Package org.opensaml.security.x509

Class PKIXValidationOptions

  • public class PKIXValidationOptions
extends Object
    Options which may be supplied to influence the processing behavior of a PKIXTrustEvaluator.

    • Field Detail

      • processEmptyCRLs

        private boolean processEmptyCRLs
        Flag as to whether empty CRLs will be processed.

      • processExpiredCRLs

        private boolean processExpiredCRLs
        Flag as to whether expired CRLs will be processed.

      • processCredentialCRLs

        private boolean processCredentialCRLs
        Flag as to whether CRLs supplied in the untrusted credential being evaluated will be processed.

      • defaultVerificationDepth

        private Integer defaultVerificationDepth
        Default verification depth.

    • Constructor Detail

      • PKIXValidationOptions

        public PKIXValidationOptions()
        Constructor.

    • Method Detail

      • isProcessEmptyCRLs

        public boolean isProcessEmptyCRLs()
        Whether empty CRLs should be processed.

        Default is: true

        Returns:
        whether empty CRLs should be processed

      • setProcessEmptyCRLs

        public void setProcessEmptyCRLs​(boolean flag)
        Whether empty CRLs should be processed.

        Default is: true

        Parameters:
        flag - whether to process empty CRLs

      • isProcessExpiredCRLs

        public boolean isProcessExpiredCRLs()
        Whether expired CRLs should be processed.

        Default is: true

        Returns:
        whether expired CRLs should be processsed

      • setProcessExpiredCRLs

        public void setProcessExpiredCRLs​(boolean flag)
        Whether expired CRLs should be processed.

        Default is: true

        Parameters:
        flag - whether expired CRLs should be processed

      • isProcessCredentialCRLs

        public boolean isProcessCredentialCRLs()
        Whether CRLs supplied within the untrusted X509Credential being evaluated should be processed.

        Default is: true

        Returns:
        whether to process CRLs from an untrusted credential

      • setProcessCredentialCRLs

        public void setProcessCredentialCRLs​(boolean flag)
        Whether CRLs supplied within the untrusted X509Credential being evaluated should be processed.

        Default is: true

        Parameters:
        flag - whether to process CRLs from an untrusted credential

      • getDefaultVerificationDepth

        public Integer getDefaultVerificationDepth()
        The default PKIX maximum path verification depth, if not supplied in the PKIXValidationInformation being evaluated.

        Default is: 1

        Returns:
        Returns the defaultVerificationDepth.

      • setDefaultVerificationDepth

        public void setDefaultVerificationDepth​(@Nonnull
                                        Integer depth)
        The default PKIX maximum path verification depth, if not supplied in the PKIXValidationInformation being evaluated.

        Default is: 1

        Parameters:
        depth - default verification depth to set