Package org.opensaml.security.x509.impl

Class CertPathPKIXValidationOptions

    • Field Detail

      • forceRevocationEnabled

        private boolean forceRevocationEnabled
        Force RevocationEnabled flag.

      • revocationEnabled

        private boolean revocationEnabled
        Value for RevocationEnabled when forced.

      • policyMappingInhibit

        private boolean policyMappingInhibit
        Disable policy mapping flag.

      • anyPolicyInhibit

        private boolean anyPolicyInhibit
        Flag for disallowing the "any" policy OID.

      • initialPolicies

        private Set<String> initialPolicies
        Acceptable policy OIDs.

    • Constructor Detail

      • CertPathPKIXValidationOptions

        public CertPathPKIXValidationOptions()
        Constructor.

    • Method Detail

      • isForceRevocationEnabled

        public boolean isForceRevocationEnabled()
        If true, the revocation behavior of the underlying CertPath provider will be forced to the value supplied by isRevocationEnabled(). If false, the revocation behavior of the underlying provider will be determined by the PKIXTrustEvaluator implementation.

        Default is: false

        Returns:
        whether to force revocation behavior

      • setForceRevocationEnabled

        public void setForceRevocationEnabled​(boolean flag)
        If true, the revocation behavior of the underlying CertPath provider will be forced to the value supplied by isRevocationEnabled(). If false, the revocation behavior of the underlying provider will be determined by the PKIXTrustEvaluator implementation.

        Default is: false

        Parameters:
        flag - whether to force revocation behavior

      • isRevocationEnabled

        public boolean isRevocationEnabled()
        If isForceRevocationEnabled() is true, the revocation behavior of the underlying CertPath Provider will be forced to this value. If the former is false, the revocation behavior of the underlying provider will be determined by the PKIXTrustEvaluator implementation.

        Default is: true

        Returns:
        whether to force revocation if forcing is enabled

      • setRevocationEnabled

        public void setRevocationEnabled​(boolean flag)
        If isForceRevocationEnabled() is true, the revocation behavior of the underlying CertPath Provider will be forced to this value. If the former is false, the revocation behavior of the underlying provider will be determined by the PKIXTrustEvaluator implementation.

        Default is: true

        Parameters:
        flag - whether to force revocation if forcing is enabled

      • isPolicyMappingInhibited

        public boolean isPolicyMappingInhibited()
        Returns the value of the policy mapping inhibited flag of the underlying CertPath Provider.
        Returns:
        Returns the policyMappingInhibit boolean.

      • setPolicyMappingInhibit

        public void setPolicyMappingInhibit​(boolean flag)
        Sets the policy mapping inhibited flag for the underlying CertPath Provider. See also RFC 5280, section 6.1.1 (e).

        Default is: false

        Parameters:
        flag - the policyMappingInhibit boolean to set.

      • isAnyPolicyInhibited

        public boolean isAnyPolicyInhibited()
        Returns the value of the any policy inhibited flag of the underlying CertPath Provider.
        Returns:
        Returns the anyPolicyInhibit boolean.

      • setAnyPolicyInhibit

        public void setAnyPolicyInhibit​(boolean flag)
        Sets the any policy inhibited flag for the underlying CertPath Provider. See also RFC 5280, section 6.1.1 (g).

        Default is: false

        Parameters:
        flag - the anyPolicyInhibit boolean to set.

      • getInitialPolicies

        public Set<String> getInitialPolicies()
        Returns the set of initial policies (OID strings) of the underlying CertPath Provider. See also RFC 5280, section 6.1.1 (c).
        Returns:
        Returns the initialPolicies set.

      • setInitialPolicies

        public void setInitialPolicies​(Set<String> newPolicies)
        Sets the initial policy identifiers (OID strings) for the underlying CertPath Provider, i.e. those policies that are acceptable to the certificate user. See also RFC 5280, section 6.1.1 (c).
        Parameters:
        newPolicies - the initial set of policy identifiers (OID strings)