org.opensaml.security.x509

Class PKIXValidationOptions

java.lang.Object

org.opensaml.security.x509.PKIXValidationOptions

Direct Known Subclasses:

CertPathPKIXValidationOptions

public class PKIXValidationOptions
extends Object

Options which may be supplied to influence the processing behavior of a PKIXTrustEvaluator.

Constructor Summary

Constructors

Constructor and Description
PKIXValidationOptions() Constructor.

Method Summary

Modifier and Type	Method and Description
Integer	getDefaultVerificationDepth() The default PKIX maximum path verification depth, if not supplied in the PKIXValidationInformation being evaluated.
boolean	isProcessCredentialCRLs() Whether CRLs supplied within the untrusted X509Credential being evaluated should be processed.
boolean	isProcessEmptyCRLs() Whether empty CRLs should be processed.
boolean	isProcessExpiredCRLs() Whether expired CRLs should be processed.
void	setDefaultVerificationDepth(Integer depth) The default PKIX maximum path verification depth, if not supplied in the PKIXValidationInformation being evaluated.
void	setProcessCredentialCRLs(boolean flag) Whether CRLs supplied within the untrusted X509Credential being evaluated should be processed.
void	setProcessEmptyCRLs(boolean flag) Whether empty CRLs should be processed.
void	setProcessExpiredCRLs(boolean flag) Whether expired CRLs should be processed.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PKIXValidationOptions

public PKIXValidationOptions()

Constructor.

Method Detail

isProcessEmptyCRLs

public boolean isProcessEmptyCRLs()

Whether empty CRLs should be processed.

Default is: true

Returns:

whether empty CRLs should be processed

setProcessEmptyCRLs

public void setProcessEmptyCRLs(boolean flag)

Whether empty CRLs should be processed.

Default is: true

Parameters:

flag - whether to process empty CRLs

isProcessExpiredCRLs

public boolean isProcessExpiredCRLs()

Whether expired CRLs should be processed.

Default is: true

Returns:

whether expired CRLs should be processsed

setProcessExpiredCRLs

public void setProcessExpiredCRLs(boolean flag)

Whether expired CRLs should be processed.

Default is: true

Parameters:

flag - whether expired CRLs should be processed

isProcessCredentialCRLs

public boolean isProcessCredentialCRLs()

Whether CRLs supplied within the untrusted X509Credential being evaluated should be processed.

Default is: true

Returns:

whether to process CRLs from an untrusted credential

setProcessCredentialCRLs

public void setProcessCredentialCRLs(boolean flag)

Whether CRLs supplied within the untrusted X509Credential being evaluated should be processed.

Default is: true

Parameters:

flag - whether to process CRLs from an untrusted credential

getDefaultVerificationDepth

public Integer getDefaultVerificationDepth()

The default PKIX maximum path verification depth, if not supplied in the PKIXValidationInformation being evaluated.

Default is: 1

Returns:

Returns the defaultVerificationDepth.

setDefaultVerificationDepth

public void setDefaultVerificationDepth(@Nonnull
                                        Integer depth)

The default PKIX maximum path verification depth, if not supplied in the PKIXValidationInformation being evaluated.

Default is: 1

Parameters:

depth - default verification depth to set