|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.opensaml.xml.signature.impl.BaseSignatureTrustEngine<TrustBasisType>
TrustBasisType
- the type of trusted information which has been resolved and which will serve as the basis for
trust evaluationpublic abstract class BaseSignatureTrustEngine<TrustBasisType>
A base implementation of SignatureTrustEngine
which evaluates the validity and trustworthiness of XML and raw
signatures.
When processing XML signatures, the supplied KeyInfoCredentialResolver will be used to resolve credential(s) containing the (advisory) signing key from the KeyInfo element of the Signature, if present. If any of these credentials do contain the valid signing key, they will be evaluated for trustworthiness against trusted information, which will be resolved in an implementation-specific manner.
Subclasses are required to implement evaluateTrust(Credential, Object)
using an implementation-specific
trust model.
Constructor Summary | |
---|---|
BaseSignatureTrustEngine(KeyInfoCredentialResolver keyInfoResolver)
Constructor. |
Method Summary | |
---|---|
protected void |
checkParams(Signature signature,
CriteriaSet trustBasisCriteria)
Check the signature and credential criteria for required values. |
protected void |
checkParamsRaw(byte[] signature,
byte[] content,
String algorithmURI,
CriteriaSet trustBasisCriteria)
Check the signature and credential criteria for required values. |
protected abstract boolean |
evaluateTrust(Credential untrustedCredential,
TrustBasisType trustBasis)
Evaluate the untrusted KeyInfo-derived credential with respect to the specified trusted information. |
KeyInfoCredentialResolver |
getKeyInfoResolver()
Get the KeyInfoCredentialResolver instance used to resolve (advisory) signing credential information from KeyInfo elements contained within a Signature element. |
protected boolean |
validate(Signature signature,
TrustBasisType trustBasis)
Attempt to establish trust by resolving signature verification credentials from the Signature's KeyInfo. |
protected boolean |
verifySignature(Signature signature,
Credential credential)
Attempt to verify a signature using the key from the supplied credential. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Methods inherited from interface org.opensaml.xml.signature.SignatureTrustEngine |
---|
validate |
Methods inherited from interface org.opensaml.xml.security.trust.TrustEngine |
---|
validate |
Constructor Detail |
---|
public BaseSignatureTrustEngine(KeyInfoCredentialResolver keyInfoResolver)
keyInfoResolver
- KeyInfo credential resolver used to obtain the (advisory) signing credential from a
Signature's KeyInfo element.Method Detail |
---|
public KeyInfoCredentialResolver getKeyInfoResolver()
getKeyInfoResolver
in interface SignatureTrustEngine
protected boolean validate(Signature signature, TrustBasisType trustBasis) throws SecurityException
evaluateTrust(Credential, Object)
.
signature
- the Signature to evaluatetrustBasis
- the information which serves as the basis for trust evaluation
SecurityException
- if an error occurs during signature verification or trust processingprotected abstract boolean evaluateTrust(Credential untrustedCredential, TrustBasisType trustBasis) throws SecurityException
untrustedCredential
- the untrusted credential being evaluatedtrustBasis
- the information which serves as the basis for trust evaluation
SecurityException
- if an error occurs during trust processingprotected boolean verifySignature(Signature signature, Credential credential)
signature
- the signature on which to attempt verificationcredential
- the credential containing the candidate validation key
protected void checkParams(Signature signature, CriteriaSet trustBasisCriteria) throws SecurityException
signature
- the signature to be evaluatedtrustBasisCriteria
- the set of trusted credential criteria
SecurityException
- thrown if required values are absent or otherwise invalidprotected void checkParamsRaw(byte[] signature, byte[] content, String algorithmURI, CriteriaSet trustBasisCriteria) throws SecurityException
signature
- the signature to be evaluatedcontent
- the data over which the signature was computedalgorithmURI
- the signing algorithm URI which was usedtrustBasisCriteria
- the set of trusted credential criteria
SecurityException
- thrown if required values are absent or otherwise invalid
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |