OCSPCheckingMode.java

/*
 * Copyright (c) 2012 ICM Uniwersytet Warszawski All rights reserved.
 * See LICENCE.txt file for licensing information.
 */
package eu.emi.security.authn.x509;

/**
 * Defines On-line Certificate Status Protocol usage mode.
 * 
 * @author K. Benedyczak
 */
public enum OCSPCheckingMode
{
	/**
	 * Require, for each checked certificate, that at least one valid OCSP responder is defined and 
	 * that at least one responder of those defined returns a correct certificate status. 
	 * If all OCSP responders return error or unknown status, the last one received is treated as a 
	 * critical validation error.
	 * Not suggested, unless it is guaranteed that well configured responder(s) is(are) defined 
	 * and can handle all queries without timeouts.
	 */
	REQUIRE,
	
	/**
	 * Use OCSP for each certificate if a responder is available. OCSP 'unknown' status and 
	 * query errors (as timeout) do not cause the validation to fail. 
	 * Also a lack of defined responder doesn't cause the validation to fail.
	 */
	IF_AVAILABLE,
	
	/**
	 * Do not use OCSP.
	 */
	IGNORE
}