Package org.opensaml.security.trust.impl
Class ExplicitX509CertificateTrustEngine
- java.lang.Object
-
- org.opensaml.security.trust.impl.ExplicitX509CertificateTrustEngine
-
- All Implemented Interfaces:
org.opensaml.security.trust.TrustedCredentialTrustEngine<org.opensaml.security.x509.X509Credential>,org.opensaml.security.trust.TrustEngine<org.opensaml.security.x509.X509Credential>
public class ExplicitX509CertificateTrustEngine extends Object implements org.opensaml.security.trust.TrustedCredentialTrustEngine<org.opensaml.security.x509.X509Credential>
Trust engine that evaluates a credential's X.509 certificate against certificates expressed within a set of trusted credentials obtained from a credential resolver. The credential being tested is valid if its entity certificate matches the entity certificate contained within any of the trusted credentials produced by the given credential resolver. Matching of public keys is NOT sufficient for the purpose of this engine.
-
-
Field Summary
Fields Modifier and Type Field Description private org.opensaml.security.credential.CredentialResolvercredentialResolverResolver used for resolving trusted credentials.private org.slf4j.LoggerlogClass logger.private ExplicitX509CertificateTrustEvaluatortrustEvaluatorTrust evaluator.
-
Constructor Summary
Constructors Constructor Description ExplicitX509CertificateTrustEngine(org.opensaml.security.credential.CredentialResolver resolver)Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description org.opensaml.security.credential.CredentialResolvergetCredentialResolver()booleanvalidate(org.opensaml.security.x509.X509Credential untrustedCredential, net.shibboleth.utilities.java.support.resolver.CriteriaSet trustBasisCriteria)
-
-
-
Field Detail
-
log
private final org.slf4j.Logger log
Class logger.
-
credentialResolver
private final org.opensaml.security.credential.CredentialResolver credentialResolver
Resolver used for resolving trusted credentials.
-
trustEvaluator
private final ExplicitX509CertificateTrustEvaluator trustEvaluator
Trust evaluator.
-
-
Constructor Detail
-
ExplicitX509CertificateTrustEngine
public ExplicitX509CertificateTrustEngine(@Nonnull @ParameterName(name="resolver") org.opensaml.security.credential.CredentialResolver resolver)Constructor.- Parameters:
resolver- credential resolver which is used to resolve trusted credentials
-
-
Method Detail
-
getCredentialResolver
@Nonnull public org.opensaml.security.credential.CredentialResolver getCredentialResolver()
- Specified by:
getCredentialResolverin interfaceorg.opensaml.security.trust.TrustedCredentialTrustEngine<org.opensaml.security.x509.X509Credential>
-
validate
public boolean validate(@Nonnull org.opensaml.security.x509.X509Credential untrustedCredential, @Nullable net.shibboleth.utilities.java.support.resolver.CriteriaSet trustBasisCriteria) throws org.opensaml.security.SecurityException- Specified by:
validatein interfaceorg.opensaml.security.trust.TrustEngine<org.opensaml.security.x509.X509Credential>- Throws:
org.opensaml.security.SecurityException
-
-