org.opensaml.xml.signature.impl
Class ExplicitKeySignatureTrustEngine

java.lang.Object
  extended by org.opensaml.xml.signature.impl.BaseSignatureTrustEngine<java.lang.Iterable<Credential>>
      extended by org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine
All Implemented Interfaces:
TrustedCredentialTrustEngine<Signature>, TrustEngine<Signature>, SignatureTrustEngine

public class ExplicitKeySignatureTrustEngine
extends BaseSignatureTrustEngine<java.lang.Iterable<Credential>>
implements TrustedCredentialTrustEngine<Signature>

An implementation of SignatureTrustEngine which evaluates the validity and trustworthiness of XML and raw signatures.

Processing is first performed as described in BaseSignatureTrustEngine. If based on this processing, it is determined that the Signature's KeyInfo is not present or does not contain a resolveable valid (and trusted) signing key, then all trusted credentials obtained by the trusted credential resolver will be used to attempt to validate the signature.


Constructor Summary
ExplicitKeySignatureTrustEngine(CredentialResolver resolver, KeyInfoCredentialResolver keyInfoResolver)
          Constructor.
 
Method Summary
protected  boolean evaluateTrust(Credential untrustedCredential, java.lang.Iterable<Credential> trustedCredentials)
          Evaluate the untrusted KeyInfo-derived credential with respect to the specified trusted information.
 CredentialResolver getCredentialResolver()
          Gets the credential resolver used to recover trusted credentials that may be used to validate tokens.
 boolean validate(Signature signature, CriteriaSet trustBasisCriteria)
          Validates the token against trusted information obtained in an implementation-specific manner.
 
Methods inherited from class org.opensaml.xml.signature.impl.BaseSignatureTrustEngine
checkParams, getKeyInfoResolver, validate, validate, verifySignature
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

ExplicitKeySignatureTrustEngine

public ExplicitKeySignatureTrustEngine(CredentialResolver resolver,
                                       KeyInfoCredentialResolver keyInfoResolver)
Constructor.

Parameters:
resolver - credential resolver used to resolve trusted credentials.
keyInfoResolver - KeyInfo credential resolver used to obtain the (advisory) signing credential from a Signature's KeyInfo element.
Method Detail

getCredentialResolver

public CredentialResolver getCredentialResolver()
Gets the credential resolver used to recover trusted credentials that may be used to validate tokens.

Specified by:
getCredentialResolver in interface TrustedCredentialTrustEngine<Signature>
Returns:
credential resolver used to recover trusted credentials that may be used to validate tokens

validate

public boolean validate(Signature signature,
                        CriteriaSet trustBasisCriteria)
                 throws SecurityException
Validates the token against trusted information obtained in an implementation-specific manner.

Specified by:
validate in interface TrustEngine<Signature>
Parameters:
signature - security token to validate
trustBasisCriteria - criteria used to describe and/or resolve the information which serves as the basis for trust evaluation
Returns:
true if the token is trusted and valid, false if not
Throws:
SecurityException - thrown if there is a problem validating the security token

evaluateTrust

protected boolean evaluateTrust(Credential untrustedCredential,
                                java.lang.Iterable<Credential> trustedCredentials)
                         throws SecurityException
Evaluate the untrusted KeyInfo-derived credential with respect to the specified trusted information.

Specified by:
evaluateTrust in class BaseSignatureTrustEngine<java.lang.Iterable<Credential>>
Parameters:
untrustedCredential - the untrusted credential being evaluated
trustedCredentials - the information which serves as the basis for trust evaluation
Returns:
true if the trust can be established for the untrusted credential, otherwise false
Throws:
SecurityException - if an error occurs during trust processing