|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.opensaml.xml.security.x509.PKIXX509CredentialTrustEngine
public class PKIXX509CredentialTrustEngine
Trust engine implementation which evaluates an X509Credential token based on PKIX validation processing using validation information from a trusted source.
Constructor Summary | |
---|---|
PKIXX509CredentialTrustEngine(PKIXValidationInformationResolver resolver)
Constructor. |
|
PKIXX509CredentialTrustEngine(PKIXValidationInformationResolver resolver,
PKIXTrustEvaluator pkixEvaluator,
X509CredentialNameEvaluator nameEvaluator)
Constructor. |
Method Summary | |
---|---|
protected boolean |
checkNames(Set<String> trustedNames,
X509Credential untrustedCredential)
Evaluate the credential against the set of trusted names. |
PKIXValidationInformationResolver |
getPKIXResolver()
Get the resolver instance which will be used to resolve PKIX validation information. |
PKIXTrustEvaluator |
getPKIXTrustEvaluator()
Get the PKIXTrustEvaluator instance used to evalute trust. |
X509CredentialNameEvaluator |
getX509CredentialNameEvaluator()
Get the X509CredentialNameEvaluator instance used to evalute a credential against trusted names. |
boolean |
validate(X509Credential untrustedCredential,
CriteriaSet trustBasisCriteria)
Validates the token against trusted information obtained in an implementation-specific manner. |
protected boolean |
validate(X509Credential untrustedX509Credential,
Set<String> trustedNames,
Iterable<PKIXValidationInformation> validationInfoSet)
Perform PKIX validation on the untrusted credential, using PKIX validation information based on the supplied set of trusted credentials. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public PKIXX509CredentialTrustEngine(PKIXValidationInformationResolver resolver)
The PKIX trust evaluator used defaults to CertPathPKIXTrustEvaluator
.
The X.509 credential name evaluator used defaults to BasicX509CredentialNameEvaluator
.
resolver
- credential resolver used to resolve trusted credentialspublic PKIXX509CredentialTrustEngine(PKIXValidationInformationResolver resolver, PKIXTrustEvaluator pkixEvaluator, X509CredentialNameEvaluator nameEvaluator)
resolver
- credential resolver used to resolve trusted credentialspkixEvaluator
- the PKIX trust evaluator to usenameEvaluator
- the X.509 credential name evaluator to use (may be null)Method Detail |
---|
public PKIXValidationInformationResolver getPKIXResolver()
getPKIXResolver
in interface PKIXTrustEngine<X509Credential>
public PKIXTrustEvaluator getPKIXTrustEvaluator()
The parameters of this evaluator may be modified to adjust trust evaluation processing.
public X509CredentialNameEvaluator getX509CredentialNameEvaluator()
The parameters of this evaluator may be modified to adjust trust evaluation processing.
public boolean validate(X509Credential untrustedCredential, CriteriaSet trustBasisCriteria) throws SecurityException
validate
in interface TrustEngine<X509Credential>
untrustedCredential
- security token to validatetrustBasisCriteria
- criteria used to describe and/or resolve the information
which serves as the basis for trust evaluation
SecurityException
- thrown if there is a problem validating the security tokenprotected boolean validate(X509Credential untrustedX509Credential, Set<String> trustedNames, Iterable<PKIXValidationInformation> validationInfoSet) throws SecurityException
untrustedX509Credential
- the credential to evaluatevalidationInfoSet
- the set of validation information which serves as ths basis for trust evaluationtrustedNames
- the set of trusted names for name checking purposes
SecurityException
- thrown if there is an error validating the untrusted credential
against trusted names or validation informationprotected boolean checkNames(Set<String> trustedNames, X509Credential untrustedCredential) throws SecurityException
Evaluates to true if no intsance of X509CredentialNameEvaluator
is configured.
trustedNames
- set of trusted namesuntrustedCredential
- the credential being evaluated
SecurityException
- thrown if there is an error evaluation the credential
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |