Package org.opensaml.security.x509.impl

Class CertPathPKIXValidationOptions

java.lang.Object
org.opensaml.security.x509.PKIXValidationOptions
org.opensaml.security.x509.impl.CertPathPKIXValidationOptions
public class CertPathPKIXValidationOptions extends PKIXValidationOptions
Specialization of PKIXValidationOptions which specifies options specific to a PKIXTrustEvaluator based on the Java CertPath API.

  • Field Details

    • forceRevocationEnabled

      private boolean forceRevocationEnabled
      Force RevocationEnabled flag.

    • revocationEnabled

      private boolean revocationEnabled
      Value for RevocationEnabled when forced.

    • policyMappingInhibit

      private boolean policyMappingInhibit
      Disable policy mapping flag.

    • anyPolicyInhibit

      private boolean anyPolicyInhibit
      Flag for disallowing the "any" policy OID.

    • initialPolicies

      @Nonnull private Set<String> initialPolicies
      Acceptable policy OIDs.

  • Constructor Details

    • CertPathPKIXValidationOptions

      public CertPathPKIXValidationOptions()
      Constructor.

  • Method Details

    • isForceRevocationEnabled

      public boolean isForceRevocationEnabled()
      If true, the revocation behavior of the underlying CertPath provider will be forced to the value supplied by isRevocationEnabled(). If false, the revocation behavior of the underlying provider will be determined by the PKIXTrustEvaluator implementation.

      Default is: false

      Returns:
      whether to force revocation behavior

    • setForceRevocationEnabled

      public void setForceRevocationEnabled(boolean flag)
      If true, the revocation behavior of the underlying CertPath provider will be forced to the value supplied by isRevocationEnabled(). If false, the revocation behavior of the underlying provider will be determined by the PKIXTrustEvaluator implementation.

      Default is: false

      Parameters:
      flag - whether to force revocation behavior

    • isRevocationEnabled

      public boolean isRevocationEnabled()
      If isForceRevocationEnabled() is true, the revocation behavior of the underlying CertPath Provider will be forced to this value. If the former is false, the revocation behavior of the underlying provider will be determined by the PKIXTrustEvaluator implementation.

      Default is: true

      Returns:
      whether to force revocation if forcing is enabled

    • setRevocationEnabled

      public void setRevocationEnabled(boolean flag)
      If isForceRevocationEnabled() is true, the revocation behavior of the underlying CertPath Provider will be forced to this value. If the former is false, the revocation behavior of the underlying provider will be determined by the PKIXTrustEvaluator implementation.

      Default is: true

      Parameters:
      flag - whether to force revocation if forcing is enabled

    • isPolicyMappingInhibited

      public boolean isPolicyMappingInhibited()
      Returns the value of the policy mapping inhibited flag of the underlying CertPath Provider.
      Returns:
      Returns the policyMappingInhibit boolean.

    • setPolicyMappingInhibit

      public void setPolicyMappingInhibit(boolean flag)
      Sets the policy mapping inhibited flag for the underlying CertPath Provider. See also RFC 5280, section 6.1.1 (e).

      Default is: false

      Parameters:
      flag - the policyMappingInhibit boolean to set.

    • isAnyPolicyInhibited

      public boolean isAnyPolicyInhibited()
      Returns the value of the any policy inhibited flag of the underlying CertPath Provider.
      Returns:
      Returns the anyPolicyInhibit boolean.

    • setAnyPolicyInhibit

      public void setAnyPolicyInhibit(boolean flag)
      Sets the any policy inhibited flag for the underlying CertPath Provider. See also RFC 5280, section 6.1.1 (g).

      Default is: false

      Parameters:
      flag - the anyPolicyInhibit boolean to set.

    • getInitialPolicies

      @Nonnull @Unmodifiable @NotLive public Set<String> getInitialPolicies()
      Returns the set of initial policies (OID strings) of the underlying CertPath Provider. See also RFC 5280, section 6.1.1 (c).
      Returns:
      Returns the initialPolicies set.

    • setInitialPolicies

      public void setInitialPolicies(@Nullable Set<String> newPolicies)
      Sets the initial policy identifiers (OID strings) for the underlying CertPath Provider, i.e. those policies that are acceptable to the certificate user. See also RFC 5280, section 6.1.1 (c).
      Parameters:
      newPolicies - the initial set of policy identifiers (OID strings)