Package org.opensaml.security.x509
Class PKIXValidationOptions
- java.lang.Object
-
- org.opensaml.security.x509.PKIXValidationOptions
-
public class PKIXValidationOptions extends Object
Options which may be supplied to influence the processing behavior of aPKIXTrustEvaluator
.
-
-
Field Summary
Fields Modifier and Type Field Description private Integer
defaultVerificationDepth
Default verification depth.private boolean
processCredentialCRLs
Flag as to whether CRLs supplied in the untrusted credential being evaluated will be processed.private boolean
processEmptyCRLs
Flag as to whether empty CRLs will be processed.private boolean
processExpiredCRLs
Flag as to whether expired CRLs will be processed.
-
Constructor Summary
Constructors Constructor Description PKIXValidationOptions()
Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Integer
getDefaultVerificationDepth()
The default PKIX maximum path verification depth, if not supplied in thePKIXValidationInformation
being evaluated.boolean
isProcessCredentialCRLs()
Whether CRLs supplied within the untrustedX509Credential
being evaluated should be processed.boolean
isProcessEmptyCRLs()
Whether empty CRLs should be processed.boolean
isProcessExpiredCRLs()
Whether expired CRLs should be processed.void
setDefaultVerificationDepth(Integer depth)
The default PKIX maximum path verification depth, if not supplied in thePKIXValidationInformation
being evaluated.void
setProcessCredentialCRLs(boolean flag)
Whether CRLs supplied within the untrustedX509Credential
being evaluated should be processed.void
setProcessEmptyCRLs(boolean flag)
Whether empty CRLs should be processed.void
setProcessExpiredCRLs(boolean flag)
Whether expired CRLs should be processed.
-
-
-
Field Detail
-
processEmptyCRLs
private boolean processEmptyCRLs
Flag as to whether empty CRLs will be processed.
-
processExpiredCRLs
private boolean processExpiredCRLs
Flag as to whether expired CRLs will be processed.
-
processCredentialCRLs
private boolean processCredentialCRLs
Flag as to whether CRLs supplied in the untrusted credential being evaluated will be processed.
-
defaultVerificationDepth
private Integer defaultVerificationDepth
Default verification depth.
-
-
Method Detail
-
isProcessEmptyCRLs
public boolean isProcessEmptyCRLs()
Whether empty CRLs should be processed.Default is: true
- Returns:
- whether empty CRLs should be processed
-
setProcessEmptyCRLs
public void setProcessEmptyCRLs(boolean flag)
Whether empty CRLs should be processed.Default is: true
- Parameters:
flag
- whether to process empty CRLs
-
isProcessExpiredCRLs
public boolean isProcessExpiredCRLs()
Whether expired CRLs should be processed.Default is: true
- Returns:
- whether expired CRLs should be processsed
-
setProcessExpiredCRLs
public void setProcessExpiredCRLs(boolean flag)
Whether expired CRLs should be processed.Default is: true
- Parameters:
flag
- whether expired CRLs should be processed
-
isProcessCredentialCRLs
public boolean isProcessCredentialCRLs()
Whether CRLs supplied within the untrustedX509Credential
being evaluated should be processed.Default is: true
- Returns:
- whether to process CRLs from an untrusted credential
-
setProcessCredentialCRLs
public void setProcessCredentialCRLs(boolean flag)
Whether CRLs supplied within the untrustedX509Credential
being evaluated should be processed.Default is: true
- Parameters:
flag
- whether to process CRLs from an untrusted credential
-
getDefaultVerificationDepth
public Integer getDefaultVerificationDepth()
The default PKIX maximum path verification depth, if not supplied in thePKIXValidationInformation
being evaluated.Default is: 1
- Returns:
- Returns the defaultVerificationDepth.
-
setDefaultVerificationDepth
public void setDefaultVerificationDepth(@Nonnull Integer depth)
The default PKIX maximum path verification depth, if not supplied in thePKIXValidationInformation
being evaluated.Default is: 1
- Parameters:
depth
- default verification depth to set
-
-