Package org.apache.wss4j.dom.validate
Class SignatureTrustValidator
- java.lang.Object
-
- org.apache.wss4j.dom.validate.SignatureTrustValidator
-
- All Implemented Interfaces:
Validator
- Direct Known Subclasses:
SamlAssertionValidator
public class SignatureTrustValidator extends Object implements Validator
This class verifies trust in a credential used to verify a signature, which is extracted from the Credential passed to the validate method.
-
-
Constructor Summary
Constructors Constructor Description SignatureTrustValidator()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected Crypto
getCrypto(RequestData data)
Credential
validate(Credential credential, RequestData data)
Validate the credential argument.protected void
validateCertificates(X509Certificate[] certificates)
Validate the certificates by checking the validity of each certprotected void
validatePublicKey(PublicKey publicKey, Crypto crypto)
Validate a public keyprotected void
verifyTrustInCerts(X509Certificate[] certificates, Crypto crypto, RequestData data, boolean enableRevocation)
Evaluate whether the given certificate chain should be trusted.
-
-
-
Method Detail
-
validate
public Credential validate(Credential credential, RequestData data) throws WSSecurityException
Validate the credential argument. It must contain a non-null X509Certificate chain or a PublicKey. A Crypto implementation is also required to be set. This implementation first attempts to verify trust on the certificate (chain). If this is not successful, then it will attempt to verify trust on the Public Key.- Specified by:
validate
in interfaceValidator
- Parameters:
credential
- the Credential to be validateddata
- the RequestData associated with the request- Returns:
- a validated Credential
- Throws:
WSSecurityException
- on a failed validation
-
getCrypto
protected Crypto getCrypto(RequestData data)
-
validateCertificates
protected void validateCertificates(X509Certificate[] certificates) throws WSSecurityException
Validate the certificates by checking the validity of each cert- Throws:
WSSecurityException
-
verifyTrustInCerts
protected void verifyTrustInCerts(X509Certificate[] certificates, Crypto crypto, RequestData data, boolean enableRevocation) throws WSSecurityException
Evaluate whether the given certificate chain should be trusted.- Parameters:
certificates
- the certificate chain that should be validated against the keystorecrypto
- A Crypto instancedata
- A RequestData instanceenableRevocation
- Whether revocation is enabled or not- Throws:
WSSecurityException
- if the certificate chain is not trusted
-
validatePublicKey
protected void validatePublicKey(PublicKey publicKey, Crypto crypto) throws WSSecurityException
Validate a public key- Throws:
WSSecurityException
-
-