|
Oracle Fusion Middleware Java API Reference for Oracle WebLogic Server 12c (12.2.1) Part Number E55141-01 P4 Change 1723563 on 2015/10/09 |
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface CertRevocCaMBean
This MBean represents the configuration of certificate revocation checking for a specific certificate authority. Default values for attributes in this MBean are derived from CertRevocMBean
.
CertRevocMBean
Field Summary |
---|
Fields inherited from interface weblogic.management.configuration.ConfigurationMBean |
---|
DEFAULT_EMPTY_BYTE_ARRAY |
Method Summary | |
---|---|
abstract long |
getCrlDpDownloadTimeout() For this CA, determines the overall timeout for the Distribution Point CRL download, expressed in seconds. |
abstract String |
getCrlDpUrl() For this CA, determines the CRL Distribution Point URL to use as failover or override for the URL found in the CRLDistributionPoints extension in the certificate. |
abstract String |
getCrlDpUrlUsage() For this CA, determines how getCrlDpUrl is used: as failover in case the URL in the certificate CRLDistributionPoints extension is invalid or not found, or as a value overriding the URL found in the certificate CRLDistributionPoints extension. |
abstract String |
getDistinguishedName() Determines the identity of this per-CA configuration using the distinguished name (defined in RFC 2253), which is used in certificates issued by the represented certificate authority. |
abstract String |
getMethodOrder() For this CA, determines the certificate revocation checking method order. |
abstract String |
getOcspResponderCertIssuerName() For this CA, determines the explicitly trusted OCSP responder certificate issuer name, when the attribute returned by getOcspResponderExplicitTrustMethod is "USE_ISSUER_SERIAL_NUMBER". |
abstract String |
getOcspResponderCertSerialNumber() For this CA, determines the explicitly trusted OCSP responder certificate serial number, when the attribute returned by getOcspResponderExplicitTrustMethod is "USE_ISSUER_SERIAL_NUMBER". |
abstract String |
getOcspResponderCertSubjectName() For this CA, determines the explicitly trusted OCSP responder certificate subject name, when the attribute returned by getOcspResponderExplicitTrustMethod is "USE_SUBJECT". |
abstract String |
getOcspResponderExplicitTrustMethod() For this CA, determines whether the OCSP Explicit Trust model is enabled and how the trusted certificate is specified. |
abstract String |
getOcspResponderUrl() For this CA, determines the OCSP responder URL to use as failover or override for the URL found in the certificate AIA. |
abstract String |
getOcspResponderUrlUsage() For this CA, determines how getOcspResponderUrl is used: as failover in case the URL in the certificate AIA is invalid or not found, or as a value overriding the URL found in the certificate AIA. |
abstract long |
getOcspResponseTimeout() For this CA, determines the timeout for the OCSP response, expressed in seconds. |
abstract int |
getOcspTimeTolerance() For this CA, determines the time tolerance value for handling clock-skew differences between clients and responders, expressed in seconds. |
abstract boolean |
isCheckingDisabled() For this CA, determines whether certificate revocation checking is disabled. |
abstract boolean |
isCrlDpBackgroundDownloadEnabled() For this CA, determines whether the CRL Distribution Point background downloading, to automatically update the local CRL cache, is enabled. |
abstract boolean |
isCrlDpEnabled() For this CA, determines whether the CRL Distribution Point processing to update the local CRL cache is enabled. |
abstract boolean |
isFailOnUnknownRevocStatus() For this CA, determines whether certificate path checking should fail, if revocation status could not be determined. |
abstract boolean |
isOcspNonceEnabled() For this CA, determines whether a nonce is sent with OCSP requests, to force a fresh (not pre-signed) response. |
abstract boolean |
isOcspResponseCacheEnabled() For this CA, determines whether the OCSP response local cache is enabled. |
abstract void |
setCheckingDisabled(boolean checkingDisabled) For this CA, specifies whether certificate revocation checking is disabled. |
abstract void |
setCrlDpBackgroundDownloadEnabled(boolean crlDpBackgroundDownloadEnabled) For this CA, specifies whether the CRL Distribution Point background downloading, to automatically update the local CRL cache, is enabled. |
abstract void |
setCrlDpDownloadTimeout(long crlDpDownloadTimeout) For this CA, specifies the overall timeout for the Distribution Point CRL download, expressed in seconds. |
abstract void |
setCrlDpEnabled(boolean crlDpEnabled) For this CA, specifies whether the CRL Distribution Point processing to update the local CRL cache is enabled. |
abstract void |
setCrlDpUrl(String crlDpUrl) For this CA, specifies the CRL Distribution Point URL to use as failover or override for the URL found in the CRLDistributionPoints extension in the certificate. |
abstract void |
setCrlDpUrlUsage(String crlDpUrlUsage) For this CA, specifies how getCrlDpUrl is used: as failover in case the URL in the certificate CRLDistributionPoints extension is invalid or not found, or as a value overriding the URL found in the certificate CRLDistributionPoints extension. |
abstract void |
setDistinguishedName(String distinguishedName) Specifies the identity of this per-CA configuration using the distinguished name (defined in RFC 2253), which is used in certificates issued by the represented certificate authority. |
abstract void |
setFailOnUnknownRevocStatus(boolean failOnUnknownRevocStatus) For this CA, specifies whether certificate path checking should fail, if revocation status could not be determined. |
abstract void |
setMethodOrder(String methodOrder) For this CA, specifies the certificate revocation checking method order. |
abstract void |
setOcspNonceEnabled(boolean ocspNonceEnabled) For this CA, specifies whether a nonce is sent with OCSP requests, to force a fresh (not pre-signed) response. |
abstract void |
setOcspResponderCertIssuerName(String ocspResponderCertIssuerName) For this CA, specifies the explicitly trusted OCSP responder certificate issuer name, when the attribute returned by getOcspResponderExplicitTrustMethod is "USE_ISSUER_SERIAL_NUMBER". |
abstract void |
setOcspResponderCertSerialNumber(String ocspResponderCertSerialNumber) For this CA, specifies the explicitly trusted OCSP responder certificate serial number, when the attribute returned by getOcspResponderExplicitTrustMethod is "USE_ISSUER_SERIAL_NUMBER". |
abstract void |
setOcspResponderCertSubjectName(String ocspResponderCertSubjectName) For this CA, specifies the explicitly trusted OCSP responder certificate subject name, when the attribute returned by getOcspResponderExplicitTrustMethod is "USE_SUBJECT". |
abstract void |
setOcspResponderExplicitTrustMethod(String ocspResponderExplicitTrustMethod) For this CA, specifies whether the OCSP Explicit Trust model is enabled and how the trusted certificate is specified. |
abstract void |
setOcspResponderUrl(String ocspResponderUrl) For this CA, specifies the OCSP responder URL to use as failover or override for the URL found in the certificate AIA. |
abstract void |
setOcspResponderUrlUsage(String ocspResponderUrlUsage) For this CA, specifies how getOcspResponderUrl is used: as failover in case the URL in the certificate AIA is invalid or not found, or as a value overriding the URL found in the certificate AIA. |
abstract void |
setOcspResponseCacheEnabled(boolean ocspResponseCacheEnabled) For this CA, specifies whether the OCSP response local cache is enabled. |
abstract void |
setOcspResponseTimeout(long ocspResponseTimeout) For this CA, specifies the timeout for the OCSP response, expressed in seconds. |
abstract void |
setOcspTimeTolerance(int ocspTimeTolerance) For this CA, specifies the time tolerance value for handling clock-skew differences between clients and responders, expressed in seconds. |
Methods inherited from interface weblogic.management.configuration.ConfigurationMBean |
---|
freezeCurrentValue, getId, getInheritedProperties, getName, getNotes, isDynamicallyCreated, isInherited, isSet, restoreDefaultValue, setComments, setDefaultedMBean, setName, setNotes, setPersistenceEnabled, unSet |
Methods inherited from interface weblogic.management.WebLogicMBean |
---|
getMBeanInfo, getObjectName, getParent, getType, isCachingDisabled, isRegistered, setParent |
Methods inherited from interface javax.management.DynamicMBean |
---|
getAttribute, getAttributes, invoke, setAttribute, setAttributes |
Methods inherited from interface javax.management.MBeanRegistration |
---|
postDeregister, postRegister, preDeregister, preRegister |
Methods inherited from interface javax.management.NotificationBroadcaster |
---|
addNotificationListener, getNotificationInfo, removeNotificationListener |
Methods inherited from interface weblogic.descriptor.DescriptorBean |
---|
addPropertyChangeListener, createChildCopyIncludingObsolete, getParentBean, isEditable, removePropertyChangeListener |
Method Detail |
---|
String getDistinguishedName()
Determines the identity of this per-CA configuration using the distinguished name (defined in RFC 2253), which is used in certificates issued by the represented certificate authority.
For example:
"CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US"
This will be used to match this configuration to issued certificates requiring revocation checking.
void setDistinguishedName(String distinguishedName)
Specifies the identity of this per-CA configuration using the distinguished name (defined in RFC 2253), which is used in certificates issued by the represented certificate authority.
For example:
"CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US"
This will be used to match this configuration to issued certificates requiring revocation checking.
distinguishedName
- A distinguishedName valueCertRevocCaMBean.getDistinguishedName()
boolean isCheckingDisabled()
For this CA, determines whether certificate revocation checking is disabled.
void setCheckingDisabled(boolean checkingDisabled)
For this CA, specifies whether certificate revocation checking is disabled.
checkingDisabled
- The checkingDisabled valueCertRevocCaMBean.isCheckingDisabled()
boolean isFailOnUnknownRevocStatus()
For this CA, determines whether certificate path checking should fail, if revocation status could not be determined.
void setFailOnUnknownRevocStatus(boolean failOnUnknownRevocStatus)
For this CA, specifies whether certificate path checking should fail, if revocation status could not be determined.
failOnUnknownRevocStatus
- The failOnUnknownRevocStatus valueCertRevocCaMBean.isFailOnUnknownRevocStatus()
String getMethodOrder()
For this CA, determines the certificate revocation checking method order.
NOTE THAT omission of a specific method disables that method.
void setMethodOrder(String methodOrder)
For this CA, specifies the certificate revocation checking method order.
NOTE THAT omission of a specific method disables that method.
methodOrder
- A String containing the method order.CertRevocCaMBean.getMethodOrder()
String getOcspResponderUrl()
For this CA, determines the OCSP responder URL to use as failover or override for the URL found in the certificate AIA. The usage is determined by getOcspResponderUrlUsage
.
null
if none.CertRevocCaMBean.getOcspResponderUrlUsage()
void setOcspResponderUrl(String ocspResponderUrl)
For this CA, specifies the OCSP responder URL to use as failover or override for the URL found in the certificate AIA. The usage is determined by getOcspResponderUrlUsage
.
ocspResponderUrl
- The ocspResponderUrl value, null
if none.CertRevocCaMBean.getOcspResponderUrl()
, CertRevocCaMBean.getOcspResponderUrlUsage()
String getOcspResponderUrlUsage()
For this CA, determines how getOcspResponderUrl
is used: as failover in case the URL in the certificate AIA is invalid or not found, or as a value overriding the URL found in the certificate AIA.
CertRevocCaMBean.getOcspResponderUrl()
void setOcspResponderUrlUsage(String ocspResponderUrlUsage)
For this CA, specifies how getOcspResponderUrl
is used: as failover in case the URL in the certificate AIA is invalid or not found, or as a value overriding the URL found in the certificate AIA.
ocspResponderUrlUsage
- The ocspResponderUrlUsage valueCertRevocCaMBean.getOcspResponderUrl()
, CertRevocCaMBean.getOcspResponderUrlUsage()
String getOcspResponderExplicitTrustMethod()
For this CA, determines whether the OCSP Explicit Trust model is enabled and how the trusted certificate is specified.
The valid values:
CertRevocCaMBean.getOcspResponderCertSubjectName()
.CertRevocCaMBean.getOcspResponderCertIssuerName()
and CertRevocCaMBean.getOcspResponderCertSerialNumber()
, respectively.void setOcspResponderExplicitTrustMethod(String ocspResponderExplicitTrustMethod)
For this CA, specifies whether the OCSP Explicit Trust model is enabled and how the trusted certificate is specified.
The valid values:
CertRevocCaMBean.getOcspResponderCertSubjectName()
.CertRevocCaMBean.getOcspResponderCertIssuerName()
and CertRevocCaMBean.getOcspResponderCertSerialNumber()
, respectively.ocspResponderExplicitTrustMethod
- The ocspResponderExplicitTrustMethod valueCertRevocCaMBean.getOcspResponderExplicitTrustMethod()
String getOcspResponderCertSubjectName()
For this CA, determines the explicitly trusted OCSP responder certificate subject name, when the attribute returned by getOcspResponderExplicitTrustMethod
is "USE_SUBJECT".
The subject name is formatted as a distinguished name per RFC 2253, for example "CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US".
In cases where the subject name alone is not sufficient to uniquely identify the certificate, then both the
and CertRevocCaMBean.getOcspResponderCertIssuerName()
may be used instead.CertRevocCaMBean.getOcspResponderCertSerialNumber()
null
if none.CertRevocCaMBean.getOcspResponderExplicitTrustMethod()
void setOcspResponderCertSubjectName(String ocspResponderCertSubjectName)
For this CA, specifies the explicitly trusted OCSP responder certificate subject name, when the attribute returned by getOcspResponderExplicitTrustMethod
is "USE_SUBJECT".
The subject name is formatted as a distinguished name per RFC 2253, for example "CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US".
In cases where the subject name alone is not sufficient to uniquely identify the certificate, then both the
and CertRevocCaMBean.getOcspResponderCertIssuerName()
may be used instead.CertRevocCaMBean.getOcspResponderCertSerialNumber()
ocspResponderCertSubjectName
- The ocspResponderCertSubjectName value, null
if none.CertRevocCaMBean.getOcspResponderCertSubjectName()
, CertRevocCaMBean.getOcspResponderExplicitTrustMethod()
String getOcspResponderCertIssuerName()
For this CA, determines the explicitly trusted OCSP responder certificate issuer name, when the attribute returned by getOcspResponderExplicitTrustMethod
is "USE_ISSUER_SERIAL_NUMBER".
The issuer name is formatted as a distinguished name per RFC 2253, for example "CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US".
When
returns a non-null value then the CertRevocCaMBean.getOcspResponderCertIssuerName()
must also be set.CertRevocCaMBean.getOcspResponderCertSerialNumber()
null
if none.CertRevocCaMBean.getOcspResponderExplicitTrustMethod()
void setOcspResponderCertIssuerName(String ocspResponderCertIssuerName)
For this CA, specifies the explicitly trusted OCSP responder certificate issuer name, when the attribute returned by getOcspResponderExplicitTrustMethod
is "USE_ISSUER_SERIAL_NUMBER".
The issuer name is formatted as a distinguished name per RFC 2253, for example "CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US".
When
returns a non-null value then the CertRevocCaMBean.getOcspResponderCertIssuerName()
must also be set.CertRevocCaMBean.getOcspResponderCertSerialNumber()
ocspResponderCertIssuerName
- The ocspResponderCertIssuerName value, null
if none.CertRevocCaMBean.getOcspResponderCertIssuerName()
, CertRevocCaMBean.getOcspResponderExplicitTrustMethod()
String getOcspResponderCertSerialNumber()
For this CA, determines the explicitly trusted OCSP responder certificate serial number, when the attribute returned by getOcspResponderExplicitTrustMethod
is "USE_ISSUER_SERIAL_NUMBER".
The serial number is formatted as a hexidecimal string, with optional colon or space separators, for example "2A:FF:00".
When
returns a non-null value then the CertRevocCaMBean.getOcspResponderCertSerialNumber()
must also be set.CertRevocCaMBean.getOcspResponderCertIssuerName()
null
if none.CertRevocCaMBean.getOcspResponderExplicitTrustMethod()
void setOcspResponderCertSerialNumber(String ocspResponderCertSerialNumber)
For this CA, specifies the explicitly trusted OCSP responder certificate serial number, when the attribute returned by getOcspResponderExplicitTrustMethod
is "USE_ISSUER_SERIAL_NUMBER".
The serial number is formatted as a hexidecimal string, with optional colon or space separators, for example "2A:FF:00".
When
returns a non-null value then the CertRevocCaMBean.getOcspResponderCertSerialNumber()
must also be set.CertRevocCaMBean.getOcspResponderCertIssuerName()
ocspResponderCertSerialNumber
- The ocspResponderCertSerialNumber value, null
if none.CertRevocCaMBean.getOcspResponderCertSerialNumber()
, CertRevocCaMBean.getOcspResponderExplicitTrustMethod()
boolean isOcspNonceEnabled()
For this CA, determines whether a nonce is sent with OCSP requests, to force a fresh (not pre-signed) response.
void setOcspNonceEnabled(boolean ocspNonceEnabled)
For this CA, specifies whether a nonce is sent with OCSP requests, to force a fresh (not pre-signed) response.
ocspNonceEnabled
- The ocspNonceEnabled valueCertRevocCaMBean.isOcspNonceEnabled()
boolean isOcspResponseCacheEnabled()
For this CA, determines whether the OCSP response local cache is enabled.
void setOcspResponseCacheEnabled(boolean ocspResponseCacheEnabled)
For this CA, specifies whether the OCSP response local cache is enabled.
ocspResponseCacheEnabled
- The ocspResponseCacheEnabled valueCertRevocCaMBean.isOcspResponseCacheEnabled()
long getOcspResponseTimeout()
For this CA, determines the timeout for the OCSP response, expressed in seconds.
The valid range is 1 thru 300 seconds.
void setOcspResponseTimeout(long ocspResponseTimeout)
For this CA, specifies the timeout for the OCSP response, expressed in seconds.
The valid range is 1 thru 300 seconds.
ocspResponseTimeout
- The ocspResponseTimeout in seconds.CertRevocCaMBean.getOcspResponseTimeout()
int getOcspTimeTolerance()
For this CA, determines the time tolerance value for handling clock-skew differences between clients and responders, expressed in seconds.
The validity period of the response is extended both into the future and into the past by the specified amount of time, effectively widening the validity interval.
The value is >=0 and <=900. The maximum allowed tolerance is 15 minutes.
void setOcspTimeTolerance(int ocspTimeTolerance)
For this CA, specifies the time tolerance value for handling clock-skew differences between clients and responders, expressed in seconds.
The validity period of the response is extended both into the future and into the past by the specified amount of time, effectively widening the validity interval.
The value is >=0 and <=900. The maximum allowed tolerance is 15 minutes.
ocspTimeTolerance
- The ocspTimeTolerance value in seconds.CertRevocCaMBean.getOcspTimeTolerance()
boolean isCrlDpEnabled()
For this CA, determines whether the CRL Distribution Point processing to update the local CRL cache is enabled.
void setCrlDpEnabled(boolean crlDpEnabled)
For this CA, specifies whether the CRL Distribution Point processing to update the local CRL cache is enabled.
crlDpEnabled
- The crlDpEnabled valueCertRevocCaMBean.isCrlDpEnabled()
long getCrlDpDownloadTimeout()
For this CA, determines the overall timeout for the Distribution Point CRL download, expressed in seconds.
The valid range is 1 thru 300 seconds.
void setCrlDpDownloadTimeout(long crlDpDownloadTimeout)
For this CA, specifies the overall timeout for the Distribution Point CRL download, expressed in seconds.
The valid range is 1 thru 300 seconds.
crlDpDownloadTimeout
- The crlDpDownloadTimeout value in seconds.CertRevocCaMBean.getCrlDpDownloadTimeout()
boolean isCrlDpBackgroundDownloadEnabled()
For this CA, determines whether the CRL Distribution Point background downloading, to automatically update the local CRL cache, is enabled.
void setCrlDpBackgroundDownloadEnabled(boolean crlDpBackgroundDownloadEnabled)
For this CA, specifies whether the CRL Distribution Point background downloading, to automatically update the local CRL cache, is enabled.
crlDpBackgroundDownloadEnabled
- The crlDpBackgroundDownloadEnabled valueCertRevocCaMBean.isCrlDpBackgroundDownloadEnabled()
String getCrlDpUrl()
For this CA, determines the CRL Distribution Point URL to use as failover or override for the URL found in the CRLDistributionPoints extension in the certificate.
null
if none.CertRevocCaMBean.getCrlDpUrlUsage()
void setCrlDpUrl(String crlDpUrl)
For this CA, specifies the CRL Distribution Point URL to use as failover or override for the URL found in the CRLDistributionPoints extension in the certificate.
crlDpUrl
- The CRL Distribution Point URL to use for failover or override, null
if none.CertRevocCaMBean.getCrlDpUrlUsage()
, CertRevocCaMBean.getCrlDpUrl()
String getCrlDpUrlUsage()
For this CA, determines how getCrlDpUrl
is used: as failover in case the URL in the certificate CRLDistributionPoints extension is invalid or not found, or as a value overriding the URL found in the certificate CRLDistributionPoints extension.
CertRevocCaMBean.getCrlDpUrl()
void setCrlDpUrlUsage(String crlDpUrlUsage)
For this CA, specifies how getCrlDpUrl
is used: as failover in case the URL in the certificate CRLDistributionPoints extension is invalid or not found, or as a value overriding the URL found in the certificate CRLDistributionPoints extension.
crlDpUrlUsage
- The crlDpUrlUsage valueCertRevocCaMBean.getCrlDpUrlUsage()
, CertRevocCaMBean.getCrlDpUrl()
|
Copyright 1996, 2015, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Oracle Fusion Middleware Java API Reference for Oracle WebLogic Server 12c (12.2.1) Part Number E55141-01 P4 Change 1723563 on 2015/10/09 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |