View Javadoc

1   /*
2    * Copyright [2006] [University Corporation for Advanced Internet Development, Inc.]
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.opensaml.xml.security.trust;
18  
19  import org.opensaml.xml.security.CriteriaSet;
20  import org.opensaml.xml.security.SecurityException;
21  import org.opensaml.xml.security.credential.Credential;
22  import org.opensaml.xml.security.credential.CredentialResolver;
23  import org.slf4j.Logger;
24  import org.slf4j.LoggerFactory;
25  
26  /**
27   * Trust engine that evaluates a credential's key against key(s) expressed within a set of trusted credentials obtained
28   * from a trusted credential resolver.
29   * 
30   * The credential being tested is valid if its public key or secret key matches the public key, or secret key
31   * respectively, contained within any of the trusted credentials produced by the given credential resolver.
32   */
33  public class ExplicitKeyTrustEngine implements TrustedCredentialTrustEngine<Credential> {
34  
35      /** Class logger. */
36      private final Logger log = LoggerFactory.getLogger(ExplicitKeyTrustEngine.class);
37  
38      /** Resolver used for resolving trusted credentials. */
39      private CredentialResolver credentialResolver;
40  
41      /** Trust evaluator. */
42      private ExplicitKeyTrustEvaluator trustEvaluator;
43  
44      /**
45       * Constructor.
46       * 
47       * @param resolver credential resolver which is used to resolve trusted credentials
48       */
49      public ExplicitKeyTrustEngine(CredentialResolver resolver) {
50          if (resolver == null) {
51              throw new IllegalArgumentException("Credential resolver may not be null");
52          }
53          credentialResolver = resolver;
54  
55          trustEvaluator = new ExplicitKeyTrustEvaluator();
56      }
57  
58      /** {@inheritDoc} */
59      public CredentialResolver getCredentialResolver() {
60          return credentialResolver;
61      }
62  
63      /** {@inheritDoc} */
64      public boolean validate(Credential untrustedCredential, CriteriaSet trustBasisCriteria) throws SecurityException {
65  
66          checkParams(untrustedCredential, trustBasisCriteria);
67  
68          log.debug("Attempting to validate untrusted credential");
69          Iterable<Credential> trustedCredentials = getCredentialResolver().resolve(trustBasisCriteria);
70  
71          return trustEvaluator.validate(untrustedCredential, trustedCredentials);
72      }
73  
74      /**
75       * Check the parameters for required values.
76       * 
77       * @param untrustedCredential the credential to be evaluated
78       * @param trustBasisCriteria the set of trusted credential criteria
79       * @throws SecurityException thrown if required values are absent or otherwise invalid
80       */
81      protected void checkParams(Credential untrustedCredential, CriteriaSet trustBasisCriteria)
82          throws SecurityException {
83  
84          if (untrustedCredential == null) {
85              throw new SecurityException("Untrusted credential was null");
86          }
87          if (trustBasisCriteria == null) {
88              throw new SecurityException("Trust basis criteria set was null");
89          }
90          if (trustBasisCriteria.isEmpty()) {
91              throw new SecurityException("Trust basis criteria set was empty");
92          }
93      }
94  
95  }