ConfigurationMBean
, DescriptorBean
, javax.management.DynamicMBean
, javax.management.MBeanRegistration
, javax.management.NotificationBroadcaster
, SettableBean
, WebLogicMBean
public interface CertRevocCaMBean extends ConfigurationMBean
This MBean represents the configuration of certificate revocation
checking for a specific certificate authority. Default values for
attributes in this MBean are derived from CertRevocMBean
.
CertRevocMBean
DEFAULT_EMPTY_BYTE_ARRAY
Modifier and Type | Method | Description |
---|---|---|
long |
getCrlDpDownloadTimeout() |
For this CA, determines the overall timeout for the Distribution Point CRL download,
expressed in seconds.
|
java.lang.String |
getCrlDpUrl() |
For this CA, determines the CRL Distribution Point URL to use as failover
or override for the URL found in the CRLDistributionPoints
extension in the certificate.
|
java.lang.String |
getCrlDpUrlUsage() |
For this CA, determines how
getCrlDpUrl is used:
as failover in case the URL in the certificate CRLDistributionPoints
extension is invalid or not found, or as a value overriding the
URL found in the certificate CRLDistributionPoints extension. |
java.lang.String |
getDistinguishedName() |
Determines the identity of this per-CA configuration using
the distinguished name (defined in RFC 2253), which is
used in certificates issued by the represented certificate
authority.
|
java.lang.String |
getMethodOrder() |
For this CA, determines the certificate revocation checking method order.
|
java.lang.String |
getOcspResponderCertIssuerName() |
For this CA, determines the explicitly trusted OCSP responder certificate
issuer name, when the attribute returned by
getOcspResponderExplicitTrustMethod is "USE_ISSUER_SERIAL_NUMBER". |
java.lang.String |
getOcspResponderCertSerialNumber() |
For this CA, determines the explicitly trusted OCSP responder certificate
serial number, when the attribute returned by
getOcspResponderExplicitTrustMethod is "USE_ISSUER_SERIAL_NUMBER". |
java.lang.String |
getOcspResponderCertSubjectName() |
For this CA, determines the explicitly trusted OCSP responder certificate
subject name, when the attribute returned by
getOcspResponderExplicitTrustMethod is "USE_SUBJECT". |
java.lang.String |
getOcspResponderExplicitTrustMethod() |
For this CA, determines whether the OCSP Explicit Trust model is
enabled and how the trusted certificate is specified.
|
java.lang.String |
getOcspResponderUrl() |
For this CA, determines the OCSP responder URL to use as failover or override
for the URL found in the certificate AIA.
|
java.lang.String |
getOcspResponderUrlUsage() |
For this CA, determines how
getOcspResponderUrl is used:
as failover in case the URL in the certificate AIA is invalid or not found,
or as a value overriding the URL found in the certificate AIA. |
long |
getOcspResponseTimeout() |
For this CA, determines the timeout for the OCSP response, expressed in seconds.
|
int |
getOcspTimeTolerance() |
For this CA, determines the time tolerance value for handling clock-skew differences
between clients and responders, expressed in seconds.
|
boolean |
isCheckingDisabled() |
For this CA, determines whether certificate revocation checking is disabled.
|
boolean |
isCrlDpBackgroundDownloadEnabled() |
For this CA, determines whether the CRL Distribution Point background downloading,
to automatically update the local CRL cache, is enabled.
|
boolean |
isCrlDpEnabled() |
For this CA, determines whether the CRL Distribution Point
processing to update the local CRL cache is enabled.
|
boolean |
isFailOnUnknownRevocStatus() |
For this CA, determines whether certificate path checking should fail, if
revocation status could not be determined.
|
boolean |
isOcspNonceEnabled() |
For this CA, determines whether a nonce is sent with OCSP requests, to force a
fresh (not pre-signed) response.
|
boolean |
isOcspResponseCacheEnabled() |
For this CA, determines whether the OCSP response local cache is enabled.
|
void |
setCheckingDisabled(boolean checkingDisabled) |
For this CA, specifies whether certificate revocation checking is disabled.
|
void |
setCrlDpBackgroundDownloadEnabled(boolean crlDpBackgroundDownloadEnabled) |
For this CA, specifies whether the CRL Distribution Point background downloading,
to automatically update the local CRL cache, is enabled.
|
void |
setCrlDpDownloadTimeout(long crlDpDownloadTimeout) |
For this CA, specifies the overall timeout for the Distribution Point CRL download,
expressed in seconds.
|
void |
setCrlDpEnabled(boolean crlDpEnabled) |
For this CA, specifies whether the CRL Distribution Point
processing to update the local CRL cache is enabled.
|
void |
setCrlDpUrl(java.lang.String crlDpUrl) |
For this CA, specifies the CRL Distribution Point URL to use as failover
or override for the URL found in the CRLDistributionPoints
extension in the certificate.
|
void |
setCrlDpUrlUsage(java.lang.String crlDpUrlUsage) |
For this CA, specifies how
getCrlDpUrl is used:
as failover in case the URL in the certificate CRLDistributionPoints
extension is invalid or not found, or as a value overriding the
URL found in the certificate CRLDistributionPoints extension. |
void |
setDistinguishedName(java.lang.String distinguishedName) |
Specifies the identity of this per-CA configuration using
the distinguished name (defined in RFC 2253), which is
used in certificates issued by the represented certificate
authority.
|
void |
setFailOnUnknownRevocStatus(boolean failOnUnknownRevocStatus) |
For this CA, specifies whether certificate path checking should fail, if
revocation status could not be determined.
|
void |
setMethodOrder(java.lang.String methodOrder) |
For this CA, specifies the certificate revocation checking method order.
|
void |
setOcspNonceEnabled(boolean ocspNonceEnabled) |
For this CA, specifies whether a nonce is sent with OCSP requests, to force a
fresh (not pre-signed) response.
|
void |
setOcspResponderCertIssuerName(java.lang.String ocspResponderCertIssuerName) |
For this CA, specifies the explicitly trusted OCSP responder certificate
issuer name, when the attribute returned by
getOcspResponderExplicitTrustMethod is "USE_ISSUER_SERIAL_NUMBER". |
void |
setOcspResponderCertSerialNumber(java.lang.String ocspResponderCertSerialNumber) |
For this CA, specifies the explicitly trusted OCSP responder certificate
serial number, when the attribute returned by
getOcspResponderExplicitTrustMethod is "USE_ISSUER_SERIAL_NUMBER". |
void |
setOcspResponderCertSubjectName(java.lang.String ocspResponderCertSubjectName) |
For this CA, specifies the explicitly trusted OCSP responder certificate
subject name, when the attribute returned by
getOcspResponderExplicitTrustMethod is "USE_SUBJECT". |
void |
setOcspResponderExplicitTrustMethod(java.lang.String ocspResponderExplicitTrustMethod) |
For this CA, specifies whether the OCSP Explicit Trust model is
enabled and how the trusted certificate is specified.
|
void |
setOcspResponderUrl(java.lang.String ocspResponderUrl) |
For this CA, specifies the OCSP responder URL to use as failover or override
for the URL found in the certificate AIA.
|
void |
setOcspResponderUrlUsage(java.lang.String ocspResponderUrlUsage) |
For this CA, specifies how
getOcspResponderUrl is used:
as failover in case the URL in the certificate AIA is invalid or not found,
or as a value overriding the URL found in the certificate AIA. |
void |
setOcspResponseCacheEnabled(boolean ocspResponseCacheEnabled) |
For this CA, specifies whether the OCSP response local cache is enabled.
|
void |
setOcspResponseTimeout(long ocspResponseTimeout) |
For this CA, specifies the timeout for the OCSP response, expressed in seconds.
|
void |
setOcspTimeTolerance(int ocspTimeTolerance) |
For this CA, specifies the time tolerance value for handling clock-skew differences
between clients and responders, expressed in seconds.
|
freezeCurrentValue, getId, getInheritedProperties, getName, getNotes, isDynamicallyCreated, isInherited, isSet, restoreDefaultValue, setComments, setDefaultedMBean, setName, setNotes, setPersistenceEnabled, unSet
addPropertyChangeListener, createChildCopyIncludingObsolete, getParentBean, isEditable, removePropertyChangeListener
getAttribute, getAttributes, invoke, setAttribute, setAttributes
postDeregister, postRegister, preDeregister, preRegister
addNotificationListener, getNotificationInfo, removeNotificationListener
getMBeanInfo, getObjectName, getParent, getType, isCachingDisabled, isRegistered, setParent
java.lang.String getDistinguishedName()
Determines the identity of this per-CA configuration using the distinguished name (defined in RFC 2253), which is used in certificates issued by the represented certificate authority.
For example:
"CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization,
L=MyTown, ST=MyState, C=US"
This will be used to match this configuration to issued certificates requiring revocation checking.
void setDistinguishedName(java.lang.String distinguishedName)
Specifies the identity of this per-CA configuration using the distinguished name (defined in RFC 2253), which is used in certificates issued by the represented certificate authority.
For example:
"CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization,
L=MyTown, ST=MyState, C=US"
This will be used to match this configuration to issued certificates requiring revocation checking.
distinguishedName
- A distinguishedName valuegetDistinguishedName()
boolean isCheckingDisabled()
For this CA, determines whether certificate revocation checking is disabled.
void setCheckingDisabled(boolean checkingDisabled)
For this CA, specifies whether certificate revocation checking is disabled.
checkingDisabled
- The checkingDisabled valueisCheckingDisabled()
boolean isFailOnUnknownRevocStatus()
For this CA, determines whether certificate path checking should fail, if revocation status could not be determined.
void setFailOnUnknownRevocStatus(boolean failOnUnknownRevocStatus)
For this CA, specifies whether certificate path checking should fail, if revocation status could not be determined.
failOnUnknownRevocStatus
- The failOnUnknownRevocStatus valueisFailOnUnknownRevocStatus()
java.lang.String getMethodOrder()
For this CA, determines the certificate revocation checking method order.
NOTE THAT omission of a specific method disables that method.
void setMethodOrder(java.lang.String methodOrder)
For this CA, specifies the certificate revocation checking method order.
NOTE THAT omission of a specific method disables that method.
methodOrder
- A String containing the method order.getMethodOrder()
java.lang.String getOcspResponderUrl()
For this CA, determines the OCSP responder URL to use as failover or override
for the URL found in the certificate AIA. The usage is determined by
getOcspResponderUrlUsage
.
null
if none.getOcspResponderUrlUsage()
void setOcspResponderUrl(java.lang.String ocspResponderUrl)
For this CA, specifies the OCSP responder URL to use as failover or override
for the URL found in the certificate AIA. The usage is determined by
getOcspResponderUrlUsage
.
ocspResponderUrl
- The ocspResponderUrl value, null
if none.getOcspResponderUrl()
,
getOcspResponderUrlUsage()
java.lang.String getOcspResponderUrlUsage()
For this CA, determines how getOcspResponderUrl
is used:
as failover in case the URL in the certificate AIA is invalid or not found,
or as a value overriding the URL found in the certificate AIA.
getOcspResponderUrl()
void setOcspResponderUrlUsage(java.lang.String ocspResponderUrlUsage)
For this CA, specifies how getOcspResponderUrl
is used:
as failover in case the URL in the certificate AIA is invalid or not found,
or as a value overriding the URL found in the certificate AIA.
ocspResponderUrlUsage
- The ocspResponderUrlUsage valuegetOcspResponderUrl()
,
getOcspResponderUrlUsage()
java.lang.String getOcspResponderExplicitTrustMethod()
For this CA, determines whether the OCSP Explicit Trust model is enabled and how the trusted certificate is specified.
The valid values:
getOcspResponderCertSubjectName()
.getOcspResponderCertIssuerName()
and
getOcspResponderCertSerialNumber()
, respectively.void setOcspResponderExplicitTrustMethod(java.lang.String ocspResponderExplicitTrustMethod)
For this CA, specifies whether the OCSP Explicit Trust model is enabled and how the trusted certificate is specified.
The valid values:
getOcspResponderCertSubjectName()
.getOcspResponderCertIssuerName()
and
getOcspResponderCertSerialNumber()
, respectively.ocspResponderExplicitTrustMethod
- The ocspResponderExplicitTrustMethod valuegetOcspResponderExplicitTrustMethod()
java.lang.String getOcspResponderCertSubjectName()
For this CA, determines the explicitly trusted OCSP responder certificate
subject name, when the attribute returned by
getOcspResponderExplicitTrustMethod
is "USE_SUBJECT".
The subject name is formatted as a distinguished name per RFC 2253, for example "CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US".
In cases where the subject name alone is not sufficient
to uniquely identify the certificate, then both the
and
getOcspResponderCertIssuerName()
may be used instead.getOcspResponderCertSerialNumber()
null
if none.getOcspResponderExplicitTrustMethod()
void setOcspResponderCertSubjectName(java.lang.String ocspResponderCertSubjectName)
For this CA, specifies the explicitly trusted OCSP responder certificate
subject name, when the attribute returned by
getOcspResponderExplicitTrustMethod
is "USE_SUBJECT".
The subject name is formatted as a distinguished name per RFC 2253, for example "CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US".
In cases where the subject name alone is not sufficient
to uniquely identify the certificate, then both the
and
getOcspResponderCertIssuerName()
may be used instead.getOcspResponderCertSerialNumber()
ocspResponderCertSubjectName
- The ocspResponderCertSubjectName value,
null
if none.getOcspResponderCertSubjectName()
,
getOcspResponderExplicitTrustMethod()
java.lang.String getOcspResponderCertIssuerName()
For this CA, determines the explicitly trusted OCSP responder certificate
issuer name, when the attribute returned by
getOcspResponderExplicitTrustMethod
is "USE_ISSUER_SERIAL_NUMBER".
The issuer name is formatted as a distinguished name per RFC 2253, for example "CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US".
When
returns a non-null value then the
getOcspResponderCertIssuerName()
must also be set.getOcspResponderCertSerialNumber()
null
if none.getOcspResponderExplicitTrustMethod()
void setOcspResponderCertIssuerName(java.lang.String ocspResponderCertIssuerName)
For this CA, specifies the explicitly trusted OCSP responder certificate
issuer name, when the attribute returned by
getOcspResponderExplicitTrustMethod
is "USE_ISSUER_SERIAL_NUMBER".
The issuer name is formatted as a distinguished name per RFC 2253, for example "CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US".
When
returns a non-null value then the
getOcspResponderCertIssuerName()
must also be set.getOcspResponderCertSerialNumber()
ocspResponderCertIssuerName
- The ocspResponderCertIssuerName value,
null
if none.getOcspResponderCertIssuerName()
,
getOcspResponderExplicitTrustMethod()
java.lang.String getOcspResponderCertSerialNumber()
For this CA, determines the explicitly trusted OCSP responder certificate
serial number, when the attribute returned by
getOcspResponderExplicitTrustMethod
is "USE_ISSUER_SERIAL_NUMBER".
The serial number is formatted as a hexidecimal string, with optional colon or space separators, for example "2A:FF:00".
When
returns a non-null value then the
getOcspResponderCertSerialNumber()
must also be set.getOcspResponderCertIssuerName()
null
if none.getOcspResponderExplicitTrustMethod()
void setOcspResponderCertSerialNumber(java.lang.String ocspResponderCertSerialNumber)
For this CA, specifies the explicitly trusted OCSP responder certificate
serial number, when the attribute returned by
getOcspResponderExplicitTrustMethod
is "USE_ISSUER_SERIAL_NUMBER".
The serial number is formatted as a hexidecimal string, with optional colon or space separators, for example "2A:FF:00".
When
returns a non-null value then the
getOcspResponderCertSerialNumber()
must also be set.getOcspResponderCertIssuerName()
ocspResponderCertSerialNumber
- The ocspResponderCertSerialNumber value,
null
if none.getOcspResponderCertSerialNumber()
,
getOcspResponderExplicitTrustMethod()
boolean isOcspNonceEnabled()
For this CA, determines whether a nonce is sent with OCSP requests, to force a fresh (not pre-signed) response.
void setOcspNonceEnabled(boolean ocspNonceEnabled)
For this CA, specifies whether a nonce is sent with OCSP requests, to force a fresh (not pre-signed) response.
ocspNonceEnabled
- The ocspNonceEnabled valueisOcspNonceEnabled()
boolean isOcspResponseCacheEnabled()
For this CA, determines whether the OCSP response local cache is enabled.
void setOcspResponseCacheEnabled(boolean ocspResponseCacheEnabled)
For this CA, specifies whether the OCSP response local cache is enabled.
ocspResponseCacheEnabled
- The ocspResponseCacheEnabled valueisOcspResponseCacheEnabled()
long getOcspResponseTimeout()
For this CA, determines the timeout for the OCSP response, expressed in seconds.
The valid range is 1 thru 300 seconds.
void setOcspResponseTimeout(long ocspResponseTimeout)
For this CA, specifies the timeout for the OCSP response, expressed in seconds.
The valid range is 1 thru 300 seconds.
ocspResponseTimeout
- The ocspResponseTimeout in seconds.getOcspResponseTimeout()
int getOcspTimeTolerance()
For this CA, determines the time tolerance value for handling clock-skew differences between clients and responders, expressed in seconds.
The validity period of the response is extended both into the future and into the past by the specified amount of time, effectively widening the validity interval.
The value is >=0 and <=900. The maximum allowed tolerance is 15 minutes.
void setOcspTimeTolerance(int ocspTimeTolerance)
For this CA, specifies the time tolerance value for handling clock-skew differences between clients and responders, expressed in seconds.
The validity period of the response is extended both into the future and into the past by the specified amount of time, effectively widening the validity interval.
The value is >=0 and <=900. The maximum allowed tolerance is 15 minutes.
ocspTimeTolerance
- The ocspTimeTolerance value in seconds.getOcspTimeTolerance()
boolean isCrlDpEnabled()
For this CA, determines whether the CRL Distribution Point processing to update the local CRL cache is enabled.
void setCrlDpEnabled(boolean crlDpEnabled)
For this CA, specifies whether the CRL Distribution Point processing to update the local CRL cache is enabled.
crlDpEnabled
- The crlDpEnabled valueisCrlDpEnabled()
long getCrlDpDownloadTimeout()
For this CA, determines the overall timeout for the Distribution Point CRL download, expressed in seconds.
The valid range is 1 thru 300 seconds.
void setCrlDpDownloadTimeout(long crlDpDownloadTimeout)
For this CA, specifies the overall timeout for the Distribution Point CRL download, expressed in seconds.
The valid range is 1 thru 300 seconds.
crlDpDownloadTimeout
- The crlDpDownloadTimeout value
in seconds.getCrlDpDownloadTimeout()
boolean isCrlDpBackgroundDownloadEnabled()
For this CA, determines whether the CRL Distribution Point background downloading, to automatically update the local CRL cache, is enabled.
void setCrlDpBackgroundDownloadEnabled(boolean crlDpBackgroundDownloadEnabled)
For this CA, specifies whether the CRL Distribution Point background downloading, to automatically update the local CRL cache, is enabled.
crlDpBackgroundDownloadEnabled
- The crlDpBackgroundDownloadEnabled valueisCrlDpBackgroundDownloadEnabled()
java.lang.String getCrlDpUrl()
For this CA, determines the CRL Distribution Point URL to use as failover or override for the URL found in the CRLDistributionPoints extension in the certificate.
null
if none.getCrlDpUrlUsage()
void setCrlDpUrl(java.lang.String crlDpUrl)
For this CA, specifies the CRL Distribution Point URL to use as failover or override for the URL found in the CRLDistributionPoints extension in the certificate.
crlDpUrl
- The CRL Distribution Point URL to use for failover
or override, null
if none.getCrlDpUrlUsage()
,
getCrlDpUrl()
java.lang.String getCrlDpUrlUsage()
For this CA, determines how getCrlDpUrl
is used:
as failover in case the URL in the certificate CRLDistributionPoints
extension is invalid or not found, or as a value overriding the
URL found in the certificate CRLDistributionPoints extension.
getCrlDpUrl()
void setCrlDpUrlUsage(java.lang.String crlDpUrlUsage)
For this CA, specifies how getCrlDpUrl
is used:
as failover in case the URL in the certificate CRLDistributionPoints
extension is invalid or not found, or as a value overriding the
URL found in the certificate CRLDistributionPoints extension.
crlDpUrlUsage
- The crlDpUrlUsage valuegetCrlDpUrlUsage()
,
getCrlDpUrl()