Package org.bouncycastle.pkix.jcajce
Class X509RevocationChecker.Builder
java.lang.Object
org.bouncycastle.pkix.jcajce.X509RevocationChecker.Builder
- Enclosing class:
X509RevocationChecker
-
Constructor Summary
ConstructorsConstructorDescriptionBuilder(TrustAnchor trustAnchor) Base constructor.Base constructor.Builder(Set<TrustAnchor> trustAnchors) Base constructor. -
Method Summary
Modifier and TypeMethodDescriptionAdd a collection of CRLs to the checker.Add a collection of CRLs to the checker.build()Build a revocation checker conforming to the current builder.setCheckEndEntityOnly(boolean isTrue) Set the current date for checking if not today.setSoftFail(boolean isTrue, long maxTime) Configure soft failure if CRLs/OCSP not available.setSoftFailHardLimit(boolean isTrue, long maxTime) Configure soft failure with a hard limit if CRLs/OCSP not available.setValidityModel(int validityModel) usingProvider(String providerName) Configure to use the installed provider with name ProviderName.usingProvider(Provider provider) Configure to use the installed provider with name ProviderName.
-
Constructor Details
-
Builder
Base constructor.- Parameters:
trustAnchor- the trust anchor our chain should start with.
-
Builder
Base constructor.- Parameters:
trustAnchors- a set of potential trust anchors
-
Builder
Base constructor.- Parameters:
trustStore- a keystore of potential trust anchors- Throws:
KeyStoreException
-
-
Method Details
-
addCrls
Add a collection of CRLs to the checker.- Parameters:
crls- CRLs to be examined.- Returns:
- the current builder instance.
-
addCrls
Add a collection of CRLs to the checker.- Parameters:
crls- CRLs to be examined.- Returns:
- the current builder instance.
-
setDate
Set the current date for checking if not today.- Parameters:
validityDate- date we are validating for.- Returns:
- the current builder instance.
-
setCheckEndEntityOnly
- Parameters:
isTrue- true if only end-entities should be checked, false otherwise.- Returns:
- the current builder instance.
-
setSoftFail
Configure soft failure if CRLs/OCSP not available. If maxTime is greater than zero it represents the acceptable downtime for any responders or distribution points we are trying to connect to, with downtime measured from the first failure. Initially failures will log at Level.WARNING, once maxTime is exceeded any failures will be logged as Level.SEVERE. Setting maxTime to zero will mean 1 failure will be allowed before failures are logged as severe.- Parameters:
isTrue- true soft failure should be enabled, false otherwise.maxTime- the time that can pass between the first failure and the most recent.- Returns:
- the current builder instance.
-
setSoftFailHardLimit
Configure soft failure with a hard limit if CRLs/OCSP not available. If maxTime is greater than zero it represents the acceptable downtime for any responders or distribution points we are trying to connect to, with downtime measured from the first failure. Initially failures will log at Level.WARNING, once 75% of maxTime is exceeded any failures will be logged as Level.SEVERE. At maxTime any failures will be treated as hard, setting maxTime to zero will mean 1 failure will be allowed.- Parameters:
isTrue- true soft failure should be enabled, false otherwise.maxTime- the time that can pass between the first failure and the most recent.- Returns:
- the current builder instance.
-
setValidityModel
- Parameters:
validityModel- The validity model to set.- See Also:
-
usingProvider
Configure to use the installed provider with name ProviderName.- Parameters:
provider- provider to use.- Returns:
- the current builder instance.
-
usingProvider
Configure to use the installed provider with name ProviderName.- Parameters:
providerName- name of the installed provider to use.- Returns:
- the current builder instance.
-
build
Build a revocation checker conforming to the current builder.- Returns:
- a new X509RevocationChecker.
-