Package org.opensaml.security.trust.impl

Class ExplicitX509CertificateTrustEngine

java.lang.Object

org.opensaml.security.trust.impl.ExplicitX509CertificateTrustEngine

All Implemented Interfaces:

TrustedCredentialTrustEngine<X509Credential>, TrustEngine<X509Credential>

public class ExplicitX509CertificateTrustEngine
extends Object
implements TrustedCredentialTrustEngine<X509Credential>

Trust engine that evaluates a credential's X.509 certificate against certificates expressed within a set of trusted credentials obtained from a credential resolver. The credential being tested is valid if its entity certificate matches the entity certificate contained within any of the trusted credentials produced by the given credential resolver. Matching of public keys is NOT sufficient for the purpose of this engine.

Field Summary

Fields

Modifier and Type	Field	Description
private final CredentialResolver	credentialResolver	Resolver used for resolving trusted credentials.
private final org.slf4j.Logger	log	Class logger.
private final ExplicitX509CertificateTrustEvaluator	trustEvaluator	Trust evaluator.

Constructor Summary

Constructors

Constructor	Description
ExplicitX509CertificateTrustEngine(CredentialResolver resolver)	Constructor.

Method Summary

Modifier and Type	Method	Description
CredentialResolver	getCredentialResolver()	Gets the credential resolver used to recover trusted credentials that may be used to validate tokens.
boolean	validate(X509Credential untrustedCredential, CriteriaSet trustBasisCriteria)	Validates the token against trusted information obtained in an implementation-specific manner.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

credentialResolver

@Nonnull
private final CredentialResolver credentialResolver

Resolver used for resolving trusted credentials.

trustEvaluator

@Nonnull
private final ExplicitX509CertificateTrustEvaluator trustEvaluator

Trust evaluator.

Constructor Details

ExplicitX509CertificateTrustEngine

public ExplicitX509CertificateTrustEngine(@Nonnull @ParameterName(name="resolver")
 CredentialResolver resolver)

Constructor.

Parameters:

resolver - credential resolver which is used to resolve trusted credentials

Method Details

getCredentialResolver

@Nonnull
public CredentialResolver getCredentialResolver()

Gets the credential resolver used to recover trusted credentials that may be used to validate tokens.

Specified by:

getCredentialResolver in interface TrustedCredentialTrustEngine<X509Credential>

Returns:

credential resolver used to recover trusted credentials that may be used to validate tokens

validate

public boolean validate(@Nonnull
 X509Credential untrustedCredential,
 @Nullable
 CriteriaSet trustBasisCriteria)
                 throws SecurityException

Validates the token against trusted information obtained in an implementation-specific manner.

Specified by:

validate in interface TrustEngine<X509Credential>

Parameters:

untrustedCredential - security token to validate

trustBasisCriteria - criteria used to describe and/or resolve the information which serves as the basis for trust evaluation

Returns:

true iff the token is trusted and valid

Throws:

SecurityException - thrown if there is a problem validating the security token