org.cesecore.certificates.ca.CAInfo Maven / Gradle / Ivy
/*************************************************************************
* *
* CESeCore: CE Security Core *
* *
* This software is free software; you can redistribute it and/or *
* modify it under the terms of the GNU Lesser General Public *
* License as published by the Free Software Foundation; either *
* version 2.1 of the License, or any later version. *
* *
* See terms of license at gnu.org. *
* *
*************************************************************************/
package org.cesecore.certificates.ca;
import java.io.Serializable;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import org.cesecore.certificates.ca.catoken.CAToken;
import org.cesecore.certificates.ca.extendedservices.ExtendedCAServiceInfo;
import org.cesecore.certificates.certificate.CertificateWrapper;
import org.cesecore.util.CertTools;
import org.cesecore.util.EJBTools;
import org.cesecore.util.SimpleTime;
import org.cesecore.util.StringTools;
/**
* Holds non sensitive information about a CA.
*
* @version $Id: CAInfo.java 30856 2018-12-13 16:56:10Z samuellb $
*/
public abstract class CAInfo implements Serializable {
private static final long serialVersionUID = 2L;
public static final int CATYPE_X509 = 1;
public static final int CATYPE_CVC = 2;
/**
* Constants indicating that the CA is selfsigned.
*/
public static final int SELFSIGNED = 1;
/**
* Constant indicating that the CA is signed by an external CA.
*/
public static final int SIGNEDBYEXTERNALCA = 2;
/**
* Constant indicating where the special caid border is. All CAs with CA id not below this value
* should be created
*/
public static final int SPECIALCAIDBORDER = 10;
protected String subjectdn;
protected int caid;
protected String name;
/** CAConstants.CA_ACTIVE etc, 0 means not defined (i.e. not updated when editing CA) */
protected int status = 0;
protected String encodedValidity;
protected Date expiretime;
protected Date updatetime;
/** CATYPE_X509 or CATYPE_CVC */
protected int catype;
/** A CAId or CAInfo.SELFSIGNED */
protected int signedby;
protected Collection certificatechain;
protected Collection renewedcertificatechain;
protected transient List certificatechainCached;
protected transient Collection renewedcertificatechainCached;
protected CAToken catoken;
protected String description;
protected int revocationReason;
protected Date revocationDate;
protected int certificateprofileid;
protected int defaultCertificateProfileId;
/** Default value 1 day */
protected long crlperiod = 1 * SimpleTime.MILLISECONDS_PER_DAY;
/** Default value 0 */
protected long crlIssueInterval = 0;
/** Default value 10 minutes */
protected long crlOverlapTime = 10 * SimpleTime.MILLISECONDS_PER_MINUTE;
/** Default value 0 = disabled */
protected long deltacrlperiod = 0;
protected Collection crlpublishers;
protected Collection validators;
protected boolean keepExpiredCertsOnCRL = false;
protected boolean finishuser;
protected Collection extendedcaserviceinfos;
protected boolean useNoConflictCertificateData = false; // By Default we use normal certificate data table.
/**
* @deprecated since 6.8.0, where approval settings and profiles became interlinked.
*/
@Deprecated
private Collection approvalSettings;
/**
* @deprecated since 6.8.0, where approval settings and profiles became interlinked.
*/
@Deprecated
private int approvalProfile;
/**
* @deprecated since 6.6.0, use the appropriate approval profile instead
* Needed for a while in order to be able to import old statedumps from 6.5 and earlier
*/
@Deprecated
protected int numOfReqApprovals;
private LinkedHashMap approvals;
protected boolean includeInHealthCheck;
protected boolean doEnforceUniquePublicKeys;
protected boolean doEnforceUniqueDistinguishedName;
protected boolean doEnforceUniqueSubjectDNSerialnumber;
protected boolean useCertReqHistory;
protected boolean useUserStorage;
protected boolean useCertificateStorage;
protected boolean acceptRevocationNonExistingEntry;
/**
* Returns the Subject DN of the CA, that will be used for issuing the CA certificate.
* To get the Subject DN of the latest issued CA certificate, use {@link getLatestSubjectDN}
*/
public String getSubjectDN() {
return subjectdn;
}
public void setSubjectDN(final String subjectDn) {
this.subjectdn = CertTools.stringToBCDNString(StringTools.strip(subjectDn));
}
/**
* Use issuer DN from the latest CA certificate. Might differ from the value from {@link getSubjectDN}.
*/
public String getLatestSubjectDN() {
final Collection certs = getCertificateChain();
final Certificate cacert = !certs.isEmpty() ? certs.iterator().next(): null;
return cacert != null ? CertTools.getSubjectDN(cacert) : null;
}
public int getCAId() {
return this.caid;
}
public void setCAId(final int caid) {
this.caid = caid;
}
public String getName() {
return this.name;
}
public void setName(final String name) {
this.name = name;
}
/** CAConstants.CA_ACTIVE etc, 0 means not defined (i.e. not updated when editing CA) */
public int getStatus() {
return status;
}
public void setStatus(int status) {
this.status = status;
}
/** CAInfo.CATYPE_X509 or CAInfo.CATYPE_CVC */
public int getCAType() {
return catype;
}
public void setCAType(int catype) {
this.catype = catype;
}
public String getCaTypeAsString() {
if (catype == CAInfo.CATYPE_CVC) {
return "CVC";
}
if (catype == CAInfo.CATYPE_X509) {
return "X.509";
}
return String.valueOf(catype);
}
/**
* @return A CAId or CAInfo.SELFSIGNED, CAInfo.SIGNEDBYEXTERNALCA etc
*/
public int getSignedBy() {
return signedby;
}
public void setSignedBy(int signedby) {
this.signedby = signedby;
}
public void setEncodedValidity(String encodedValidity) {
this.encodedValidity = encodedValidity;
}
public String getEncodedValidity() {
return encodedValidity;
}
public Date getExpireTime() {
return this.expiretime;
}
public void setExpireTime(final Date expiretime) {
this.expiretime = expiretime;
}
public Date getUpdateTime() {
return this.updatetime;
}
public void setUpdateTime(final Date updatetime) {
this.updatetime = updatetime;
}
/** Retrieves the certificate chain for the CA. The returned certificate chain MUST have the
* RootCA certificate in the last position and the CAs certificate in the first.
*/
public List getCertificateChain() {
if (certificatechain == null) {
return null;
}
if (certificatechainCached == null) {
certificatechainCached = EJBTools.unwrapCertCollection(certificatechain);
}
return certificatechainCached;
}
public void setCertificateChain(List certificatechain) {
this.certificatechainCached = certificatechain;
this.certificatechain = EJBTools.wrapCertCollection(certificatechain);
}
public Collection getRenewedCertificateChain() {
if (renewedcertificatechain == null) {
return null;
}
if (renewedcertificatechainCached == null) {
renewedcertificatechainCached = EJBTools.unwrapCertCollection(renewedcertificatechain);
}
return renewedcertificatechainCached;
}
public void setRenewedCertificateChain(Collection certificatechain) {
this.renewedcertificatechainCached = certificatechain;
this.renewedcertificatechain = EJBTools.wrapCertCollection(certificatechain);
}
public CAToken getCAToken() {
return this.catoken;
}
public void setCAToken(CAToken catoken) {
this.catoken = catoken;
}
public String getDescription() {
return this.description;
}
public void setDescription(String description) {
this.description = description;
}
public int getRevocationReason() {
return this.revocationReason;
}
public void setRevocationReason(final int revocationReason) {
this.revocationReason = revocationReason;
}
public Date getRevocationDate() {
return this.revocationDate;
}
public void setRevocationDate(final Date revocationDate) {
this.revocationDate = revocationDate;
}
public void setCertificateProfileId(int _certificateprofileid) {
this.certificateprofileid = _certificateprofileid;
}
/** @return the ID of the certificate profile for this CA */
public int getCertificateProfileId() {
return this.certificateprofileid;
}
/** @return the id of default cetificate profile for certificates this CA issues */
public int getDefaultCertificateProfileId() {
return defaultCertificateProfileId;
}
public void setDefaultCertificateProfileId(int defaultCertificateProfileId) {
this.defaultCertificateProfileId = defaultCertificateProfileId;
}
public long getCRLPeriod() {
return crlperiod;
}
public void setCRLPeriod(long crlperiod) {
this.crlperiod = crlperiod;
}
public long getDeltaCRLPeriod() {
return deltacrlperiod;
}
public void setDeltaCRLPeriod(long deltacrlperiod) {
this.deltacrlperiod = deltacrlperiod;
}
public long getCRLIssueInterval() {
return crlIssueInterval;
}
public void setCRLIssueInterval(long crlissueinterval) {
this.crlIssueInterval = crlissueinterval;
}
public long getCRLOverlapTime() {
return crlOverlapTime;
}
public void setCRLOverlapTime(long crloverlaptime) {
this.crlOverlapTime = crloverlaptime;
}
public Collection getCRLPublishers() {
return crlpublishers;
}
public void setCRLPublishers(Collection crlpublishers) {
this.crlpublishers = crlpublishers;
}
public Collection getValidators() {
if (validators == null) {
// Make sure we never return null for upgraded CAs, avoiding possible NPE
return new ArrayList();
}
return validators;
}
public void setValidators(Collection validators) {
this.validators = validators;
}
public boolean getKeepExpiredCertsOnCRL() {
return this.keepExpiredCertsOnCRL;
}
public void setKeepExpiredCertsOnCRL(boolean keepExpiredCertsOnCRL) {
this.keepExpiredCertsOnCRL = keepExpiredCertsOnCRL;
}
public boolean getFinishUser() {
return finishuser;
}
public void setFinishUser(boolean finishuser) {
this.finishuser = finishuser;
}
public boolean getIncludeInHealthCheck() {
return this.includeInHealthCheck;
}
public void setIncludeInHealthCheck(boolean includeInHealthCheck) {
this.includeInHealthCheck = includeInHealthCheck;
}
/** Lists the extended CA services.
*
* @return Collection of ExtendedCAServiceInfo
*/
public Collection getExtendedCAServiceInfos() {
return this.extendedcaserviceinfos;
}
public void setExtendedCAServiceInfos(Collection extendedcaserviceinfos) {
this.extendedcaserviceinfos = extendedcaserviceinfos;
}
/**
*
* @return a map of approvals, mapped as approval setting (as defined in this class) : approval profile ID. Never returns null.
*/
public Map getApprovals() {
return approvals;
}
public void setApprovals(Map approvals) {
if(approvals == null) {
approvals = new LinkedHashMap();
}
this.approvals = new LinkedHashMap(approvals);
}
/**
* Returns the ID of an approval profile
*
* @deprecated since 6.8.0. Use getApprovals() instead;
*/
@Deprecated
public int getApprovalProfile() {
return approvalProfile;
}
/**
* Sets the ID of an approval profile.
*
* @deprecated since 6.8.0. Use setApprovals() instead;
*/
@Deprecated
public void setApprovalProfile(final int approvalProfileID) {
this.approvalProfile = approvalProfileID;
}
/**
* Returns a collection of Integers (CAInfo.REQ_APPROVAL_ constants) of which
* action that requires approvals, default none
*
* Never null
*
* @deprecated since 6.8.0. Use getApprovals() instead;
*/
@Deprecated
public Collection getApprovalSettings() {
return approvalSettings;
}
/**
* Collection of Integers (CAInfo.REQ_APPROVAL_ constants) of which
* action that requires approvals
*
* @deprecated since 6.8.0. Use getApprovals() instead;
*/
@Deprecated
public void setApprovalSettings(Collection approvalSettings) {
this.approvalSettings = approvalSettings;
}
/**
* @return true if the NoConflictCertificateData used.
*/
public boolean isUseNoConflictCertificateData() {
return this.useNoConflictCertificateData;
}
/**
* @param useNoConflictCertificateData true means that the NoConflictCertificateData will be used instead of CertificateData.
*/
public void setUseNoConflictCertificateData(final boolean useNoConflictCertificateData) {
this.useNoConflictCertificateData = useNoConflictCertificateData;
}
/**
* @return true if the UserData used to issue a certificate should be kept in the database.
*/
public boolean isUseCertReqHistory() {
return this.useCertReqHistory;
}
/**
* @param useCertReqHistory true means that the UserData used at the time of certificate issuance should be kept in the database.
*/
public void setUseCertReqHistory(boolean useCertReqHistory) {
this.useCertReqHistory = useCertReqHistory;
}
/** @return true if the UserData used to issue a certificate should be kept in the database. */
public boolean isUseUserStorage() {
return this.useUserStorage;
}
/** @param useUserStorage true means that the latest UserData used to issue a certificate should be kept in the database. */
public void setUseUserStorage(boolean useUserStorage) {
this.useUserStorage = useUserStorage;
}
/** @return true if the issued certificate should be kept in the database. */
public boolean isUseCertificateStorage() {
return this.useCertificateStorage;
}
/** @param useCertificateStorage true means that the issued certificate should be kept in the database. */
public void setUseCertificateStorage(boolean useCertificateStorage) {
this.useCertificateStorage = useCertificateStorage;
}
/** @return true if revocation for non existing entries is accepted */
public boolean isAcceptRevocationNonExistingEntry() {
return acceptRevocationNonExistingEntry;
}
/** @param acceptRevocationNonExistingEntry true means that revocation for non existing entry is accepted. */
public void setAcceptRevocationNonExistingEntry(boolean acceptRevocationNonExistingEntry) {
this.acceptRevocationNonExistingEntry = acceptRevocationNonExistingEntry;
}
/**
* @return answer this: should this CA issue certificates to only one user with certificates from one specific key.
*/
public boolean isDoEnforceUniquePublicKeys() {
return this.doEnforceUniquePublicKeys;
}
/**
* @param doEnforceUniquePublicKeys
*/
public void setDoEnforceUniquePublicKeys(boolean doEnforceUniquePublicKeys) {
this.doEnforceUniquePublicKeys = doEnforceUniquePublicKeys;
}
/**
* @return answer this: should this CA issue certificates to only one user of a specific subjectDN serialnumber.
*/
public boolean isDoEnforceUniqueSubjectDNSerialnumber() {
return this.doEnforceUniqueSubjectDNSerialnumber;
}
/**
* @param doEnforceUniqueSubjectDNSerialnumber
*/
public void setDoEnforceUniqueSubjectDNSerialnumber(boolean doEnforceUniqueSubjectDNSN) {
this.doEnforceUniqueSubjectDNSerialnumber = doEnforceUniqueSubjectDNSN;
}
/**
* @param doEnforceUniqueDistinguishedName
*/
public void setDoEnforceUniqueDistinguishedName(boolean doEnforceUniqueDistinguishedName) {
this.doEnforceUniqueDistinguishedName = doEnforceUniqueDistinguishedName;
}
/**
* @return answer this: should this CA issue certificates to only one user with certificates with a specific subject DN.
*/
public boolean isDoEnforceUniqueDistinguishedName() {
return this.doEnforceUniqueDistinguishedName;
}
}