Class ChainingSignatureTrustEngine
- java.lang.Object
-
- org.opensaml.xmlsec.signature.support.impl.ChainingSignatureTrustEngine
-
- All Implemented Interfaces:
org.opensaml.security.trust.TrustEngine<org.opensaml.xmlsec.signature.Signature>,org.opensaml.xmlsec.signature.support.SignatureTrustEngine
public class ChainingSignatureTrustEngine extends Object implements org.opensaml.xmlsec.signature.support.SignatureTrustEngine
Evaluate a signature in sequence using a chain of subordinate trust engines. If the signature may be established as trusted by any of the subordinate engines, the token is considered trusted. Otherwise it is considered untrusted.
-
-
Constructor Summary
Constructors Constructor Description ChainingSignatureTrustEngine(List<org.opensaml.xmlsec.signature.support.SignatureTrustEngine> chain)Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description List<org.opensaml.xmlsec.signature.support.SignatureTrustEngine>getChain()Get the list of configured trust engines which constitute the trust evaluation chain.org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolvergetKeyInfoResolver()booleanvalidate(byte[] signature, byte[] content, String algorithmURI, net.shibboleth.utilities.java.support.resolver.CriteriaSet trustBasisCriteria, org.opensaml.security.credential.Credential candidateCredential)booleanvalidate(org.opensaml.xmlsec.signature.Signature token, net.shibboleth.utilities.java.support.resolver.CriteriaSet trustBasisCriteria)
-
-
-
Field Detail
-
log
@Nonnull private final org.slf4j.Logger log
Class logger.
-
engines
@Nonnull @NonnullElements private List<org.opensaml.xmlsec.signature.support.SignatureTrustEngine> engines
The chain of subordinate trust engines.
-
-
Constructor Detail
-
ChainingSignatureTrustEngine
public ChainingSignatureTrustEngine(@Nonnull @NonnullElements @ParameterName(name="chain") List<org.opensaml.xmlsec.signature.support.SignatureTrustEngine> chain)Constructor.- Parameters:
chain- the list of trust engines in the chain
-
-
Method Detail
-
getChain
@Nonnull @NonnullElements @Unmodifiable @NotLive public List<org.opensaml.xmlsec.signature.support.SignatureTrustEngine> getChain()
Get the list of configured trust engines which constitute the trust evaluation chain.- Returns:
- the modifiable list of trust engines in the chain
-
getKeyInfoResolver
@Nullable public org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver getKeyInfoResolver()
- Specified by:
getKeyInfoResolverin interfaceorg.opensaml.xmlsec.signature.support.SignatureTrustEngine
-
validate
public boolean validate(@Nonnull org.opensaml.xmlsec.signature.Signature token, @Nullable net.shibboleth.utilities.java.support.resolver.CriteriaSet trustBasisCriteria) throws org.opensaml.security.SecurityException- Specified by:
validatein interfaceorg.opensaml.security.trust.TrustEngine<org.opensaml.xmlsec.signature.Signature>- Throws:
org.opensaml.security.SecurityException
-
validate
public boolean validate(@Nonnull byte[] signature, @Nonnull byte[] content, @Nonnull String algorithmURI, @Nullable net.shibboleth.utilities.java.support.resolver.CriteriaSet trustBasisCriteria, @Nonnull org.opensaml.security.credential.Credential candidateCredential) throws org.opensaml.security.SecurityException- Specified by:
validatein interfaceorg.opensaml.xmlsec.signature.support.SignatureTrustEngine- Throws:
org.opensaml.security.SecurityException
-
-