org.bouncycastle.pkix.jcajce

Class X509RevocationChecker.Builder

java.lang.Object

org.bouncycastle.pkix.jcajce.X509RevocationChecker.Builder

Enclosing class:

X509RevocationChecker

public static class X509RevocationChecker.Builder
extends java.lang.Object

Constructor Summary

Constructors

Constructor and Description
Builder(java.security.KeyStore trustStore) Base constructor.
Builder(java.util.Set<java.security.cert.TrustAnchor> trustAnchors) Base constructor.
Builder(java.security.cert.TrustAnchor trustAnchor) Base constructor.

Method Summary

Modifier and Type	Method and Description
X509RevocationChecker.Builder	addCrls(java.security.cert.CertStore crls) Add a collection of CRLs to the checker.
X509RevocationChecker.Builder	addCrls(org.bouncycastle.util.Store<java.security.cert.CRL> crls) Add a collection of CRLs to the checker.
X509RevocationChecker	build() Build a revocation checker conforming to the current builder.
X509RevocationChecker.Builder	setCheckEndEntityOnly(boolean isTrue)
X509RevocationChecker.Builder	setDate(java.util.Date validityDate) Set the current date for checking if not today.
X509RevocationChecker.Builder	setSoftFail(boolean isTrue, long maxTime) Configure soft failure if CRLs/OCSP not available.
X509RevocationChecker.Builder	setSoftFailHardLimit(boolean isTrue, long maxTime) Configure soft failure with a hard limit if CRLs/OCSP not available.
X509RevocationChecker.Builder	setValidityModel(int validityModel)
X509RevocationChecker.Builder	usingProvider(java.security.Provider provider) Configure to use the installed provider with name ProviderName.
X509RevocationChecker.Builder	usingProvider(java.lang.String providerName) Configure to use the installed provider with name ProviderName.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Builder

public Builder(java.security.cert.TrustAnchor trustAnchor)

Base constructor.

Parameters:

trustAnchor - the trust anchor our chain should start with.

Builder

public Builder(java.util.Set<java.security.cert.TrustAnchor> trustAnchors)

Base constructor.

Parameters:

trustAnchors - a set of potential trust anchors

Builder

public Builder(java.security.KeyStore trustStore)
        throws java.security.KeyStoreException

Base constructor.

Parameters:

trustStore - a keystore of potential trust anchors

Throws:

java.security.KeyStoreException

Method Detail

addCrls

public X509RevocationChecker.Builder addCrls(java.security.cert.CertStore crls)

Add a collection of CRLs to the checker.

Parameters:

crls - CRLs to be examined.

Returns:

the current builder instance.

addCrls

public X509RevocationChecker.Builder addCrls(org.bouncycastle.util.Store<java.security.cert.CRL> crls)

Add a collection of CRLs to the checker.

Parameters:

crls - CRLs to be examined.

Returns:

the current builder instance.

setDate

public X509RevocationChecker.Builder setDate(java.util.Date validityDate)

Set the current date for checking if not today.

Parameters:

validityDate - date we are validating for.

Returns:

the current builder instance.

setCheckEndEntityOnly

public X509RevocationChecker.Builder setCheckEndEntityOnly(boolean isTrue)

Parameters:

isTrue - true if only end-entities should be checked, false otherwise.

Returns:

the current builder instance.

setSoftFail

public X509RevocationChecker.Builder setSoftFail(boolean isTrue,
                                                 long maxTime)

Configure soft failure if CRLs/OCSP not available. If maxTime is greater than zero it represents the acceptable downtime for any responders or distribution points we are trying to connect to, with downtime measured from the first failure. Initially failures will log at Level.WARNING, once maxTime is exceeded any failures will be logged as Level.SEVERE. Setting maxTime to zero will mean 1 failure will be allowed before failures are logged as severe.

Parameters:

isTrue - true soft failure should be enabled, false otherwise.

maxTime - the time that can pass between the first failure and the most recent.

Returns:

the current builder instance.

setSoftFailHardLimit

public X509RevocationChecker.Builder setSoftFailHardLimit(boolean isTrue,
                                                          long maxTime)

Configure soft failure with a hard limit if CRLs/OCSP not available. If maxTime is greater than zero it represents the acceptable downtime for any responders or distribution points we are trying to connect to, with downtime measured from the first failure. Initially failures will log at Level.WARNING, once 75% of maxTime is exceeded any failures will be logged as Level.SEVERE. At maxTime any failures will be treated as hard, setting maxTime to zero will mean 1 failure will be allowed.

Parameters:

isTrue - true soft failure should be enabled, false otherwise.

maxTime - the time that can pass between the first failure and the most recent.

Returns:

the current builder instance.

setValidityModel

public X509RevocationChecker.Builder setValidityModel(int validityModel)

Parameters:

validityModel - The validity model to set.

See Also:

X509RevocationChecker.CHAIN_VALIDITY_MODEL, X509RevocationChecker.PKIX_VALIDITY_MODEL

usingProvider

public X509RevocationChecker.Builder usingProvider(java.security.Provider provider)

Configure to use the installed provider with name ProviderName.

Parameters:

provider - provider to use.

Returns:

the current builder instance.

usingProvider

public X509RevocationChecker.Builder usingProvider(java.lang.String providerName)

Configure to use the installed provider with name ProviderName.

Parameters:

providerName - name of the installed provider to use.

Returns:

the current builder instance.

build

public X509RevocationChecker build()

Build a revocation checker conforming to the current builder.

Returns:

a new X509RevocationChecker.