1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.opensaml.xml.signature.impl;
18
19 import java.util.ArrayList;
20 import java.util.List;
21
22 import org.opensaml.xml.security.CriteriaSet;
23 import org.opensaml.xml.security.SecurityException;
24 import org.opensaml.xml.security.credential.Credential;
25 import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
26 import org.opensaml.xml.signature.Signature;
27 import org.opensaml.xml.signature.SignatureTrustEngine;
28 import org.slf4j.Logger;
29 import org.slf4j.LoggerFactory;
30
31
32
33
34
35
36 public class ChainingSignatureTrustEngine implements SignatureTrustEngine {
37
38
39 private final Logger log = LoggerFactory.getLogger(ChainingSignatureTrustEngine.class);
40
41
42 private List<SignatureTrustEngine> engines;
43
44
45 public ChainingSignatureTrustEngine() {
46 engines = new ArrayList<SignatureTrustEngine>();
47 }
48
49
50
51
52
53
54 public List<SignatureTrustEngine> getChain() {
55 return engines;
56 }
57
58
59 public KeyInfoCredentialResolver getKeyInfoResolver() {
60
61 return null;
62 }
63
64
65 public boolean validate(Signature token, CriteriaSet trustBasisCriteria) throws SecurityException {
66 for (SignatureTrustEngine engine : engines) {
67 if (engine.validate(token, trustBasisCriteria)) {
68 log.debug("Signature was trusted by chain member: {}", engine.getClass().getName());
69 return true;
70 }
71 }
72 return false;
73 }
74
75
76 public boolean validate(byte[] signature, byte[] content, String algorithmURI, CriteriaSet trustBasisCriteria,
77 Credential candidateCredential) throws SecurityException {
78 for (SignatureTrustEngine engine : engines) {
79 if (engine.validate(signature, content, algorithmURI, trustBasisCriteria, candidateCredential)) {
80 log.debug("Signature was trusted by chain member: {}", engine.getClass().getName());
81 return true;
82 }
83 }
84 return false;
85 }
86
87 }