1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.opensaml.xml.security.trust;
18
19 import org.opensaml.xml.security.CriteriaSet;
20 import org.opensaml.xml.security.SecurityException;
21 import org.opensaml.xml.security.credential.Credential;
22 import org.opensaml.xml.security.credential.CredentialResolver;
23 import org.slf4j.Logger;
24 import org.slf4j.LoggerFactory;
25
26
27
28
29
30
31
32
33 public class ExplicitKeyTrustEngine implements TrustedCredentialTrustEngine<Credential> {
34
35
36 private final Logger log = LoggerFactory.getLogger(ExplicitKeyTrustEngine.class);
37
38
39 private CredentialResolver credentialResolver;
40
41
42 private ExplicitKeyTrustEvaluator trustEvaluator;
43
44
45
46
47
48
49 public ExplicitKeyTrustEngine(CredentialResolver resolver) {
50 if (resolver == null) {
51 throw new IllegalArgumentException("Credential resolver may not be null");
52 }
53 credentialResolver = resolver;
54
55 trustEvaluator = new ExplicitKeyTrustEvaluator();
56 }
57
58
59 public CredentialResolver getCredentialResolver() {
60 return credentialResolver;
61 }
62
63
64 public boolean validate(Credential untrustedCredential, CriteriaSet trustBasisCriteria) throws SecurityException {
65
66 checkParams(untrustedCredential, trustBasisCriteria);
67
68 log.debug("Attempting to validate untrusted credential");
69 Iterable<Credential> trustedCredentials = getCredentialResolver().resolve(trustBasisCriteria);
70
71 return trustEvaluator.validate(untrustedCredential, trustedCredentials);
72 }
73
74
75
76
77
78
79
80
81 protected void checkParams(Credential untrustedCredential, CriteriaSet trustBasisCriteria)
82 throws SecurityException {
83
84 if (untrustedCredential == null) {
85 throw new SecurityException("Untrusted credential was null");
86 }
87 if (trustBasisCriteria == null) {
88 throw new SecurityException("Trust basis criteria set was null");
89 }
90 if (trustBasisCriteria.isEmpty()) {
91 throw new SecurityException("Trust basis criteria set was empty");
92 }
93 }
94
95 }