CertPathPKIXValidationOptions pkixOptions = new CertPathPKIXValidationOptions(); pkixOptions.setForceRevocationEnabled(true); } else { log.debug("Revocation checking not forced"); pkixOptions.setForceRevocationEnabled(false);
if (options instanceof CertPathPKIXValidationOptions) { CertPathPKIXValidationOptions certpathOptions = (CertPathPKIXValidationOptions) options; isForceRevocationEnabled = certpathOptions.isForceRevocationEnabled(); forcedRevocation = certpathOptions.isRevocationEnabled(); policyMappingInhibited = certpathOptions.isPolicyMappingInhibited(); anyPolicyInhibited = certpathOptions.isAnyPolicyInhibited(); initialPolicies = certpathOptions.getInitialPolicies();
/** * Initializes internal SocketFactory used to create all sockets. By default uses PKIX algorithm with * configured trusted keys as trust anchors. * * @return socket factory */ protected SecureProtocolSocketFactory initializeDelegate() { CertPathPKIXValidationOptions pkixOptions = new CertPathPKIXValidationOptions(); PKIXValidationInformationResolver pkixResolver = getPKIXResolver(); CertPathPKIXTrustEvaluator pkixTrustEvaluator = new CertPathPKIXTrustEvaluator(pkixOptions); TrustEngine<X509Credential> trustEngine = new PKIXX509CredentialTrustEngine(pkixResolver, pkixTrustEvaluator, new BasicX509CredentialNameEvaluator()); X509KeyManager keyManager = new X509KeyManager((X509Credential) this.keyManager.getDefaultCredential()); X509TrustManager trustManager = new X509TrustManager(new CriteriaSet(), trustEngine); HostnameVerifier hostnameVerifier = SAMLUtil.getHostnameVerifier(sslHostnameVerification); if (isHostnameVerificationSupported()) { return new org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory(keyManager, trustManager, hostnameVerifier); } else { return new org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory(keyManager, trustManager); } }
if (options instanceof CertPathPKIXValidationOptions) { CertPathPKIXValidationOptions certpathOptions = (CertPathPKIXValidationOptions) options; isForceRevocationEnabled = certpathOptions.isForceRevocationEnabled(); forcedRevocation = certpathOptions.isRevocationEnabled(); policyMappingInhibited = certpathOptions.isPolicyMappingInhibited(); anyPolicyInhibited = certpathOptions.isAnyPolicyInhibited(); initialPolicies = certpathOptions.getInitialPolicies();
CertPathPKIXValidationOptions pkixOptions = new CertPathPKIXValidationOptions(); pkixOptions.setForceRevocationEnabled(true); } else { log.debug("Revocation checking not forced"); pkixOptions.setForceRevocationEnabled(false);