Package org.opensaml.security.trust.impl

Class ExplicitX509CertificateTrustEngine

java.lang.Object

org.opensaml.security.trust.impl.ExplicitX509CertificateTrustEngine

All Implemented Interfaces:

TrustedCredentialTrustEngine<X509Credential>, TrustEngine<X509Credential>

public class ExplicitX509CertificateTrustEngine
extends Object
implements TrustedCredentialTrustEngine<X509Credential>

Trust engine that evaluates a credential's X.509 certificate against certificates expressed within a set of trusted credentials obtained from a credential resolver. The credential being tested is valid if its entity certificate matches the entity certificate contained within any of the trusted credentials produced by the given credential resolver. Matching of public keys is NOT sufficient for the purpose of this engine.

Field Summary

Fields

Modifier and Type	Field	Description
private CredentialResolver	credentialResolver	Resolver used for resolving trusted credentials.
private org.slf4j.Logger	log	Class logger.
private ExplicitX509CertificateTrustEvaluator	trustEvaluator	Trust evaluator.

Constructor Summary

Constructors

Constructor	Description
ExplicitX509CertificateTrustEngine(CredentialResolver resolver)	Constructor.

Method Summary

Modifier and Type	Method	Description
CredentialResolver	getCredentialResolver()
boolean	validate(X509Credential untrustedCredential, CriteriaSet trustBasisCriteria)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

log

private final org.slf4j.Logger log

Class logger.

credentialResolver

private final CredentialResolver credentialResolver

Resolver used for resolving trusted credentials.

trustEvaluator

private final ExplicitX509CertificateTrustEvaluator trustEvaluator

Trust evaluator.

Constructor Detail

ExplicitX509CertificateTrustEngine

public ExplicitX509CertificateTrustEngine(@Nonnull @ParameterName(name="resolver")
                                          CredentialResolver resolver)

Constructor.

Parameters:

resolver - credential resolver which is used to resolve trusted credentials

Method Detail

getCredentialResolver

@Nonnull
public CredentialResolver getCredentialResolver()

Specified by:

getCredentialResolver in interface TrustedCredentialTrustEngine<X509Credential>

validate

public boolean validate(@Nonnull
                        X509Credential untrustedCredential,
                        @Nullable
                        CriteriaSet trustBasisCriteria)
                 throws SecurityException

Specified by:

validate in interface TrustEngine<X509Credential>

Throws:

SecurityException