PKIXRevocationChecker.Option

AI-generated Key Takeaways

PKIXRevocationChecker.Option is an enum defining various options for certificate revocation checking mechanisms.
Options include disabling fallback (NO_FALLBACK), checking only end-entity certificates (ONLY_END_ENTITY), preferring CRLs over OCSP (PREFER_CRLS), and allowing checks to succeed under specific soft-fail conditions (SOFT_FAIL).
Each option influences how the revocation status of certificates is determined during the validation process.
SOFT_FAIL allows for network errors or specific OCSP responder errors to be ignored but recorded as exceptions retrievable through getSoftFailExceptions.

public static final enum PKIXRevocationChecker.Option extends Enum<PKIXRevocationChecker.Option>

Various revocation options that can be specified for the revocation checking mechanism.

Inherited Method Summary

From class java.lang.Enum

final Object	clone() Throws CloneNotSupportedException.
final int	compareTo(PKIXRevocationChecker.Option o) Compares this enum with the specified object for order.
final boolean	equals(Object other) Returns true if the specified object is equal to this enum constant.
final void	finalize() enum classes cannot have finalize methods.
final Class<PKIXRevocationChecker.Option>	getDeclaringClass() Returns the Class object corresponding to this enum constant's enum type.
final int	hashCode() Returns a hash code for this enum constant.
final String	name() Returns the name of this enum constant, exactly as declared in its enum declaration.
final int	ordinal() Returns the ordinal of this enumeration constant (its position in its enum declaration, where the initial constant is assigned an ordinal of zero).
String	toString() Returns the name of this enum constant, as contained in the declaration.
static <T extends Enum<T>> T	valueOf(Class<T> enumType, String name) Returns the enum constant of the specified enum type with the specified name.

From class java.lang.Object

Object	clone() Creates and returns a copy of this `Object`.
boolean	equals(Object obj) Compares this instance with the specified object and indicates if they are equal.
void	finalize() Invoked when the garbage collector has detected that this instance is no longer reachable.
final Class<?>	getClass() Returns the unique instance of `Class` that represents this object's class.
int	hashCode() Returns an integer hash code for this object.
final void	notify() Causes a thread which is waiting on this object's monitor (by means of calling one of the `wait()` methods) to be woken up.
final void	notifyAll() Causes all threads which are waiting on this object's monitor (by means of calling one of the `wait()` methods) to be woken up.
String	toString() Returns a string containing a concise, human-readable description of this object.
final void	wait(long timeout, int nanos) Causes the calling thread to wait until another thread calls the `notify()` or `notifyAll()` method of this object or until the specified timeout expires.
final void	wait(long timeout) Causes the calling thread to wait until another thread calls the `notify()` or `notifyAll()` method of this object or until the specified timeout expires.
final void	wait() Causes the calling thread to wait until another thread calls the `notify()` or `notifyAll()` method of this object.

From interface java.lang.Comparable

abstract int

compareTo(PKIXRevocationChecker.Option o)

Compares this object with the specified object for order.

Enum Values

public static final PKIXRevocationChecker.Option NO_FALLBACK

Disable the fallback mechanism.

public static final PKIXRevocationChecker.Option ONLY_END_ENTITY

Only check the revocation status of end-entity certificates.

public static final PKIXRevocationChecker.Option PREFER_CRLS

Prefer CRLs to OSCP. The default behavior is to prefer OCSP. Each PKIX implementation should document further details of their specific preference rules and fallback policies.

public static final PKIXRevocationChecker.Option SOFT_FAIL

Allow revocation check to succeed if the revocation status cannot be determined for one of the following reasons:

The CRL or OCSP response cannot be obtained because of a network error.
The OCSP responder returns one of the following errors specified in section 2.3 of RFC 2560: internalError or tryLater.

Note that these conditions apply to both OCSP and CRLs, and unless the NO_FALLBACK option is set, the revocation check is allowed to succeed only if both mechanisms fail under one of the conditions as stated above. Exceptions that cause the network errors are ignored but can be later retrieved by calling the getSoftFailExceptions method.

PKIXRevocationChecker.Option Stay organized with collections Save and categorize content based on your preferences.