Skip navigation links

weblogic.management.configuration
Interface CertRevocMBean

All Superinterfaces:

ConfigurationMBean, DescriptorBean, DynamicMBean, MBeanRegistration, NotificationBroadcaster, SettableBean, WebLogicMBean

public interface CertRevocMBean

extends ConfigurationMBean

This MBean represents the configuration of the certificate revocation checking across all certificate authorities. Many of the attributes in this MBean may be overridden per certificate authority using the specific CertRevocCaMBean.

See Also:

CertRevocCaMBean

Field Summary

Fields inherited from interface weblogic.management.configuration.ConfigurationMBean

DEFAULT_EMPTY_BYTE_ARRAY

Method Summary

abstract CertRevocCaMBean	createCertRevocCa(String name) This is the factory method for certificate revocation checking configuration CA overrides.
abstract void	destroyCertRevocCa(CertRevocCaMBean child) Destroys and removes a certificate authority override, which is a child of this certificate revocation checking configuration.
abstract CertRevocCaMBean[]	getCertRevocCas() Returns the CertRevocCaMBeans representing the certificate authority overrides, which have been configured to be part of this certificate revocation checking configuration.
abstract int	getCrlCacheRefreshPeriodPercent() Determines the refresh period for the CRL local cache, expressed as a percentage of the validity period of the CRL.
abstract String	getCrlCacheType() Determines the type of CRL cache, related to the physical storage of the CRLs.
abstract String	getCrlCacheTypeLdapHostname() Determines the remote hostname for the LDAP server containing CRLs.
abstract int	getCrlCacheTypeLdapPort() Determines the remote port for the LDAP server containing CRLs.
abstract int	getCrlCacheTypeLdapSearchTimeout() Determines how long to wait for CRL search results from the LDAP server.
abstract long	getCrlDpDownloadTimeout() Determines the overall timeout for the Distribution Point CRL download, expressed in seconds.
abstract String	getMethodOrder() Determines the certificate revocation checking method order.
abstract int	getOcspResponseCacheCapacity() Determines the maximum number of entries supported by the OCSP response local cache.
abstract int	getOcspResponseCacheRefreshPeriodPercent() Determines the refresh period for the OCSP response local cache, expressed as a percentage of the validity period of the response.
abstract long	getOcspResponseTimeout() Determines the timeout for the OCSP response, expressed in seconds.
abstract int	getOcspTimeTolerance() Determines the time tolerance value for handling clock-skew differences between clients and responders, expressed in seconds.
abstract boolean	isCheckingEnabled() Determines whether certificate revocation checking is enabled.
abstract boolean	isCrlDpBackgroundDownloadEnabled() Determines whether the CRL Distribution Point background downloading, to automatically update the local CRL cache, is enabled.
abstract boolean	isCrlDpEnabled() Determines whether the CRL Distribution Point processing to update the local CRL cache is enabled.
abstract boolean	isFailOnUnknownRevocStatus() Determines whether certificate path checking should fail, if revocation status could not be determined.
abstract boolean	isOcspNonceEnabled() Determines whether a nonce is sent with OCSP requests, to force a fresh (not pre-signed) response.
abstract boolean	isOcspResponseCacheEnabled() Determines whether the OCSP response local cache is enabled.
abstract CertRevocCaMBean	lookupCertRevocCa(String name) Lookup a particular CertRevocCaMBean from the list.
abstract void	setCheckingEnabled(boolean checkingEnabled) Specifies whether certificate revocation checking is enabled.
abstract void	setCrlCacheRefreshPeriodPercent(int crlCacheRefreshPeriodPercent) Specifies the refresh period for the CRL local cache, expressed as a percentage of the validity period of the CRL.
abstract void	setCrlCacheType(String crlCacheType) Specifies the type of CRL cache, related to the physical storage of the CRLs.
abstract void	setCrlCacheTypeLdapHostname(String crlCacheTypeLdapHostname) Specifies the remote hostname for the LDAP server containing CRLs.
abstract void	setCrlCacheTypeLdapPort(int crlCacheTypeLdapPort) Specifies the remote port for the LDAP server containing CRLs.
abstract void	setCrlCacheTypeLdapSearchTimeout(int crlCacheTypeLdapSearchTimeout) Specifies how long to wait for CRL search results from the LDAP server.
abstract void	setCrlDpBackgroundDownloadEnabled(boolean crlDpBackgroundDownloadEnabled) Specifies whether the CRL Distribution Point background downloading, to automatically update the local CRL cache, is enabled.
abstract void	setCrlDpDownloadTimeout(long crlDpDownloadTimeout) Specifies the overall timeout for the Distribution Point CRL download, expressed in seconds.
abstract void	setCrlDpEnabled(boolean crlDpEnabled) Specifies whether the CRL Distribution Point processing to update the local CRL cache is enabled.
abstract void	setFailOnUnknownRevocStatus(boolean failOnUnknownRevocStatus) Specifies whether certificate path checking should fail, if revocation status could not be determined.
abstract void	setMethodOrder(String methodOrder) Specifies the certificate revocation checking method order.
abstract void	setOcspNonceEnabled(boolean ocspNonceEnabled) Specifies whether a nonce is sent with OCSP requests, to force a fresh (not pre-signed) response.
abstract void	setOcspResponseCacheCapacity(int ocspResponseCacheCapacity) Specifies the maximum number of entries supported by the OCSP response local cache.
abstract void	setOcspResponseCacheEnabled(boolean ocspResponseCacheEnabled) Specifies whether the OCSP response local cache is enabled.
abstract void	setOcspResponseCacheRefreshPeriodPercent(int ocspResponseCacheRefreshPeriodPercent) Specifies the refresh period for the OCSP response local cache, expressed as a percentage of the validity period of the response.
abstract void	setOcspResponseTimeout(long ocspResponseTimeout) Specifies the timeout for the OCSP response, expressed in seconds.
abstract void	setOcspTimeTolerance(int ocspTimeTolerance) Specifies the time tolerance value for handling clock-skew differences between clients and responders, expressed in seconds.

Methods inherited from interface weblogic.management.configuration.ConfigurationMBean

freezeCurrentValue, getId, getInheritedProperties, getName, getNotes, isDynamicallyCreated, isInherited, isSet, restoreDefaultValue, setComments, setDefaultedMBean, setName, setNotes, setPersistenceEnabled, unSet

Methods inherited from interface weblogic.management.WebLogicMBean

getMBeanInfo, getObjectName, getParent, getType, isCachingDisabled, isRegistered, setParent

Methods inherited from interface javax.management.DynamicMBean

getAttribute, getAttributes, invoke, setAttribute, setAttributes

Methods inherited from interface javax.management.MBeanRegistration

postDeregister, postRegister, preDeregister, preRegister

Methods inherited from interface javax.management.NotificationBroadcaster

addNotificationListener, getNotificationInfo, removeNotificationListener

Methods inherited from interface weblogic.descriptor.DescriptorBean

addPropertyChangeListener, createChildCopyIncludingObsolete, getParentBean, isEditable, removePropertyChangeListener

Method Detail

isCheckingEnabled

boolean isCheckingEnabled()

Determines whether certificate revocation checking is enabled.

Returns:

The checkingEnabled value

setCheckingEnabled

void setCheckingEnabled(boolean checkingEnabled)

Specifies whether certificate revocation checking is enabled.

Parameters:

checkingEnabled - The checkingEnabled value

See Also:

CertRevocMBean.isCheckingEnabled()

isFailOnUnknownRevocStatus

boolean isFailOnUnknownRevocStatus()

Determines whether certificate path checking should fail, if revocation status could not be determined.

Returns:

The failOnUnknownRevocStatus value

setFailOnUnknownRevocStatus

void setFailOnUnknownRevocStatus(boolean failOnUnknownRevocStatus)

Specifies whether certificate path checking should fail, if revocation status could not be determined.

Parameters:

failOnUnknownRevocStatus - The failOnUnknownRevocStatus value

See Also:

CertRevocMBean.isFailOnUnknownRevocStatus()

getMethodOrder

String getMethodOrder()

Determines the certificate revocation checking method order.

NOTE that omission of a specific method disables that method.

Returns:

A String containing the method order.

setMethodOrder

void setMethodOrder(String methodOrder)

Specifies the certificate revocation checking method order.

NOTE THAT omission of a specific method disables that method.

Parameters:

methodOrder - A String containing the method order.

See Also:

CertRevocMBean.getMethodOrder()

isOcspNonceEnabled

boolean isOcspNonceEnabled()

Determines whether a nonce is sent with OCSP requests, to force a fresh (not pre-signed) response.

Returns:

The ocspNonceEnabled value

setOcspNonceEnabled

void setOcspNonceEnabled(boolean ocspNonceEnabled)

Specifies whether a nonce is sent with OCSP requests, to force a fresh (not pre-signed) response.

Parameters:

ocspNonceEnabled - The ocspNonceEnabled value

See Also:

CertRevocMBean.isOcspNonceEnabled()

isOcspResponseCacheEnabled

boolean isOcspResponseCacheEnabled()

Determines whether the OCSP response local cache is enabled.

Returns:

The ocspResponseCacheEnabled value

setOcspResponseCacheEnabled

void setOcspResponseCacheEnabled(boolean ocspResponseCacheEnabled)

Specifies whether the OCSP response local cache is enabled.

Parameters:

ocspResponseCacheEnabled - The ocspResponseCacheEnabled value

See Also:

CertRevocMBean.isOcspResponseCacheEnabled()

getOcspResponseCacheCapacity

int getOcspResponseCacheCapacity()

Determines the maximum number of entries supported by the OCSP response local cache. The minimum value is 1.

Returns:

The ocspResponseCacheCapacity value

setOcspResponseCacheCapacity

void setOcspResponseCacheCapacity(int ocspResponseCacheCapacity)

Specifies the maximum number of entries supported by the OCSP response local cache. The minimum value is 1.

Parameters:

ocspResponseCacheCapacity - The ocspResponseCacheCapacity value

See Also:

CertRevocMBean.getOcspResponseCacheCapacity()

getOcspResponseCacheRefreshPeriodPercent

int getOcspResponseCacheRefreshPeriodPercent()

Determines the refresh period for the OCSP response local cache, expressed as a percentage of the validity period of the response.

For example, for a validity period of 10 hours, a value of 10% specifies a refresh every 1 hour.

The validity period is determined by the OCSP response, and is calculated as the (next reported update time) - (this update time).

The valid range is 1 through 100.

Returns:

The ocspResponseCacheRefreshPeriodPercent value

setOcspResponseCacheRefreshPeriodPercent

void setOcspResponseCacheRefreshPeriodPercent(int ocspResponseCacheRefreshPeriodPercent)

Specifies the refresh period for the OCSP response local cache, expressed as a percentage of the validity period of the response.

For example, for a validity period of 10 hours, a value of 10% specifies a refresh every 1 hour.

The validity period is determined by the OCSP response, and is calculated as the (next reported update time) - (this update time).

The valid range is 1 through 100.

Parameters:

ocspResponseCacheRefreshPeriodPercent - The ocspResponseCacheRefreshPeriodPercent value

See Also:

CertRevocMBean.getOcspResponseCacheRefreshPeriodPercent()

getOcspResponseTimeout

long getOcspResponseTimeout()

Determines the timeout for the OCSP response, expressed in seconds.

The valid range is 1 thru 300 seconds.

Returns:

The ocspResponseTimeout in seconds.

setOcspResponseTimeout

void setOcspResponseTimeout(long ocspResponseTimeout)

Specifies the timeout for the OCSP response, expressed in seconds.

The valid range is 1 thru 300 seconds.

Parameters:

ocspResponseTimeout - The ocspResponseTimeout in seconds.

See Also:

CertRevocMBean.getOcspResponseTimeout()

getOcspTimeTolerance

int getOcspTimeTolerance()

Determines the time tolerance value for handling clock-skew differences between clients and responders, expressed in seconds.

The validity period of the response is extended both into the future and into the past by the specified amount of time, effectively widening the validity interval.

The value is >=0 and <=900. The maximum allowed tolerance is 15 minutes.

Returns:

The ocspTimeTolerance value in seconds.

setOcspTimeTolerance

void setOcspTimeTolerance(int ocspTimeTolerance)

Specifies the time tolerance value for handling clock-skew differences between clients and responders, expressed in seconds.

The validity period of the response is extended both into the future and into the past by the specified amount of time, effectively widening the validity interval.

The value is >=0 and <=900. The maximum allowed tolerance is 15 minutes.

Parameters:

ocspTimeTolerance - The ocspTimeTolerance value in seconds.

See Also:

CertRevocMBean.getOcspTimeTolerance()

getCrlCacheType

String getCrlCacheType()

Determines the type of CRL cache, related to the physical storage of the CRLs. The ldap CRL cache type can be specified, but is not currently supported.

The value specified in this attribute determines which related CrlCacheType* attributes apply.

Returns:

The crlCacheType value

setCrlCacheType

void setCrlCacheType(String crlCacheType)

Specifies the type of CRL cache, related to the physical storage of the CRLs.

The value specified in this attribute determines which related CrlCacheType* attributes apply. For example, if CrlCacheType is ldap, see related attributes like CertRevocMBean.getCrlCacheTypeLdapHostname().

Parameters:

crlCacheType - The crlCacheType value

See Also:

CertRevocMBean.getCrlCacheType()

getCrlCacheTypeLdapHostname

String getCrlCacheTypeLdapHostname()

Determines the remote hostname for the LDAP server containing CRLs.

This attribute applies when value CertRevocMBean.CRL_CACHE_TYPE_LDAP is returned from CertRevocMBean.getCrlCacheType().

Returns:

The crlCacheTypeLdapHostname value, null if unspecified.

setCrlCacheTypeLdapHostname

void setCrlCacheTypeLdapHostname(String crlCacheTypeLdapHostname)

Specifies the remote hostname for the LDAP server containing CRLs.

This attribute applies when value CertRevocMBean.CRL_CACHE_TYPE_LDAP is returned from CertRevocMBean.getCrlCacheType().

Parameters:

crlCacheTypeLdapHostname - The crlCacheTypeLdapHostname value, null if unspecified.

See Also:

CertRevocMBean.getCrlCacheTypeLdapHostname()

getCrlCacheTypeLdapPort

int getCrlCacheTypeLdapPort()

Determines the remote port for the LDAP server containing CRLs.

This attribute applies when value CertRevocMBean.CRL_CACHE_TYPE_LDAP is returned from CertRevocMBean.getCrlCacheType().

The valid range is -1, 1 through 65535.

Returns:

The crlCacheTypeLdapPort value, -1 if unspecified.

setCrlCacheTypeLdapPort

void setCrlCacheTypeLdapPort(int crlCacheTypeLdapPort)

Specifies the remote port for the LDAP server containing CRLs.

This attribute applies when value CertRevocMBean.CRL_CACHE_TYPE_LDAP is returned from CertRevocMBean.getCrlCacheType().

The valid range is -1, 1 through 65535.

Parameters:

crlCacheTypeLdapPort - The crlCacheTypeLdapPort value, -1 if unspecified.

See Also:

CertRevocMBean.getCrlCacheTypeLdapPort()

getCrlCacheTypeLdapSearchTimeout

int getCrlCacheTypeLdapSearchTimeout()

Determines how long to wait for CRL search results from the LDAP server.

This attribute applies when value CertRevocMBean.CRL_CACHE_TYPE_LDAP is returned from CertRevocMBean.getCrlCacheType().

The valid range is 1 thru 300 seconds.

Returns:

The crlCacheTypeLdapSearchTimeout value in seconds.

setCrlCacheTypeLdapSearchTimeout

void setCrlCacheTypeLdapSearchTimeout(int crlCacheTypeLdapSearchTimeout)

Specifies how long to wait for CRL search results from the LDAP server.

This attribute applies when value CertRevocMBean.CRL_CACHE_TYPE_LDAP is returned from CertRevocMBean.getCrlCacheType().

The valid range is 1 thru 300 seconds.

Parameters:

crlCacheTypeLdapSearchTimeout - The crlCacheTypeLdapSearchTimeout value in seconds.

See Also:

CertRevocMBean.getCrlCacheTypeLdapSearchTimeout()

getCrlCacheRefreshPeriodPercent

int getCrlCacheRefreshPeriodPercent()

Determines the refresh period for the CRL local cache, expressed as a percentage of the validity period of the CRL.

For example, for a validity period of 10 hours, a value of 10% specifies a refresh every 1 hour.

The validity period is determined by the CRL, and is calculated as the (next reported update time) - (this update time).

The valid range is 1 through 100.

Returns:

The crlCacheRefreshPeriodPercent value

setCrlCacheRefreshPeriodPercent

void setCrlCacheRefreshPeriodPercent(int crlCacheRefreshPeriodPercent)

Specifies the refresh period for the CRL local cache, expressed as a percentage of the validity period of the CRL.

For example, for a validity period of 10 hours, a value of 10% specifies a refresh every 1 hour.

The validity period is determined by the CRL, and is calculated as the (next reported update time) - (this update time).

The valid range is 1 through 100.

Parameters:

crlCacheRefreshPeriodPercent - The crlCacheRefreshPeriodPercent value

See Also:

CertRevocMBean.getCrlCacheRefreshPeriodPercent()

isCrlDpEnabled

boolean isCrlDpEnabled()

Determines whether the CRL Distribution Point processing to update the local CRL cache is enabled.

Returns:

The crlDpEnabled value

setCrlDpEnabled

void setCrlDpEnabled(boolean crlDpEnabled)

Specifies whether the CRL Distribution Point processing to update the local CRL cache is enabled.

Parameters:

crlDpEnabled - The crlDpEnabled value

See Also:

CertRevocMBean.isCrlDpEnabled()

getCrlDpDownloadTimeout

long getCrlDpDownloadTimeout()

Determines the overall timeout for the Distribution Point CRL download, expressed in seconds.

The valid range is 1 thru 300 seconds.

Returns:

The crlDpDownloadTimeout value in seconds.

setCrlDpDownloadTimeout

void setCrlDpDownloadTimeout(long crlDpDownloadTimeout)

Specifies the overall timeout for the Distribution Point CRL download, expressed in seconds.

The valid range is 1 thru 300 seconds.

Parameters:

crlDpDownloadTimeout - The crlDpDownloadTimeout value in seconds.

See Also:

CertRevocMBean.getCrlDpDownloadTimeout()

isCrlDpBackgroundDownloadEnabled

boolean isCrlDpBackgroundDownloadEnabled()

Determines whether the CRL Distribution Point background downloading, to automatically update the local CRL cache, is enabled.

Returns:

The crlDpBackgroundDownloadEnabled value

setCrlDpBackgroundDownloadEnabled

void setCrlDpBackgroundDownloadEnabled(boolean crlDpBackgroundDownloadEnabled)

Specifies whether the CRL Distribution Point background downloading, to automatically update the local CRL cache, is enabled.

Parameters:

crlDpBackgroundDownloadEnabled - The crlDpBackgroundDownloadEnabled value

See Also:

CertRevocMBean.isCrlDpBackgroundDownloadEnabled()

getCertRevocCas

CertRevocCaMBean[] getCertRevocCas()

Returns the CertRevocCaMBeans representing the certificate authority overrides, which have been configured to be part of this certificate revocation checking configuration.

Returns:

The CA overrides

createCertRevocCa

CertRevocCaMBean createCertRevocCa(String name)

This is the factory method for certificate revocation checking configuration CA overrides.

The short name, which is specified, must be unique among all object instances of type CertRevocCaMBean. The new CA override, which is created, will have this certificate revocation checking configuration as its parent and must be destroyed with the CertRevocMBean.destroyCertRevocCa(weblogic.management.configuration.CertRevocCaMBean) method.

Parameters:

name - Unique short name

Returns:

A CertRevocCaMBean instance.

destroyCertRevocCa

void destroyCertRevocCa(CertRevocCaMBean child)

Destroys and removes a certificate authority override, which is a child of this certificate revocation checking configuration.

Parameters:

child - CertRevocCaMBean to destroy

lookupCertRevocCa

CertRevocCaMBean lookupCertRevocCa(String name)

Lookup a particular CertRevocCaMBean from the list.

Parameters:

name - Unique short name

Returns:

A CertRevocCaMBean instance.

Skip navigation links