TrustValidatorDecorator.java

  1. /*
  2.  * Java Trust Project.
  3.  * Copyright (C) 2011 FedICT.
  4.  * Copyright (C) 2014-2023 e-Contract.be BV.
  5.  *
  6.  * This is free software; you can redistribute it and/or modify it
  7.  * under the terms of the GNU Lesser General Public License version
  8.  * 3.0 as published by the Free Software Foundation.
  9.  *
  10.  * This software is distributed in the hope that it will be useful,
  11.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  13.  * Lesser General Public License for more details.
  14.  *
  15.  * You should have received a copy of the GNU Lesser General Public
  16.  * License along with this software; if not, see 
  17.  * http://www.gnu.org/licenses/.
  18.  */

  20. package be.fedict.trust;

  22. import be.fedict.trust.crl.CachedCrlRepository;
  23. import be.fedict.trust.crl.CrlRepository;
  24. import be.fedict.trust.crl.CrlTrustLinker;
  25. import be.fedict.trust.crl.OnlineCrlRepository;
  26. import be.fedict.trust.ext.CriticalExtensionTrustLinker;
  27. import be.fedict.trust.linker.AlwaysTrustTrustLinker;
  28. import be.fedict.trust.linker.FallbackTrustLinker;
  29. import be.fedict.trust.linker.PublicKeyTrustLinker;
  30. import be.fedict.trust.linker.TrustLinker;
  31. import be.fedict.trust.ocsp.OcspTrustLinker;
  32. import be.fedict.trust.ocsp.OnlineOcspRepository;

  34. /**
  35.  * Trust Validator Decorator. This class helps to configure trust validators.
  36.  * 
  37.  * @author Frank Cornelis
  38.  * 
  39.  */
  40. public class TrustValidatorDecorator {

  42.     private final NetworkConfig networkConfig;

  44.     /**
  45.      * Main constructor.
  46.      * 
  47.      * @param networkConfig the network configuration to be used. Can be
  48.      *                      <code>null</code> .
  49.      */
  50.     public TrustValidatorDecorator(NetworkConfig networkConfig) {
  51.         this.networkConfig = networkConfig;
  52.     }

  54.     /**
  55.      * Convenience constructor.
  56.      */
  57.     public TrustValidatorDecorator() {
  58.         this(null);
  59.     }

  61.     /**
  62.      * Adds a default trust linker configuration to a given trust validator.
  63.      * 
  64.      * @param trustValidator      the trust validator to be configured.
  65.      * @param externalTrustLinker optional additional trust linker.
  66.      */
  67.     public void addDefaultTrustLinkerConfig(TrustValidator trustValidator, TrustLinker externalTrustLinker) {
  68.         addDefaultTrustLinkerConfig(trustValidator, externalTrustLinker, false);
  69.     }

  71.     /**
  72.      * Adds a default trust linker configuration to a given trust validator.
  73.      * 
  74.      * @param trustValidator      the trust validator to be configured.
  75.      * @param externalTrustLinker optional additional trust linker.
  76.      * @param noOcsp              set to <code>true</code> to avoid OCSP validation.
  77.      */
  78.     public void addDefaultTrustLinkerConfig(TrustValidator trustValidator, TrustLinker externalTrustLinker,
  79.             boolean noOcsp) {
  80.         addDefaultTrustLinkerConfig(trustValidator, externalTrustLinker, noOcsp, null);
  81.     }

  83.     /**
  84.      * Adds a default trust linker configuration to a given trust validator.
  85.      * 
  86.      * @param trustValidator      the trust validator to be configured.
  87.      * @param externalTrustLinker optional additional trust linker.
  88.      * @param noOcsp              set to <code>true</code> to avoid OCSP validation.
  89.      * @param crlRepository       the optional CRL repository to use.
  90.      */
  91.     public void addDefaultTrustLinkerConfig(TrustValidator trustValidator, TrustLinker externalTrustLinker,
  92.             boolean noOcsp, CrlRepository crlRepository) {
  93.         trustValidator.addTrustLinker(new PublicKeyTrustLinker());
  94.         trustValidator.addTrustLinker(new CriticalExtensionTrustLinker());

  96.         OnlineOcspRepository ocspRepository = new OnlineOcspRepository(this.networkConfig);

  98.         if (null == crlRepository) {
  99.             OnlineCrlRepository onlineCrlRepository = new OnlineCrlRepository(this.networkConfig);
  100.             crlRepository = new CachedCrlRepository(onlineCrlRepository);
  101.         }

  103.         FallbackTrustLinker fallbackTrustLinker = new FallbackTrustLinker();
  104.         if (null != externalTrustLinker) {
  105.             fallbackTrustLinker.addTrustLinker(externalTrustLinker);
  106.         }
  107.         if (false == noOcsp) {
  108.             fallbackTrustLinker.addTrustLinker(new OcspTrustLinker(ocspRepository));
  109.         }
  110.         fallbackTrustLinker.addTrustLinker(new CrlTrustLinker(crlRepository));

  112.         trustValidator.addTrustLinker(fallbackTrustLinker);
  113.     }

  115.     /**
  116.      * Adds a default trust linker configuration to a given trust validator.
  117.      * 
  118.      * @param trustValidator the trust validator to be configured.
  119.      */
  120.     public void addDefaultTrustLinkerConfig(TrustValidator trustValidator) {
  121.         addDefaultTrustLinkerConfig(trustValidator, null);
  122.     }

  124.     /**
  125.      * Adds a trust linker configuration to be used to validate already expired
  126.      * certificates. Please notice that this configuration will not perform any
  127.      * verification on the revocation status of the certificates.
  128.      * 
  129.      * @param trustValidator the trust validator to be configured.
  130.      */
  131.     public void addTrustLinkerConfigWithoutRevocationStatus(TrustValidator trustValidator) {
  132.         trustValidator.addTrustLinker(new PublicKeyTrustLinker(true));
  133.         trustValidator.addTrustLinker(new AlwaysTrustTrustLinker());
  134.         trustValidator.addTrustLinker(new CriticalExtensionTrustLinker());
  135.     }
  136. }
Created with JaCoCo 0.8.9.202303310957