Package org.digidoc4j

Class Configuration

java.lang.Object
org.digidoc4j.Configuration
All Implemented Interfaces:
Serializable
public class Configuration extends Object implements Serializable
Possibility to create custom configurations for Container implementations.

It is possible to get the default Configuration object used in all containers by using getInstance(). This will return a singelton Configuration object used by default if no configuration is provided.

You can specify the configuration mode, either Configuration.Mode.TEST or Configuration.Mode.PROD configuration. Default is Configuration.Mode.PROD.

It is a good idea to use only a single configuration object for all the containers so the operation times would be faster.

It is also possible to set the mode using the System property. Setting the property "digidoc4j.mode" to "TEST" forces the default mode to Configuration.Mode.TEST mode

Configurations will be loaded from a file. The file must be in yaml format.

Required entries of the configuration file:

The configuration file must contain one or more Certificate Authorities under the heading DIGIDOC_CAS similar to following format (values are examples only):

 DIGIDOC_CAS:
 - DIGIDOC_CA:
     NAME: CA name
     TRADENAME: Tradename
     CERTS:
       - jar://certs/cert1.crt
       - jar://certs/cert2.crt
     OCSPS:

Each DIGIDOC_CA entry must contain one or more OCSP certificates under the heading "OCSPS" similar to following format (values are examples only):

       - OCSP:
         CA_CN: your certificate authority common name
         CA_CERT: jar://your ca_cn.crt
         CN: your common name
         CERTS:
         - jar://certs/Your first OCSP Certifications file.crt
         - jar://certs/Your second OCSP Certifications file.crt
         URL: http://ocsp.test.test

All entries must exist and be valid. Under CERTS must be at least one entry.

Optional entries of the configuration file:

  • CANONICALIZATION_FACTORY_IMPL: Canonicalization factory implementation.
    Default value: "org.digidoc4j.ddoc.c14n.TinyXMLCanonicalizer"
  • CONNECTION_TIMEOUT: TSL HTTP Connection timeout (milliseconds).
    Default value: 60000
  • SOCKET_TIMEOUT: TSL HTTP Socket timeout (milliseconds).
    Default value: 60000
  • DIGIDOC_FACTORY_IMPL: Factory implementation.
    Default value: "org.digidoc4j.ddoc.factory.SAXDigiDocFactory"
  • DIGIDOC_DF_CACHE_DIR: Temporary directory to use. Default: uses system's default temporary directory
  • DIGIDOC_MAX_DATAFILE_CACHED: Maximum datafile size that will be cached in MB. Must be numeric. Set to -1 to cache all files. Set to 0 to prevent caching for all files
    Default value: "-1"
  • DIGIDOC_NOTARY_IMPL: Notary implementation.
    Default value: "org.digidoc4j.ddoc.factory.BouncyCastleNotaryFactory"
  • DIGIDOC_OCSP_SIGN_CERT_SERIAL: OCSP Signing certificate serial number
  • DIGIDOC_SECURITY_PROVIDER: Security provider.
    Default value: "org.bouncycastle.jce.provider.BouncyCastleProvider"
  • DIGIDOC_SECURITY_PROVIDER_NAME: Name of the security provider.
    Default value: "BC"
  • DIGIDOC_TSLFAC_IMPL: TSL Factory implementation.
    Default value: "org.digidoc4j.ddoc.tsl.DigiDocTrustServiceFactory"
  • DIGIDOC_USE_LOCAL_TSL: Use local TSL? Allowed values: true, false
    Default value: "true"
  • KEY_USAGE_CHECK: Should key usage be checked? Allowed values: true, false.
    Default value: "false"
  • DIGIDOC_PKCS12_CONTAINER: OCSP access certificate file
  • DIGIDOC_PKCS12_PASSWD: OCSP access certificate password
  • OCSP_SOURCE: Online Certificate Service Protocol source
  • SIGN_OCSP_REQUESTS: Should OCSP requests be signed? Allowed values: true, false
  • TSL_LOCATION: TSL Location - DEPRECATED: use LOTL_LOCATION instead
  • TSP_SOURCE: Time Stamp Protocol source address
    Default value for PROD mode: "http://tsa.sk.ee"
    Default value for TEST mode: "http://tsa.demo.sk.ee/tsa"
  • TSP_SOURCE_FOR_ARCHIVE_TIMESTAMPS: Time Stamp Protocol source address for archive timestamps; falls back to TSP_SOURCE if not specified
  • VALIDATION_POLICY: Validation policy source file
  • LOTL_LOCATION: LOTL (List of Trusted Lists) location
  • LOTL_TRUSTSTORE_PATH: path to the trust-store for LOTL signing certificates
  • LOTL_TRUSTSTORE_TYPE: type of trust-store for LOTL signing certificates (default is "PKCS12")
  • LOTL_TRUSTSTORE_PASSWORD: password for the truststore in LOTL_TRUSTSTORE_PATH
  • LOTL_PIVOT_SUPPORT_ENABLED: whether to enable LOTL pivot support (default is "true" for PROD mode and "false" for TEST mode)
  • TSL_KEYSTORE_LOCATION: keystore location for tsl signing certificates - DEPRECATED: use LOTL_TRUSTSTORE_PATH instead
  • TSL_KEYSTORE_PASSWORD: keystore password for the keystore in TSL_KEYSTORE_LOCATION - DEPRECATED: use LOTL_TRUSTSTORE_PASSWORD instead
  • TSL_CACHE_EXPIRATION_TIME: TSL cache expiration time in milliseconds
  • TRUSTED_TERRITORIES: list of countries and territories to trust and load TSL certificates (for example, EE, LV, FR)
  • REQUIRED_TERRITORIES: list of countries and territories that must be successfully loaded into the TSL (for example, EE, LV, FR) - used by the default TSL refresh callback
  • HTTP_PROXY_HOST: network proxy host name
  • HTTP_PROXY_PORT: network proxy port
  • HTTP_PROXY_USER: network proxy user (for basic auth proxy)
  • HTTP_PROXY_PASSWORD: network proxy password (for basic auth proxy)
  • HTTPS_PROXY_HOST: https network proxy host name
  • HTTPS_PROXY_PORT: https network proxy port
  • HTTPS_PROXY_USER: https network proxy user (for basic auth proxy)
  • HTTPS_PROXY_PASSWORD: https network proxy password (for basic auth proxy)
  • SSL_KEYSTORE_PATH: SSL KeyStore path
  • SSL_KEYSTORE_TYPE: SSL KeyStore type (default is "jks")
  • SSL_KEYSTORE_PASSWORD: SSL KeyStore password (default is an empty string)
  • SSL_TRUSTSTORE_PATH: SSL TrustStore path
  • SSL_TRUSTSTORE_TYPE: SSL TrustStore type (default is "jks")
  • SSL_TRUSTSTORE_PASSWORD: SSL TrustStore password (default is an empty string)
  • SSL_PROTOCOL: SSL protocol (default is "TLSv1.2")
  • SUPPORTED_SSL_PROTOCOLS: list of supported SSL protocols (by default uses implementation defaults)
  • SUPPORTED_SSL_CIPHER_SUITES: list of supported SSL cipher suites (by default uses implementation defaults)
  • ALLOWED_TS_AND_OCSP_RESPONSE_DELTA_IN_MINUTES: Allowed delay between timestamp and OCSP response in minutes.
  • TEMP_FILE_MAX_AGE: Maximum age in milliseconds till TEMP files are deleted (works only when saving container).
  • ALLOW_UNSAFE_INTEGER: Allows to use unsafe Integer because of few applications still struggle with the ASN.1 BER encoding rules for an INTEGER as described in: https://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf . NB! Strict Validation applied by default.
  • ALLOWED_OCSP_RESPONDERS_FOR_TM: whitelist of OCSP responders for timemark validation (for example: SK OCSP RESPONDER 2011, ESTEID-SK OCSP RESPONDER, KLASS3-SK OCSP RESPONDER)
  • ZIP_COMPRESSION_RATIO_CHECK_THRESHOLD_IN_BYTES: the threshold of how much memory (in bytes) are the unpacked contents of a ZIP-based container allowed to consume before ZIP compression ratio check kicks in
  • MAX_ALLOWED_ZIP_COMPRESSION_RATIO: the maximum ratio of how much are the contents of a ZIP-based container allowed to expand on unpacking before the container is considered harmful.
  • ARCHIVE_TIMESTAMP_DIGEST_ALGORITHM: default digest algorithm for archive timestamps
    Possible values are the names of DigestAlgorithm enum values
  • ARCHIVE_TIMESTAMP_REFERENCE_DIGEST_ALGORITHM: default digest algorithm for references for archive timestamps (e.g. DataObjectReferences in ASiCArchiveManifest.xml files)
    Possible values are the names of DigestAlgorithm enum values
See Also:

  • Constructor Details

    • Configuration

      public Configuration()
      Create new configuration

    • Configuration

      public Configuration(Configuration.Mode mode)
      Create new configuration with application mode specified
      Parameters:
      mode - Application mode

  • Method Details

    • getInstance

      public static Configuration getInstance()
      Getting the default Configuration object.

      The default configuration object is a singelton, meaning that all the containers will use the same registry object. It is a good idea to use only a single configuration object for all the containers so the operation times would be faster.

      Returns:
      default configuration.

    • of

      public static Configuration of(Configuration.Mode mode)
      Create new configuration in static context with application mode specified
      Parameters:
      mode - Application mode

    • isOCSPSigningConfigurationAvailable

      public boolean isOCSPSigningConfigurationAvailable()
      Are requirements met for signing OCSP certificate?
      Returns:
      value indicating if requirements are met

    • getOCSPAccessCertificateFileName

      public String getOCSPAccessCertificateFileName()
      Get OCSP access certificate filename
      Returns:
      filename for the OCSP access certificate

    • getOCSPAccessCertificatePassword

      public char[] getOCSPAccessCertificatePassword()
      Get OSCP access certificate password
      Returns:
      password

    • getOCSPAccessCertificatePasswordAsString

      public String getOCSPAccessCertificatePasswordAsString()
      Get OSCP access certificate password As String
      Returns:
      password

    • setOCSPAccessCertificateFileName

      public void setOCSPAccessCertificateFileName(String fileName)
      Set OCSP access certificate filename
      Parameters:
      fileName - filename for the OCSP access certficate

    • setOCSPAccessCertificatePassword

      public void setOCSPAccessCertificatePassword(char[] password)
      Set OCSP access certificate password
      Parameters:
      password - password to set

    • setSignOCSPRequests

      public void setSignOCSPRequests(boolean shouldSignOcspRequests)
      Set flag if OCSP requests should be signed
      Parameters:
      shouldSignOcspRequests - True if should sign, False otherwise

    • setOcspDataLoaderFactory

      public void setOcspDataLoaderFactory(DataLoaderFactory ocspDataLoaderFactory)
      Set a data loader factory that manages the creation of custom data loaders for creating OCSP requests.
      Parameters:
      ocspDataLoaderFactory - OCSP data loader factory.

    • getOcspDataLoaderFactory

      public DataLoaderFactory getOcspDataLoaderFactory()
      Returns the currently set OCSP data loader factory or null if no custom data loader factory is set.
      Returns:
      OCSP data loader factory.

    • loadConfiguration

      public Hashtable<String,String> loadConfiguration(InputStream stream)
      Add configuration settings from a stream. After loading closes stream.
      Parameters:
      stream - Input stream
      Returns:
      configuration hashtable

    • loadConfiguration

      public Hashtable<String,String> loadConfiguration(String file)
      Add configuration settings from a file
      Parameters:
      file - File name
      Returns:
      configuration hashtable

    • loadConfiguration

      public Hashtable<String,String> loadConfiguration(String file, boolean isReloadFromYaml)
      Add configuration settings from a file
      Parameters:
      file - File name
      isReloadFromYaml - True if this is reloading call
      Returns:
      configuration hashtable

    • getDDoc4JConfiguration

      public Hashtable<String,String> getDDoc4JConfiguration()
      Returns configuration needed for DDoc4J library.
      Returns:
      configuration values.

    • setMaxFileSizeCachedInMemoryInMB

      public void setMaxFileSizeCachedInMemoryInMB(long maxFileSizeCachedInMB)
      Sets limit in MB when handling files are creating temporary file for streaming in container creation and adding data files.

      Used by DigiDoc4J and by DDoc4J.

      Parameters:
      maxFileSizeCachedInMB - maximum data file size in MB stored in memory.

    • storeDataFilesOnlyInMemory

      public boolean storeDataFilesOnlyInMemory()
      If all the data files should be stored in memory. Default is true (data files are temporarily stored only in memory).
      Returns:
      true if everything is stored in memory, and false if data is temporarily stored on disk.

    • hasToBeOCSPRequestSigned

      public boolean hasToBeOCSPRequestSigned()
      Returns configuration item must be OCSP request signed. Reads it from registry parameter SIGN_OCSP_REQUESTS. Default value is false for Configuration.Mode.PROD and false for Configuration.Mode.TEST
      Returns:
      must be OCSP request signed

    • getMaxDataFileCachedInMB

      public long getMaxDataFileCachedInMB()
      Get the maximum size of data files to be cached. Used by DigiDoc4J and by DDoc4J.
      Returns:
      Size in MB. if size < 0, no caching is used

    • getMaxDataFileCachedInBytes

      public long getMaxDataFileCachedInBytes()
      Get the maximum size of data files to be cached. Used by DigiDoc4J and by DDoc4J.
      Returns:
      Size in MB. if size < 0, no caching is used

    • setLotlLocation

      public void setLotlLocation(String lotlLocation)
      Set LOTL (List of Trusted Lists) location. LOTL can be loaded from file (file://) or from web (http://). If file protocol is used then first try is to locate file from this location if file does not exist then it tries to load relatively from classpath.

      Setting new location clears old values

      Windows wants it in file:DRIVE:/directories/lotl-file.xml format

      Parameters:
      lotlLocation - LOTL location to be used

    • getLotlLocation

      public String getLotlLocation()
      Get LOTL (List of Trusted Lists) location.
      Returns:
      url

    • getTslLocation

      @Deprecated public String getTslLocation()
      Deprecated.
      Use getLotlLocation() instead.
      Get TSL location.
      Returns:
      url

    • setTSL

      public void setTSL(TSLCertificateSource certificateSource)
      Set the TSL certificate source.
      Parameters:
      certificateSource - TSL certificate source When certificateSource equals null then getTSL() will load the TSL according to the TSL location specified .

    • getTSL

      public TSLCertificateSource getTSL()
      Loads TSL certificates If configuration mode is TEST then TSL signature is not checked.
      Returns:
      TSL source

    • setTslLocation

      @Deprecated public void setTslLocation(String tslLocation)
      Deprecated.
      Use setLotlLocation(String) instead.
      Set the TSL location. TSL can be loaded from file (file://) or from web (http://). If file protocol is used then first try is to locate file from this location if file does not exist then it tries to load relatively from classpath.

      Setting new location clears old values

      Windows wants it in file:DRIVE:/directories/tsl-file.xml format

      Parameters:
      tslLocation - TSL Location to be used

    • setTslFileLoaderFactory

      public void setTslFileLoaderFactory(DSSFileLoaderFactory tslFileLoaderFactory)
      Set a file loader factory that manages the creation of custom file loaders for downloading TSL.
      Parameters:
      tslFileLoaderFactory - TSL file loader factory.

    • getTslFileLoaderFactory

      public DSSFileLoaderFactory getTslFileLoaderFactory()
      Returns the currently set TSL file loader factory or null if no custom file loader factory is set.
      Returns:
      TSL file loader factory.

    • setTslRefreshCallback

      public void setTslRefreshCallback(TSLRefreshCallback tslRefreshCallback)
      Sets a callback that validates the state of the TSL after each TSL refresh. If no custom callback is configured, a default callback is used for TSL validation.
      Parameters:
      tslRefreshCallback - a callback to validate TSL after a refresh

    • getTslRefreshCallback

      public TSLRefreshCallback getTslRefreshCallback()
      Returns the currently configured TSL refresh callback or null if no custom callback is configured.
      Returns:
      configured TSL refresh callback or null

    • setTslDataLoaderFactory

      @Deprecated public void setTslDataLoaderFactory(DataLoaderFactory tslDataLoaderFactory)
      Deprecated.
      Prefer to use setTslFileLoaderFactory(DSSFileLoaderFactory) and getTslFileLoaderFactory() instead. If a custom TSL file loader factory is configured, then a custom TSL data loader factory has no effect. If a data loader created by a custom TSL data loader factory does not implement DSSFileLoader, then it is wrapped into a FileCacheDataLoader.
      Set a data loader factory that manages the creation of custom data loaders for downloading TSL.
      Parameters:
      tslDataLoaderFactory - TSL data loader factory.

    • getTslDataLoaderFactory

      @Deprecated public DataLoaderFactory getTslDataLoaderFactory()
      Deprecated.
      Prefer to use setTslFileLoaderFactory(DSSFileLoaderFactory) and getTslFileLoaderFactory() instead. If a custom TSL file loader factory is configured, then a custom TSL data loader factory has no effect. If a data loader created by a custom TSL data loader factory does not implement DSSFileLoader, then it is wrapped into a FileCacheDataLoader.
      Returns the currently set TSL data loader factory or null if no custom data loader factory is set.
      Returns:
      TSL data loader factory.

    • setAiaDataLoaderFactory

      @Deprecated public void setAiaDataLoaderFactory(DataLoaderFactory aiaDataLoaderFactory)
      Deprecated.
      Prefer to use setAiaSourceFactory(AIASourceFactory) and getAiaSourceFactory() instead. If a custom AIA source factory is configured, then a custom AIA data loader factory has no effect.
      Set a data loader factory that manages the creation of custom data loaders for accessing AIA certificate sources.
      Parameters:
      aiaDataLoaderFactory - AIA data loader factory.

    • getAiaDataLoaderFactory

      @Deprecated public DataLoaderFactory getAiaDataLoaderFactory()
      Deprecated.
      Prefer to use setAiaSourceFactory(AIASourceFactory) and getAiaSourceFactory() instead. If a custom AIA source factory is configured, then a custom AIA data loader factory has no effect.
      Returns the currently set AIA data loader factory or null if no custom data loader factory is set.
      Returns:
      AIA data loader factory.

    • setAiaSourceFactory

      public void setAiaSourceFactory(AIASourceFactory aiaSourceFactory)
      Set an AIA source factory that manages the creation of custom AIA sources.
      Parameters:
      aiaSourceFactory - AIA source factory

    • getAiaSourceFactory

      public AIASourceFactory getAiaSourceFactory()
      Returns the currently set AIA source factory or null if no custom AIA source factory is set.
      Returns:
      AIA source factory

    • setExtendingOcspSourceFactory

      public void setExtendingOcspSourceFactory(OCSPSourceFactory extendingOcspSourceFactory)
      Set an OCSP source factory that manages the creation of custom OCSP sources to be used for extending signatures.
      Parameters:
      extendingOcspSourceFactory - OCSP source factory

    • getExtendingOcspSourceFactory

      public OCSPSourceFactory getExtendingOcspSourceFactory()
      Returns the currently set OCSP source factory or null if no custom OCSP source factory is set.
      Returns:
      OCSP source factory

    • setSigningOcspSourceFactory

      public void setSigningOcspSourceFactory(OCSPSourceFactory signingOcspSourceFactory)
      Set an OCSP source factory that manages the creation of custom OCSP sources to be used for signing.
      Parameters:
      signingOcspSourceFactory - OCSP source factory

    • getSigningOcspSourceFactory

      public OCSPSourceFactory getSigningOcspSourceFactory()
      Returns the currently set OCSP source factory for signing or null if no custom OCSP source factory is set.
      Returns:
      OCSP source factory

    • setArchiveTspSourceFactory

      public void setArchiveTspSourceFactory(TSPSourceFactory archiveTspSourceFactory)
      Set a TSP source factory that manages the creation of custom TSP sources for archive timestamps.
      Parameters:
      archiveTspSourceFactory - TSP source factory

    • getArchiveTspSourceFactory

      public TSPSourceFactory getArchiveTspSourceFactory()
      Returns the currently set TSP source factory for archive timestamps or null if no custom TSP source factory is set.
      Returns:
      TSP source factory

    • setSignatureTspSourceFactory

      public void setSignatureTspSourceFactory(TSPSourceFactory signatureTspSourceFactory)
      Set a TSP source factory that manages the creation of custom TSP sources for signature timestamps.
      Parameters:
      signatureTspSourceFactory - TSP source factory

    • getSignatureTspSourceFactory

      public TSPSourceFactory getSignatureTspSourceFactory()
      Returns the currently set TSP source factory for signature timestamps or null if no custom TSP source factory is set.
      Returns:
      TSP source factory

    • getTspSource

      public String getTspSource()
      Get the TSP Source
      Returns:
      TSP Source

    • getTspSourceForArchiveTimestamps

      public String getTspSourceForArchiveTimestamps()
      Returns the TSP source URL string for archive timestamps, if configured, otherwise returns the value of getTspSource().
      Returns:
      TSP source URL string for archive timestamps, or getTspSource()
      See Also:

    • getTspSourceByCountry

      public String getTspSourceByCountry(String country)
      Get the TSP source by country
      Parameters:
      country - to use tsp source
      Returns:
      tspSource

    • setTspDataLoaderFactory

      public void setTspDataLoaderFactory(DataLoaderFactory tspDataLoaderFactory)
      Set a data loader factory that manages the creation of custom data loaders for creating TSP requests.
      Parameters:
      tspDataLoaderFactory - TSP data loader factory.

    • getTspDataLoaderFactory

      public DataLoaderFactory getTspDataLoaderFactory()
      Returns the currently set TSP data loader factory or null if no custom data loader factory is set.
      Returns:
      TSP data loader factory.

    • setPreferAiaOcsp

      public void setPreferAiaOcsp(boolean preferAiaOcsp)
      Set flag if AIA OCSP is preferred.
      Parameters:
      preferAiaOcsp - - True when AIA OCSP is preferred

    • isAiaOcspPreferred

      public boolean isAiaOcspPreferred()
      Get flag if AIA OCSP is preferred.
      Returns:
      isAiaOcspPreferred boolean value.

    • getAiaOcspSourceByCN

      public String getAiaOcspSourceByCN(String cn)
      Get the AIA OCSP source by issuer's CN
      Parameters:
      cn - to use AIA OCSP source
      Returns:
      ocspSource

    • getUseNonceForAiaOcspByCN

      public boolean getUseNonceForAiaOcspByCN(String cn)
      Get the AIA OCSP source by issuer's CN
      Parameters:
      cn - to use AIA OCSP source
      Returns:
      ocspSource

    • setTempFileMaxAge

      public void setTempFileMaxAge(long tempFileMaxAgeInMillis)
      Set temp file max age in millis
      Parameters:
      tempFileMaxAgeInMillis - max age in millis

    • getTempFileMaxAge

      public long getTempFileMaxAge()
      Get temp file max age
      Returns:
      temp file max age in millis

    • setConnectionTimeout

      public void setConnectionTimeout(int connectionTimeout)
      Set HTTP connection timeout
      Parameters:
      connectionTimeout - connection timeout in milliseconds

    • setSocketTimeout

      public void setSocketTimeout(int socketTimeoutMilliseconds)
      Set HTTP socket timeout
      Parameters:
      socketTimeoutMilliseconds - socket timeout in milliseconds

    • getConnectionTimeout

      public int getConnectionTimeout()
      Get HTTP connection timeout
      Returns:
      connection timeout in milliseconds

    • getSocketTimeout

      public int getSocketTimeout()
      Get HTTP socket timeout
      Returns:
      socket timeout in milliseconds

    • setTspSource

      public void setTspSource(String tspSource)
      Set the TSP Source
      Parameters:
      tspSource - TSPSource to be used

    • setTspSourceForArchiveTimestamps

      public void setTspSourceForArchiveTimestamps(String tspSource)
      Sets the TSP source URL string to be used for archive timestamps.
      Parameters:
      tspSource - TSP source URL string for archive timestamps

    • getOcspSource

      public String getOcspSource()
      Get the OCSP Source
      Returns:
      OCSP Source

    • setUseOcspNonce

      public void setUseOcspNonce(Boolean useOcspNonce)
      Set if nonce should be used in case of OCSP request

      PS! Does not affect TM signature profiles in which occasion nonce is always used.

      Parameters:
      useOcspNonce -

    • isOcspNonceUsed

      public boolean isOcspNonceUsed()
      Get if OCSP nonce should be used
      Returns:
      use OCSP nonce

    • setTslKeyStoreLocation

      @Deprecated public void setTslKeyStoreLocation(String tslKeyStoreLocation)
      Deprecated.
      Use setLotlTruststorePath(String) instead.
      Set the KeyStore Location that holds potential TSL Signing certificates
      Parameters:
      tslKeyStoreLocation - KeyStore location to use

    • getTslKeyStoreLocation

      @Deprecated public String getTslKeyStoreLocation()
      Deprecated.
      Use getLotlTruststorePath() instead.
      Get the Location to Keystore that holds potential TSL Signing certificates
      Returns:
      KeyStore Location

    • setTslKeyStorePassword

      @Deprecated public void setTslKeyStorePassword(String tslKeyStorePassword)
      Deprecated.
      Use setLotlTruststorePassword(String) instead.
      Set the password for Keystore that holds potential TSL Signing certificates
      Parameters:
      tslKeyStorePassword - Keystore password

    • getTslKeyStorePassword

      @Deprecated public String getTslKeyStorePassword()
      Deprecated.
      Use getLotlTruststorePassword() instead.
      Get the password for Keystore that holds potential TSL Signing certificates
      Returns:
      Tsl Keystore password

    • setLotlTruststorePath

      public void setLotlTruststorePath(String lotlTruststorePath)
      Set the path to the trust-store that holds potential LOTL signing certificates.
      Parameters:
      lotlTruststorePath - LOTL trust-store path to use

    • getLotlTruststorePath

      public String getLotlTruststorePath()
      Get the path to the trust-store that holds potential LOTL signing certificates.
      Returns:
      LOTL trust-store path

    • setLotlTruststoreType

      public void setLotlTruststoreType(String lotlTruststoreType)
      Set the type of the trust-store that holds potential LOTL signing certificates. Default is PKCS12.
      Parameters:
      lotlTruststoreType - LOTL trust-store type to use

    • getLotlTruststoreType

      public String getLotlTruststoreType()
      Get the type of the trust-store that holds potential LOTL signing certificates.
      Returns:
      LOTL trust-store type

    • setLotlTruststorePassword

      public void setLotlTruststorePassword(String lotlTruststorePassword)
      Set the password for the trust-store that holds potential LOTL signing certificates.
      Parameters:
      lotlTruststorePassword - LOTL trust-store password

    • getLotlTruststorePassword

      public String getLotlTruststorePassword()
      Get the password for the trust-store that holds potential LOTL signing certificates.
      Returns:
      LOTL trust-store password

    • setLotlPivotSupportEnabled

      public void setLotlPivotSupportEnabled(boolean lotlPivotSupport)
      Set whether LOTL pivot support should be enabled
      Parameters:
      lotlPivotSupport - whether LOTL pivot support should be enabled

    • isLotlPivotSupportEnabled

      public boolean isLotlPivotSupportEnabled()
      Get whether LOTL pivot support is enabled
      Returns:
      whether LOTL pivot support is enabled

    • setTslCacheExpirationTime

      public void setTslCacheExpirationTime(long cacheExpirationTimeInMilliseconds)
      Sets the expiration time for TSL cache in milliseconds. If more time has passed from the cache's creation time time, then a fresh TSL is downloaded and cached, otherwise a cached copy is used.
      Parameters:
      cacheExpirationTimeInMilliseconds - cache expiration time in milliseconds

    • getTslCacheExpirationTime

      public long getTslCacheExpirationTime()
      Returns TSL cache expiration time in milliseconds.
      Returns:
      TSL cache expiration time in milliseconds.

    • getAllowedTimestampAndOCSPResponseDeltaInMinutes

      public Integer getAllowedTimestampAndOCSPResponseDeltaInMinutes()
      Returns allowed delay between timestamp and OCSP response in minutes.
      Returns:
      Allowed delay between timestamp and OCSP response in minutes.

    • setAllowedTimestampAndOCSPResponseDeltaInMinutes

      public void setAllowedTimestampAndOCSPResponseDeltaInMinutes(int timeInMinutes)
      Set allowed delay between timestamp and OCSP response in minutes.
      Parameters:
      timeInMinutes - Allowed delay between timestamp and OCSP response in minutes

    • setOcspSource

      public void setOcspSource(String ocspSource)
      Set the OCSP source
      Parameters:
      ocspSource - OCSP Source to be used

    • getValidationPolicy

      public String getValidationPolicy()
      Get the validation policy
      Returns:
      Validation policy

    • setValidationPolicy

      public void setValidationPolicy(String validationPolicy)
      Set the validation policy
      Parameters:
      validationPolicy - Policy to be used

    • getPrintValidationReport

      public boolean getPrintValidationReport()
      Returns:
      whether to print validation report

    • setPrintValidationReport

      public void setPrintValidationReport(Boolean printValidationReport)
      Parameters:
      printValidationReport - whether to print validation report

    • getRevocationAndTimestampDeltaInMinutes

      @Deprecated public int getRevocationAndTimestampDeltaInMinutes()
      Deprecated.
      Deprecated for removal. This method no longer affects DigiDoc4j functionality. Was only used for 24h revocation time difference check, which has been removed.
      Revocation and timestamp delta in minutes.
      Returns:
      timestamp delta in minutes.

    • setRevocationAndTimestampDeltaInMinutes

      @Deprecated public void setRevocationAndTimestampDeltaInMinutes(int timeInMinutes)
      Deprecated.
      Deprecated for removal. This method no longer affects DigiDoc4j functionality. Was only used for 24h revocation time difference check, which has been removed.
      Set Revocation and timestamp delta in minutes.
      Parameters:
      timeInMinutes - delta in minutes.

    • getSignatureProfile

      public SignatureProfile getSignatureProfile()
      Signature profile.
      Returns:
      SignatureProfile.

    • setSignatureProfile

      public void setSignatureProfile(SignatureProfile signatureProfile)
      Set signature profile.
      Parameters:
      signatureProfile - profile of the signature

    • getSignatureDigestAlgorithm

      public DigestAlgorithm getSignatureDigestAlgorithm()
      Signature digest algorithm.
      Returns:
      DigestAlgorithm.

    • setSignatureDigestAlgorithm

      public void setSignatureDigestAlgorithm(DigestAlgorithm digestAlgorithm)
      Set signature digest algorithm.
      Parameters:
      digestAlgorithm - digest algorithm of signature

    • getDataFileDigestAlgorithm

      public DigestAlgorithm getDataFileDigestAlgorithm()
      Datafile digest algorithm.
      Returns:
      DigestAlgorithm.

    • setDataFileDigestAlgorithm

      public void setDataFileDigestAlgorithm(DigestAlgorithm digestAlgorithm)
      Set datafile digest algorithm.
      Parameters:
      digestAlgorithm - digest algorithm of datafile

    • getArchiveTimestampDigestAlgorithm

      public DigestAlgorithm getArchiveTimestampDigestAlgorithm()
      Returns the digest algorithm for archive timestamps, if configured.
      Returns:
      configured archive timestamp digest algorithm or null

    • setArchiveTimestampDigestAlgorithm

      public void setArchiveTimestampDigestAlgorithm(DigestAlgorithm digestAlgorithm)
      Sets the digest algorithm for archive timestamps.
      Parameters:
      digestAlgorithm - digest algorithm for archive timestamps

    • getArchiveTimestampReferenceDigestAlgorithm

      public DigestAlgorithm getArchiveTimestampReferenceDigestAlgorithm()
      Returns the reference digest algorithm for archive timestamps, if configured.
      Returns:
      configured archive timestamp reference digest algorithm or null

    • setArchiveTimestampReferenceDigestAlgorithm

      public void setArchiveTimestampReferenceDigestAlgorithm(DigestAlgorithm digestAlgorithm)
      Sets the reference digest algorithm for archive timestamps.
      Parameters:
      digestAlgorithm - reference digest algorithm for archive timestamps

    • getHttpsProxyHost

      public String getHttpsProxyHost()
      Returns:
      HTTPS proxy host

    • getHttpsProxyHostFor

      public String getHttpsProxyHostFor(ExternalConnectionType connectionType)
      Parameters:
      connectionType - type of external connections.
      Returns:
      HTTPS proxy host.

    • setHttpsProxyHost

      public void setHttpsProxyHost(String httpsProxyHost)
      Set HTTPS network proxy host.
      Parameters:
      httpsProxyHost - https proxy host.

    • setHttpsProxyHostFor

      public void setHttpsProxyHostFor(ExternalConnectionType connectionType, String httpsProxyHost)
      Set HTTPS network proxy host for specific type of external connections. Overrides network proxy host set via setHttpsProxyHost(String)
      Parameters:
      connectionType - type of external connections.
      httpsProxyHost - https proxy host.

    • getHttpsProxyPort

      public Integer getHttpsProxyPort()
      Returns:
      HTTPS proxy port

    • getHttpsProxyPortFor

      public Integer getHttpsProxyPortFor(ExternalConnectionType connectionType)
      Parameters:
      connectionType - type of external connection
      Returns:
      HTTPS proxy port

    • setHttpsProxyPort

      public void setHttpsProxyPort(int httpsProxyPort)
      Set HTTPS network proxy port.
      Parameters:
      httpsProxyPort - https proxy port.

    • setHttpsProxyPortFor

      public void setHttpsProxyPortFor(ExternalConnectionType connectionType, int httpsProxyPort)
      Set HTTPS network proxy port for specific type of external connections. Overrides network proxy port set via setHttpsProxyPort(int)
      Parameters:
      connectionType - type of external connections.
      httpsProxyPort - https proxy port.

    • setHttpsProxyUser

      public void setHttpsProxyUser(String httpsProxyUser)
      Set HTTPS network proxy user name.
      Parameters:
      httpsProxyUser - username.

    • setHttpsProxyUserFor

      public void setHttpsProxyUserFor(ExternalConnectionType connectionType, String httpsProxyUser)
      Set HTTPS network proxy user name for specific type of external connections. Overrides network proxy user name set via setHttpsProxyUser(String)
      Parameters:
      connectionType - type of external connections.
      httpsProxyUser - username.

    • getHttpsProxyUser

      public String getHttpsProxyUser()
      Get HTTPS proxy user.
      Returns:
      HTTPS proxy user.

    • getHttpsProxyUserFor

      public String getHttpsProxyUserFor(ExternalConnectionType connectionType)
      Get HTTPS proxy user for specific type of external connections.
      Parameters:
      connectionType - type of external connections.
      Returns:
      HTTPS proxy user.

    • setHttpsProxyPassword

      public void setHttpsProxyPassword(String httpsProxyPassword)
      Set HTTPS network proxy password.
      Parameters:
      httpsProxyPassword - password.

    • setHttpsProxyPasswordFor

      public void setHttpsProxyPasswordFor(ExternalConnectionType connectionType, String httpsProxyPassword)
      Set HTTPS network proxy password for specific type of external connections. Overrides network proxy password set via setHttpsProxyPassword(String)
      Parameters:
      connectionType - type of external connections.
      httpsProxyPassword - password.

    • getHttpsProxyPassword

      public String getHttpsProxyPassword()
      Get HTTPS proxy password.
      Returns:
      HTTPS proxy password.

    • getHttpsProxyPasswordFor

      public String getHttpsProxyPasswordFor(ExternalConnectionType connectionType)
      Get HTTPS proxy password for specific type of external connections.
      Parameters:
      connectionType - type of external connections.
      Returns:
      HTTPS proxy password.

    • getHttpProxyHost

      public String getHttpProxyHost()
      Get http proxy host.
      Returns:
      http proxy host.

    • getHttpProxyHostFor

      public String getHttpProxyHostFor(ExternalConnectionType connectionType)
      Get http proxy host for specific external connection type.
      Parameters:
      connectionType - type of external connections.
      Returns:
      http proxy host.

    • setHttpProxyHost

      public void setHttpProxyHost(String httpProxyHost)
      Set HTTP network proxy host.
      Parameters:
      httpProxyHost - http proxy host.

    • setHttpProxyHostFor

      public void setHttpProxyHostFor(ExternalConnectionType connectionType, String httpProxyHost)
      Set HTTP network proxy host for specific type of external connections. Overrides network proxy host set via setHttpProxyHost(String)
      Parameters:
      connectionType - type of external connections.
      httpProxyHost - http proxy host.

    • getHttpProxyPort

      public Integer getHttpProxyPort()
      Get http proxy port.
      Returns:
      http proxy port.

    • getHttpProxyPortFor

      public Integer getHttpProxyPortFor(ExternalConnectionType connectionType)
      Get http proxy port for specific type of external connections.
      Parameters:
      connectionType - type of external connections.
      Returns:
      http proxy port.

    • setHttpProxyPort

      public void setHttpProxyPort(int httpProxyPort)
      Set HTTP network proxy port.
      Parameters:
      httpProxyPort - Port number.

    • setHttpProxyPortFor

      public void setHttpProxyPortFor(ExternalConnectionType connectionType, int httpProxyPort)
      Set HTTP network proxy port for specific type of external connections. Overrides network proxy port set via setHttpProxyPort(int)
      Parameters:
      connectionType - type of external connections.
      httpProxyPort - Port number.

    • setHttpProxyUser

      public void setHttpProxyUser(String httpProxyUser)
      Set HTTP network proxy user name.
      Parameters:
      httpProxyUser - username.

    • setHttpProxyUserFor

      public void setHttpProxyUserFor(ExternalConnectionType connectionType, String httpProxyUser)
      Set HTTP network proxy user name for specific type of external connections. Overrides network proxy user name set via setHttpProxyUser(String)
      Parameters:
      connectionType - type of external connections.
      httpProxyUser - username.

    • getHttpProxyUser

      public String getHttpProxyUser()
      Get http proxy user.
      Returns:
      http proxy user.

    • getHttpProxyUserFor

      public String getHttpProxyUserFor(ExternalConnectionType connectionType)
      Get http proxy user for specific type of external connections.
      Parameters:
      connectionType - type of external connections.
      Returns:
      http proxy user.

    • setHttpProxyPassword

      public void setHttpProxyPassword(String httpProxyPassword)
      Set HTTP network proxy password.
      Parameters:
      httpProxyPassword - password.

    • setHttpProxyPasswordFor

      public void setHttpProxyPasswordFor(ExternalConnectionType connectionType, String httpProxyPassword)
      Set HTTP network proxy password for specific type of external connections. Overrides network proxy password set via setHttpProxyPassword(String)
      Parameters:
      connectionType - type of external connections.
      httpProxyPassword - password.

    • getHttpProxyPassword

      public String getHttpProxyPassword()
      Get http proxy password.
      Returns:
      http proxy password.

    • getHttpProxyPasswordFor

      public String getHttpProxyPasswordFor(ExternalConnectionType connectionType)
      Get http proxy password for specific type of external connections.
      Parameters:
      connectionType - type of external connections.
      Returns:
      http proxy password.

    • isNetworkProxyEnabled

      public boolean isNetworkProxyEnabled()
      Is network proxy enabled?
      Returns:
      True if network proxy is enabled, otherwise False.

    • isNetworkProxyEnabledFor

      public boolean isNetworkProxyEnabledFor(ExternalConnectionType connectionType)
      Is network proxy enabled for specific type of external connections?
      Parameters:
      connectionType - type of external connections.
      Returns:
      True if network proxy is enabled, otherwise False.

    • isProxyOfType

      public boolean isProxyOfType(eu.europa.esig.dss.spi.client.http.Protocol protocol)
      Parameters:
      protocol - protocol
      Returns:
      boolean

    • isProxyOfTypeFor

      public boolean isProxyOfTypeFor(ExternalConnectionType connectionType, eu.europa.esig.dss.spi.client.http.Protocol protocol)
      Parameters:
      connectionType - type of external connections
      protocol - protocol
      Returns:
      boolean

    • isSslConfigurationEnabled

      public boolean isSslConfigurationEnabled()
      Is ssl configuration enabled?
      Returns:
      True if SSL configuration is enabled, otherwise False.

    • isSslConfigurationEnabledFor

      public boolean isSslConfigurationEnabledFor(ExternalConnectionType connectionType)
      Is ssl configuration enabled for specific type of external connections?
      Parameters:
      connectionType - type of external connections.
      Returns:
      True if SSL configuration is enabled, otherwise False.

    • setSslKeystorePath

      public void setSslKeystorePath(String sslKeystorePath)
      Set SSL KeyStore path.
      Parameters:
      sslKeystorePath - path to SSL keystore.

    • setSslKeystorePathFor

      public void setSslKeystorePathFor(ExternalConnectionType connectionType, String sslKeystorePath)
      Set SSL KeyStore path for specific type of external connections. Overrides keystore path set via setSslKeystorePath(String)
      Parameters:
      connectionType - type of external connections.
      sslKeystorePath - path to SSL keystore.

    • getSslKeystorePath

      public String getSslKeystorePath()
      Get SSL KeyStore path.
      Returns:
      path to SSL keystore.

    • getSslKeystorePathFor

      public String getSslKeystorePathFor(ExternalConnectionType connectionType)
      Get SSL KeyStore path for specific type of external connections.
      Parameters:
      connectionType - type of external connections.
      Returns:
      path to SSL keystore.

    • setSslKeystoreType

      public void setSslKeystoreType(String sslKeystoreType)
      Set SSL KeyStore type. Default is "jks".
      Parameters:
      sslKeystoreType - type of SSL keystore.

    • setSslKeystoreTypeFor

      public void setSslKeystoreTypeFor(ExternalConnectionType connectionType, String sslKeystoreType)
      Set SSL KeyStore type for specific type of external connections. Overrides keystore type set via setSslKeystoreType(String)
      Parameters:
      connectionType - type of external connections.
      sslKeystoreType - type of SSL keystore.

    • getSslKeystoreType

      public String getSslKeystoreType()
      Get SSL KeyStore type.
      Returns:
      type of SSL keystore.

    • getSslKeystoreTypeFor

      public String getSslKeystoreTypeFor(ExternalConnectionType connectionType)
      Get SSL KeyStore type for specific type of external connections.
      Parameters:
      connectionType - type of external connections.
      Returns:
      type of SSL keystore.

    • setSslKeystorePassword

      public void setSslKeystorePassword(String sslKeystorePassword)
      Set SSL KeyStore password. Default is an empty string.
      Parameters:
      sslKeystorePassword - SSL keystore password.

    • setSslKeystorePasswordFor

      public void setSslKeystorePasswordFor(ExternalConnectionType connectionType, String sslKeystorePassword)
      Set SSL KeyStore password for specific type of external connections. Overrides keystore password set via setSslKeystorePassword(String)
      Parameters:
      connectionType - type of external connections.
      sslKeystorePassword - SSL keystore password.

    • getSslKeystorePassword

      public String getSslKeystorePassword()
      Get Ssl keystore password.
      Returns:
      SSL keystore password.

    • getSslKeystorePasswordFor

      public String getSslKeystorePasswordFor(ExternalConnectionType connectionType)
      Get Ssl keystore password for specific type of external connections.
      Parameters:
      connectionType - type of external connections.
      Returns:
      SSL keystore password.

    • setSslTruststorePath

      public void setSslTruststorePath(String sslTruststorePath)
      Set SSL TrustStore path.
      Parameters:
      sslTruststorePath - path to SSL truststore.

    • setSslTruststorePathFor

      public void setSslTruststorePathFor(ExternalConnectionType connectionType, String sslTruststorePath)
      Set SSL TrustStore path for specific type of external connections. Overrides truststore path set via setSslTruststorePath(String)
      Parameters:
      connectionType - type of external connections.
      sslTruststorePath - path to SSL truststore.

    • getSslTruststorePath

      public String getSslTruststorePath()
      Get SSL TrustStore path
      Returns:
      path to SSL truststore.

    • getSslTruststorePathFor

      public String getSslTruststorePathFor(ExternalConnectionType connectionType)
      Get SSL TrustStore path for specific type of external connections.
      Parameters:
      connectionType - type of external connections.
      Returns:
      path to SSL truststore.

    • setSslTruststoreType

      public void setSslTruststoreType(String sslTruststoreType)
      Set SSL TrustStore type. Default is "jks".
      Parameters:
      sslTruststoreType - type of SSL truststore.

    • setSslTruststoreTypeFor

      public void setSslTruststoreTypeFor(ExternalConnectionType connectionType, String sslTruststoreType)
      Set SSL TrustStore type for specific type of external connections. Overrides truststore type set via setSslTruststoreType(String)
      Parameters:
      connectionType - type of external connections.
      sslTruststoreType - type of SSL truststore.

    • getSslTruststoreType

      public String getSslTruststoreType()
      Get SSL TrustStore type.
      Returns:
      type of SSL truststore.

    • getSslTruststoreTypeFor

      public String getSslTruststoreTypeFor(ExternalConnectionType connectionType)
      Get SSL TrustStore type for specific type of external connections.
      Parameters:
      connectionType - type of external connections.
      Returns:
      type of SSL truststore.

    • setSslTruststorePassword

      public void setSslTruststorePassword(String sslTruststorePassword)
      Set SSL TrustStore password. Default is an empty string.
      Parameters:
      sslTruststorePassword - SSL truststore password.

    • setSslTruststorePasswordFor

      public void setSslTruststorePasswordFor(ExternalConnectionType connectionType, String sslTruststorePassword)
      Set SSL TrustStore password for specific type of external connections. Overrides truststore password set via setSslTruststorePassword(String)
      Parameters:
      connectionType - type of external connections.
      sslTruststorePassword - SSL truststore password.

    • getSslTruststorePassword

      public String getSslTruststorePassword()
      Get Ssl truststore password.
      Returns:
      SSL truststore password.

    • getSslTruststorePasswordFor

      public String getSslTruststorePasswordFor(ExternalConnectionType connectionType)
      Get Ssl truststore password for specific type of external connections.
      Parameters:
      connectionType - type of external connections.
      Returns:
      SSL truststore password.

    • setSslProtocol

      public void setSslProtocol(String sslProtocol)
      Set SSL protocol.
      Parameters:
      sslProtocol - SSL protocol.

    • setSslProtocolFor

      public void setSslProtocolFor(ExternalConnectionType connectionType, String sslProtocol)
      Set SSL protocol for specific type of external connections. Overrides SSL protocol set via setSslProtocol(String)
      Parameters:
      connectionType - type of external connections.
      sslProtocol - SSL protocol.

    • getSslProtocol

      public String getSslProtocol()
      Get SSL protocol.
      Returns:
      SSL protocol.

    • getSslProtocolFor

      public String getSslProtocolFor(ExternalConnectionType connectionType)
      Get SSL protocol for specific type of external connections.
      Parameters:
      connectionType - type of external connections.
      Returns:
      SSL protocol.

    • setSupportedSslProtocols

      public void setSupportedSslProtocols(List<String> supportedSslProtocols)
      Set supported SSL protocols.
      Parameters:
      supportedSslProtocols - list of supported SSL protocols.

    • setSupportedSslProtocolsFor

      public void setSupportedSslProtocolsFor(ExternalConnectionType connectionType, List<String> supportedSslProtocols)
      Set supported SSL protocols for specific type of external connections. Overrides SSL protocols set via setSupportedSslProtocols(List)
      Parameters:
      connectionType - type of external connections.
      supportedSslProtocols - list of supported SSL protocols.

    • getSupportedSslProtocols

      public List<String> getSupportedSslProtocols()
      Get supported SSL protocols.
      Returns:
      list of supported SSL protocols.

    • getSupportedSslProtocolsFor

      public List<String> getSupportedSslProtocolsFor(ExternalConnectionType connectionType)
      Get supported SSL protocols for specific type of external connections.
      Parameters:
      connectionType - type of external connections.
      Returns:
      list of supported SSL protocols.

    • setSupportedSslCipherSuites

      public void setSupportedSslCipherSuites(List<String> supportedSslCipherSuites)
      Set supported SSL cipher suites.
      Parameters:
      supportedSslCipherSuites - list of supported SSL cipher suites.

    • setSupportedSslCipherSuitesFor

      public void setSupportedSslCipherSuitesFor(ExternalConnectionType connectionType, List<String> supportedSslCipherSuites)
      Set supported SSL cipher suites for specific type of external connections. Overrides SSL cipher suites set via setSupportedSslCipherSuites(List)
      Parameters:
      connectionType - type of external connections.
      supportedSslCipherSuites - list of supported SSL cipher suites.

    • getSupportedSslCipherSuites

      public List<String> getSupportedSslCipherSuites()
      Get supported SSL cipher suites.
      Returns:
      list of supported SSL cipher suites.

    • getSupportedSslCipherSuitesFor

      public List<String> getSupportedSslCipherSuitesFor(ExternalConnectionType connectionType)
      Get supported SSL cipher suites for specific type of external connections.
      Parameters:
      connectionType - type of external connections.
      Returns:
      list of supported SSL cipher suites.

    • setFullReportNeeded

      @Deprecated public void setFullReportNeeded(boolean isFullReport)
      Deprecated.
      Deprecated for removal. Enabling this feature can, in some cases, produce false negative validation results.
      Set flag if full report needed.
      Parameters:
      isFullReport - needed value.

    • isFullReportNeeded

      @Deprecated public boolean isFullReportNeeded()
      Deprecated.
      Deprecated for removal. Enabling this feature can, in some cases, produce false negative validation results.
      Get flag if full report needed.
      Returns:
      isFullReport needed boolean value.

    • setAllowASN1UnsafeInteger

      public void setAllowASN1UnsafeInteger(boolean isAllowed)
      Set flag if ASN1 Unsafe Integer is Allowed.
      Parameters:
      isAllowed - - True when ASN1 Unsafe Integer is Allowed.

    • isASN1UnsafeIntegerAllowed

      public boolean isASN1UnsafeIntegerAllowed()
      Get flag if ASN1 Unsafe Integer is Allowed.
      Returns:
      isASN1UnsafeIntegerAllowed boolean value.

    • setThreadExecutor

      public void setThreadExecutor(ExecutorService threadExecutor)
      Set thread executor service.
      Parameters:
      threadExecutor - Thread executor service object.

    • getThreadExecutor

      public ExecutorService getThreadExecutor()
      Get thread executor. It can be mull.
      Returns:
      thread executor.

    • setTrustedTerritories

      public void setTrustedTerritories(String... trustedTerritories)
      Set countries and territories (alpha-2 country codes) whom to trust and accept certificates.

      It is possible to accept signatures (and certificates) only from particular countries by filtering trusted territories. Only the TSL (and certificates) from those countries are then downloaded and others are skipped.

      For example, it is possible to trust signatures only from these three countries: Estonia, Latvia and France, and skip all other countries: "EE", "LV", "FR".

      Parameters:
      trustedTerritories - list of alpha-2 country codes.

    • getTrustedTerritories

      public List<String> getTrustedTerritories()
      Get trusted territories.
      Returns:
      list of trusted territories

    • setRequiredTerritories

      public void setRequiredTerritories(String... requiredTerritories)
      Set countries and territories (alpha-2 country codes) whose trusted lists must always be successfully loaded into the TSL.

      This list is used by the default TSL refresh callback. If the trusted list of any of these territories fails to load, then the TSL refresh is considered to have been failed.

      Parameters:
      requiredTerritories - list of alpha-2 country codes.
      See Also:

    • getRequiredTerritories

      public List<String> getRequiredTerritories()
      Get required territories.
      Returns:
      list of required territories
      See Also:

    • setAllowedOcspRespondersForTM

      public void setAllowedOcspRespondersForTM(String... allowedOcspRespondersForTM)
      Set allowed OCSP responders common names for timemark validation. For example: "SK OCSP RESPONDER 2011", "ESTEID-SK OCSP RESPONDER", "KLASS3-SK OCSP RESPONDER".
      Parameters:
      allowedOcspRespondersForTM - list of OCSP responders.

    • getAllowedOcspRespondersForTM

      public List<String> getAllowedOcspRespondersForTM()
      Get allowed OCSP responders for timemark validation.
      Returns:
      ocsp responders list.

    • setMaxAllowedZipCompressionRatio

      public void setMaxAllowedZipCompressionRatio(int maxAllowedZipCompressionRatio)
      Set the maximum ratio of how much are the contents of a ZIP-based container allowed to expand on unpacking before the container is considered harmful.
      Parameters:
      maxAllowedZipCompressionRatio - maximum ratio of how much are the contents of a ZIP-based container allowed to expand
      See Also:

    • getMaxAllowedZipCompressionRatio

      public int getMaxAllowedZipCompressionRatio()
      Get the maximum ratio of how much are the contents of a ZIP-based container allowed to expand on unpacking before the container is considered harmful.
      Returns:
      maximum ratio of how much are the contents of a ZIP-based container allowed to expand
      See Also:

    • setZipCompressionRatioCheckThresholdInBytes

      public void setZipCompressionRatioCheckThresholdInBytes(long zipCompressionRatioCheckThresholdInBytes)
      Set the threshold of how much memory (in bytes) are the unpacked contents of a ZIP-based container allowed to consume before ZIP compression ratio check kicks in.
      Parameters:
      zipCompressionRatioCheckThresholdInBytes - threshold of how much memory are the unpacked contents of a ZIP-based container allowed to consume
      See Also:

    • getZipCompressionRatioCheckThresholdInBytes

      public long getZipCompressionRatioCheckThresholdInBytes()
      Get the threshold of how much memory (in bytes) are the unpacked contents of a ZIP-based container allowed to consume before ZIP compression ratio check kicks in.
      Returns:
      threshold of how much memory are the unpacked contents of a ZIP-based container allowed to consume
      See Also:

    • isTest

      public boolean isTest()
      Returns:
      true when configuration is Configuration.Mode.TEST
      See Also:

    • copy

      public Configuration copy()
      Clones configuration
      Returns:
      new configuration object