1 /*
2 * Copyright 2008 University Corporation for Advanced Internet Development, Inc.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 package org.opensaml.xml.security.x509;
18
19 /**
20 * Options which may be supplied to influence the processing behavior of a {@link PKIXTrustEvaluator}.
21 */
22 public class PKIXValidationOptions {
23
24 /** Flag as to whether empty CRL's will be processed. */
25 private boolean processEmptyCRLs;
26
27 /** Flag as to whether expired CRL's will be processed. */
28 private boolean processExpiredCRLs;
29
30 /** Flag as to whether CRL's supplied in the untrusted credential being evaluated will be processed. */
31 private boolean processCredentialCRLs;
32
33 /** Default verification depth. */
34 private Integer defaultVerificationDepth;
35
36 /** Constructor. */
37 public PKIXValidationOptions() {
38 processEmptyCRLs = true;
39 processExpiredCRLs = true;
40 processCredentialCRLs = true;
41
42 defaultVerificationDepth = new Integer(1);
43 }
44
45 /**
46 * Whether empty CRL's should be processed.
47 *
48 * <p>Default is: <b>true</b></p>
49 *
50 * @return Returns the processEmptyCRLs.
51 */
52 public boolean isProcessEmptyCRLs() {
53 return processEmptyCRLs;
54 }
55
56 /**
57 * Whether empty CRL's should be processed.
58 *
59 * <p>Default is: <b>true</b></p>
60 *
61 * @param processEmptyCRLs The processEmptyCRLs to set.
62 */
63 public void setProcessEmptyCRLs(boolean processEmptyCRLs) {
64 this.processEmptyCRLs = processEmptyCRLs;
65 }
66
67 /**
68 * Whether expired CRL's should be processed.
69 *
70 * <p>Default is: <b>true</b></p>
71 *
72 * @return Returns the processExpiredCRLs.
73 */
74 public boolean isProcessExpiredCRLs() {
75 return processExpiredCRLs;
76 }
77
78 /**
79 * Whether expired CRL's should be processed.
80 *
81 * <p>Default is: <b>true</b></p>
82 *
83 * @param processExpiredCRLs The processExpiredCRLs to set.
84 */
85 public void setProcessExpiredCRLs(boolean processExpiredCRLs) {
86 this.processExpiredCRLs = processExpiredCRLs;
87 }
88
89 /**
90 * Whether CRL's supplied within the untrusted {@link X509Credential} being evaluated should be processed.
91 *
92 * <p>Default is: <b>true</b></p>
93 *
94 * @return Returns the processCredentialCRLs.
95 */
96 public boolean isProcessCredentialCRLs() {
97 return processCredentialCRLs;
98 }
99
100 /**
101 * Whether CRL's supplied within the untrusted {@link X509Credential} being evaluated should be processed.
102 *
103 * <p>Default is: <b>true</b></p>
104 *
105 * @param processCredentialCRLs The processCredentialCRLs to set.
106 */
107 public void setProcessCredentialCRLs(boolean processCredentialCRLs) {
108 this.processCredentialCRLs = processCredentialCRLs;
109 }
110
111 /**
112 * The default PKIX maximum path verification depth, if not supplied in the
113 * {@link PKIXValidationInformation} being evaluated.
114 *
115 * <p>Default is: <b>1</b></p>
116 *
117 * @return Returns the defaultVerificationDepth.
118 */
119 public Integer getDefaultVerificationDepth() {
120 return defaultVerificationDepth;
121 }
122
123 /**
124 * The default PKIX maximum path verification depth, if not supplied in the
125 * {@link PKIXValidationInformation} being evaluated.
126 *
127 * <p>Default is: <b>1</b></p>
128 *
129 * @param defaultVerificationDepth The defaultVerificationDepth to set.
130 */
131 public void setDefaultVerificationDepth(Integer defaultVerificationDepth) {
132 if (defaultVerificationDepth == null) {
133 throw new IllegalArgumentException("Default verification depth may not be null");
134 }
135 this.defaultVerificationDepth = defaultVerificationDepth;
136 }
137
138 }