Package com.helger.phase4.peppol.servlet

Class Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder

java.lang.Object

com.helger.phase4.peppol.servlet.Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder

All Implemented Interfaces:

com.helger.base.builder.IBuilder<Phase4PeppolReceiverConfiguration>

Enclosing class:

Phase4PeppolReceiverConfiguration

public static class Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder
extends Object
implements com.helger.base.builder.IBuilder<Phase4PeppolReceiverConfiguration>

A builder for class Phase4PeppolReceiverConfiguration.

Since:

3.0.0 Beta7

Author:

Philip Helger

Constructor Summary

Constructors

Constructor	Description
Phase4PeppolReceiverConfigurationBuilder()
Phase4PeppolReceiverConfigurationBuilder(@NonNull Phase4PeppolReceiverConfiguration aSrc)

Method Summary

Modifier and Type	Method	Description
@NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder	apCAChecker(@Nullable com.helger.security.certificate.TrustedCAChecker a)
@NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder	apCacheRevocationCheckResult(@NonNull com.helger.base.state.ETriState e)	Override the revocation result caching flag for the inbound signing certificate check on a per-receive basis.
@NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder	apCertificate(@Nullable X509Certificate a)
@NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder	apRevocationCheckMode(@Nullable com.helger.security.revocation.ERevocationCheckMode e)	Override the revocation check mode for the inbound signing certificate check on a per-receive basis.
@NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder	apRevocationSoftFail(boolean b)	Enable or disable revocation soft-fail for the inbound signing certificate check.
@NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder	as4EndpointUrl(@Nullable String s)
@NonNull Phase4PeppolReceiverConfiguration	build()
@NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder	checkAPSigningCertificateRevocation(boolean b)
@NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder	checkSBDHForMandatoryCountryC1(boolean b)	Deprecated, for removal: This API element is subject to removal in a future version. This is deprecated, because the feature is required for years, so there is no need anymore to disable this feature
@NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder	checkSigningCertificateRevocation(boolean b)	Deprecated. Use checkAPSigningCertificateRevocation(boolean) instead
@NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder	performSBDHValueChecks(boolean b)
@NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder	receiverCheckEnabled(boolean b)
@NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder	sbdhIdentifierFactory(@Nullable com.helger.peppolid.factory.IIdentifierFactory a)
@NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder	sbdhIdentifierFactoryPeppol()
@NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder	sbdhIdentifierFactorySimple()
@NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder	serviceMetadataProvider(@Nullable com.helger.smpclient.peppol.ISMPExtendedServiceMetadataProvider a)
@NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder	smlInfo(@Nullable com.helger.peppol.sml.ISMLInfo a)	Set the SML information for dynamic per-participant SMP client resolution.
@NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder	smpRevocationCheckMode(@Nullable com.helger.security.revocation.ERevocationCheckMode e)	Set the revocation check mode to apply when verifying SMP response certificates.
@NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder	smpRevocationSoftFail(boolean b)	Set whether an indeterminable revocation status of an SMP response certificate is accepted (soft-fail) or causes the certificate to be rejected.
@NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder	smpURLProvider(@Nullable com.helger.smpclient.url.ISMPURLProvider a)	Set the SMP URL provider to be used for dynamic SMP client resolution.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

Phase4PeppolReceiverConfigurationBuilder

public Phase4PeppolReceiverConfigurationBuilder()

Phase4PeppolReceiverConfigurationBuilder

public Phase4PeppolReceiverConfigurationBuilder(@NonNull Phase4PeppolReceiverConfiguration aSrc)

Method Details

receiverCheckEnabled

public @NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder receiverCheckEnabled(boolean b)

serviceMetadataProvider

public @NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder serviceMetadataProvider(@Nullable com.helger.smpclient.peppol.ISMPExtendedServiceMetadataProvider a)

smlInfo

public @NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder smlInfo(@Nullable com.helger.peppol.sml.ISMLInfo a)

Set the SML information for dynamic per-participant SMP client resolution. This is an alternative to setting a fixed SMP client via serviceMetadataProvider(ISMPExtendedServiceMetadataProvider).

Parameters:

a - The SML info to use. May be null.

Returns:

this for chaining

Since:

v4.4.2

smpURLProvider

public @NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder smpURLProvider(@Nullable com.helger.smpclient.url.ISMPURLProvider a)

Set the SMP URL provider to be used for dynamic SMP client resolution. Only relevant if smlInfo(ISMLInfo) is set. Defaults to PeppolNaptrURLProvider.INSTANCE.

Parameters:

a - The SMP URL provider to use. May be null to use the default.

Returns:

this for chaining

Since:

v4.4.2

smpRevocationCheckMode

public @NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder smpRevocationCheckMode(@Nullable com.helger.security.revocation.ERevocationCheckMode e)

Set the revocation check mode to apply when verifying SMP response certificates. Only applied to SMP clients created internally via Phase4PeppolReceiverConfiguration.getOrCreateSMPClientForRecipient(IParticipantIdentifier).

Parameters:

e - The revocation check mode to use. null means "use the JVM-wide default from CertificateRevocationCheckerDefaults".

Returns:

this for chaining

Since:

4.5.0

smpRevocationSoftFail

public @NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder smpRevocationSoftFail(boolean b)

Set whether an indeterminable revocation status of an SMP response certificate is accepted (soft-fail) or causes the certificate to be rejected. Only applied to SMP clients created internally via Phase4PeppolReceiverConfiguration.getOrCreateSMPClientForRecipient(IParticipantIdentifier).

Parameters:

b - true to accept on unknown revocation status (soft-fail), false to reject. Defaults to CertificateRevocationCheckerDefaults.isAllowSoftFail().

Returns:

this for chaining

Since:

4.5.0

as4EndpointUrl

public @NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder as4EndpointUrl(@Nullable String s)

apCertificate

public @NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder apCertificate(@Nullable X509Certificate a)

sbdhIdentifierFactorySimple

public @NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder sbdhIdentifierFactorySimple()

sbdhIdentifierFactoryPeppol

public @NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder sbdhIdentifierFactoryPeppol()

sbdhIdentifierFactory

public @NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder sbdhIdentifierFactory(@Nullable com.helger.peppolid.factory.IIdentifierFactory a)

performSBDHValueChecks

public @NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder performSBDHValueChecks(boolean b)

checkSBDHForMandatoryCountryC1

@Deprecated(forRemoval=true,
            since="4.2.4")
public @NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder checkSBDHForMandatoryCountryC1(boolean b)

Deprecated, for removal: This API element is subject to removal in a future version.

This is deprecated, because the feature is required for years, so there is no need anymore to disable this feature

Parameters:

b - true to check for mandatory country C1

Returns:

this for chaining

checkSigningCertificateRevocation

@Deprecated
public @NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder checkSigningCertificateRevocation(boolean b)

Deprecated.

Use checkAPSigningCertificateRevocation(boolean) instead

Parameters:

b - true if signing certificate revocation checks should be enabled, false if not.

Returns:

this for chaining

checkAPSigningCertificateRevocation

public @NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder checkAPSigningCertificateRevocation(boolean b)

Parameters:

b - true if signing certificate revocation checks should be enabled, false if not.

Returns:

this for chaining

Since:

4.5.0

apCAChecker

public @NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder apCAChecker(@Nullable com.helger.security.certificate.TrustedCAChecker a)

apRevocationSoftFail

public @NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder apRevocationSoftFail(boolean b)

Enable or disable revocation soft-fail for the inbound signing certificate check. When enabled, an undeterminable revocation status (e.g. unreachable CRL distribution point with no working OCSP fallback) is logged at WARN level and the message is accepted. All other invalid states (revoked, expired, untrusted issuer, ...) still cause the message to be rejected.

Security note: Peppol mandates revocation checks. Enabling soft-fail allows an inbound message with a potentially-revoked AP signing certificate to be accepted during a CRL/OCSP outage. Use only as a deliberate operational-continuity measure. Defaults to false.

Parameters:

b - true to accept ECertificateCheckResult.REVOCATION_STATUS_UNKNOWN as valid, false (default) to treat it as invalid.

Returns:

this for chaining

Since:

4.5.0

apCacheRevocationCheckResult

public @NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder apCacheRevocationCheckResult(@NonNull com.helger.base.state.ETriState e)

Override the revocation result caching flag for the inbound signing certificate check on a per-receive basis.

Parameters:

e - ETriState.TRUE to use the global revocation cache, ETriState.FALSE to bypass it, ETriState.UNDEFINED (the default) to use the JVM-wide default from CertificateRevocationCheckerDefaults. May not be null.

Returns:

this for chaining

Since:

4.5.0

apRevocationCheckMode

public @NonNull Phase4PeppolReceiverConfiguration.Phase4PeppolReceiverConfigurationBuilder apRevocationCheckMode(@Nullable com.helger.security.revocation.ERevocationCheckMode e)

Override the revocation check mode for the inbound signing certificate check on a per-receive basis.

Parameters:

e - The revocation check mode to use. null (the default) means "use the JVM-wide default from CertificateRevocationCheckerDefaults".

Returns:

this for chaining

Since:

4.5.0

build

public @NonNull Phase4PeppolReceiverConfiguration build()

Specified by:

build in interface com.helger.base.builder.IBuilder<Phase4PeppolReceiverConfiguration>