org.opensaml.xml.security.x509
Class PKIXX509CredentialTrustEngine

java.lang.Object
  extended by org.opensaml.xml.security.x509.PKIXX509CredentialTrustEngine
All Implemented Interfaces:
TrustEngine<X509Credential>, PKIXTrustEngine<X509Credential>

public class PKIXX509CredentialTrustEngine
extends java.lang.Object
implements PKIXTrustEngine<X509Credential>

Trust engine implementation which evaluates an X509Credential token based on PKIX validation processing using validation information from a trusted source.


Constructor Summary
PKIXX509CredentialTrustEngine(PKIXValidationInformationResolver resolver)
          Constructor.
 
Method Summary
 PKIXValidationInformationResolver getPKIXResolver()
          Get the resolver instance which will be used to resolve PKIX validation information.
 PKIXTrustEvaluator getPKIXTrustEvaluator()
          Get the PKIXTrustEvaluator instance used to evalute trust.
 boolean validate(X509Credential untrustedCredential, CriteriaSet trustBasisCriteria)
          Validates the token against trusted information obtained in an implementation-specific manner.
protected  boolean validate(X509Credential untrustedX509Credential, java.util.Set<java.lang.String> trustedNames, java.lang.Iterable<PKIXValidationInformation> validationInfoSet)
          Perform PKIX validation on the untrusted credential, using PKIX validation information based on the supplied set of trusted credentials.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PKIXX509CredentialTrustEngine

public PKIXX509CredentialTrustEngine(PKIXValidationInformationResolver resolver)
Constructor.

Parameters:
resolver - credential resolver used to resolve trusted credentials
Method Detail

getPKIXResolver

public PKIXValidationInformationResolver getPKIXResolver()
Get the resolver instance which will be used to resolve PKIX validation information.

Specified by:
getPKIXResolver in interface PKIXTrustEngine<X509Credential>
Returns:
the currently configured resolver instance

getPKIXTrustEvaluator

public PKIXTrustEvaluator getPKIXTrustEvaluator()
Get the PKIXTrustEvaluator instance used to evalute trust. The parameters of this evaluator may be modified to adjust trust evaluation processing.

Returns:
the PKIX trust evaluator instance that will be used

validate

public boolean validate(X509Credential untrustedCredential,
                        CriteriaSet trustBasisCriteria)
                 throws SecurityException
Validates the token against trusted information obtained in an implementation-specific manner.

Specified by:
validate in interface TrustEngine<X509Credential>
Parameters:
untrustedCredential - security token to validate
trustBasisCriteria - criteria used to describe and/or resolve the information which serves as the basis for trust evaluation
Returns:
true if the token is trusted and valid, false if not
Throws:
SecurityException - thrown if there is a problem validating the security token

validate

protected boolean validate(X509Credential untrustedX509Credential,
                           java.util.Set<java.lang.String> trustedNames,
                           java.lang.Iterable<PKIXValidationInformation> validationInfoSet)
Perform PKIX validation on the untrusted credential, using PKIX validation information based on the supplied set of trusted credentials.

Parameters:
untrustedX509Credential - the credential to evaluate
validationInfoSet - the set of validation information which serves as ths basis for trust evaluation
trustedNames - the set of trusted names for name checking purposes
Returns:
true if PKIX validation of the untrusted credential is successful, otherwise false
Throws:
SecurityException