Class ExplicitX509CertificateTrustEngine

java.lang.Object
org.opensaml.security.trust.impl.ExplicitX509CertificateTrustEngine
All Implemented Interfaces:
TrustedCredentialTrustEngine<X509Credential>, TrustEngine<X509Credential>

public class ExplicitX509CertificateTrustEngine extends Object implements TrustedCredentialTrustEngine<X509Credential>
Trust engine that evaluates a credential's X.509 certificate against certificates expressed within a set of trusted credentials obtained from a credential resolver. The credential being tested is valid if its entity certificate matches the entity certificate contained within any of the trusted credentials produced by the given credential resolver. Matching of public keys is NOT sufficient for the purpose of this engine.
  • Field Details

    • log

      private final org.slf4j.Logger log
      Class logger.
    • credentialResolver

      private final CredentialResolver credentialResolver
      Resolver used for resolving trusted credentials.
    • trustEvaluator

      private final ExplicitX509CertificateTrustEvaluator trustEvaluator
      Trust evaluator.
  • Constructor Details

    • ExplicitX509CertificateTrustEngine

      public ExplicitX509CertificateTrustEngine(@Nonnull @ParameterName(name="resolver") CredentialResolver resolver)
      Constructor.
      Parameters:
      resolver - credential resolver which is used to resolve trusted credentials
  • Method Details

    • getCredentialResolver

      @Nonnull public CredentialResolver getCredentialResolver()
      Gets the credential resolver used to recover trusted credentials that may be used to validate tokens.
      Specified by:
      getCredentialResolver in interface TrustedCredentialTrustEngine<X509Credential>
      Returns:
      credential resolver used to recover trusted credentials that may be used to validate tokens
    • validate

      public boolean validate(@Nonnull X509Credential untrustedCredential, @Nullable CriteriaSet trustBasisCriteria) throws SecurityException
      Validates the token against trusted information obtained in an implementation-specific manner.
      Specified by:
      validate in interface TrustEngine<X509Credential>
      Parameters:
      untrustedCredential - security token to validate
      trustBasisCriteria - criteria used to describe and/or resolve the information which serves as the basis for trust evaluation
      Returns:
      true iff the token is trusted and valid
      Throws:
      SecurityException - thrown if there is a problem validating the security token