Package org.apache.wss4j.dom.validate

Class SignatureTrustValidator

java.lang.Object

org.apache.wss4j.dom.validate.SignatureTrustValidator

All Implemented Interfaces:

Validator

Direct Known Subclasses:

SamlAssertionValidator

public class SignatureTrustValidator
extends Object
implements Validator

This class verifies trust in a credential used to verify a signature, which is extracted from the Credential passed to the validate method.

Constructor Summary

Constructors

Constructor	Description
SignatureTrustValidator()

Method Summary

Modifier and Type	Method	Description
protected org.apache.wss4j.common.crypto.Crypto	getCrypto(RequestData data)
Credential	validate(Credential credential, RequestData data)	Validate the credential argument.
protected void	validateCertificates(X509Certificate[] certificates)	Validate the certificates by checking the validity of each cert
protected void	validatePublicKey(PublicKey publicKey, org.apache.wss4j.common.crypto.Crypto crypto)	Validate a public key
protected void	verifyTrustInCerts(X509Certificate[] certificates, org.apache.wss4j.common.crypto.Crypto crypto, RequestData data, boolean enableRevocation)	Evaluate whether the given certificate chain should be trusted.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SignatureTrustValidator

public SignatureTrustValidator()

Method Details

validate

public Credential validate(Credential credential,
 RequestData data)
                    throws org.apache.wss4j.common.ext.WSSecurityException

Validate the credential argument. It must contain a non-null X509Certificate chain or a PublicKey. A Crypto implementation is also required to be set. This implementation first attempts to verify trust on the certificate (chain). If this is not successful, then it will attempt to verify trust on the Public Key.

Specified by:

validate in interface Validator

Parameters:

credential - the Credential to be validated

data - the RequestData associated with the request

Returns:

a validated Credential

Throws:

org.apache.wss4j.common.ext.WSSecurityException - on a failed validation

getCrypto

protected org.apache.wss4j.common.crypto.Crypto getCrypto(RequestData data)

validateCertificates

protected void validateCertificates(X509Certificate[] certificates)
                             throws org.apache.wss4j.common.ext.WSSecurityException

Validate the certificates by checking the validity of each cert

Throws:

org.apache.wss4j.common.ext.WSSecurityException

verifyTrustInCerts

protected void verifyTrustInCerts(X509Certificate[] certificates,
 org.apache.wss4j.common.crypto.Crypto crypto,
 RequestData data,
 boolean enableRevocation)
                           throws org.apache.wss4j.common.ext.WSSecurityException

Evaluate whether the given certificate chain should be trusted.

Parameters:

certificates - the certificate chain that should be validated against the keystore

crypto - A Crypto instance

data - A RequestData instance

enableRevocation - Whether revocation is enabled or not

Throws:

org.apache.wss4j.common.ext.WSSecurityException - if the certificate chain is not trusted

validatePublicKey

protected void validatePublicKey(PublicKey publicKey,
 org.apache.wss4j.common.crypto.Crypto crypto)
                          throws org.apache.wss4j.common.ext.WSSecurityException

Validate a public key

Throws:

org.apache.wss4j.common.ext.WSSecurityException