certificateprofile.java

一个免费的CA,基于EJB平台的,老师叫我们测试,现把之共享出来让大家参考

/*************************************************************************
 *                                                                       *
 *  EJBCA: The OpenSource Certificate Authority                          *
 *                                                                       *
 *  This software is free software; you can redistribute it and/or       *
 *  modify it under the terms of the GNU Lesser General Public           *
 *  License as published by the Free Software Foundation; either         *
 *  version 2.1 of the License, or any later version.                    *
 *                                                                       *
 *  See terms of license at gnu.org.                                     *
 *                                                                       *
 *************************************************************************/
 
package org.ejbca.core.model.ca.certificateprofiles;

import java.io.Serializable;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;

import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.ejbca.core.ejb.ca.store.CertificateDataBean;
import org.ejbca.core.model.InternalResources;
import org.ejbca.core.model.UpgradeableDataHashMap;
import org.ejbca.util.dn.DNFieldExtractor;


/**
 * CertificateProfile is a basic class used to customize a certificate
 * configuration or be inherited by fixed certificate profiles.
 *
 * @version $Id: CertificateProfile.java,v 1.19 2007/01/16 11:43:26 anatom Exp $
 */
public class CertificateProfile extends UpgradeableDataHashMap implements Serializable, Cloneable {
    private static final Logger log = Logger.getLogger(CertificateProfile.class);
    /** Internal localization of logs and errors */
    private static final InternalResources intres = InternalResources.getInstance();

    // Default Values
    public static final float LATEST_VERSION = (float) 20.0;

    /**
     * Determines if a de-serialized file is compatible with this class.
     *
     * Maintainers must change this value if and only if the new version
     * of this class is not compatible with old versions. See Sun docs
     * for <a href=http://java.sun.com/products/jdk/1.1/docs/guide
     * /serialization/spec/version.doc.html> details. </a>
     *
     */
    private static final long serialVersionUID = -8069608639716545203L;

    /** KeyUsage constants */
    public static final int DIGITALSIGNATURE = 0;
    public static final int NONREPUDIATION   = 1;
    public static final int KEYENCIPHERMENT  = 2;
    public static final int DATAENCIPHERMENT = 3;
    public static final int KEYAGREEMENT     = 4;
    public static final int KEYCERTSIGN      = 5;
    public static final int CRLSIGN          = 6;
    public static final int ENCIPHERONLY     = 7;
    public static final int DECIPHERONLY     = 8;

    /** Extended key usage constants */
    public static final int ANYEXTENDEDKEYUSAGE = 0;
    public static final int SERVERAUTH          = 1;
    public static final int CLIENTAUTH          = 2;
    public static final int CODESIGNING         = 3;
    public static final int EMAILPROTECTION     = 4;
    public static final int IPSECENDSYSTEM      = 5;
    public static final int IPSECTUNNEL         = 6;
    public static final int IPSECUSER           = 7;
    public static final int TIMESTAMPING        = 8;
    public static final int SMARTCARDLOGON      = 9;
	public static final int OCSPSIGNING         = 10;
	
    public static final String[] EXTENDEDKEYUSAGEOIDSTRINGS = {"1.3.6.1.5.5.7.3.0", "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3", "1.3.6.1.5.5.7.3.4",
                                                              "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6", "1.3.6.1.5.5.7.3.7", "1.3.6.1.5.5.7.3.8", "1.3.6.1.4.1.311.20.2.2", "1.3.6.1.5.5.7.3.9"};

	/** Microsoft Template Constants */
	public static final String MSTEMPL_DOMAINCONTROLLER  = "DomainController";
	
	public static final String[] AVAILABLE_MSTEMPLATES = {MSTEMPL_DOMAINCONTROLLER};
    
    public static final String TRUE  = "true";
    public static final String FALSE = "false";

    public static final int TYPE_ENDENTITY  = CertificateDataBean.CERTTYPE_ENDENTITY;
    public static final int TYPE_SUBCA      = CertificateDataBean.CERTTYPE_SUBCA;
    public static final int TYPE_ROOTCA     = CertificateDataBean.CERTTYPE_ROOTCA;
    public static final int NUMBER_OF_TYPES = 3;

    /** Supported certificate versions. */
    public static final String VERSION_X509V3 = "X509v3";
    public static final String CERTIFICATEPROFILENAME =  "CUSTOM";
    
    /** Constant indicating that any CA can be used with this certificate profile.*/
    public static final int ANYCA = -1;

    /** Contant holding the default available bit lengths for certificate profiles */
    public static final int[] DEFAULTBITLENGTHS= {0,192,239,256,384,512,1024,2048,4096};
    
    // protected fields.
    protected static final String CERTVERSION                    = "certversion";
    protected static final String VALIDITY                       = "validity";
    protected static final String ALLOWVALIDITYOVERRIDE          = "allowvalidityoverride";
    protected static final String USEBASICCONSTRAINTS            = "usebasicconstrants";
    protected static final String BASICCONSTRAINTSCRITICAL       = "basicconstraintscritical";
    protected static final String USEKEYUSAGE                    = "usekeyusage";
    protected static final String KEYUSAGECRITICAL               = "keyusagecritical";
    protected static final String USESUBJECTKEYIDENTIFIER        = "usesubjectkeyidentifier";
    protected static final String SUBJECTKEYIDENTIFIERCRITICAL   = "subjectkeyidentifiercritical";
    protected static final String USEAUTHORITYKEYIDENTIFIER      = "useauthoritykeyidentifier";
    protected static final String AUTHORITYKEYIDENTIFIERCRITICAL = "authoritykeyidentifiercritical";
    protected static final String USECRLNUMBER                   = "usecrlnumber";
    protected static final String CRLNUMBERCRITICAL              = "crlnumbercritical";
    protected static final String USESUBJECTALTERNATIVENAME      = "usesubjectalternativename";
    protected static final String SUBJECTALTERNATIVENAMECRITICAL = "subjectalternativenamecritical";
    protected static final String USECRLDISTRIBUTIONPOINT        = "usecrldistributionpoint";
    protected static final String USEDEFAULTCRLDISTRIBUTIONPOINT = "usedefaultcrldistributionpoint";
    protected static final String CRLDISTRIBUTIONPOINTCRITICAL   = "crldistributionpointcritical";
    protected static final String CRLDISTRIBUTIONPOINTURI        = "crldistributionpointuri";
    protected static final String CRLISSUER                      = "crlissuer";
    protected static final String USECERTIFICATEPOLICIES         = "usecertificatepolicies";
    protected static final String CERTIFICATEPOLICIESCRITICAL    = "certificatepoliciescritical";
    protected static final String CERTIFICATEPOLICYID            = "certificatepolicyid";
    /** Policy Notice Url to CPS field alias in the data structure */
    protected static final String POLICY_NOTICE_CPS_URL 		 = "policynoticecpsurl";    
    /** Policy Notice User Notice field alias in the data structure */
    protected static final String POLICY_NOTICE_UNOTICE_TEXT 	 = "policynoticeunoticetext";
    protected static final String AVAILABLEBITLENGTHS            = "availablebitlengths";
    protected static final String KEYUSAGE                       = "keyusage";
    protected static final String MINIMUMAVAILABLEBITLENGTH      = "minimumavailablebitlength";
    protected static final String MAXIMUMAVAILABLEBITLENGTH      = "maximumavailablebitlength";
    public    static final String TYPE                           = "type";
    protected static final String ALLOWKEYUSAGEOVERRIDE          = "allowkeyusageoverride";
    protected static final String USEEXTENDEDKEYUSAGE            = "useextendedkeyusage";
    protected static final String EXTENDEDKEYUSAGE               = "extendedkeyusage";
    protected static final String EXTENDEDKEYUSAGECRITICAL       = "extendedkeyusagecritical";
    protected static final String AVAILABLECAS                   = "availablecas";
    protected static final String USEDPUBLISHERS                 = "usedpublishers";         
	protected static final String USEOCSPSERVICELOCATOR          = "useocspservicelocator";
	protected static final String USEDEFAULTOCSPSERVICELOCATOR   = "usedefaultocspservicelocator";	
	protected static final String OCSPSERVICELOCATORURI          = "ocspservicelocatoruri";
	protected static final String USEMICROSOFTTEMPLATE           = "usemicrosofttemplate";
	protected static final String MICROSOFTTEMPLATE              = "microsofttemplate";
	protected static final String USECNPOSTFIX                   = "usecnpostfix";
	protected static final String CNPOSTFIX                      = "cnpostfix";	
	protected static final String USESUBJECTDNSUBSET             = "usesubjectdnsubset";
	protected static final String SUBJECTDNSUBSET                = "subjectdnsubset";
	protected static final String USESUBJECTALTNAMESUBSET        = "usesubjectaltnamesubset";
	protected static final String SUBJECTALTNAMESUBSET           = "subjectaltnamesubset";
	protected static final String USEPATHLENGTHCONSTRAINT        = "usepathlengthconstraint";
	protected static final String PATHLENGTHCONSTRAINT           = "pathlengthconstraint";
    protected static final String USEQCSTATEMENT                 = "useqcstatement";
    protected static final String USEPKIXQCSYNTAXV2              = "usepkixqcsyntaxv2";
    protected static final String QCSTATEMENTCRITICAL            = "useqcstatementcritical";
    protected static final String QCSTATEMENTRANAME              = "useqcstatementraname";
    protected static final String QCSSEMANTICSID                 = "useqcsematicsid";
    protected static final String USEQCETSIQCCOMPLIANCE          = "useqcetsiqccompliance";
    protected static final String USEQCETSIVALUELIMIT            = "useqcetsivaluelimit";
    protected static final String QCETSIVALUELIMIT               = "qcetsivaluelimit";
    protected static final String QCETSIVALUELIMITEXP            = "qcetsivaluelimitexp";
    protected static final String QCETSIVALUELIMITCURRENCY       = "qcetsivaluelimitcurrency";
    protected static final String USEQCETSISIGNATUREDEVICE       = "useqcetsisignaturedevice";
    protected static final String USEQCCUSTOMSTRING              = "useqccustomstring";
    protected static final String QCCUSTOMSTRINGOID              = "qccustomstringoid";
    protected static final String QCCUSTOMSTRINGTEXT             = "qccustomstringtext";
    protected static final String USESUBJECTDIRATTRIBUTES        = "usesubjectdirattributes";
    protected static final String USEDCERTIFICATEEXTENSIONS      = "usedcertificateextensions";
     
    // Public Methods

    /**
     * Creates a new instance of CertificateProfile
     * 
     * These settings are general for all sub-profiles, only differing values are overridden
     * in the sub-profiles. If changing any present value here you must therefore go through all
     * sub-profiles and add an override there.
     * I.e. only add new values here, don't change any present settings.
     */
    public CertificateProfile() {
      setCertificateVersion(VERSION_X509V3);
      setValidity(730);
      setAllowValidityOverride(false);

      setUseBasicConstraints(true);
      setBasicConstraintsCritical(true);

      setUseSubjectKeyIdentifier(true);
      setSubjectKeyIdentifierCritical(false);

      setUseAuthorityKeyIdentifier(true);
      setAuthorityKeyIdentifierCritical(false);

      setUseSubjectAlternativeName(true);
      setSubjectAlternativeNameCritical(false);

      setUseCRLDistributionPoint(false);
      setUseDefaultCRLDistributionPoint(false);
      setCRLDistributionPointCritical(false);
      setCRLDistributionPointURI("");

      setUseCertificatePolicies(false);
      setCertificatePoliciesCritical(false);
      setCertificatePolicyId("2.5.29.32.0");
      setCpsUrl("");
      setUserNoticeText("");

      setType(TYPE_ENDENTITY);

      
      setAvailableBitLengths(DEFAULTBITLENGTHS);

      setUseKeyUsage(true);
      setKeyUsage(new boolean[9]);
      setAllowKeyUsageOverride(true);
      setKeyUsageCritical(true);

      setUseExtendedKeyUsage(false);
      setExtendedKeyUsage(new ArrayList());
      setExtendedKeyUsageCritical(false);

      ArrayList availablecas = new ArrayList();
      availablecas.add(new Integer(ANYCA));
      setAvailableCAs(availablecas);
      
      setPublisherList(new ArrayList());
      
	  setUseOCSPServiceLocator(false);	  
	  setUseDefaultOCSPServiceLocator(false);
	  setOCSPServiceLocatorURI("");

	  setUseMicrosoftTemplate(false);	  
	  setMicrosoftTemplate("");
	  
	  setUseCNPostfix(false);
	  setCNPostfix("");
	  
	  setUseSubjectDNSubSet(false);
	  setSubjectDNSubSet(new ArrayList());
	  setUseSubjectAltNameSubSet(false);
	  setSubjectAltNameSubSet(new ArrayList());
	  
	  setUsePathLengthConstraint(false);
	  setPathLengthConstraint(0);
	  
      setUseQCStatement(false);
      setUsePkixQCSyntaxV2(false);
      setQCStatementCritical(false);
      setQCStatementRAName(null);
      setQCSemanticsId(null);
      setUseQCEtsiQCCompliance(false);
      setUseQCEtsiSignatureDevice(false);
      setUseQCEtsiValueLimit(false);
      setQCEtsiValueLimit(0);
      setQCEtsiValueLimitExp(0);
      setQCEtsiValueLimitCurrency(null);
      setUseQCCustomString(false);
      setQCCustomStringOid(null);
      setQCCustomStringText(null);
      
      setUseSubjectDirAttributes(false);
      
      setUsedCertificateExtensions(new ArrayList());
      
    }



	// Public Methods.
    /** Returns the version of the certificate, should be one of the VERSION_ constants defined in CertificateProfile class. */
    public String getCertificateVersion(){return (String) data.get(CERTVERSION);}
	/**
	* Returns the version of the certificate, should be one of the VERSION_ constants defined in
	* CertificateProfile class.
	*
	* @return DOCUMENT ME!
	*/
    public void setCertificateVersion(String version){data.put(CERTVERSION,version);}

    public long getValidity(){return ((Long)data.get(VALIDITY)).longValue();}
    public void setValidity(long validity) { data.put(VALIDITY,new Long(validity));}

    public boolean getAllowValidityOverride(){ return ((Boolean)data.get(ALLOWVALIDITYOVERRIDE)).booleanValue(); }
    public void setAllowValidityOverride(boolean allowvalidityoverride) {data.put(ALLOWVALIDITYOVERRIDE, Boolean.valueOf(allowvalidityoverride));}

    public boolean getUseBasicConstraints(){ return ((Boolean)data.get(USEBASICCONSTRAINTS)).booleanValue(); }
    public void setUseBasicConstraints(boolean usebasicconstraints) {data.put(USEBASICCONSTRAINTS, Boolean.valueOf(usebasicconstraints));}

    public boolean getBasicConstraintsCritical(){ return ((Boolean) data.get(BASICCONSTRAINTSCRITICAL)).booleanValue(); }
    public void setBasicConstraintsCritical(boolean basicconstraintscritical) { data.put(BASICCONSTRAINTSCRITICAL, Boolean.valueOf(basicconstraintscritical));}

    public boolean getUseKeyUsage(){ return ((Boolean) data.get(USEKEYUSAGE)).booleanValue(); }
    public void setUseKeyUsage(boolean usekeyusage) { data.put(USEKEYUSAGE, Boolean.valueOf(usekeyusage));}

    public boolean getKeyUsageCritical(){ return ((Boolean) data.get(KEYUSAGECRITICAL)).booleanValue(); }
    public void setKeyUsageCritical(boolean keyusagecritical) { data.put(KEYUSAGECRITICAL, Boolean.valueOf(keyusagecritical));}

    public boolean getUseSubjectKeyIdentifier(){ return ((Boolean) data.get(USESUBJECTKEYIDENTIFIER)).booleanValue(); }
    public void setUseSubjectKeyIdentifier(boolean usesubjectkeyidentifier) { data.put(USESUBJECTKEYIDENTIFIER, Boolean.valueOf(usesubjectkeyidentifier));}

    public boolean getSubjectKeyIdentifierCritical(){ return ((Boolean) data.get(SUBJECTKEYIDENTIFIERCRITICAL)).booleanValue(); }
    public void setSubjectKeyIdentifierCritical(boolean subjectkeyidentifiercritical) { data.put(SUBJECTKEYIDENTIFIERCRITICAL, Boolean.valueOf(subjectkeyidentifiercritical));}