|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.opensaml.xml.signature.impl.ChainingSignatureTrustEngine
public class ChainingSignatureTrustEngine
Evaluate a signature in sequence using a chain of subordinate trust engines. If the signature may be established as trusted by any of the subordinate engines, the token is considered trusted. Otherwise it is considered untrusted.
Constructor Summary | |
---|---|
ChainingSignatureTrustEngine()
Constructor. |
Method Summary | |
---|---|
List<SignatureTrustEngine> |
getChain()
Get the list of configured trust engines which constitute the trust evaluation chain. |
KeyInfoCredentialResolver |
getKeyInfoResolver()
Get the KeyInfoCredentialResolver instance used to resolve (advisory) signing credential information from KeyInfo elements contained within a Signature element. |
boolean |
validate(byte[] signature,
byte[] content,
String algorithmURI,
CriteriaSet trustBasisCriteria,
Credential candidateCredential)
Determines whether a raw signature over specified content is valid and signed by a trusted credential. |
boolean |
validate(Signature token,
CriteriaSet trustBasisCriteria)
Validates the token against trusted information obtained in an implementation-specific manner. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public ChainingSignatureTrustEngine()
Method Detail |
---|
public List<SignatureTrustEngine> getChain()
public KeyInfoCredentialResolver getKeyInfoResolver()
getKeyInfoResolver
in interface SignatureTrustEngine
public boolean validate(Signature token, CriteriaSet trustBasisCriteria) throws SecurityException
validate
in interface TrustEngine<Signature>
token
- security token to validatetrustBasisCriteria
- criteria used to describe and/or resolve the information
which serves as the basis for trust evaluation
SecurityException
- thrown if there is a problem validating the security tokenpublic boolean validate(byte[] signature, byte[] content, String algorithmURI, CriteriaSet trustBasisCriteria, Credential candidateCredential) throws SecurityException
A candidate verification credential may optionally be supplied. If one is supplied and is determined to successfully verify the signature, an attempt will be made to establish trust on this basis.
If a candidate credential is not supplied, or it does not successfully verify the signature, some implementations may be able to resolve candidate verification credential(s) in an implementation-specific manner based on the trusted criteria supplied, and then attempt to verify the signature and establish trust on this basis.
validate
in interface SignatureTrustEngine
signature
- the signature valuecontent
- the content that was signedalgorithmURI
- the signature algorithm URI which was used to sign the contenttrustBasisCriteria
- criteria used to describe and/or resolve the information
which serves as the basis for trust evaluationcandidateCredential
- the untrusted candidate credential containing the validation key
for the signature (optional)
SecurityException
- thrown if there is a problem attempting to verify the signature such as the signature
algorithim not being supported
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |