PKIXX509CredentialTrustEngine (Red Hat JBoss Enterprise Application Platform 7.0.0.GA public API)

java.lang.Object
- org.opensaml.security.x509.impl.PKIXX509CredentialTrustEngine

All Implemented Interfaces:

TrustEngine<X509Credential>, PKIXTrustEngine<X509Credential>
```
public class PKIXX509CredentialTrustEngine
extends Object
implements PKIXTrustEngine<X509Credential>
```
Trust engine implementation which evaluates an X509Credential token based on PKIX validation processing using validation information from a trusted source.

Constructor Summary

Constructors
Constructor and Description
`PKIXX509CredentialTrustEngine(PKIXValidationInformationResolver resolver)` Constructor.
`PKIXX509CredentialTrustEngine(PKIXValidationInformationResolver resolver, PKIXTrustEvaluator pkixEvaluator, X509CredentialNameEvaluator nameEvaluator)` Constructor.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`protected boolean`	`checkNames(Set<String> trustedNames, X509Credential untrustedCredential)` Evaluate the credential against the set of trusted names.
`PKIXValidationInformationResolver`	`getPKIXResolver()` Get the resolver instance which will be used to resolve PKIX validation information.
`PKIXTrustEvaluator`	`getPKIXTrustEvaluator()` Get the `PKIXTrustEvaluator` instance used to evaluate trust.
`X509CredentialNameEvaluator`	`getX509CredentialNameEvaluator()` Get the `X509CredentialNameEvaluator` instance used to evaluate a credential against trusted names.
`boolean`	`validate(X509Credential untrustedCredential, CriteriaSet trustBasisCriteria)` Validates the token against trusted information obtained in an implementation-specific manner.
`protected boolean`	`validate(X509Credential untrustedX509Credential, Set<String> trustedNames, Iterable<PKIXValidationInformation> validationInfoSet)` Perform PKIX validation on the untrusted credential, using PKIX validation information based on the supplied set of trusted credentials.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - PKIXX509CredentialTrustEngine
```
public PKIXX509CredentialTrustEngine(@Nonnull
                                     PKIXValidationInformationResolver resolver)
```
    Constructor.
    The PKIX trust evaluator used defaults to CertPathPKIXTrustEvaluator.
    
    The X.509 credential name evaluator used defaults to BasicX509CredentialNameEvaluator.
    
    Parameters:
    
    resolver - credential resolver used to resolve trusted credentials
  - PKIXX509CredentialTrustEngine
```
public PKIXX509CredentialTrustEngine(@Nonnull
                                     PKIXValidationInformationResolver resolver,
                                     @Nonnull
                                     PKIXTrustEvaluator pkixEvaluator,
                                     @Nullable
                                     X509CredentialNameEvaluator nameEvaluator)
```
    Constructor.
    
    Parameters:
    
    resolver - credential resolver used to resolve trusted credentials
    
    pkixEvaluator - the PKIX trust evaluator to use
    
    nameEvaluator - the X.509 credential name evaluator to use (may be null)
- Method Detail
  - getPKIXResolver
```
@Nonnull
public PKIXValidationInformationResolver getPKIXResolver()
```
    Get the resolver instance which will be used to resolve PKIX validation information.
    
    Specified by:
    
    getPKIXResolver in interface PKIXTrustEngine<X509Credential>
    
    Returns:
    
    the currently configured resolver instance
  - getPKIXTrustEvaluator
```
@Nonnull
public PKIXTrustEvaluator getPKIXTrustEvaluator()
```
    Get the PKIXTrustEvaluator instance used to evaluate trust.
    The parameters of this evaluator may be modified to adjust trust evaluation processing.
    
    Returns:
    
    the PKIX trust evaluator instance that will be used
  - getX509CredentialNameEvaluator
```
@Nullable
public X509CredentialNameEvaluator getX509CredentialNameEvaluator()
```
    Get the X509CredentialNameEvaluator instance used to evaluate a credential against trusted names.
    The parameters of this evaluator may be modified to adjust trust evaluation processing.
    
    Returns:
    
    the PKIX trust evaluator instance that will be used
  - validate
```
public boolean validate(@Nonnull
                        X509Credential untrustedCredential,
                        @Nullable
                        CriteriaSet trustBasisCriteria)
                 throws SecurityException
```
    Validates the token against trusted information obtained in an implementation-specific manner.
    
    Specified by:
    
    validate in interface TrustEngine<X509Credential>
    
    Parameters:
    
    untrustedCredential - security token to validate
    
    trustBasisCriteria - criteria used to describe and/or resolve the information which serves as the basis for trust evaluation
    
    Returns:
    
    true iff the token is trusted and valid
    
    Throws:
    
    SecurityException - thrown if there is a problem validating the security token
  - validate
```
protected boolean validate(@Nonnull
                           X509Credential untrustedX509Credential,
                           @Nullable
                           Set<String> trustedNames,
                           @Nonnull
                           Iterable<PKIXValidationInformation> validationInfoSet)
                    throws SecurityException
```
    Perform PKIX validation on the untrusted credential, using PKIX validation information based on the supplied set of trusted credentials.
    
    Parameters:
    
    untrustedX509Credential - the credential to evaluate
    
    trustedNames - the set of trusted names for name checking purposes
    
    validationInfoSet - the set of validation information which serves as the basis for trust evaluation
    
    Returns:
    
    true if PKIX validation of the untrusted credential is successful, otherwise false
    
    Throws:
    
    SecurityException - thrown if there is an error validating the untrusted credential against trusted names or validation information
  - checkNames
```
protected boolean checkNames(@Nullable
                             Set<String> trustedNames,
                             @Nonnull
                             X509Credential untrustedCredential)
                      throws SecurityException
```
    Evaluate the credential against the set of trusted names.
    Evaluates to true if no instance of X509CredentialNameEvaluator is configured.
    
    Parameters:
    
    trustedNames - set of trusted names
    
    untrustedCredential - the credential being evaluated
    
    Returns:
    
    true if evaluation is successful, false otherwise
    
    Throws:
    
    SecurityException - thrown if there is an error evaluation the credential

Class PKIXX509CredentialTrustEngine

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

PKIXX509CredentialTrustEngine

PKIXX509CredentialTrustEngine

Method Detail

getPKIXResolver

getPKIXTrustEvaluator

getX509CredentialNameEvaluator

validate

validate

checkNames