SignatureTrustValidator (Apache WSS4J DOM WS-Security 2.0.2 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.wss4j.dom.validate
Class SignatureTrustValidator

java.lang.Object
  org.apache.wss4j.dom.validate.SignatureTrustValidator

All Implemented Interfaces:: Validator

Direct Known Subclasses:: SamlAssertionValidator

public class SignatureTrustValidator
extends Object
implements Validator
extends Object
implements Validator

This class verifies trust in a credential used to verify a signature, which is extracted from the Credential passed to the validate method.

Constructor Summary
`SignatureTrustValidator()`

Method Summary
`protected Crypto`	`getCrypto(RequestData data)`
`Credential`	`validate(Credential credential, RequestData data)` Validate the credential argument.
`protected void`	`validateCertificates(X509Certificate[] certificates)` Validate the certificates by checking the validity of each cert
`protected void`	`validatePublicKey(PublicKey publicKey, Crypto crypto)` Validate a public key
`protected void`	`verifyTrustInCerts(X509Certificate[] certificates, Crypto crypto, RequestData data, boolean enableRevocation)` Evaluate whether the given certificate chain should be trusted.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

SignatureTrustValidator

public SignatureTrustValidator()

Method Detail

validate

public Credential validate(Credential credential,
                           RequestData data)
                    throws WSSecurityException

Validate the credential argument. It must contain a non-null X509Certificate chain or a PublicKey. A Crypto implementation is also required to be set. This implementation first attempts to verify trust on the certificate (chain). If this is not successful, then it will attempt to verify trust on the Public Key.

Specified by:: validate in interface Validator

Parameters:: credential - the Credential to be validated; data - the RequestData associated with the request
Returns:: a validated Credential
Throws:: WSSecurityException - on a failed validation

getCrypto

protected Crypto getCrypto(RequestData data)

validateCertificates

protected void validateCertificates(X509Certificate[] certificates)
                             throws WSSecurityException

Validate the certificates by checking the validity of each cert

Throws:: WSSecurityException

verifyTrustInCerts

protected void verifyTrustInCerts(X509Certificate[] certificates,
                                  Crypto crypto,
                                  RequestData data,
                                  boolean enableRevocation)
                           throws WSSecurityException

Evaluate whether the given certificate chain should be trusted.

Parameters:: certificates - the certificate chain that should be validated against the keystore; crypto - A Crypto instance; data - A RequestData instance; enableRevocation - Whether revocation is enabled or not
Throws:: WSSecurityException - if the certificate chain is not trusted

validatePublicKey

protected void validatePublicKey(PublicKey publicKey,
                                 Crypto crypto)
                          throws WSSecurityException

Validate a public key

Throws:: WSSecurityException