org.jscep.response.Capabilities Maven / Gradle / Ivy

Go to download
/*
 * Copyright (c) 2009-2010 David Grant
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 * THE SOFTWARE.
 */
package org.jscep.response;

import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.util.EnumSet;
import java.util.logging.Logger;

import javax.crypto.Cipher;

import org.jscep.util.LoggingUtil;


/**
 * This class represents a set of capabilities for a particular
 * SCEP server.
 * 
 * @author David Grant
 */
public class Capabilities {
	private static Logger LOGGER = LoggingUtil.getLogger(Capabilities.class);
	private EnumSet capabilities;

	/**
	 * Constructs a new instance of this class with the specified
	 * capabilities.
	 * 
	 * @param capabilities the capabilities.
	 */
	public Capabilities(Capability... capabilities) {
		this.capabilities = EnumSet.noneOf(Capability.class);

		for (Capability capability : capabilities) {
			this.capabilities.add(capability);
		}
	}
	
	/**
	 * Add the provided capability to this capabilities set.
	 * 
	 * @param capability the capability to add.
	 */
	public void add(Capability capability) {
		capabilities.add(capability);
	}
	
	/**
	 * Returns true if the server supports the provided
	 * Capability, false otherwise.
	 * 
	 * @param capability the capability to test for.
	 * @return true if the server supports the provided
	 * 	Capability, false otherwise.
	 */
	public boolean contains(Capability capability) {
		return capabilities.contains(capability);
	}
	
	/**
	 * Returns true if POST is supported, false otherwise.
	 *  
	 * @return true if POST is supported, false otherwise.
	 */
	public boolean isPostSupported() {
		return capabilities.contains(Capability.POST_PKI_OPERATION);
	}
	
	/**
	 * Returns true if retrieval of the next CA is supported, false otherwise.
	 *  
	 * @return true if retrieval of the next CA is supported, false otherwise.
	 */
	public boolean isRolloverSupported() {
		return capabilities.contains(Capability.GET_NEXT_CA_CERT);
	}
	
	/**
	 * Returns true if certificate renewal is supported, false otherwise.
	 *  
	 * @return true if certificate renewal is supported, false otherwise.
	 */
	public boolean isRenewalSupported() {
		return capabilities.contains(Capability.RENEWAL);
	}
	
	/**
	 * Returns the strongest cipher algorithm supported by the server and client.
	 * 
	 * The algorithms are ordered thus:
	 * 

	 *     DESede ("Triple DES")
	 *     DES
	 * 
	 * 
	 * @return the strongest cipher algorithm supported by the server and client.
	 */
	public String getStrongestCipher() {
		LOGGER.entering(getClass().getName(), "getStrongestCipher");

		final String cipher;
		if (cipherExists("DESede") && capabilities.contains(Capability.TRIPLE_DES)) {
			cipher = "DESede";
		} else {
			cipher = "DES";
		}
		
		LOGGER.exiting(getClass().getName(), "getStrongestCipher", cipher);
		return cipher;
	}
	
	private boolean cipherExists(String cipher) {
		try {
			Cipher.getInstance(cipher);
			return true;
		} catch (GeneralSecurityException e) {
			return false;
		}
	}
	
	/**
	 * Returns the strongest message digest algorithm supported by the server and client.
	 * 
	 * The algorithms are ordered thus:
	 * 

	 *     SHA-512
	 *     SHA-256
	 *     SHA-1
	 *     MD5
	 * 
	 * 
	 * @return the strongest message digest algorithm supported by the server and client.
	 */
	public String getStrongestMessageDigest() {
		final String digest;
		if (digestExists("SHA-512") && capabilities.contains(Capability.SHA_512)) {
			digest = "SHA-512";
		} else if (digestExists("SHA-256") && capabilities.contains(Capability.SHA_256)) {
			digest = "SHA-256";
		} else if (digestExists("SHA-1") && capabilities.contains(Capability.SHA_1)) {
			digest = "SHA-1";
		} else {
			digest = "MD5";
		}
		
		LOGGER.exiting(getClass().getName(), "getStrongestMessageDigest()", digest);
		return digest;
	}
	
	private boolean digestExists(String digest) {
		try {
			MessageDigest.getInstance(digest);
			return true;
		} catch (GeneralSecurityException e) {
			return false;
		}
	}
	
	/**
	 * {@inheritDoc}
	 */
	@Override
	public String toString() {
		return capabilities.toString();
	}
}