPassword)

Set HTTPS network proxy password for specific type of external connections. Overrides network proxy password set via setHttpsProxyPassword(String)

Parameters:

connectionType - type of external connections.

httpsProxyPassword - password.

getHttpsProxyPassword

public String getHttpsProxyPassword()

Get HTTPS proxy password.

Returns:

HTTPS proxy password.

getHttpsProxyPasswordFor

public String getHttpsProxyPasswordFor(ExternalConnectionType connectionType)

Get HTTPS proxy password for specific type of external connections.

Parameters:

connectionType - type of external connections.

Returns:

HTTPS proxy password.

getHttpProxyHost

public String getHttpProxyHost()

Get http proxy host.

Returns:

http proxy host.

getHttpProxyHostFor

public String getHttpProxyHostFor(ExternalConnectionType connectionType)

Get http proxy host for specific external connection type.

Parameters:

connectionType - type of external connections.

Returns:

http proxy host.

setHttpProxyHost

public void setHttpProxyHost(String httpProxyHost)

Set HTTP network proxy host.

Parameters:

httpProxyHost - http proxy host.

setHttpProxyHostFor

public void setHttpProxyHostFor(ExternalConnectionType connectionType,
                                String httpProxyHost)

Set HTTP network proxy host for specific type of external connections. Overrides network proxy host set via setHttpProxyHost(String)

Parameters:

connectionType - type of external connections.

httpProxyHost - http proxy host.

getHttpProxyPort

public Integer getHttpProxyPort()

Get http proxy port.

Returns:

http proxy port.

getHttpProxyPortFor

public Integer getHttpProxyPortFor(ExternalConnectionType connectionType)

Get http proxy port for specific type of external connections.

Parameters:

connectionType - type of external connections.

Returns:

http proxy port.

setHttpProxyPort

public void setHttpProxyPort(int httpProxyPort)

Set HTTP network proxy port.

Parameters:

httpProxyPort - Port number.

setHttpProxyPortFor

public void setHttpProxyPortFor(ExternalConnectionType connectionType,
                                int httpProxyPort)

Set HTTP network proxy port for specific type of external connections. Overrides network proxy port set via setHttpProxyPort(int)

Parameters:

connectionType - type of external connections.

httpProxyPort - Port number.

setHttpProxyUser

public void setHttpProxyUser(String httpProxyUser)

Set HTTP network proxy user name.

Parameters:

httpProxyUser - username.

setHttpProxyUserFor

public void setHttpProxyUserFor(ExternalConnectionType connectionType,
                                String httpProxyUser)

Set HTTP network proxy user name for specific type of external connections. Overrides network proxy user name set via setHttpProxyUser(String)

Parameters:

connectionType - type of external connections.

httpProxyUser - username.

getHttpProxyUser

public String getHttpProxyUser()

Get http proxy user.

Returns:

http proxy user.

getHttpProxyUserFor

public String getHttpProxyUserFor(ExternalConnectionType connectionType)

Get http proxy user for specific type of external connections.

Parameters:

connectionType - type of external connections.

Returns:

http proxy user.

setHttpProxyPassword

public void setHttpProxyPassword(String httpProxyPassword)

Set HTTP network proxy password.

Parameters:

httpProxyPassword - password.

setHttpProxyPasswordFor

public void setHttpProxyPasswordFor(ExternalConnectionType connectionType,
                                    String httpProxyPassword)

Set HTTP network proxy password for specific type of external connections. Overrides network proxy password set via setHttpProxyPassword(String)

Parameters:

connectionType - type of external connections.

httpProxyPassword - password.

getHttpProxyPassword

public String getHttpProxyPassword()

Get http proxy password.

Returns:

http proxy password.

getHttpProxyPasswordFor

public String getHttpProxyPasswordFor(ExternalConnectionType connectionType)

Get http proxy password for specific type of external connections.

Parameters:

connectionType - type of external connections.

Returns:

http proxy password.

isNetworkProxyEnabled

public boolean isNetworkProxyEnabled()

Is network proxy enabled?

Returns:

True if network proxy is enabled, otherwise False.

isNetworkProxyEnabledFor

public boolean isNetworkProxyEnabledFor(ExternalConnectionType connectionType)

Is network proxy enabled for specific type of external connections?

Parameters:

connectionType - type of external connections.

Returns:

True if network proxy is enabled, otherwise False.

isProxyOfType

public boolean isProxyOfType(eu.europa.esig.dss.spi.client.http.Protocol protocol)

Parameters:

protocol - protocol

Returns:

boolean

isProxyOfTypeFor

public boolean isProxyOfTypeFor(ExternalConnectionType connectionType,
                                eu.europa.esig.dss.spi.client.http.Protocol protocol)

Parameters:

connectionType - type of external connections

protocol - protocol

Returns:

boolean

isSslConfigurationEnabled

public boolean isSslConfigurationEnabled()

Is ssl configuration enabled?

Returns:

True if SSL configuration is enabled, otherwise False.

isSslConfigurationEnabledFor

public boolean isSslConfigurationEnabledFor(ExternalConnectionType connectionType)

Is ssl configuration enabled for specific type of external connections?

Parameters:

connectionType - type of external connections.

Returns:

True if SSL configuration is enabled, otherwise False.

setSslKeystorePath

public void setSslKeystorePath(String sslKeystorePath)

Set SSL KeyStore path.

Parameters:

sslKeystorePath - path to SSL keystore.

setSslKeystorePathFor

public void setSslKeystorePathFor(ExternalConnectionType connectionType,
                                  String sslKeystorePath)

Set SSL KeyStore path for specific type of external connections. Overrides keystore path set via setSslKeystorePath(String)

Parameters:

connectionType - type of external connections.

sslKeystorePath - path to SSL keystore.

getSslKeystorePath

public String getSslKeystorePath()

Get SSL KeyStore path.

Returns:

path to SSL keystore.

getSslKeystorePathFor

public String getSslKeystorePathFor(ExternalConnectionType connectionType)

Get SSL KeyStore path for specific type of external connections.

Parameters:

connectionType - type of external connections.

Returns:

path to SSL keystore.

setSslKeystoreType

public void setSslKeystoreType(String sslKeystoreType)

Set SSL KeyStore type. Default is "jks".

Parameters:

sslKeystoreType - type of SSL keystore.

setSslKeystoreTypeFor

public void setSslKeystoreTypeFor(ExternalConnectionType connectionType,
                                  String sslKeystoreType)

Set SSL KeyStore type for specific type of external connections. Overrides keystore type set via setSslKeystoreType(String)

Parameters:

connectionType - type of external connections.

sslKeystoreType - type of SSL keystore.

getSslKeystoreType

public String getSslKeystoreType()

Get SSL KeyStore type.

Returns:

type of SSL keystore.

getSslKeystoreTypeFor

public String getSslKeystoreTypeFor(ExternalConnectionType connectionType)

Get SSL KeyStore type for specific type of external connections.

Parameters:

connectionType - type of external connections.

Returns:

type of SSL keystore.

setSslKeystorePassword

public void setSslKeystorePassword(String sslKeystorePassword)

Set SSL KeyStore password. Default is an empty string.

Parameters:

sslKeystorePassword - SSL keystore password.

setSslKeystorePasswordFor

public void setSslKeystorePasswordFor(ExternalConnectionType connectionType,
                                      String sslKeystorePassword)

Set SSL KeyStore password for specific type of external connections. Overrides keystore password set via setSslKeystorePassword(String)

Parameters:

connectionType - type of external connections.

sslKeystorePassword - SSL keystore password.

getSslKeystorePassword

public String getSslKeystorePassword()

Get Ssl keystore password.

Returns:

SSL keystore password.

getSslKeystorePasswordFor

public String getSslKeystorePasswordFor(ExternalConnectionType connectionType)

Get Ssl keystore password for specific type of external connections.

Parameters:

connectionType - type of external connections.

Returns:

SSL keystore password.

setSslTruststorePath

public void setSslTruststorePath(String sslTruststorePath)

Set SSL TrustStore path.

Parameters:

sslTruststorePath - path to SSL truststore.

setSslTruststorePathFor

public void setSslTruststorePathFor(ExternalConnectionType connectionType,
                                    String sslTruststorePath)

Set SSL TrustStore path for specific type of external connections. Overrides truststore path set via setSslTruststorePath(String)

Parameters:

connectionType - type of external connections.

sslTruststorePath - path to SSL truststore.

getSslTruststorePath

public String getSslTruststorePath()

Get SSL TrustStore path

Returns:

path to SSL truststore.

getSslTruststorePathFor

public String getSslTruststorePathFor(ExternalConnectionType connectionType)

Get SSL TrustStore path for specific type of external connections.

Parameters:

connectionType - type of external connections.

Returns:

path to SSL truststore.

setSslTruststoreType

public void setSslTruststoreType(String sslTruststoreType)

Set SSL TrustStore type. Default is "jks".

Parameters:

sslTruststoreType - type of SSL truststore.

setSslTruststoreTypeFor

public void setSslTruststoreTypeFor(ExternalConnectionType connectionType,
                                    String sslTruststoreType)

Set SSL TrustStore type for specific type of external connections. Overrides truststore type set via setSslTruststoreType(String)

Parameters:

connectionType - type of external connections.

sslTruststoreType - type of SSL truststore.

getSslTruststoreType

public String getSslTruststoreType()

Get SSL TrustStore type.

Returns:

type of SSL truststore.

getSslTruststoreTypeFor

public String getSslTruststoreTypeFor(ExternalConnectionType connectionType)

Get SSL TrustStore type for specific type of external connections.

Parameters:

connectionType - type of external connections.

Returns:

type of SSL truststore.

setSslTruststorePassword

public void setSslTruststorePassword(String sslTruststorePassword)

Set SSL TrustStore password. Default is an empty string.

Parameters:

sslTruststorePassword - SSL truststore password.

setSslTruststorePasswordFor

public void setSslTruststorePasswordFor(ExternalConnectionType connectionType,
                                        String sslTruststorePassword)

Set SSL TrustStore password for specific type of external connections. Overrides truststore password set via setSslTruststorePassword(String)

Parameters:

connectionType - type of external connections.

sslTruststorePassword - SSL truststore password.

getSslTruststorePassword

public String getSslTruststorePassword()

Get Ssl truststore password.

Returns:

SSL truststore password.

getSslTruststorePasswordFor

public String getSslTruststorePasswordFor(ExternalConnectionType connectionType)

Get Ssl truststore password for specific type of external connections.

Parameters:

connectionType - type of external connections.

Returns:

SSL truststore password.

setSslProtocol

public void setSslProtocol(String sslProtocol)

Set SSL protocol.

Parameters:

sslProtocol - SSL protocol.

setSslProtocolFor

public void setSslProtocolFor(ExternalConnectionType connectionType,
                              String sslProtocol)

Set SSL protocol for specific type of external connections. Overrides SSL protocol set via setSslProtocol(String)

Parameters:

connectionType - type of external connections.

sslProtocol - SSL protocol.

getSslProtocol

public String getSslProtocol()

Get SSL protocol.

Returns:

SSL protocol.

getSslProtocolFor

public String getSslProtocolFor(ExternalConnectionType connectionType)

Get SSL protocol for specific type of external connections.

Parameters:

connectionType - type of external connections.

Returns:

SSL protocol.

setSupportedSslProtocols

public void setSupportedSslProtocols(List<String> supportedSslProtocols)

Set supported SSL protocols.

Parameters:

supportedSslProtocols - list of supported SSL protocols.

setSupportedSslProtocolsFor

public void setSupportedSslProtocolsFor(ExternalConnectionType connectionType,
                                        List<String> supportedSslProtocols)

Set supported SSL protocols for specific type of external connections. Overrides SSL protocols set via setSupportedSslProtocols(List)

Parameters:

connectionType - type of external connections.

supportedSslProtocols - list of supported SSL protocols.

getSupportedSslProtocols

public List<String> getSupportedSslProtocols()

Get supported SSL protocols.

Returns:

list of supported SSL protocols.

getSupportedSslProtocolsFor

public List<String> getSupportedSslProtocolsFor(ExternalConnectionType connectionType)

Get supported SSL protocols for specific type of external connections.

Parameters:

connectionType - type of external connections.

Returns:

list of supported SSL protocols.

setSupportedSslCipherSuites

public void setSupportedSslCipherSuites(List<String> supportedSslCipherSuites)

Set supported SSL cipher suites.

Parameters:

supportedSslCipherSuites - list of supported SSL cipher suites.

setSupportedSslCipherSuitesFor

public void setSupportedSslCipherSuitesFor(ExternalConnectionType connectionType,
                                           List<String> supportedSslCipherSuites)

Set supported SSL cipher suites for specific type of external connections. Overrides SSL cipher suites set via setSupportedSslCipherSuites(List)

Parameters:

connectionType - type of external connections.

supportedSslCipherSuites - list of supported SSL cipher suites.

getSupportedSslCipherSuites

public List<String> getSupportedSslCipherSuites()

Get supported SSL cipher suites.

Returns:

list of supported SSL cipher suites.

getSupportedSslCipherSuitesFor

public List<String> getSupportedSslCipherSuitesFor(ExternalConnectionType connectionType)

Get supported SSL cipher suites for specific type of external connections.

Parameters:

connectionType - type of external connections.

Returns:

list of supported SSL cipher suites.

setFullReportNeeded

@Deprecated
public void setFullReportNeeded(boolean isFullReport)

Deprecated. Deprecated for removal. Enabling this feature can, in some cases, produce false negative validation results.

Set flag if full report needed.

Parameters:

isFullReport - needed value.

isFullReportNeeded

@Deprecated
public boolean isFullReportNeeded()

Deprecated. Deprecated for removal. Enabling this feature can, in some cases, produce false negative validation results.

Get flag if full report needed.

Returns:

isFullReport needed boolean value.

setAllowASN1UnsafeInteger

public void setAllowASN1UnsafeInteger(boolean isAllowed)

Set flag if ASN1 Unsafe Integer is Allowed.

Parameters:

isAllowed - - True when ASN1 Unsafe Integer is Allowed.

isASN1UnsafeIntegerAllowed

public boolean isASN1UnsafeIntegerAllowed()

Get flag if ASN1 Unsafe Integer is Allowed.

Returns:

isASN1UnsafeIntegerAllowed boolean value.

setThreadExecutor

public void setThreadExecutor(ExecutorService threadExecutor)

Set thread executor service.

Parameters:

threadExecutor - Thread executor service object.

getThreadExecutor

public ExecutorService getThreadExecutor()

Get thread executor. It can be mull.

Returns:

thread executor.

setTrustedTerritories

public void setTrustedTerritories(String... trustedTerritories)

Set countries and territories (alpha-2 country codes) whom to trust and accept certificates.

It is possible to accept signatures (and certificates) only from particular countries by filtering trusted territories. Only the TSL (and certificates) from those countries are then downloaded and others are skipped.

For example, it is possible to trust signatures only from these three countries: Estonia, Latvia and France, and skip all other countries: "EE", "LV", "FR".

Parameters:

trustedTerritories - list of alpha-2 country codes.

getTrustedTerritories

public List<String> getTrustedTerritories()

Get trusted territories.

Returns:

list of trusted territories

setRequiredTerritories

public void setRequiredTerritories(String... requiredTerritories)

Set countries and territories (alpha-2 country codes) whose trusted lists must always be successfully loaded into the TSL.

This list is used by the default TSL refresh callback. If the trusted list of any of these territories fails to load, then the TSL refresh is considered to have been failed.

Parameters:

requiredTerritories - list of alpha-2 country codes.

See Also:

setTslRefreshCallback(TSLRefreshCallback), getTslRefreshCallback()

getRequiredTerritories

public List<String> getRequiredTerritories()

Get required territories.

Returns:

list of required territories

See Also:

setRequiredTerritories(String...)

setAllowedOcspRespondersForTM

public void setAllowedOcspRespondersForTM(String... allowedOcspRespondersForTM)

Set allowed OCSP responders common names for timemark validation. For example: "SK OCSP RESPONDER 2011", "ESTEID-SK OCSP RESPONDER", "KLASS3-SK OCSP RESPONDER".

Parameters:

allowedOcspRespondersForTM - list of OCSP responders.

getAllowedOcspRespondersForTM

public List<String> getAllowedOcspRespondersForTM()

Get allowed OCSP responders for timemark validation.

Returns:

ocsp responders list.

setMaxAllowedZipCompressionRatio

public void setMaxAllowedZipCompressionRatio(int maxAllowedZipCompressionRatio)

Set the maximum ratio of how much are the contents of a ZIP-based container allowed to expand on unpacking before the container is considered harmful.

Parameters:

maxAllowedZipCompressionRatio - maximum ratio of how much are the contents of a ZIP-based container allowed to expand

See Also:

setZipCompressionRatioCheckThresholdInBytes(long), getZipCompressionRatioCheckThresholdInBytes()

getMaxAllowedZipCompressionRatio

public int getMaxAllowedZipCompressionRatio()

Get the maximum ratio of how much are the contents of a ZIP-based container allowed to expand on unpacking before the container is considered harmful.

Returns:

maximum ratio of how much are the contents of a ZIP-based container allowed to expand

See Also:

setZipCompressionRatioCheckThresholdInBytes(long), getZipCompressionRatioCheckThresholdInBytes()

setZipCompressionRatioCheckThresholdInBytes

public void setZipCompressionRatioCheckThresholdInBytes(long zipCompressionRatioCheckThresholdInBytes)

Set the threshold of how much memory (in bytes) are the unpacked contents of a ZIP-based container allowed to consume before ZIP compression ratio check kicks in.

Parameters:

zipCompressionRatioCheckThresholdInBytes - threshold of how much memory are the unpacked contents of a ZIP-based container allowed to consume

See Also:

setMaxAllowedZipCompressionRatio(int), getMaxAllowedZipCompressionRatio()

getZipCompressionRatioCheckThresholdInBytes

public long getZipCompressionRatioCheckThresholdInBytes()

Get the threshold of how much memory (in bytes) are the unpacked contents of a ZIP-based container allowed to consume before ZIP compression ratio check kicks in.

Returns:

threshold of how much memory are the unpacked contents of a ZIP-based container allowed to consume

See Also:

setMaxAllowedZipCompressionRatio(int), getMaxAllowedZipCompressionRatio()

isTest

public boolean isTest()

Returns:

true when configuration is Configuration.Mode.TEST

See Also:

Configuration.Mode.TEST

copy

public Configuration copy()

Clones configuration

Returns:

new configuration object