Package org.wildfly.security.ssl

Class X509RevocationTrustManager.Builder

    • Field Detail

      • trustStore

        private KeyStore trustStore

      • responderUri

        private URI responderUri

      • maxCertPath

        private int maxCertPath

      • preferCrls

        private boolean preferCrls

      • onlyEndEntity

        private boolean onlyEndEntity

      • softFail

        private boolean softFail

      • noFallback

        private boolean noFallback

    • Constructor Detail

      • Builder

        private Builder()

    • Method Detail

      • setAcceptedIssuers

        @Deprecated
public X509RevocationTrustManager.Builder setAcceptedIssuers​(X509Certificate[] acceptedIssuers)
        Deprecated.
        accepted issuers are automatically set when creating the trust manager
        Set an array of certificate authority certificates which are trusted for authenticating peers (may be null)
        Parameters:
        acceptedIssuers - array of accepted issuers
        Returns:
        this Builder for subsequent changes

      • setTrustStore

        public X509RevocationTrustManager.Builder setTrustStore​(KeyStore trustStore)
        Set a KeyStore with the trusted certificates (must not be null)
        Parameters:
        trustStore - keystore with trusted certificates
        Returns:
        this Builder for subsequent changes

      • setResponderURI

        public X509RevocationTrustManager.Builder setResponderURI​(URI responderURI)
        Set an OCSP Responder URI to override those extracted from certificates.
        Parameters:
        responderURI - the responder URI
        Returns:
        this Builder for subsequent changes

      • setCrlStream

        public X509RevocationTrustManager.Builder setCrlStream​(InputStream crlStream)
        Set the input stream pointing to a certificate revocation list (may be null). The stream will be automatically closed after the invocation
        Parameters:
        crlStream - the input stream
        Returns:
        this Builder for subsequent changes

      • setCrlStreams

        public X509RevocationTrustManager.Builder setCrlStreams​(List<InputStream> crlStreams)
        Set the input streams pointing to certificate revocation lists (may be an empty list). The streams will be automatically closed after the invocation
        Parameters:
        crlStreams - the input streams
        Returns:
        this Builder for subsequent changes

      • setMaxCertPath

        public X509RevocationTrustManager.Builder setMaxCertPath​(int maxCertPath)
        Set the maximum number of non-self-issued intermediate certificates that may exist in a certification path. The value must be equal or greater than 1.
        Parameters:
        maxCertPath - the maximum cert path
        Returns:
        this Builder for subsequent changes

      • setPreferCrls

        public X509RevocationTrustManager.Builder setPreferCrls​(boolean preferCrls)
        Set if CRL revocation should be executed before OCSP. Default false
        Parameters:
        preferCrls - true if CRLs should be preferred
        Returns:
        this Builder for subsequent changes

      • setOnlyEndEntity

        public X509RevocationTrustManager.Builder setOnlyEndEntity​(boolean onlyEndEntity)
        Set if only leaf certificate revocation should be checked. Default false
        Parameters:
        onlyEndEntity - true if only leaf certificate should be checked
        Returns:
        this Builder for subsequent changes

      • setSoftFail

        public X509RevocationTrustManager.Builder setSoftFail​(boolean softFail)
        Set if certificate should be allowed in case the revocation status cannot be obtained. Default false
        Parameters:
        softFail - true if unknown revocation status is accepted
        Returns:
        this Builder for subsequent changes

      • setNoFallback

        public X509RevocationTrustManager.Builder setNoFallback​(boolean noFallback)
        Set if only one method of obtaining revocation status should be used. Default false
        Parameters:
        noFallback - true if only one method of obtaining revocation status should be used
        Returns:
        this Builder for subsequent changes

      • setOcspResponderCert

        public X509RevocationTrustManager.Builder setOcspResponderCert​(X509Certificate ocspResponderCert)
        Set OCSP responder's certificate. By default issuer certificate of certificate being validated is used.
        Parameters:
        ocspResponderCert - OCSP responder certificate
        Returns:
        this Builder for subsequent changes