org.opensaml.security.trust.impl

Class ExplicitX509CertificateTrustEngine

java.lang.Object

org.opensaml.security.trust.impl.ExplicitX509CertificateTrustEngine

All Implemented Interfaces:

TrustedCredentialTrustEngine<X509Credential>, TrustEngine<X509Credential>

public class ExplicitX509CertificateTrustEngine
extends java.lang.Object
implements TrustedCredentialTrustEngine<X509Credential>

Trust engine that evaluates a credential's X.509 certificate against certificates expressed within a set of trusted credentials obtained from a credential resolver. The credential being tested is valid if its entity certificate matches the entity certificate contained within any of the trusted credentials produced by the given credential resolver. Matching of public keys is NOT sufficient for the purpose of this engine.

Field Summary

Fields

Modifier and Type	Field and Description
private CredentialResolver	credentialResolver Resolver used for resolving trusted credentials.
private org.slf4j.Logger	log Class logger.
private ExplicitX509CertificateTrustEvaluator	trustEvaluator Trust evaluator.

Constructor Summary

Constructors

Constructor and Description
ExplicitX509CertificateTrustEngine(CredentialResolver resolver) Constructor.

Method Summary

Modifier and Type	Method and Description
CredentialResolver	getCredentialResolver() Gets the credential resolver used to recover trusted credentials that may be used to validate tokens.
boolean	validate(X509Credential untrustedCredential, net.shibboleth.utilities.java.support.resolver.CriteriaSet trustBasisCriteria) Validates the token against trusted information obtained in an implementation-specific manner.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

log

private final org.slf4j.Logger log

Class logger.

credentialResolver

private final CredentialResolver credentialResolver

Resolver used for resolving trusted credentials.

trustEvaluator

private final ExplicitX509CertificateTrustEvaluator trustEvaluator

Trust evaluator.

Constructor Detail

ExplicitX509CertificateTrustEngine

public ExplicitX509CertificateTrustEngine(@Nonnull
                                          CredentialResolver resolver)

Constructor.

Parameters:

resolver - credential resolver which is used to resolve trusted credentials

Method Detail

getCredentialResolver

@Nonnull
public CredentialResolver getCredentialResolver()

Gets the credential resolver used to recover trusted credentials that may be used to validate tokens.

Specified by:

getCredentialResolver in interface TrustedCredentialTrustEngine<X509Credential>

Returns:

credential resolver used to recover trusted credentials that may be used to validate tokens

validate

public boolean validate(@Nonnull
                        X509Credential untrustedCredential,
                        @Nullable
                        net.shibboleth.utilities.java.support.resolver.CriteriaSet trustBasisCriteria)
                 throws SecurityException

Validates the token against trusted information obtained in an implementation-specific manner.

Specified by:

validate in interface TrustEngine<X509Credential>

Parameters:

untrustedCredential - security token to validate

trustBasisCriteria - criteria used to describe and/or resolve the information which serves as the basis for trust evaluation

Returns:

true iff the token is trusted and valid

Throws:

SecurityException - thrown if there is a problem validating the security token