View Javadoc

1   /*
2    * Copyright 2008 University Corporation for Advanced Internet Development, Inc.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.opensaml.xml.security.x509;
18  
19  /**
20   * Options which may be supplied to influence the processing behavior of a {@link PKIXTrustEvaluator}.
21   */
22  public class PKIXValidationOptions {
23  
24      /** Flag as to whether empty CRL's will be processed. */
25      private boolean processEmptyCRLs;
26      
27      /** Flag as to whether expired CRL's will be processed. */
28      private boolean processExpiredCRLs;
29      
30      /** Flag as to whether CRL's supplied in the untrusted credential being evaluated will be processed. */
31      private boolean processCredentialCRLs;
32      
33      /** Default verification depth. */
34      private Integer defaultVerificationDepth;
35  
36      /** Constructor. */
37      public PKIXValidationOptions() {
38          processEmptyCRLs = true;
39          processExpiredCRLs = true;
40          processCredentialCRLs = true;
41          
42          defaultVerificationDepth = new Integer(1);
43      }
44  
45      /**
46       * Whether empty CRL's should be processed.
47       * 
48       * <p>Default is: <b>true</b></p>
49       * 
50       * @return Returns the processEmptyCRLs.
51       */
52      public boolean isProcessEmptyCRLs() {
53          return processEmptyCRLs;
54      }
55  
56      /**
57       * Whether empty CRL's should be processed.
58       * 
59       * <p>Default is: <b>true</b></p>
60       * 
61       * @param processEmptyCRLs The processEmptyCRLs to set.
62       */
63      public void setProcessEmptyCRLs(boolean processEmptyCRLs) {
64          this.processEmptyCRLs = processEmptyCRLs;
65      }
66  
67      /**
68       * Whether expired CRL's should be processed.
69       * 
70       * <p>Default is: <b>true</b></p>
71       * 
72       * @return Returns the processExpiredCRLs.
73       */
74      public boolean isProcessExpiredCRLs() {
75          return processExpiredCRLs;
76      }
77  
78      /**
79       * Whether expired CRL's should be processed.
80       * 
81       * <p>Default is: <b>true</b></p>
82       * 
83       * @param processExpiredCRLs The processExpiredCRLs to set.
84       */
85      public void setProcessExpiredCRLs(boolean processExpiredCRLs) {
86          this.processExpiredCRLs = processExpiredCRLs;
87      }
88  
89      /**
90       * Whether CRL's supplied within the untrusted {@link X509Credential} being evaluated should be processed.
91       * 
92       * <p>Default is: <b>true</b></p>
93       * 
94       * @return Returns the processCredentialCRLs.
95       */
96      public boolean isProcessCredentialCRLs() {
97          return processCredentialCRLs;
98      }
99  
100     /**
101      * Whether CRL's supplied within the untrusted {@link X509Credential} being evaluated should be processed.
102      * 
103      * <p>Default is: <b>true</b></p>
104      * 
105      * @param processCredentialCRLs The processCredentialCRLs to set.
106      */
107     public void setProcessCredentialCRLs(boolean processCredentialCRLs) {
108         this.processCredentialCRLs = processCredentialCRLs;
109     }
110 
111     /**
112      * The default PKIX maximum path verification depth, if not supplied in the 
113      * {@link PKIXValidationInformation} being evaluated.
114      * 
115      * <p>Default is: <b>1</b></p>
116      * 
117      * @return Returns the defaultVerificationDepth.
118      */
119     public Integer getDefaultVerificationDepth() {
120         return defaultVerificationDepth;
121     }
122 
123     /**
124      * The default PKIX maximum path verification depth, if not supplied in the 
125      * {@link PKIXValidationInformation} being evaluated.
126      * 
127      * <p>Default is: <b>1</b></p>
128      * 
129      * @param defaultVerificationDepth The defaultVerificationDepth to set.
130      */
131     public void setDefaultVerificationDepth(Integer defaultVerificationDepth) {
132         if (defaultVerificationDepth == null) {
133             throw new IllegalArgumentException("Default verification depth may not be null");
134         }
135         this.defaultVerificationDepth = defaultVerificationDepth;
136     }
137 
138 }