org.opensaml.security.x509.impl

Class CertPathPKIXValidationOptions

java.lang.Object

org.opensaml.security.x509.PKIXValidationOptions

org.opensaml.security.x509.impl.CertPathPKIXValidationOptions

public class CertPathPKIXValidationOptions
extends PKIXValidationOptions

Specialization of PKIXValidationOptions which specifies options specific to a PKIXTrustEvaluator based on the Java CertPath API.

Constructor Summary

Constructors

Constructor and Description
CertPathPKIXValidationOptions() Constructor.

Method Summary

Modifier and Type	Method and Description
Set<String>	getInitialPolicies() Returns the set of initial policies (OID strings) of the underlying CertPath Provider.
boolean	isAnyPolicyInhibited() Returns the value of the any policy inhibited flag of the underlying CertPath Provider.
boolean	isForceRevocationEnabled() If true, the revocation behavior of the underlying CertPath provider will be forced to the value supplied by isRevocationEnabled().
boolean	isPolicyMappingInhibited() Returns the value of the policy mapping inhibited flag of the underlying CertPath Provider.
boolean	isRevocationEnabled() If isForceRevocationEnabled() is true, the revocation behavior of the underlying CertPath Provider will be forced to this value.
void	setAnyPolicyInhibit(boolean flag) Sets the any policy inhibited flag for the underlying CertPath Provider.
void	setForceRevocationEnabled(boolean flag) If true, the revocation behavior of the underlying CertPath provider will be forced to the value supplied by isRevocationEnabled().
void	setInitialPolicies(Set<String> newPolicies) Sets the initial policy identifiers (OID strings) for the underlying CertPath Provider, i.e.
void	setPolicyMappingInhibit(boolean flag) Sets the policy mapping inhibited flag for the underlying CertPath Provider.
void	setRevocationEnabled(boolean flag) If isForceRevocationEnabled() is true, the revocation behavior of the underlying CertPath Provider will be forced to this value.

Methods inherited from class org.opensaml.security.x509.PKIXValidationOptions

getDefaultVerificationDepth, isProcessCredentialCRLs, isProcessEmptyCRLs, isProcessExpiredCRLs, setDefaultVerificationDepth, setProcessCredentialCRLs, setProcessEmptyCRLs, setProcessExpiredCRLs

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CertPathPKIXValidationOptions

public CertPathPKIXValidationOptions()

Constructor.

Method Detail

isForceRevocationEnabled

public boolean isForceRevocationEnabled()

If true, the revocation behavior of the underlying CertPath provider will be forced to the value supplied by isRevocationEnabled(). If false, the revocation behavior of the underlying provider will be determined by the PKIXTrustEvaluator implementation.

Default is: false

Returns:

whether to force revocation behavior

setForceRevocationEnabled

public void setForceRevocationEnabled(boolean flag)

If true, the revocation behavior of the underlying CertPath provider will be forced to the value supplied by isRevocationEnabled(). If false, the revocation behavior of the underlying provider will be determined by the PKIXTrustEvaluator implementation.

Default is: false

Parameters:

flag - whether to force revocation behavior

isRevocationEnabled

public boolean isRevocationEnabled()

If isForceRevocationEnabled() is true, the revocation behavior of the underlying CertPath Provider will be forced to this value. If the former is false, the revocation behavior of the underlying provider will be determined by the PKIXTrustEvaluator implementation.

Default is: true

Returns:

whether to force revocation if forcing is enabled

setRevocationEnabled

public void setRevocationEnabled(boolean flag)

If isForceRevocationEnabled() is true, the revocation behavior of the underlying CertPath Provider will be forced to this value. If the former is false, the revocation behavior of the underlying provider will be determined by the PKIXTrustEvaluator implementation.

Default is: true

Parameters:

flag - whether to force revocation if forcing is enabled

isPolicyMappingInhibited

public boolean isPolicyMappingInhibited()

Returns the value of the policy mapping inhibited flag of the underlying CertPath Provider.

Returns:

Returns the policyMappingInhibit boolean.

setPolicyMappingInhibit

public void setPolicyMappingInhibit(boolean flag)

Sets the policy mapping inhibited flag for the underlying CertPath Provider. See also RFC 5280, section 6.1.1 (e).

Default is: false

Parameters:

flag - the policyMappingInhibit boolean to set.

isAnyPolicyInhibited

public boolean isAnyPolicyInhibited()

Returns the value of the any policy inhibited flag of the underlying CertPath Provider.

Returns:

Returns the anyPolicyInhibit boolean.

setAnyPolicyInhibit

public void setAnyPolicyInhibit(boolean flag)

Sets the any policy inhibited flag for the underlying CertPath Provider. See also RFC 5280, section 6.1.1 (g).

Default is: false

Parameters:

flag - the anyPolicyInhibit boolean to set.

getInitialPolicies

public Set<String> getInitialPolicies()

Returns the set of initial policies (OID strings) of the underlying CertPath Provider. See also RFC 5280, section 6.1.1 (c).

Returns:

Returns the initialPolicies set.

setInitialPolicies

public void setInitialPolicies(Set<String> newPolicies)

Sets the initial policy identifiers (OID strings) for the underlying CertPath Provider, i.e. those policies that are acceptable to the certificate user. See also RFC 5280, section 6.1.1 (c).

Parameters:

newPolicies - the initial set of policy identifiers (OID strings)