Package org.wildfly.security.ssl
Class X509RevocationTrustManager.Builder
- java.lang.Object
-
- org.wildfly.security.ssl.X509RevocationTrustManager.Builder
-
- Enclosing class:
- X509RevocationTrustManager
public static class X509RevocationTrustManager.Builder extends Object
-
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description X509RevocationTrustManagerbuild()X509RevocationTrustManager.BuildersetAcceptedIssuers(X509Certificate[] acceptedIssuers)Deprecated.accepted issuers are automatically set when creating the trust managerX509RevocationTrustManager.BuildersetCrlStream(InputStream crlStream)Set the input stream pointing to a certificate revocation list (may benull).X509RevocationTrustManager.BuildersetCrlStreams(List<InputStream> crlStreams)Set the input streams pointing to certificate revocation lists (may be an empty list).X509RevocationTrustManager.BuildersetMaxCertPath(int maxCertPath)Set the maximum number of non-self-issued intermediate certificates that may exist in a certification path.X509RevocationTrustManager.BuildersetNoFallback(boolean noFallback)Set if only one method of obtaining revocation status should be used.X509RevocationTrustManager.BuildersetOcspResponderCert(X509Certificate ocspResponderCert)Set OCSP responder's certificate.X509RevocationTrustManager.BuildersetOnlyEndEntity(boolean onlyEndEntity)Set if only leaf certificate revocation should be checked.X509RevocationTrustManager.BuildersetPreferCrls(boolean preferCrls)Set if CRL revocation should be executed before OCSP.X509RevocationTrustManager.BuildersetResponderURI(URI responderURI)Set an OCSP ResponderURIto override those extracted from certificates.X509RevocationTrustManager.BuildersetSoftFail(boolean softFail)Set if certificate should be allowed in case the revocation status cannot be obtained.X509RevocationTrustManager.BuildersetTrustManagerFactory(TrustManagerFactory trustManagerFactory)Set aTrustManagerFactoryX509RevocationTrustManager.BuildersetTrustStore(KeyStore trustStore)Set aKeyStorewith the trusted certificates (must not benull)
-
-
-
Method Detail
-
setAcceptedIssuers
@Deprecated public X509RevocationTrustManager.Builder setAcceptedIssuers(X509Certificate[] acceptedIssuers)
Deprecated.accepted issuers are automatically set when creating the trust managerSet an array of certificate authority certificates which are trusted for authenticating peers (may benull)- Parameters:
acceptedIssuers- array of accepted issuers- Returns:
- this Builder for subsequent changes
-
setTrustStore
public X509RevocationTrustManager.Builder setTrustStore(KeyStore trustStore)
Set aKeyStorewith the trusted certificates (must not benull)- Parameters:
trustStore- keystore with trusted certificates- Returns:
- this Builder for subsequent changes
-
setTrustManagerFactory
public X509RevocationTrustManager.Builder setTrustManagerFactory(TrustManagerFactory trustManagerFactory)
Set aTrustManagerFactory- Parameters:
trustManagerFactory- the trust manager factory- Returns:
- this Builder for subsequent changes
-
setResponderURI
public X509RevocationTrustManager.Builder setResponderURI(URI responderURI)
Set an OCSP ResponderURIto override those extracted from certificates.- Parameters:
responderURI- the responder URI- Returns:
- this Builder for subsequent changes
-
setCrlStream
public X509RevocationTrustManager.Builder setCrlStream(InputStream crlStream)
Set the input stream pointing to a certificate revocation list (may benull). The stream will be automatically closed after the invocation- Parameters:
crlStream- the input stream- Returns:
- this Builder for subsequent changes
-
setCrlStreams
public X509RevocationTrustManager.Builder setCrlStreams(List<InputStream> crlStreams)
Set the input streams pointing to certificate revocation lists (may be an empty list). The streams will be automatically closed after the invocation- Parameters:
crlStreams- the input streams- Returns:
- this Builder for subsequent changes
-
setMaxCertPath
public X509RevocationTrustManager.Builder setMaxCertPath(int maxCertPath)
Set the maximum number of non-self-issued intermediate certificates that may exist in a certification path. The value must be equal or greater than 1.- Parameters:
maxCertPath- the maximum cert path- Returns:
- this Builder for subsequent changes
-
setPreferCrls
public X509RevocationTrustManager.Builder setPreferCrls(boolean preferCrls)
Set if CRL revocation should be executed before OCSP. Default false- Parameters:
preferCrls- true if CRLs should be preferred- Returns:
- this Builder for subsequent changes
-
setOnlyEndEntity
public X509RevocationTrustManager.Builder setOnlyEndEntity(boolean onlyEndEntity)
Set if only leaf certificate revocation should be checked. Default false- Parameters:
onlyEndEntity- true if only leaf certificate should be checked- Returns:
- this Builder for subsequent changes
-
setSoftFail
public X509RevocationTrustManager.Builder setSoftFail(boolean softFail)
Set if certificate should be allowed in case the revocation status cannot be obtained. Default false- Parameters:
softFail- true if unknown revocation status is accepted- Returns:
- this Builder for subsequent changes
-
setNoFallback
public X509RevocationTrustManager.Builder setNoFallback(boolean noFallback)
Set if only one method of obtaining revocation status should be used. Default false- Parameters:
noFallback- true if only one method of obtaining revocation status should be used- Returns:
- this Builder for subsequent changes
-
setOcspResponderCert
public X509RevocationTrustManager.Builder setOcspResponderCert(X509Certificate ocspResponderCert)
Set OCSP responder's certificate. By default issuer certificate of certificate being validated is used.- Parameters:
ocspResponderCert- OCSP responder certificate- Returns:
- this Builder for subsequent changes
-
build
public X509RevocationTrustManager build()
-
-