Module io.helidon.common.tls
Package io.helidon.common.tls

Class RevocationConfig.BuilderBase<BUILDER extends RevocationConfig.BuilderBase<BUILDER,PROTOTYPE>,PROTOTYPE extends RevocationConfig>

java.lang.Object
io.helidon.common.tls.RevocationConfig.BuilderBase<BUILDER,PROTOTYPE>
Type Parameters:
BUILDER - type of the builder extending this abstract builder
PROTOTYPE - type of the prototype interface that would be built by Prototype.Builder.buildPrototype()
All Implemented Interfaces:
Prototype.Builder<BUILDER,PROTOTYPE>, Prototype.ConfiguredBuilder<BUILDER,PROTOTYPE>
Direct Known Subclasses:
RevocationConfig.Builder
Enclosing interface:
RevocationConfig
public abstract static class RevocationConfig.BuilderBase<BUILDER extends RevocationConfig.BuilderBase<BUILDER,PROTOTYPE>,PROTOTYPE extends RevocationConfig> extends Object implements Prototype.ConfiguredBuilder<BUILDER,PROTOTYPE>
Fluent API builder base for RevocationConfig.

  • Constructor Details

    • BuilderBase

      protected BuilderBase()
      Protected to support extensibility.

  • Method Details

    • from

      public BUILDER from(RevocationConfig prototype)
      Update this builder from an existing prototype instance. This method disables automatic service discovery.
      Parameters:
      prototype - existing prototype to update this builder from
      Returns:
      updated builder instance

    • from

      public BUILDER from(RevocationConfig.BuilderBase<?,?> builder)
      Update this builder from an existing prototype builder instance.
      Parameters:
      builder - existing builder prototype to update this builder from
      Returns:
      updated builder instance

    • config

      public BUILDER config(Config config)
      Update builder from configuration (node of this type). If a value is present in configuration, it would override currently configured values.
      Specified by:
      config in interface Prototype.ConfiguredBuilder<BUILDER extends RevocationConfig.BuilderBase<BUILDER,PROTOTYPE>,PROTOTYPE extends RevocationConfig>
      Parameters:
      config - configuration instance used to obtain values to update this builder
      Returns:
      updated builder instance

    • enabled

      public BUILDER enabled(boolean enabled)
      Flag indicating whether this revocation config is enabled.
      Parameters:
      enabled - enabled flag
      Returns:
      updated builder instance
      See Also:

    • preferCrlOverOcsp

      public BUILDER preferCrlOverOcsp(boolean preferCrlOverOcsp)
      Prefer CRL over OCSP. Default value is false. OCSP is preferred over the CRL by default.
      Parameters:
      preferCrlOverOcsp - whether to prefer CRL over OCSP
      Returns:
      updated builder instance
      See Also:

    • checkOnlyEndEntity

      public BUILDER checkOnlyEndEntity(boolean checkOnlyEndEntity)
      Only check the revocation status of end-entity certificates. Default value is false.
      Parameters:
      checkOnlyEndEntity - whether to check only end-entity certificates
      Returns:
      updated builder instance
      See Also:

    • fallbackEnabled

      public BUILDER fallbackEnabled(boolean fallbackEnabled)
      Enable fallback to the less preferred checking option.
      If the primary method for revocation checking fails to verify the revocation status of a certificate (such as using a CRL or OCSP), the checker will attempt alternative methods. This option ensures whether revocation checking is performed strictly according to the specified method, or should fallback to the one less preferred. OCSP is preferred over the CRL by default.
      Parameters:
      fallbackEnabled - whether to allow fallback to the less preferred checking option
      Returns:
      updated builder instance
      See Also:

    • softFailEnabled

      public BUILDER softFailEnabled(boolean softFailEnabled)
      Allow revocation check to succeed if the revocation status cannot be determined for one of the following reasons:
      • The CRL or OCSP response cannot be obtained because of a network error.
      • The OCSP responder returns one of the following errors specified in section 2.3 of RFC 2560: internalError or tryLater.
      Parameters:
      softFailEnabled - whether soft fail is enabled
      Returns:
      updated builder instance
      See Also:

    • clearOcspResponderUri

      public BUILDER clearOcspResponderUri()
      Clear existing value of this property.
      Returns:
      updated builder instance
      See Also:

    • ocspResponderUri

      public BUILDER ocspResponderUri(URI ocspResponderUri)
      The URI that identifies the location of the OCSP responder. This overrides the ocsp.responderURL security property and any responder specified in a certificate's Authority Information Access Extension, as defined in RFC 5280.
      Parameters:
      ocspResponderUri - OCSP responder URI
      Returns:
      updated builder instance
      See Also:

    • enabled

      public boolean enabled()
      Flag indicating whether this revocation config is enabled.
      Returns:
      the enabled

    • preferCrlOverOcsp

      public boolean preferCrlOverOcsp()
      Prefer CRL over OCSP. Default value is false. OCSP is preferred over the CRL by default.
      Returns:
      the prefer crl over ocsp

    • checkOnlyEndEntity

      public boolean checkOnlyEndEntity()
      Only check the revocation status of end-entity certificates. Default value is false.
      Returns:
      the check only end entity

    • fallbackEnabled

      public boolean fallbackEnabled()
      Enable fallback to the less preferred checking option.
      If the primary method for revocation checking fails to verify the revocation status of a certificate (such as using a CRL or OCSP), the checker will attempt alternative methods. This option ensures whether revocation checking is performed strictly according to the specified method, or should fallback to the one less preferred. OCSP is preferred over the CRL by default.
      Returns:
      the fallback enabled

    • softFailEnabled

      public boolean softFailEnabled()
      Allow revocation check to succeed if the revocation status cannot be determined for one of the following reasons:
      • The CRL or OCSP response cannot be obtained because of a network error.
      • The OCSP responder returns one of the following errors specified in section 2.3 of RFC 2560: internalError or tryLater.
      Returns:
      the soft fail enabled

    • ocspResponderUri

      public Optional<URI> ocspResponderUri()
      The URI that identifies the location of the OCSP responder. This overrides the ocsp.responderURL security property and any responder specified in a certificate's Authority Information Access Extension, as defined in RFC 5280.
      Returns:
      the ocsp responder uri

    • config

      public Optional<Config> config()
      If this instance was configured, this would be the config instance used.
      Returns:
      config node used to configure this builder, or empty if not configured

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • preBuildPrototype

      protected void preBuildPrototype()
      Handles providers and decorators.

    • validatePrototype

      protected void validatePrototype()
      Validates required properties.