Package org.opensaml.security.trust.impl

Class ExplicitKeyTrustEngine

java.lang.Object

org.opensaml.security.trust.impl.ExplicitKeyTrustEngine

All Implemented Interfaces:

TrustedCredentialTrustEngine<Credential>, TrustEngine<Credential>

public class ExplicitKeyTrustEngine
extends Object
implements TrustedCredentialTrustEngine<Credential>

Trust engine that evaluates a credential's key against key(s) expressed within a set of trusted credentials obtained from a trusted credential resolver. The credential being tested is valid if its public key or secret key matches the public key, or secret key respectively, contained within any of the trusted credentials produced by the given credential resolver.

Field Summary

Fields

Modifier and Type	Field	Description
private final CredentialResolver	credentialResolver	Resolver used for resolving trusted credentials.
private final org.slf4j.Logger	log	Class logger.
private final ExplicitKeyTrustEvaluator	trustEvaluator	Trust evaluator.

Constructor Summary

Constructors

Constructor	Description
ExplicitKeyTrustEngine(CredentialResolver resolver)	Constructor.

Method Summary

Modifier and Type	Method	Description
CredentialResolver	getCredentialResolver()	Gets the credential resolver used to recover trusted credentials that may be used to validate tokens.
boolean	validate(Credential untrustedCredential, CriteriaSet trustBasisCriteria)	Validates the token against trusted information obtained in an implementation-specific manner.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

log

private final org.slf4j.Logger log

Class logger.

credentialResolver

private final CredentialResolver credentialResolver

Resolver used for resolving trusted credentials.

trustEvaluator

private final ExplicitKeyTrustEvaluator trustEvaluator

Trust evaluator.

Constructor Details

ExplicitKeyTrustEngine

public ExplicitKeyTrustEngine(@Nonnull @ParameterName(name="resolver")
 CredentialResolver resolver)

Constructor.

Parameters:

resolver - credential resolver which is used to resolve trusted credentials

Method Details

getCredentialResolver

@Nonnull
public CredentialResolver getCredentialResolver()

Gets the credential resolver used to recover trusted credentials that may be used to validate tokens.

Specified by:

getCredentialResolver in interface TrustedCredentialTrustEngine<Credential>

Returns:

credential resolver used to recover trusted credentials that may be used to validate tokens

validate

public boolean validate(@Nonnull
 Credential untrustedCredential,
 @Nullable
 CriteriaSet trustBasisCriteria)
                 throws SecurityException

Validates the token against trusted information obtained in an implementation-specific manner.

Specified by:

validate in interface TrustEngine<Credential>

Parameters:

untrustedCredential - security token to validate

trustBasisCriteria - criteria used to describe and/or resolve the information which serves as the basis for trust evaluation

Returns:

true iff the token is trusted and valid

Throws:

SecurityException - thrown if there is a problem validating the security token