java.lang.Object
- org.opensaml.security.x509.impl.PKIXX509CredentialTrustEngine

All Implemented Interfaces:

TrustEngine<X509Credential>, PKIXTrustEngine<X509Credential>
```
public class PKIXX509CredentialTrustEngine
extends Object
implements PKIXTrustEngine<X509Credential>
```
Trust engine implementation which evaluates an X509Credential token based on PKIX validation processing using validation information from a trusted source.

Field Summary

Fields
Modifier and Type	Field	Description
`private X509CredentialNameEvaluator`	`credNameEvaluator`	The external credential name evaluator used to establish trusted name compliance.
`private org.slf4j.Logger`	`log`	Class logger.
`private PKIXValidationInformationResolver`	`pkixResolver`	Resolver used for resolving trusted credentials.
`private PKIXTrustEvaluator`	`pkixTrustEvaluator`	The external PKIX trust evaluator used to establish trust.

Constructor Summary

Constructors
Constructor	Description
`PKIXX509CredentialTrustEngine(PKIXValidationInformationResolver resolver)`	Constructor.
`PKIXX509CredentialTrustEngine(PKIXValidationInformationResolver resolver, X509CredentialNameEvaluator nameEvaluator)`	Constructor.
`PKIXX509CredentialTrustEngine(PKIXValidationInformationResolver resolver, PKIXTrustEvaluator pkixEvaluator, X509CredentialNameEvaluator nameEvaluator)`	Constructor.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`protected boolean`	`checkNames(Set<String> trustedNames, X509Credential untrustedCredential)`	Evaluate the credential against the set of trusted names.
`PKIXValidationInformationResolver`	`getPKIXResolver()`
`PKIXTrustEvaluator`	`getPKIXTrustEvaluator()`	Get the `PKIXTrustEvaluator` instance used to evaluate trust.
`X509CredentialNameEvaluator`	`getX509CredentialNameEvaluator()`	Get the `X509CredentialNameEvaluator` instance used to evaluate a credential against trusted names.
`protected boolean`	`validate(X509Credential untrustedX509Credential, Set<String> trustedNames, Iterable<PKIXValidationInformation> validationInfoSet)`	Perform PKIX validation on the untrusted credential, using PKIX validation information based on the supplied set of trusted credentials.
`boolean`	`validate(X509Credential untrustedCredential, CriteriaSet trustBasisCriteria)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail
- log
```
private final org.slf4j.Logger log
```
  Class logger.
- pkixResolver
```
private final PKIXValidationInformationResolver pkixResolver
```
  Resolver used for resolving trusted credentials.
- pkixTrustEvaluator
```
private final PKIXTrustEvaluator pkixTrustEvaluator
```
  The external PKIX trust evaluator used to establish trust.
- credNameEvaluator
```
private final X509CredentialNameEvaluator credNameEvaluator
```
  The external credential name evaluator used to establish trusted name compliance.

Constructor Detail

PKIXX509CredentialTrustEngine
```
public PKIXX509CredentialTrustEngine(@Nonnull @ParameterName(name="resolver")
                                     PKIXValidationInformationResolver resolver)
```
Constructor.
The PKIX trust evaluator used defaults to CertPathPKIXTrustEvaluator.

The X.509 credential name evaluator used defaults to BasicX509CredentialNameEvaluator.

Parameters:

resolver - credential resolver used to resolve trusted credentials

PKIXX509CredentialTrustEngine

public PKIXX509CredentialTrustEngine(@Nonnull @ParameterName(name="resolver")
                                     PKIXValidationInformationResolver resolver,
                                     @Nullable @ParameterName(name="nameEvaluator")
                                     X509CredentialNameEvaluator nameEvaluator)

Constructor.

Parameters:: resolver - credential resolver used to resolve trusted credentials; nameEvaluator - the X.509 credential name evaluator to use (may be null)

PKIXX509CredentialTrustEngine

public PKIXX509CredentialTrustEngine(@Nonnull @ParameterName(name="resolver")
                                     PKIXValidationInformationResolver resolver,
                                     @Nonnull @ParameterName(name="pkixEvaluator")
                                     PKIXTrustEvaluator pkixEvaluator,
                                     @Nullable @ParameterName(name="nameEvaluator")
                                     X509CredentialNameEvaluator nameEvaluator)

Constructor.

Parameters:: resolver - credential resolver used to resolve trusted credentials; pkixEvaluator - the PKIX trust evaluator to use; nameEvaluator - the X.509 credential name evaluator to use (may be null)

Method Detail
- getPKIXResolver
```
@Nonnull
public PKIXValidationInformationResolver getPKIXResolver()
```
  Specified by:
  
  getPKIXResolver in interface PKIXTrustEngine<X509Credential>
- getPKIXTrustEvaluator
```
@Nonnull
public PKIXTrustEvaluator getPKIXTrustEvaluator()
```
  Get the PKIXTrustEvaluator instance used to evaluate trust.
  The parameters of this evaluator may be modified to adjust trust evaluation processing.
  
  Returns:
  
  the PKIX trust evaluator instance that will be used
- getX509CredentialNameEvaluator
```
@Nullable
public X509CredentialNameEvaluator getX509CredentialNameEvaluator()
```
  Get the X509CredentialNameEvaluator instance used to evaluate a credential against trusted names.
  The parameters of this evaluator may be modified to adjust trust evaluation processing.
  
  Returns:
  
  the PKIX trust evaluator instance that will be used
- validate
```
public boolean validate(@Nonnull
                        X509Credential untrustedCredential,
                        @Nullable
                        CriteriaSet trustBasisCriteria)
                 throws SecurityException
```
  Specified by:
  
  validate in interface TrustEngine<X509Credential>
  
  Throws:
  
  SecurityException
- validate
```
protected boolean validate(@Nonnull
                           X509Credential untrustedX509Credential,
                           @Nullable
                           Set<String> trustedNames,
                           @Nonnull
                           Iterable<PKIXValidationInformation> validationInfoSet)
                    throws SecurityException
```
  Perform PKIX validation on the untrusted credential, using PKIX validation information based on the supplied set of trusted credentials.
  
  Parameters:
  
  untrustedX509Credential - the credential to evaluate
  
  trustedNames - the set of trusted names for name checking purposes
  
  validationInfoSet - the set of validation information which serves as the basis for trust evaluation
  
  Returns:
  
  true if PKIX validation of the untrusted credential is successful, otherwise false
  
  Throws:
  
  SecurityException - thrown if there is an error validating the untrusted credential against trusted names or validation information
- checkNames
```
protected boolean checkNames(@Nullable
                             Set<String> trustedNames,
                             @Nonnull
                             X509Credential untrustedCredential)
                      throws SecurityException
```
  Evaluate the credential against the set of trusted names.
  Evaluates to true if no instance of X509CredentialNameEvaluator is configured.
  
  Parameters:
  
  trustedNames - set of trusted names
  
  untrustedCredential - the credential being evaluated
  
  Returns:
  
  true if evaluation is successful, false otherwise
  
  Throws:
  
  SecurityException - thrown if there is an error evaluation the credential

Class PKIXX509CredentialTrustEngine

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

log

pkixResolver

pkixTrustEvaluator

credNameEvaluator

Constructor Detail

PKIXX509CredentialTrustEngine

PKIXX509CredentialTrustEngine

PKIXX509CredentialTrustEngine

Method Detail

getPKIXResolver

getPKIXTrustEvaluator

getX509CredentialNameEvaluator

validate

validate

checkNames