ExplicitX509CertificateTrustEngine (XMLTooling-J 1.3.2 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.opensaml.xml.security.trust
Class ExplicitX509CertificateTrustEngine

java.lang.Object
  org.opensaml.xml.security.trust.ExplicitX509CertificateTrustEngine

All Implemented Interfaces:: TrustedCredentialTrustEngine<X509Credential>, TrustEngine<X509Credential>

public class ExplicitX509CertificateTrustEngine
extends Object
implements TrustedCredentialTrustEngine<X509Credential>
extends Object
implements TrustedCredentialTrustEngine<X509Credential>

Trust engine that evaluates a credential's X.509 certificate against certificates expressed within a set of trusted credentials obtained from a credential resolver. The credential being tested is valid if its entity certificate matches the entity certificate contained within any of the trusted credentials produced by the given credential resolver.

Constructor Summary
`ExplicitX509CertificateTrustEngine(CredentialResolver resolver)` Constructor.

Method Summary
`protected void`	`checkParams(X509Credential untrustedCredential, CriteriaSet trustBasisCriteria)` Check the parameters for required values.
`CredentialResolver`	`getCredentialResolver()` Gets the credential resolver used to recover trusted credentials that may be used to validate tokens.
`boolean`	`validate(X509Credential untrustedCredential, CriteriaSet trustBasisCriteria)` Validates the token against trusted information obtained in an implementation-specific manner.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

ExplicitX509CertificateTrustEngine

public ExplicitX509CertificateTrustEngine(CredentialResolver resolver)

Constructor.

Parameters:: resolver - credential resolver which is used to resolve trusted credentials

Method Detail

getCredentialResolver

public CredentialResolver getCredentialResolver()

Gets the credential resolver used to recover trusted credentials that may be used to validate tokens.

Specified by:: getCredentialResolver in interface TrustedCredentialTrustEngine<X509Credential>

Returns:: credential resolver used to recover trusted credentials that may be used to validate tokens

validate

public boolean validate(X509Credential untrustedCredential,
                        CriteriaSet trustBasisCriteria)
                 throws SecurityException

Validates the token against trusted information obtained in an implementation-specific manner.

Specified by:: validate in interface TrustEngine<X509Credential>

Parameters:: untrustedCredential - security token to validate; trustBasisCriteria - criteria used to describe and/or resolve the information which serves as the basis for trust evaluation
Returns:: true if the token is trusted and valid, false if not
Throws:: SecurityException - thrown if there is a problem validating the security token

checkParams

protected void checkParams(X509Credential untrustedCredential,
                           CriteriaSet trustBasisCriteria)
                    throws SecurityException

Check the parameters for required values.

Parameters:: untrustedCredential - the signature to be evaluated; trustBasisCriteria - the set of trusted credential criteria
Throws:: SecurityException - thrown if required values are absent or otherwise invalid