org.wildfly.security.ssl

Class X509RevocationTrustManager.Builder

java.lang.Object

org.wildfly.security.ssl.X509RevocationTrustManager.Builder

Enclosing class:

X509RevocationTrustManager

public static class X509RevocationTrustManager.Builder
extends Object

Method Summary

Modifier and Type	Method and Description
X509RevocationTrustManager	build()
X509RevocationTrustManager.Builder	setAcceptedIssuers(X509Certificate[] acceptedIssuers) Deprecated. accepted issuers are automatically set when creating the trust manager
X509RevocationTrustManager.Builder	setCrlStream(InputStream crlStream) Set the input stream pointing to a certificate revocation list (may be null).
X509RevocationTrustManager.Builder	setMaxCertPath(int maxCertPath) Set the maximum number of non-self-issued intermediate certificates that may exist in a certification path.
X509RevocationTrustManager.Builder	setNoFallback(boolean noFallback) Set if only one method of obtaining revocation status should be used.
X509RevocationTrustManager.Builder	setOcspResponderCert(X509Certificate ocspResponderCert) Set OCSP responder's certificate.
X509RevocationTrustManager.Builder	setOnlyEndEntity(boolean onlyEndEntity) Set if only leaf certificate revocation should be checked.
X509RevocationTrustManager.Builder	setPreferCrls(boolean preferCrls) Set if CRL revocation should be executed before OCSP.
X509RevocationTrustManager.Builder	setResponderURI(URI responderURI) Set an OCSP Responder URI to override those extracted from certificates.
X509RevocationTrustManager.Builder	setSoftFail(boolean softFail) Set if certificate should be allowed in case the revocation status cannot be obtained.
X509RevocationTrustManager.Builder	setTrustManagerFactory(TrustManagerFactory trustManagerFactory) Set a TrustManagerFactory
X509RevocationTrustManager.Builder	setTrustStore(KeyStore trustStore) Set a KeyStore with the trusted certificates (must not be null)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

setAcceptedIssuers

@Deprecated
public X509RevocationTrustManager.Builder setAcceptedIssuers(X509Certificate[] acceptedIssuers)

Deprecated. accepted issuers are automatically set when creating the trust manager

Set an array of certificate authority certificates which are trusted for authenticating peers (may be null)

Parameters:

acceptedIssuers - array of accepted issuers

Returns:

this Builder for subsequent changes

setTrustStore

public X509RevocationTrustManager.Builder setTrustStore(KeyStore trustStore)

Set a KeyStore with the trusted certificates (must not be null)

Parameters:

trustStore - keystore with trusted certificates

Returns:

this Builder for subsequent changes

setTrustManagerFactory

public X509RevocationTrustManager.Builder setTrustManagerFactory(TrustManagerFactory trustManagerFactory)

Set a TrustManagerFactory

Parameters:

trustManagerFactory - the trust manager factory

Returns:

this Builder for subsequent changes

setResponderURI

public X509RevocationTrustManager.Builder setResponderURI(URI responderURI)

Set an OCSP Responder URI to override those extracted from certificates.

Parameters:

responderURI - the responder URI

Returns:

this Builder for subsequent changes

setCrlStream

public X509RevocationTrustManager.Builder setCrlStream(InputStream crlStream)

Set the input stream pointing to a certificate revocation list (may be null). The stream will be automatically closed after the invocation

Parameters:

crlStream - the input stream

Returns:

this Builder for subsequent changes

setMaxCertPath

public X509RevocationTrustManager.Builder setMaxCertPath(int maxCertPath)

Set the maximum number of non-self-issued intermediate certificates that may exist in a certification path. The value must be equal or greater than 1.

Parameters:

maxCertPath - the maximum cert path

Returns:

this Builder for subsequent changes

setPreferCrls

public X509RevocationTrustManager.Builder setPreferCrls(boolean preferCrls)

Set if CRL revocation should be executed before OCSP. Default false

Parameters:

preferCrls - true if CRLs should be preferred

Returns:

this Builder for subsequent changes

setOnlyEndEntity

public X509RevocationTrustManager.Builder setOnlyEndEntity(boolean onlyEndEntity)

Set if only leaf certificate revocation should be checked. Default false

Parameters:

onlyEndEntity - true if only leaf certificate should be checked

Returns:

this Builder for subsequent changes

setSoftFail

public X509RevocationTrustManager.Builder setSoftFail(boolean softFail)

Set if certificate should be allowed in case the revocation status cannot be obtained. Default false

Parameters:

softFail - true if unknown revocation status is accepted

Returns:

this Builder for subsequent changes

setNoFallback

public X509RevocationTrustManager.Builder setNoFallback(boolean noFallback)

Set if only one method of obtaining revocation status should be used. Default false

Parameters:

noFallback - true if only one method of obtaining revocation status should be used

Returns:

this Builder for subsequent changes

setOcspResponderCert

public X509RevocationTrustManager.Builder setOcspResponderCert(X509Certificate ocspResponderCert)

Set OCSP responder's certificate. By default issuer certificate of certificate being validated is used.

Parameters:

ocspResponderCert - OCSP responder certificate

Returns:

this Builder for subsequent changes

build

public X509RevocationTrustManager build()