153 * parameter or the aforementioned properties are not set, then the
154 * responder's certificate is determined as specified in RFC 2560.
155 *
156 * @return the responder's certificate, or {@code null} if not set
157 */
158 public X509Certificate getOcspResponderCert() {
159 return ocspResponderCert;
160 }
161
162 // request extensions; single extensions not supported
163 /**
164 * Sets the optional OCSP request extensions.
165 *
166 * @param extensions a list of extensions. The list is copied to protect
167 * against subsequent modification.
168 */
169 public void setOcspExtensions(List<Extension> extensions)
170 {
171 this.ocspExtensions = (extensions == null)
172 ? Collections.<Extension>emptyList()
173 : new ArrayList<Extension>(extensions);
174 }
175
176 /**
177 * Gets the optional OCSP request extensions.
178 *
179 * @return an unmodifiable list of extensions. The list is empty if no
180 * extensions have been specified.
181 */
182 public List<Extension> getOcspExtensions() {
183 return Collections.unmodifiableList(ocspExtensions);
184 }
185
186 /**
187 * Sets the OCSP responses. These responses are used to determine
188 * the revocation status of the specified certificates when OCSP is used.
189 *
190 * @param responses a map of OCSP responses. Each key is an
191 * {@code X509Certificate} that maps to the corresponding
192 * DER-encoded OCSP response for that certificate. A deep copy of
193 * the map is performed to protect against subsequent modification.
215 * the map is returned to protect against subsequent modification.
216 * Returns an empty map if no responses have been specified.
217 */
218 public Map<X509Certificate, byte[]> getOcspResponses() {
219 Map<X509Certificate, byte[]> copy = new HashMap<>(ocspResponses.size());
220 for (Map.Entry<X509Certificate, byte[]> e : ocspResponses.entrySet()) {
221 copy.put(e.getKey(), e.getValue().clone());
222 }
223 return copy;
224 }
225
226 /**
227 * Sets the revocation options.
228 *
229 * @param options a set of revocation options. The set is copied to protect
230 * against subsequent modification.
231 */
232 public void setOptions(Set<Option> options) {
233 this.options = (options == null)
234 ? Collections.<Option>emptySet()
235 : new HashSet<Option>(options);
236 }
237
238 /**
239 * Gets the revocation options.
240 *
241 * @return an unmodifiable set of revocation options. The set is empty if
242 * no options have been specified.
243 */
244 public Set<Option> getOptions() {
245 return Collections.unmodifiableSet(options);
246 }
247
248 /**
249 * Returns a list containing the exceptions that are ignored by the
250 * revocation checker when the {@link Option#SOFT_FAIL SOFT_FAIL} option
251 * is set. The list is cleared each time {@link #init init} is called.
252 * The list is ordered in ascending order according to the certificate
253 * index returned by {@link CertPathValidatorException#getIndex getIndex}
254 * method of each entry.
255 * <p>
|
153 * parameter or the aforementioned properties are not set, then the
154 * responder's certificate is determined as specified in RFC 2560.
155 *
156 * @return the responder's certificate, or {@code null} if not set
157 */
158 public X509Certificate getOcspResponderCert() {
159 return ocspResponderCert;
160 }
161
162 // request extensions; single extensions not supported
163 /**
164 * Sets the optional OCSP request extensions.
165 *
166 * @param extensions a list of extensions. The list is copied to protect
167 * against subsequent modification.
168 */
169 public void setOcspExtensions(List<Extension> extensions)
170 {
171 this.ocspExtensions = (extensions == null)
172 ? Collections.<Extension>emptyList()
173 : new ArrayList<>(extensions);
174 }
175
176 /**
177 * Gets the optional OCSP request extensions.
178 *
179 * @return an unmodifiable list of extensions. The list is empty if no
180 * extensions have been specified.
181 */
182 public List<Extension> getOcspExtensions() {
183 return Collections.unmodifiableList(ocspExtensions);
184 }
185
186 /**
187 * Sets the OCSP responses. These responses are used to determine
188 * the revocation status of the specified certificates when OCSP is used.
189 *
190 * @param responses a map of OCSP responses. Each key is an
191 * {@code X509Certificate} that maps to the corresponding
192 * DER-encoded OCSP response for that certificate. A deep copy of
193 * the map is performed to protect against subsequent modification.
215 * the map is returned to protect against subsequent modification.
216 * Returns an empty map if no responses have been specified.
217 */
218 public Map<X509Certificate, byte[]> getOcspResponses() {
219 Map<X509Certificate, byte[]> copy = new HashMap<>(ocspResponses.size());
220 for (Map.Entry<X509Certificate, byte[]> e : ocspResponses.entrySet()) {
221 copy.put(e.getKey(), e.getValue().clone());
222 }
223 return copy;
224 }
225
226 /**
227 * Sets the revocation options.
228 *
229 * @param options a set of revocation options. The set is copied to protect
230 * against subsequent modification.
231 */
232 public void setOptions(Set<Option> options) {
233 this.options = (options == null)
234 ? Collections.<Option>emptySet()
235 : new HashSet<>(options);
236 }
237
238 /**
239 * Gets the revocation options.
240 *
241 * @return an unmodifiable set of revocation options. The set is empty if
242 * no options have been specified.
243 */
244 public Set<Option> getOptions() {
245 return Collections.unmodifiableSet(options);
246 }
247
248 /**
249 * Returns a list containing the exceptions that are ignored by the
250 * revocation checker when the {@link Option#SOFT_FAIL SOFT_FAIL} option
251 * is set. The list is cleared each time {@link #init init} is called.
252 * The list is ordered in ascending order according to the certificate
253 * index returned by {@link CertPathValidatorException#getIndex getIndex}
254 * method of each entry.
255 * <p>
|