1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.opensaml.xml.security.trust;
18
19 import java.security.cert.X509Certificate;
20
21 import org.opensaml.xml.security.credential.Credential;
22 import org.opensaml.xml.security.x509.X509Credential;
23 import org.slf4j.Logger;
24 import org.slf4j.LoggerFactory;
25
26
27
28
29
30
31
32 public class ExplicitX509CertificateTrustEvaluator {
33
34
35 private final Logger log = LoggerFactory.getLogger(ExplicitX509CertificateTrustEvaluator.class);
36
37
38
39
40
41
42
43
44 public boolean validate(X509Certificate untrustedCertificate, X509Certificate trustedCertificate) {
45 return untrustedCertificate.equals(trustedCertificate);
46 }
47
48
49
50
51
52
53
54
55 public boolean validate(X509Certificate untrustedCertificate, Iterable<X509Certificate> trustedCertificates) {
56 for (X509Certificate trustedCertificate : trustedCertificates) {
57 if (untrustedCertificate.equals(trustedCertificate)) {
58 return true;
59 }
60 }
61 return false;
62 }
63
64
65
66
67
68
69
70
71 public boolean validate(X509Credential untrustedCredential, X509Credential trustedCredential) {
72
73 X509Certificate untrustedCertificate = untrustedCredential.getEntityCertificate();
74 X509Certificate trustedCertificate = trustedCredential.getEntityCertificate();
75 if (untrustedCertificate == null) {
76 log.debug("Untrusted credential contained no entity certificate, unable to evaluate");
77 return false;
78 } else if (trustedCertificate == null) {
79 log.debug("Trusted credential contained no entity certificate, unable to evaluate");
80 return false;
81 }
82
83 if (validate(untrustedCertificate, trustedCertificate)) {
84 log.debug("Successfully validated untrusted credential against trusted certificate");
85 return true;
86 }
87
88 log.debug("Failed to validate untrusted credential against trusted certificate");
89 return false;
90 }
91
92
93
94
95
96
97
98
99 public boolean validate(X509Credential untrustedCredential, Iterable<Credential> trustedCredentials) {
100
101 for (Credential trustedCredential : trustedCredentials) {
102 if (!(trustedCredential instanceof X509Credential)) {
103 log.debug("Skipping evaluation against trusted, non-X509Credential");
104 continue;
105 }
106 X509Credential trustedX509Credential = (X509Credential) trustedCredential;
107 if (validate(untrustedCredential, trustedX509Credential)) {
108 return true;
109 }
110 }
111
112 return false;
113 }
114
115 }