Package weblogic.management.configuration

Interface CertRevocMBean

All Superinterfaces:

ConfigurationMBean, DescriptorBean, javax.management.DynamicMBean, javax.management.MBeanRegistration, javax.management.NotificationBroadcaster, SettableBean, WebLogicMBean

public interface CertRevocMBean
extends ConfigurationMBean

This MBean represents the configuration of the certificate revocation checking across all certificate authorities. Many of the attributes in this MBean may be overridden per certificate authority using the specific CertRevocCaMBean.

See Also:

CertRevocCaMBean

Field Summary

Fields inherited from interface weblogic.management.configuration.ConfigurationMBean

DEFAULT_EMPTY_BYTE_ARRAY

Method Summary

Modifier and Type	Method	Description
CertRevocCaMBean	createCertRevocCa(java.lang.String name)	This is the factory method for certificate revocation checking configuration CA overrides.
void	destroyCertRevocCa(CertRevocCaMBean child)	Destroys and removes a certificate authority override, which is a child of this certificate revocation checking configuration.
CertRevocCaMBean[]	getCertRevocCas()	Returns the CertRevocCaMBeans representing the certificate authority overrides, which have been configured to be part of this certificate revocation checking configuration.
int	getCrlCacheRefreshPeriodPercent()	Determines the refresh period for the CRL local cache, expressed as a percentage of the validity period of the CRL.
java.lang.String	getCrlCacheType()	Determines the type of CRL cache, related to the physical storage of the CRLs.
java.lang.String	getCrlCacheTypeLdapHostname()	Determines the remote hostname for the LDAP server containing CRLs.
int	getCrlCacheTypeLdapPort()	Determines the remote port for the LDAP server containing CRLs.
int	getCrlCacheTypeLdapSearchTimeout()	Determines how long to wait for CRL search results from the LDAP server.
long	getCrlDpDownloadTimeout()	Determines the overall timeout for the Distribution Point CRL download, expressed in seconds.
java.lang.String	getMethodOrder()	Determines the certificate revocation checking method order.
int	getOcspResponseCacheCapacity()	Determines the maximum number of entries supported by the OCSP response local cache.
int	getOcspResponseCacheRefreshPeriodPercent()	Determines the refresh period for the OCSP response local cache, expressed as a percentage of the validity period of the response.
long	getOcspResponseTimeout()	Determines the timeout for the OCSP response, expressed in seconds.
int	getOcspTimeTolerance()	Determines the time tolerance value for handling clock-skew differences between clients and responders, expressed in seconds.
boolean	isCheckingEnabled()	Determines whether certificate revocation checking is enabled.
boolean	isCrlDpBackgroundDownloadEnabled()	Determines whether the CRL Distribution Point background downloading, to automatically update the local CRL cache, is enabled.
boolean	isCrlDpEnabled()	Determines whether the CRL Distribution Point processing to update the local CRL cache is enabled.
boolean	isFailOnUnknownRevocStatus()	Determines whether certificate path checking should fail, if revocation status could not be determined.
boolean	isOcspNonceEnabled()	Determines whether a nonce is sent with OCSP requests, to force a fresh (not pre-signed) response.
boolean	isOcspResponseCacheEnabled()	Determines whether the OCSP response local cache is enabled.
CertRevocCaMBean	lookupCertRevocCa(java.lang.String name)	Lookup a particular CertRevocCaMBean from the list.
void	setCheckingEnabled(boolean checkingEnabled)	Specifies whether certificate revocation checking is enabled.
void	setCrlCacheRefreshPeriodPercent(int crlCacheRefreshPeriodPercent)	Specifies the refresh period for the CRL local cache, expressed as a percentage of the validity period of the CRL.
void	setCrlCacheType(java.lang.String crlCacheType)	Specifies the type of CRL cache, related to the physical storage of the CRLs.
void	setCrlCacheTypeLdapHostname(java.lang.String crlCacheTypeLdapHostname)	Specifies the remote hostname for the LDAP server containing CRLs.
void	setCrlCacheTypeLdapPort(int crlCacheTypeLdapPort)	Specifies the remote port for the LDAP server containing CRLs.
void	setCrlCacheTypeLdapSearchTimeout(int crlCacheTypeLdapSearchTimeout)	Specifies how long to wait for CRL search results from the LDAP server.
void	setCrlDpBackgroundDownloadEnabled(boolean crlDpBackgroundDownloadEnabled)	Specifies whether the CRL Distribution Point background downloading, to automatically update the local CRL cache, is enabled.
void	setCrlDpDownloadTimeout(long crlDpDownloadTimeout)	Specifies the overall timeout for the Distribution Point CRL download, expressed in seconds.
void	setCrlDpEnabled(boolean crlDpEnabled)	Specifies whether the CRL Distribution Point processing to update the local CRL cache is enabled.
void	setFailOnUnknownRevocStatus(boolean failOnUnknownRevocStatus)	Specifies whether certificate path checking should fail, if revocation status could not be determined.
void	setMethodOrder(java.lang.String methodOrder)	Specifies the certificate revocation checking method order.
void	setOcspNonceEnabled(boolean ocspNonceEnabled)	Specifies whether a nonce is sent with OCSP requests, to force a fresh (not pre-signed) response.
void	setOcspResponseCacheCapacity(int ocspResponseCacheCapacity)	Specifies the maximum number of entries supported by the OCSP response local cache.
void	setOcspResponseCacheEnabled(boolean ocspResponseCacheEnabled)	Specifies whether the OCSP response local cache is enabled.
void	setOcspResponseCacheRefreshPeriodPercent(int ocspResponseCacheRefreshPeriodPercent)	Specifies the refresh period for the OCSP response local cache, expressed as a percentage of the validity period of the response.
void	setOcspResponseTimeout(long ocspResponseTimeout)	Specifies the timeout for the OCSP response, expressed in seconds.
void	setOcspTimeTolerance(int ocspTimeTolerance)	Specifies the time tolerance value for handling clock-skew differences between clients and responders, expressed in seconds.

Methods inherited from interface weblogic.management.configuration.ConfigurationMBean

freezeCurrentValue, getId, getInheritedProperties, getName, getNotes, isDynamicallyCreated, isInherited, isSet, restoreDefaultValue, setComments, setDefaultedMBean, setName, setNotes, setPersistenceEnabled, unSet

Methods inherited from interface weblogic.descriptor.DescriptorBean

addPropertyChangeListener, createChildCopyIncludingObsolete, getParentBean, isEditable, removePropertyChangeListener

Methods inherited from interface javax.management.DynamicMBean

getAttribute, getAttributes, invoke, setAttribute, setAttributes

Methods inherited from interface javax.management.MBeanRegistration

postDeregister, postRegister, preDeregister, preRegister

Methods inherited from interface javax.management.NotificationBroadcaster

addNotificationListener, getNotificationInfo, removeNotificationListener

Methods inherited from interface weblogic.management.WebLogicMBean

getMBeanInfo, getObjectName, getParent, getType, isCachingDisabled, isRegistered, setParent

Method Detail

isCheckingEnabled

boolean isCheckingEnabled()

Determines whether certificate revocation checking is enabled.

Returns:

The checkingEnabled value

Default Value:

CertRevocMBean.DEFAULT_CHECKING_ENABLED

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setCheckingEnabled

void setCheckingEnabled(boolean checkingEnabled)

Specifies whether certificate revocation checking is enabled.

Parameters:

checkingEnabled - The checkingEnabled value

See Also:

isCheckingEnabled()

isFailOnUnknownRevocStatus

boolean isFailOnUnknownRevocStatus()

Determines whether certificate path checking should fail, if revocation status could not be determined.

Returns:

The failOnUnknownRevocStatus value

Default Value:

CertRevocMBean.DEFAULT_FAIL_ON_UNKNOWN_REVOC_STATUS

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setFailOnUnknownRevocStatus

void setFailOnUnknownRevocStatus(boolean failOnUnknownRevocStatus)

Specifies whether certificate path checking should fail, if revocation status could not be determined.

Parameters:

failOnUnknownRevocStatus - The failOnUnknownRevocStatus value

See Also:

isFailOnUnknownRevocStatus()

getMethodOrder

java.lang.String getMethodOrder()

Determines the certificate revocation checking method order.

NOTE that omission of a specific method disables that method.

Returns:

A String containing the method order.

Default Value:

CertRevocMBean.DEFAULT_METHOD_ORDER

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

Valid Values:

CertRevocMBean.METHOD_OCSP, CertRevocMBean.METHOD_CRL, CertRevocMBean.METHOD_OCSP_THEN_CRL, CertRevocMBean.METHOD_CRL_THEN_OCSP

setMethodOrder

void setMethodOrder(java.lang.String methodOrder)

Specifies the certificate revocation checking method order.

NOTE THAT omission of a specific method disables that method.

Parameters:

methodOrder - A String containing the method order.

See Also:

getMethodOrder()

isOcspNonceEnabled

boolean isOcspNonceEnabled()

Determines whether a nonce is sent with OCSP requests, to force a fresh (not pre-signed) response.

Returns:

The ocspNonceEnabled value

Default Value:

CertRevocMBean.DEFAULT_OCSP_NONCE_ENABLED

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setOcspNonceEnabled

void setOcspNonceEnabled(boolean ocspNonceEnabled)

Specifies whether a nonce is sent with OCSP requests, to force a fresh (not pre-signed) response.

Parameters:

ocspNonceEnabled - The ocspNonceEnabled value

See Also:

isOcspNonceEnabled()

isOcspResponseCacheEnabled

boolean isOcspResponseCacheEnabled()

Determines whether the OCSP response local cache is enabled.

Returns:

The ocspResponseCacheEnabled value

Default Value:

CertRevocMBean.DEFAULT_OCSP_RESPONSE_CACHE_ENABLED

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setOcspResponseCacheEnabled

void setOcspResponseCacheEnabled(boolean ocspResponseCacheEnabled)

Specifies whether the OCSP response local cache is enabled.

Parameters:

ocspResponseCacheEnabled - The ocspResponseCacheEnabled value

See Also:

isOcspResponseCacheEnabled()

getOcspResponseCacheCapacity

int getOcspResponseCacheCapacity()

Determines the maximum number of entries supported by the OCSP response local cache. The minimum value is 1.

Returns:

The ocspResponseCacheCapacity value

Default Value:

CertRevocMBean.DEFAULT_OCSP_RESPONSE_CACHE_CAPACITY

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

Maximum Value:

java.lang.Integer.MAX_VALUE

Minimum Value:

1

setOcspResponseCacheCapacity

void setOcspResponseCacheCapacity(int ocspResponseCacheCapacity)

Specifies the maximum number of entries supported by the OCSP response local cache. The minimum value is 1.

Parameters:

ocspResponseCacheCapacity - The ocspResponseCacheCapacity value

See Also:

getOcspResponseCacheCapacity()

getOcspResponseCacheRefreshPeriodPercent

int getOcspResponseCacheRefreshPeriodPercent()

Determines the refresh period for the OCSP response local cache, expressed as a percentage of the validity period of the response.

For example, for a validity period of 10 hours, a value of 10% specifies a refresh every 1 hour.

The validity period is determined by the OCSP response, and is calculated as the (next reported update time) - (this update time).

The valid range is 1 through 100.

Returns:

The ocspResponseCacheRefreshPeriodPercent value

Default Value:

CertRevocMBean.DEFAULT_OCSP_RESPONSE_CACHE_REFRESH_PERIOD_PERCENT

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

Maximum Value:

100

Minimum Value:

1

setOcspResponseCacheRefreshPeriodPercent

void setOcspResponseCacheRefreshPeriodPercent(int ocspResponseCacheRefreshPeriodPercent)

Specifies the refresh period for the OCSP response local cache, expressed as a percentage of the validity period of the response.

For example, for a validity period of 10 hours, a value of 10% specifies a refresh every 1 hour.

The validity period is determined by the OCSP response, and is calculated as the (next reported update time) - (this update time).

The valid range is 1 through 100.

Parameters:

ocspResponseCacheRefreshPeriodPercent - The ocspResponseCacheRefreshPeriodPercent value

See Also:

getOcspResponseCacheRefreshPeriodPercent()

getOcspResponseTimeout

long getOcspResponseTimeout()

Determines the timeout for the OCSP response, expressed in seconds.

The valid range is 1 thru 300 seconds.

Returns:

The ocspResponseTimeout in seconds.

Default Value:

CertRevocMBean.DEFAULT_OCSP_RESPONSE_TIMEOUT

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

Maximum Value:

CertRevocMBean.MAX_OCSP_RESPONSE_TIMEOUT

Minimum Value:

CertRevocMBean.MIN_OCSP_RESPONSE_TIMEOUT

setOcspResponseTimeout

void setOcspResponseTimeout(long ocspResponseTimeout)

Specifies the timeout for the OCSP response, expressed in seconds.

The valid range is 1 thru 300 seconds.

Parameters:

ocspResponseTimeout - The ocspResponseTimeout in seconds.

See Also:

getOcspResponseTimeout()

getOcspTimeTolerance

int getOcspTimeTolerance()

Determines the time tolerance value for handling clock-skew differences between clients and responders, expressed in seconds.

The validity period of the response is extended both into the future and into the past by the specified amount of time, effectively widening the validity interval.

The value is >=0 and <=900. The maximum allowed tolerance is 15 minutes.

Returns:

The ocspTimeTolerance value in seconds.

Default Value:

CertRevocMBean.DEFAULT_OCSP_TIME_TOLERANCE

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

Maximum Value:

CertRevocMBean.MAX_OCSP_TIME_TOLERANCE

Minimum Value:

CertRevocMBean.MIN_OCSP_TIME_TOLERANCE

setOcspTimeTolerance

void setOcspTimeTolerance(int ocspTimeTolerance)

Specifies the time tolerance value for handling clock-skew differences between clients and responders, expressed in seconds.

The validity period of the response is extended both into the future and into the past by the specified amount of time, effectively widening the validity interval.

The value is >=0 and <=900. The maximum allowed tolerance is 15 minutes.

Parameters:

ocspTimeTolerance - The ocspTimeTolerance value in seconds.

See Also:

getOcspTimeTolerance()

getCrlCacheType

java.lang.String getCrlCacheType()

Determines the type of CRL cache, related to the physical storage of the CRLs. The ldap CRL cache type can be specified, but is not currently supported.

The value specified in this attribute determines which related CrlCacheType* attributes apply.

Returns:

The crlCacheType value

Default Value:

CertRevocMBean.DEFAULT_CRL_CACHE_TYPE

Changes to this property take effect after you redeploy the module or restart the server. If the resource is in a partition, restart the partition.

Valid Values:

CertRevocMBean.CRL_CACHE_TYPE_FILE, CertRevocMBean.CRL_CACHE_TYPE_LDAP

setCrlCacheType

void setCrlCacheType(java.lang.String crlCacheType)

Specifies the type of CRL cache, related to the physical storage of the CRLs.

The value specified in this attribute determines which related CrlCacheType* attributes apply. For example, if CrlCacheType is ldap, see related attributes like getCrlCacheTypeLdapHostname().

Parameters:

crlCacheType - The crlCacheType value

See Also:

getCrlCacheType()

getCrlCacheTypeLdapHostname

java.lang.String getCrlCacheTypeLdapHostname()

Determines the remote hostname for the LDAP server containing CRLs.

This attribute applies when value CRL_CACHE_TYPE_LDAP is returned from getCrlCacheType().

Returns:

The crlCacheTypeLdapHostname value, null if unspecified.

Default Value:

CertRevocMBean.DEFAULT_CRL_CACHE_TYPE_LDAP_HOST_NAME

Changes to this property take effect after you redeploy the module or restart the server. If the resource is in a partition, restart the partition.

setCrlCacheTypeLdapHostname

void setCrlCacheTypeLdapHostname(java.lang.String crlCacheTypeLdapHostname)

Specifies the remote hostname for the LDAP server containing CRLs.

This attribute applies when value CRL_CACHE_TYPE_LDAP is returned from getCrlCacheType().

Parameters:

crlCacheTypeLdapHostname - The crlCacheTypeLdapHostname value, null if unspecified.

See Also:

getCrlCacheTypeLdapHostname()

getCrlCacheTypeLdapPort

int getCrlCacheTypeLdapPort()

Determines the remote port for the LDAP server containing CRLs.

This attribute applies when value CRL_CACHE_TYPE_LDAP is returned from getCrlCacheType().

The valid range is -1, 1 through 65535.

Returns:

The crlCacheTypeLdapPort value, -1 if unspecified.

Default Value:

CertRevocMBean.DEFAULT_CRL_CACHE_TYPE_LDAP_PORT

Changes to this property take effect after you redeploy the module or restart the server. If the resource is in a partition, restart the partition.

setCrlCacheTypeLdapPort

void setCrlCacheTypeLdapPort(int crlCacheTypeLdapPort)

Specifies the remote port for the LDAP server containing CRLs.

This attribute applies when value CRL_CACHE_TYPE_LDAP is returned from getCrlCacheType().

The valid range is -1, 1 through 65535.

Parameters:

crlCacheTypeLdapPort - The crlCacheTypeLdapPort value, -1 if unspecified.

See Also:

getCrlCacheTypeLdapPort()

getCrlCacheTypeLdapSearchTimeout

int getCrlCacheTypeLdapSearchTimeout()

Determines how long to wait for CRL search results from the LDAP server.

This attribute applies when value CRL_CACHE_TYPE_LDAP is returned from getCrlCacheType().

The valid range is 1 thru 300 seconds.

Returns:

The crlCacheTypeLdapSearchTimeout value in seconds.

Default Value:

CertRevocMBean.DEFAULT_CRL_CACHE_TYPE_LDAP_SEARCH_TIMEOUT

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

Maximum Value:

CertRevocMBean.MAX_CRL_CACHE_TYPE_LDAP_SEARCH_TIMEOUT

Minimum Value:

CertRevocMBean.MIN_CRL_CACHE_TYPE_LDAP_SEARCH_TIMEOUT

setCrlCacheTypeLdapSearchTimeout

void setCrlCacheTypeLdapSearchTimeout(int crlCacheTypeLdapSearchTimeout)

Specifies how long to wait for CRL search results from the LDAP server.

This attribute applies when value CRL_CACHE_TYPE_LDAP is returned from getCrlCacheType().

The valid range is 1 thru 300 seconds.

Parameters:

crlCacheTypeLdapSearchTimeout - The crlCacheTypeLdapSearchTimeout value in seconds.

See Also:

getCrlCacheTypeLdapSearchTimeout()

getCrlCacheRefreshPeriodPercent

int getCrlCacheRefreshPeriodPercent()

Determines the refresh period for the CRL local cache, expressed as a percentage of the validity period of the CRL.

For example, for a validity period of 10 hours, a value of 10% specifies a refresh every 1 hour.

The validity period is determined by the CRL, and is calculated as the (next reported update time) - (this update time).

The valid range is 1 through 100.

Returns:

The crlCacheRefreshPeriodPercent value

Default Value:

CertRevocMBean.DEFAULT_CRL_CACHE_REFRESH_PERIOD_PERCENT

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

Maximum Value:

100

Minimum Value:

1

setCrlCacheRefreshPeriodPercent

void setCrlCacheRefreshPeriodPercent(int crlCacheRefreshPeriodPercent)

Specifies the refresh period for the CRL local cache, expressed as a percentage of the validity period of the CRL.

For example, for a validity period of 10 hours, a value of 10% specifies a refresh every 1 hour.

The validity period is determined by the CRL, and is calculated as the (next reported update time) - (this update time).

The valid range is 1 through 100.

Parameters:

crlCacheRefreshPeriodPercent - The crlCacheRefreshPeriodPercent value

See Also:

getCrlCacheRefreshPeriodPercent()

isCrlDpEnabled

boolean isCrlDpEnabled()

Determines whether the CRL Distribution Point processing to update the local CRL cache is enabled.

Returns:

The crlDpEnabled value

Default Value:

CertRevocMBean.DEFAULT_CRL_DP_ENABLED

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setCrlDpEnabled

void setCrlDpEnabled(boolean crlDpEnabled)

Specifies whether the CRL Distribution Point processing to update the local CRL cache is enabled.

Parameters:

crlDpEnabled - The crlDpEnabled value

See Also:

isCrlDpEnabled()

getCrlDpDownloadTimeout

long getCrlDpDownloadTimeout()

Determines the overall timeout for the Distribution Point CRL download, expressed in seconds.

The valid range is 1 thru 300 seconds.

Returns:

The crlDpDownloadTimeout value in seconds.

Default Value:

CertRevocMBean.DEFAULT_CRL_DP_DOWNLOAD_TIMEOUT

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

Maximum Value:

CertRevocMBean.MAX_CRL_DP_DOWNLOAD_TIMEOUT

Minimum Value:

CertRevocMBean.MIN_CRL_DP_DOWNLOAD_TIMEOUT

setCrlDpDownloadTimeout

void setCrlDpDownloadTimeout(long crlDpDownloadTimeout)

Specifies the overall timeout for the Distribution Point CRL download, expressed in seconds.

The valid range is 1 thru 300 seconds.

Parameters:

crlDpDownloadTimeout - The crlDpDownloadTimeout value in seconds.

See Also:

getCrlDpDownloadTimeout()

isCrlDpBackgroundDownloadEnabled

boolean isCrlDpBackgroundDownloadEnabled()

Determines whether the CRL Distribution Point background downloading, to automatically update the local CRL cache, is enabled.

Returns:

The crlDpBackgroundDownloadEnabled value

Default Value:

CertRevocMBean.DEFAULT_CRL_DP_BACKGROUND_DOWNLOAD_ENABLED

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setCrlDpBackgroundDownloadEnabled

void setCrlDpBackgroundDownloadEnabled(boolean crlDpBackgroundDownloadEnabled)

Specifies whether the CRL Distribution Point background downloading, to automatically update the local CRL cache, is enabled.

Parameters:

crlDpBackgroundDownloadEnabled - The crlDpBackgroundDownloadEnabled value

See Also:

isCrlDpBackgroundDownloadEnabled()

getCertRevocCas

CertRevocCaMBean[] getCertRevocCas()

Returns the CertRevocCaMBeans representing the certificate authority overrides, which have been configured to be part of this certificate revocation checking configuration.

Returns:

The CA overrides

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

createCertRevocCa

CertRevocCaMBean createCertRevocCa(java.lang.String name)

This is the factory method for certificate revocation checking configuration CA overrides.

The short name, which is specified, must be unique among all object instances of type CertRevocCaMBean. The new CA override, which is created, will have this certificate revocation checking configuration as its parent and must be destroyed with the destroyCertRevocCa(weblogic.management.configuration.CertRevocCaMBean) method.

Parameters:

name - Unique short name

Returns:

A CertRevocCaMBean instance.

destroyCertRevocCa

void destroyCertRevocCa(CertRevocCaMBean child)

Destroys and removes a certificate authority override, which is a child of this certificate revocation checking configuration.

Parameters:

child - CertRevocCaMBean to destroy

lookupCertRevocCa

CertRevocCaMBean lookupCertRevocCa(java.lang.String name)

Lookup a particular CertRevocCaMBean from the list.

Parameters:

name - Unique short name

Returns:

A CertRevocCaMBean instance.