- All Implemented Interfaces:
public class ExplicitX509CertificateTrustEngine extends Object implements TrustedCredentialTrustEngine<X509Credential>
Trust engine that evaluates a credential's X.509 certificate against certificates expressed within a set of trusted credentials obtained from a credential resolver. The credential being tested is valid if its entity certificate matches the entity certificate contained within any of the trusted credentials produced by the given credential resolver. Matching of public keys is NOT sufficient for the purpose of this engine.
Method SummaryModifier and TypeMethodDescriptionGets the credential resolver used to recover trusted credentials that may be used to validate tokens.
booleanValidates the token against trusted information obtained in an implementation-specific manner.
getCredentialResolver@Nonnull public CredentialResolver getCredentialResolver()Gets the credential resolver used to recover trusted credentials that may be used to validate tokens.
validatepublic boolean validate
(@Nonnull X509Credential untrustedCredential, @Nullable CriteriaSet trustBasisCriteria) throws SecurityExceptionValidates the token against trusted information obtained in an implementation-specific manner.
- Specified by:
untrustedCredential- security token to validate
trustBasisCriteria- criteria used to describe and/or resolve the information which serves as the basis for trust evaluation
- true iff the token is trusted and valid
SecurityException- thrown if there is a problem validating the security token