Constructor Detail

• Builder

  public Builder​(java.security.cert.TrustAnchor trustAnchor)

  Base constructor.

  Parameters:

  trustAnchor - the trust anchor our chain should start with.

• Builder

  public Builder​(java.util.Set<java.security.cert.TrustAnchor> trustAnchors)

  Base constructor.

  Parameters:

  trustAnchors - a set of potential trust anchors

• Builder

  public Builder​(java.security.KeyStore trustStore)
          throws java.security.KeyStoreException

  Base constructor.

  Parameters:

  trustStore - a keystore of potential trust anchors

  Throws:

  java.security.KeyStoreException

Method Detail

• addCrls

  public X509RevocationChecker.Builder addCrls​(java.security.cert.CertStore crls)

  Add a collection of CRLs to the checker.

  Parameters:

  crls - CRLs to be examined.

  Returns:

  the current builder instance.

• addCrls

  public X509RevocationChecker.Builder addCrls​(org.bouncycastle.util.Store<java.security.cert.CRL> crls)

  Add a collection of CRLs to the checker.

  Parameters:

  crls - CRLs to be examined.

  Returns:

  the current builder instance.

• setCheckEndEntityOnly

  public X509RevocationChecker.Builder setCheckEndEntityOnly​(boolean isTrue)

  Parameters:

  isTrue - true if only end-entities should be checked, false otherwise.

  Returns:

  the current builder instance.

• setSoftFail

  public X509RevocationChecker.Builder setSoftFail​(boolean isTrue,
                                                   long maxTime)

  Configure soft failure if CRLs/OCSP not available. If maxTime is greater than zero it represents the acceptable downtime for any responders or distribution points we are trying to connect to, with downtime measured from the first failure. Initially failures will log at Level.WARNING, once maxTime is exceeded any failures will be logged as Level.SEVERE. Setting maxTime to zero will mean 1 failure will be allowed before failures are logged as severe.

  Parameters:

  isTrue - true soft failure should be enabled, false otherwise.

  maxTime - the time that can pass between the first failure and the most recent.

  Returns:

  the current builder instance.

• setSoftFailHardLimit

  public X509RevocationChecker.Builder setSoftFailHardLimit​(boolean isTrue,
                                                            long maxTime)

  Configure soft failure with a hard limit if CRLs/OCSP not available. If maxTime is greater than zero it represents the acceptable downtime for any responders or distribution points we are trying to connect to, with downtime measured from the first failure. Initially failures will log at Level.WARNING, once 75% of maxTime is exceeded any failures will be logged as Level.SEVERE. At maxTime any failures will be treated as hard, setting maxTime to zero will mean 1 failure will be allowed.

  Parameters:

  isTrue - true soft failure should be enabled, false otherwise.

  maxTime - the time that can pass between the first failure and the most recent.

  Returns:

  the current builder instance.

• setValidityModel

  public X509RevocationChecker.Builder setValidityModel​(int validityModel)

  Parameters:

  validityModel - The validity model to set.

  See Also:

  X509RevocationChecker.CHAIN_VALIDITY_MODEL, X509RevocationChecker.PKIX_VALIDITY_MODEL

• usingProvider

  public X509RevocationChecker.Builder usingProvider​(java.security.Provider provider)

  Configure to use the installed provider with name ProviderName.

  Parameters:

  provider - provider to use.

  Returns:

  the current builder instance.

• usingProvider

  public X509RevocationChecker.Builder usingProvider​(java.lang.String providerName)

  Configure to use the installed provider with name ProviderName.

  Parameters:

  providerName - name of the installed provider to use.

  Returns:

  the current builder instance.

• build

  public X509RevocationChecker build()

  Build a revocation checker conforming to the current builder.

  Returns:

  a new X509RevocationChecker.