org.opensaml.security.trust.impl

Class ExplicitKeyTrustEngine

java.lang.Object

org.opensaml.security.trust.impl.ExplicitKeyTrustEngine

All Implemented Interfaces:

TrustedCredentialTrustEngine<Credential>, TrustEngine<Credential>

public class ExplicitKeyTrustEngine
extends java.lang.Object
implements TrustedCredentialTrustEngine<Credential>

Trust engine that evaluates a credential's key against key(s) expressed within a set of trusted credentials obtained from a trusted credential resolver. The credential being tested is valid if its public key or secret key matches the public key, or secret key respectively, contained within any of the trusted credentials produced by the given credential resolver.

Field Summary

Fields

Modifier and Type	Field and Description
private CredentialResolver	credentialResolver Resolver used for resolving trusted credentials.
private org.slf4j.Logger	log Class logger.
private ExplicitKeyTrustEvaluator	trustEvaluator Trust evaluator.

Constructor Summary

Constructors

Constructor and Description
ExplicitKeyTrustEngine(CredentialResolver resolver) Constructor.

Method Summary

Modifier and Type	Method and Description
CredentialResolver	getCredentialResolver() Gets the credential resolver used to recover trusted credentials that may be used to validate tokens.
boolean	validate(Credential untrustedCredential, net.shibboleth.utilities.java.support.resolver.CriteriaSet trustBasisCriteria) Validates the token against trusted information obtained in an implementation-specific manner.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

log

private final org.slf4j.Logger log

Class logger.

credentialResolver

private final CredentialResolver credentialResolver

Resolver used for resolving trusted credentials.

trustEvaluator

private final ExplicitKeyTrustEvaluator trustEvaluator

Trust evaluator.

Constructor Detail

ExplicitKeyTrustEngine

public ExplicitKeyTrustEngine(@Nonnull
                              CredentialResolver resolver)

Constructor.

Parameters:

resolver - credential resolver which is used to resolve trusted credentials

Method Detail

getCredentialResolver

@Nonnull
public CredentialResolver getCredentialResolver()

Gets the credential resolver used to recover trusted credentials that may be used to validate tokens.

Specified by:

getCredentialResolver in interface TrustedCredentialTrustEngine<Credential>

Returns:

credential resolver used to recover trusted credentials that may be used to validate tokens

validate

public boolean validate(@Nonnull
                        Credential untrustedCredential,
                        @Nullable
                        net.shibboleth.utilities.java.support.resolver.CriteriaSet trustBasisCriteria)
                 throws SecurityException

Validates the token against trusted information obtained in an implementation-specific manner.

Specified by:

validate in interface TrustEngine<Credential>

Parameters:

untrustedCredential - security token to validate

trustBasisCriteria - criteria used to describe and/or resolve the information which serves as the basis for trust evaluation

Returns:

true iff the token is trusted and valid

Throws:

SecurityException - thrown if there is a problem validating the security token