|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.opensaml.xml.signature.impl.BaseSignatureTrustEngine<Pair<java.util.Set<java.lang.String>,java.lang.Iterable<PKIXValidationInformation>>>
org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine
public class PKIXSignatureTrustEngine
An implementation of SignatureTrustEngine
which evaluates the validity and trustworthiness
of XML and raw signatures.
Processing is performed as described in BaseSignatureTrustEngine
. If based on this processing,
it is determined that the Signature's KeyInfo is not present or does not contain a valid (and trusted)
signing key, then trust engine validation fails. Since the PKIX engine is based on the assumption that
trusted signing keys are not known in advance, the signing key must be present in, or derivable from,
the information in the Signature's KeyInfo element.
Constructor Summary | |
---|---|
PKIXSignatureTrustEngine(PKIXValidationInformationResolver resolver,
KeyInfoCredentialResolver keyInfoResolver)
Constructor. |
Method Summary | |
---|---|
protected boolean |
evaluateTrust(Credential untrustedCredential,
Pair<java.util.Set<java.lang.String>,java.lang.Iterable<PKIXValidationInformation>> validationPair)
Evaluate the untrusted KeyInfo-derived credential with respect to the specified trusted information. |
PKIXValidationInformationResolver |
getPKIXResolver()
Get the resolver instance which will be used to resolve PKIX validation information. |
PKIXTrustEvaluator |
getPKIXTrustEvaluator()
Get the PKIXTrustEvaluator instance used to evalute trust. |
boolean |
validate(Signature signature,
CriteriaSet trustBasisCriteria)
Validates the token against trusted information obtained in an implementation-specific manner. |
Methods inherited from class org.opensaml.xml.signature.impl.BaseSignatureTrustEngine |
---|
checkParams, getKeyInfoResolver, validate, validate, verifySignature |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public PKIXSignatureTrustEngine(PKIXValidationInformationResolver resolver, KeyInfoCredentialResolver keyInfoResolver)
resolver
- credential resolver used to resolve trusted credentials.keyInfoResolver
- KeyInfo credential resolver used to obtain the (advisory) signing credential
from a Signature's KeyInfo element.Method Detail |
---|
public PKIXTrustEvaluator getPKIXTrustEvaluator()
public PKIXValidationInformationResolver getPKIXResolver()
getPKIXResolver
in interface PKIXTrustEngine<Signature>
public boolean validate(Signature signature, CriteriaSet trustBasisCriteria) throws SecurityException
validate
in interface TrustEngine<Signature>
signature
- security token to validatetrustBasisCriteria
- criteria used to describe and/or resolve the information
which serves as the basis for trust evaluation
SecurityException
- thrown if there is a problem validating the security tokenprotected boolean evaluateTrust(Credential untrustedCredential, Pair<java.util.Set<java.lang.String>,java.lang.Iterable<PKIXValidationInformation>> validationPair) throws SecurityException
evaluateTrust
in class BaseSignatureTrustEngine<Pair<java.util.Set<java.lang.String>,java.lang.Iterable<PKIXValidationInformation>>>
untrustedCredential
- the untrusted credential being evaluatedvalidationPair
- the information which serves as the basis for trust evaluation
SecurityException
- if an error occurs during trust processing
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |