PathValidationOptionSpec (Adobe LiveCycle ES4 API Reference)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.adobe.livecycle.signatures.client.types
Class PathValidationOptionSpec

java.lang.Object
  com.adobe.livecycle.signatures.client.types.PathValidationOptionSpec

All Implemented Interfaces:: java.io.Serializable

public class PathValidationOptionSpec
extends java.lang.Object
implements java.io.Serializable
extends java.lang.Object
implements java.io.Serializable

Controls RFC3280 related path validation options. For information, see "Basic Path Validation" in the RFC3280 document at http://www.ietf.org/rfc/rfc3280.txt.

See Also:: Serialized Form

Constructor Summary
`PathValidationOptionSpec()` A constructor used to create a `PathValidationOptionSpec` object.

Method Summary
`java.lang.String`	`getLDAPServer()` Gets the Lightweight Directory Access Protocol (LDAP) server that is used to retrieve CRL information.
`boolean`	`isAnyPolicyInhibit()` Specifies whether the anyPolicy OID should be processed if it is included in a certificate.
`boolean`	`isCheckAllPaths()` Specifies whether all the paths are checked.
`boolean`	`isCheckCABasicConstraints()` Specifies whether the CA Basic Constraints certificate extension must be present for CA certificates.
`boolean`	`isExplicitPolicy()` Specifies if the path must be valid for at least one of the certificate policies in the user initial policy set.
`boolean`	`isFollowURIsInAIA()` Specifies whether to follow any URIs specified in the certificate's Authority Information Access (AIA) extension for path discovery.
`boolean`	`isPolicyMappingInhibit()` Specifies if policy mapping is allowed in the certification path.
`boolean`	`isRequireValidSigForChaining()` Specifies whether to use chains.
`void`	`setAnyPolicyInhibit(boolean anyPolicyInhibit)` Specifies object identifiers (OID) located in a certificate that is processed.
`void`	`setCheckAllPaths(boolean checkAllPaths)` Sets the `checkAllPaths` option.
`void`	`setCheckCABasicConstraints(java.lang.Boolean checkCABasicConstraints)` Sets whether the CA Basic Constraints certificate extension must be present for CA certificates.
`void`	`setExplicitPolicy(boolean explicitPolicy)` Specifies if the path must be valid for at least one of the certificate policies in the user initial policy set.
`void`	`setFollowURIsInAIA(boolean followURIsInAIA)` Sets whether to follow any URIs specified in the certificate's Authority Information Access(AIA) extension for path discovery.
`void`	`setLDAPServer(java.lang.String ldapServer)` Sets the Lightweight Directory Access Protocol (LDAP) server that is used to retrieve CRL information.
`void`	`setPolicyMappingInhibit(boolean policyMappingInhibit)` Specifies whether policy mapping is allowed in the certification path.For information, see 4.2.1.6 in the RFC3280 document.
`void`	`setRequireValidSigForChaining(boolean requireValidSigForChaining)` Sets whether to use chains.
`java.lang.String`	`toString()` Returns a string representation of this class.

Methods inherited from class java.lang.Object
`equals, getClass, hashCode, notify, notifyAll, wait, wait, wait`

Constructor Detail

PathValidationOptionSpec

public PathValidationOptionSpec()

A constructor used to create a PathValidationOptionSpec object.

It uses these default values:

explicitPolicy: false
anyPolicyInhibit: false
policyMappingInhibit: false

Method Detail

isAnyPolicyInhibit

public boolean isAnyPolicyInhibit()

Specifies whether the anyPolicy OID should be processed if it is included in a certificate.

Returns:: A Boolean value that specifies whether the anyPolicy OID should be processed if it is included in a certificate.

isExplicitPolicy

public boolean isExplicitPolicy()

Specifies if the path must be valid for at least one of the certificate policies in the user initial policy set.

Returns:: A Boolean value that specifies if the path must be valid for at least one of the certificate policies in the user initial policy set.

isPolicyMappingInhibit

public boolean isPolicyMappingInhibit()

Specifies if policy mapping is allowed in the certification path.

Returns:: A Boolean value that indicates if policy mapping is allowed in the certification path.

setAnyPolicyInhibit

public void setAnyPolicyInhibit(boolean anyPolicyInhibit)

Specifies object identifiers (OID) located in a certificate that is processed. A certificate policy OID can be present in the signing certificate. An example of such a string is 2.16.840.1.113733.1.7.1.1.

Parameters:: anyPolicyInhibit - A Boolean value that specifies whether the anyPolicy OID is included.

setExplicitPolicy

public void setExplicitPolicy(boolean explicitPolicy)

Specifies if the path must be valid for at least one of the certificate policies in the user initial policy set.

Parameters:: explicitPolicy - A Boolean value that specifies whether the path must be valid for at least one of the certificate policies in the user initial policy set.

setPolicyMappingInhibit

public void setPolicyMappingInhibit(boolean policyMappingInhibit)

Specifies whether policy mapping is allowed in the certification path.For information, see 4.2.1.6 in the RFC3280 document.

Parameters:: policyMappingInhibit - A Boolean value that indicates if policy mapping is allowed in the certification path.

toString

public java.lang.String toString()

Returns a string representation of this class.

Overrides:: toString in class java.lang.Object

Returns:: A string representation of this class.

isCheckAllPaths

public boolean isCheckAllPaths()

Specifies whether all the paths are checked.

Returns:: A Boolean value that specifies whether all paths are checked.

setCheckAllPaths

public void setCheckAllPaths(boolean checkAllPaths)

Sets the checkAllPaths option.

Parameters:: checkAllPaths - Determines if all paths to a trust anchor should be checked for all validity or whether the path validation should return the first valid path found.

getLDAPServer

public java.lang.String getLDAPServer()

Gets the Lightweight Directory Access Protocol (LDAP) server that is used to retrieve CRL information. This LDAP Server searches for CRL information using Distinguish Name (DN) according to rules specified in RFC 3280 4.2.1.14. This method was added in LiveCycle ES 8.2.

Returns:: A string value that specifies the LDAP server that is used to retrieve CRL information.

setLDAPServer

public void setLDAPServer(java.lang.String ldapServer)

Sets the Lightweight Directory Access Protocol (LDAP) server that is used to retrieve CRL information. This LDAP Server searches for CRL information using Distinguish Name (DN) according to rules specified in RFC 3280 4.2.1.14. This method was added in LiveCycle ES 8.2.

Parameters:: ldapServer - A string value that specifies the LDAP server that is used to retrieve CRL information.

isFollowURIsInAIA

public boolean isFollowURIsInAIA()

Specifies whether to follow any URIs specified in the certificate's Authority Information Access (AIA) extension for path discovery. An AIA extension specifies where to find up-to-date certificates for a given CA. For information, see RFC 3280 4.2.2.1. This method was added in LiveCycle ES 8.2.

Returns:: A boolean value that specifies whether to follow URIs specified in the certificate's AIA extension.

setFollowURIsInAIA

public void setFollowURIsInAIA(boolean followURIsInAIA)

Sets whether to follow any URIs specified in the certificate's Authority Information Access(AIA) extension for path discovery. An AIA extension specifies where to find up-to-date certificates for the CA. This method was added in LiveCycle ES 8.2.

Parameters:: followURIsInAIA - A boolean value that specifies whether to follow any URIs specified in the certificate's AIA extension for path discovery.

isCheckCABasicConstraints

public boolean isCheckCABasicConstraints()

Specifies whether the CA Basic Constraints certificate extension must be present for CA certificates. For example, some early German certified root certificates (7 and earlier) are not compliant to RFC 3280 and do not contain the basic constraint extension. If it is known that a user's certificate chains up to such a German root, the basic constraints check must be turned off. This method was added in LiveCycle ES 8.2.

Returns:: A boolean value that specifies whether the the CA Basic Constraints certificate extension must be present for CA certificates.

setCheckCABasicConstraints

public void setCheckCABasicConstraints(java.lang.Boolean checkCABasicConstraints)

Sets whether the CA Basic Constraints certificate extension must be present for CA certificates. For example, some early German certified root certificates (7 and earlier) are not compliant to RFC 3280 and do not contain the basic constraint extension. If it is known that a user's certificate chains up to such a German root, the basic constraints check must be turned off.

Parameters:: checkCABasicConstraints - A boolean value that specifies whether the the CA Basic Constraints certificate extension must be present for CA certificates.

isRequireValidSigForChaining

public boolean isRequireValidSigForChaining()

Specifies whether to use chains. If true, the chain builder will not build chains with invalid RSA signatures on certificates. For example, consider chain CA > ICA > EE where the CA's signature on an ICA is invalid. If this setting is true, the chain building will stop at the ICA and the CA will not be included in the chain. If this preference is false, the full 3-certificate chain is produced. This method was added in LiveCycle ES 8.2.

Returns:: A boolean value that specifies whether to use chains.

setRequireValidSigForChaining

public void setRequireValidSigForChaining(boolean requireValidSigForChaining)

Sets whether to use chains. If true, the chain builder will not build chains with invalid RSA signatures on certificates. For example, consider chain CA > ICA > EE where the CA's signature on an ICA is invalid. If this setting is true, the chain building will stop at the ICA and the CA will not be included in the chain. If this preference is false, the full 3-certificate chain is produced.

Parameters:: requireValidSigForChaining - A boolean value that specifies whether to use chains.