Package org.opensaml.xmlsec.signature.support.impl

Class ChainingSignatureTrustEngine

java.lang.Object

org.opensaml.xmlsec.signature.support.impl.ChainingSignatureTrustEngine

All Implemented Interfaces:

TrustEngine<Signature>, SignatureTrustEngine

public class ChainingSignatureTrustEngine
extends Object
implements SignatureTrustEngine

Evaluate a signature in sequence using a chain of subordinate trust engines. If the signature may be established as trusted by any of the subordinate engines, the token is considered trusted. Otherwise it is considered untrusted.

Field Summary

Fields

Modifier and Type	Field	Description
private List<SignatureTrustEngine>	engines	The chain of subordinate trust engines.
private final org.slf4j.Logger	log	Class logger.

Constructor Summary

Constructors

Constructor	Description
ChainingSignatureTrustEngine(List<SignatureTrustEngine> chain)	Constructor.

Method Summary

Modifier and Type	Method	Description
List<SignatureTrustEngine>	getChain()	Get the list of configured trust engines which constitute the trust evaluation chain.
KeyInfoCredentialResolver	getKeyInfoResolver()
boolean	validate(byte[] signature, byte[] content, String algorithmURI, CriteriaSet trustBasisCriteria, Credential candidateCredential)
boolean	validate(Signature token, CriteriaSet trustBasisCriteria)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

engines

@Nonnull
private List<SignatureTrustEngine> engines

The chain of subordinate trust engines.

Constructor Details

ChainingSignatureTrustEngine

public ChainingSignatureTrustEngine(@Nonnull @ParameterName(name="chain")
 List<SignatureTrustEngine> chain)

Constructor.

Parameters:

chain - the list of trust engines in the chain

Method Details

getChain

@Nonnull
@Unmodifiable
@NotLive
public List<SignatureTrustEngine> getChain()

Get the list of configured trust engines which constitute the trust evaluation chain.

Returns:

the modifiable list of trust engines in the chain

getKeyInfoResolver

@Nullable
public KeyInfoCredentialResolver getKeyInfoResolver()

Specified by:

getKeyInfoResolver in interface SignatureTrustEngine

validate

public boolean validate(@Nonnull
 Signature token,
 @Nullable
 CriteriaSet trustBasisCriteria)
                 throws SecurityException

Specified by:

validate in interface TrustEngine<Signature>

Throws:

SecurityException

validate

public boolean validate(@Nonnull
 byte[] signature,
 @Nonnull
 byte[] content,
 @Nonnull
 String algorithmURI,
 @Nullable
 CriteriaSet trustBasisCriteria,
 @Nullable
 Credential candidateCredential)
                 throws SecurityException

Specified by:

validate in interface SignatureTrustEngine

Throws:

SecurityException