1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.opensaml.xml.security.trust;
18
19 import org.opensaml.xml.security.CriteriaSet;
20 import org.opensaml.xml.security.SecurityException;
21 import org.opensaml.xml.security.credential.Credential;
22 import org.opensaml.xml.security.credential.CredentialResolver;
23 import org.opensaml.xml.security.x509.X509Credential;
24 import org.slf4j.Logger;
25 import org.slf4j.LoggerFactory;
26
27
28
29
30
31
32
33
34 public class ExplicitX509CertificateTrustEngine implements TrustedCredentialTrustEngine<X509Credential> {
35
36
37 private final Logger log = LoggerFactory.getLogger(ExplicitX509CertificateTrustEngine.class);
38
39
40 private CredentialResolver credentialResolver;
41
42
43 private ExplicitX509CertificateTrustEvaluator trustEvaluator;
44
45
46
47
48
49
50 public ExplicitX509CertificateTrustEngine(CredentialResolver resolver) {
51 if (resolver == null) {
52 throw new IllegalArgumentException("Credential resolver may not be null");
53 }
54 credentialResolver = resolver;
55
56 trustEvaluator = new ExplicitX509CertificateTrustEvaluator();
57 }
58
59
60 public CredentialResolver getCredentialResolver() {
61 return credentialResolver;
62 }
63
64
65 public boolean validate(X509Credential untrustedCredential, CriteriaSet trustBasisCriteria)
66 throws SecurityException {
67
68 checkParams(untrustedCredential, trustBasisCriteria);
69
70 log.debug("Attempting to validate untrusted credential");
71 Iterable<Credential> trustedCredentials = getCredentialResolver().resolve(trustBasisCriteria);
72
73 return trustEvaluator.validate(untrustedCredential, trustedCredentials);
74 }
75
76
77
78
79
80
81
82
83 protected void checkParams(X509Credential untrustedCredential, CriteriaSet trustBasisCriteria)
84 throws SecurityException {
85
86 if (untrustedCredential == null) {
87 throw new SecurityException("Untrusted credential was null");
88 }
89 if (trustBasisCriteria == null) {
90 throw new SecurityException("Trust basis criteria set was null");
91 }
92 if (trustBasisCriteria.isEmpty()) {
93 throw new SecurityException("Trust basis criteria set was empty");
94 }
95 }
96
97 }