Most visited

Recently visited

Added in API level 24

PKIXRevocationChecker.Option

public static final enum PKIXRevocationChecker.Option
extends Enum<PKIXRevocationChecker.Option>

java.lang.Object
   ↳ java.lang.Enum<java.security.cert.PKIXRevocationChecker.Option>
     ↳ java.security.cert.PKIXRevocationChecker.Option


Various revocation options that can be specified for the revocation checking mechanism.

Summary

Enum values

PKIXRevocationChecker.Option  NO_FALLBACK

Disable the fallback mechanism. 

PKIXRevocationChecker.Option  ONLY_END_ENTITY

Only check the revocation status of end-entity certificates. 

PKIXRevocationChecker.Option  PREFER_CRLS

Prefer CRLs to OSCP. 

PKIXRevocationChecker.Option  SOFT_FAIL

Allow revocation check to succeed if the revocation status cannot be determined for one of the following reasons:

  • The CRL or OCSP response cannot be obtained because of a network error. 

Public methods

static PKIXRevocationChecker.Option valueOf(String name)
static final Option[] values()

Inherited methods

From class java.lang.Enum
From class java.lang.Object
From interface java.lang.Comparable

Enum values

NO_FALLBACK

Added in API level 24
PKIXRevocationChecker.Option NO_FALLBACK

Disable the fallback mechanism.

ONLY_END_ENTITY

Added in API level 24
PKIXRevocationChecker.Option ONLY_END_ENTITY

Only check the revocation status of end-entity certificates.

PREFER_CRLS

Added in API level 24
PKIXRevocationChecker.Option PREFER_CRLS

Prefer CRLs to OSCP. The default behavior is to prefer OCSP. Each PKIX implementation should document further details of their specific preference rules and fallback policies.

SOFT_FAIL

Added in API level 24
PKIXRevocationChecker.Option SOFT_FAIL

Allow revocation check to succeed if the revocation status cannot be determined for one of the following reasons:

  • The CRL or OCSP response cannot be obtained because of a network error.
  • The OCSP responder returns one of the following errors specified in section 2.3 of RFC 2560: internalError or tryLater.

Note that these conditions apply to both OCSP and CRLs, and unless the NO_FALLBACK option is set, the revocation check is allowed to succeed only if both mechanisms fail under one of the conditions as stated above. Exceptions that cause the network errors are ignored but can be later retrieved by calling the getSoftFailExceptions method.

Public methods

valueOf

Added in API level 24
PKIXRevocationChecker.Option valueOf (String name)

Parameters
name String
Returns
PKIXRevocationChecker.Option

values

Added in API level 24
Option[] values ()

Returns
Option[]

Hooray!