Package org.wildfly.security.ssl
Class X509RevocationTrustManager.Builder
- java.lang.Object
-
- org.wildfly.security.ssl.X509RevocationTrustManager.Builder
-
- Enclosing class:
- X509RevocationTrustManager
public static class X509RevocationTrustManager.Builder extends Object
-
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description X509RevocationTrustManager
build()
X509RevocationTrustManager.Builder
setAcceptedIssuers(X509Certificate[] acceptedIssuers)
Deprecated.accepted issuers are automatically set when creating the trust managerX509RevocationTrustManager.Builder
setCrlStream(InputStream crlStream)
Set the input stream pointing to a certificate revocation list (may benull
).X509RevocationTrustManager.Builder
setMaxCertPath(int maxCertPath)
Set the maximum number of non-self-issued intermediate certificates that may exist in a certification path.X509RevocationTrustManager.Builder
setNoFallback(boolean noFallback)
Set if only one method of obtaining revocation status should be used.X509RevocationTrustManager.Builder
setOcspResponderCert(X509Certificate ocspResponderCert)
Set OCSP responder's certificate.X509RevocationTrustManager.Builder
setOnlyEndEntity(boolean onlyEndEntity)
Set if only leaf certificate revocation should be checked.X509RevocationTrustManager.Builder
setPreferCrls(boolean preferCrls)
Set if CRL revocation should be executed before OCSP.X509RevocationTrustManager.Builder
setResponderURI(URI responderURI)
Set an OCSP ResponderURI
to override those extracted from certificates.X509RevocationTrustManager.Builder
setSoftFail(boolean softFail)
Set if certificate should be allowed in case the revocation status cannot be obtained.X509RevocationTrustManager.Builder
setTrustManagerFactory(TrustManagerFactory trustManagerFactory)
Set aTrustManagerFactory
X509RevocationTrustManager.Builder
setTrustStore(KeyStore trustStore)
Set aKeyStore
with the trusted certificates (must not benull
)
-
-
-
Method Detail
-
setAcceptedIssuers
@Deprecated public X509RevocationTrustManager.Builder setAcceptedIssuers(X509Certificate[] acceptedIssuers)
Deprecated.accepted issuers are automatically set when creating the trust managerSet an array of certificate authority certificates which are trusted for authenticating peers (may benull
)- Parameters:
acceptedIssuers
- array of accepted issuers- Returns:
- this Builder for subsequent changes
-
setTrustStore
public X509RevocationTrustManager.Builder setTrustStore(KeyStore trustStore)
Set aKeyStore
with the trusted certificates (must not benull
)- Parameters:
trustStore
- keystore with trusted certificates- Returns:
- this Builder for subsequent changes
-
setTrustManagerFactory
public X509RevocationTrustManager.Builder setTrustManagerFactory(TrustManagerFactory trustManagerFactory)
Set aTrustManagerFactory
- Parameters:
trustManagerFactory
- the trust manager factory- Returns:
- this Builder for subsequent changes
-
setResponderURI
public X509RevocationTrustManager.Builder setResponderURI(URI responderURI)
Set an OCSP ResponderURI
to override those extracted from certificates.- Parameters:
responderURI
- the responder URI- Returns:
- this Builder for subsequent changes
-
setCrlStream
public X509RevocationTrustManager.Builder setCrlStream(InputStream crlStream)
Set the input stream pointing to a certificate revocation list (may benull
). The stream will be automatically closed after the invocation- Parameters:
crlStream
- the input stream- Returns:
- this Builder for subsequent changes
-
setMaxCertPath
public X509RevocationTrustManager.Builder setMaxCertPath(int maxCertPath)
Set the maximum number of non-self-issued intermediate certificates that may exist in a certification path. The value must be equal or greater than 1.- Parameters:
maxCertPath
- the maximum cert path- Returns:
- this Builder for subsequent changes
-
setPreferCrls
public X509RevocationTrustManager.Builder setPreferCrls(boolean preferCrls)
Set if CRL revocation should be executed before OCSP. Default false- Parameters:
preferCrls
- true if CRLs should be preferred- Returns:
- this Builder for subsequent changes
-
setOnlyEndEntity
public X509RevocationTrustManager.Builder setOnlyEndEntity(boolean onlyEndEntity)
Set if only leaf certificate revocation should be checked. Default false- Parameters:
onlyEndEntity
- true if only leaf certificate should be checked- Returns:
- this Builder for subsequent changes
-
setSoftFail
public X509RevocationTrustManager.Builder setSoftFail(boolean softFail)
Set if certificate should be allowed in case the revocation status cannot be obtained. Default false- Parameters:
softFail
- true if unknown revocation status is accepted- Returns:
- this Builder for subsequent changes
-
setNoFallback
public X509RevocationTrustManager.Builder setNoFallback(boolean noFallback)
Set if only one method of obtaining revocation status should be used. Default false- Parameters:
noFallback
- true if only one method of obtaining revocation status should be used- Returns:
- this Builder for subsequent changes
-
setOcspResponderCert
public X509RevocationTrustManager.Builder setOcspResponderCert(X509Certificate ocspResponderCert)
Set OCSP responder's certificate. By default issuer certificate of certificate being validated is used.- Parameters:
ocspResponderCert
- OCSP responder certificate- Returns:
- this Builder for subsequent changes
-
build
public X509RevocationTrustManager build()
-
-