Package org.opensaml.security.x509

Class PKIXValidationOptions

java.lang.Object
org.opensaml.security.x509.PKIXValidationOptions
Direct Known Subclasses:
CertPathPKIXValidationOptions
public class PKIXValidationOptions extends Object
Options which may be supplied to influence the processing behavior of a PKIXTrustEvaluator.

  • Field Details

    • processEmptyCRLs

      private boolean processEmptyCRLs
      Flag as to whether empty CRLs will be processed.

    • processExpiredCRLs

      private boolean processExpiredCRLs
      Flag as to whether expired CRLs will be processed.

    • processCredentialCRLs

      private boolean processCredentialCRLs
      Flag as to whether CRLs supplied in the untrusted credential being evaluated will be processed.

    • defaultVerificationDepth

      private Integer defaultVerificationDepth
      Default verification depth.

  • Constructor Details

    • PKIXValidationOptions

      public PKIXValidationOptions()
      Constructor.

  • Method Details

    • isProcessEmptyCRLs

      public boolean isProcessEmptyCRLs()
      Whether empty CRLs should be processed.

      Default is: true

      Returns:
      whether empty CRLs should be processed

    • setProcessEmptyCRLs

      public void setProcessEmptyCRLs(boolean flag)
      Whether empty CRLs should be processed.

      Default is: true

      Parameters:
      flag - whether to process empty CRLs

    • isProcessExpiredCRLs

      public boolean isProcessExpiredCRLs()
      Whether expired CRLs should be processed.

      Default is: true

      Returns:
      whether expired CRLs should be processsed

    • setProcessExpiredCRLs

      public void setProcessExpiredCRLs(boolean flag)
      Whether expired CRLs should be processed.

      Default is: true

      Parameters:
      flag - whether expired CRLs should be processed

    • isProcessCredentialCRLs

      public boolean isProcessCredentialCRLs()
      Whether CRLs supplied within the untrusted X509Credential being evaluated should be processed.

      Default is: true

      Returns:
      whether to process CRLs from an untrusted credential

    • setProcessCredentialCRLs

      public void setProcessCredentialCRLs(boolean flag)
      Whether CRLs supplied within the untrusted X509Credential being evaluated should be processed.

      Default is: true

      Parameters:
      flag - whether to process CRLs from an untrusted credential

    • getDefaultVerificationDepth

      public Integer getDefaultVerificationDepth()
      The default PKIX maximum path verification depth, if not supplied in the PKIXValidationInformation being evaluated.

      Default is: 1

      Returns:
      Returns the defaultVerificationDepth.

    • setDefaultVerificationDepth

      public void setDefaultVerificationDepth(@Nonnull Integer depth)
      The default PKIX maximum path verification depth, if not supplied in the PKIXValidationInformation being evaluated.

      Default is: 1

      Parameters:
      depth - default verification depth to set