Package org.apache.wss4j.dom.validate

Class SignatureTrustValidator

  • All Implemented Interfaces:
    Validator
    Direct Known Subclasses:
    SamlAssertionValidator
    public class SignatureTrustValidator
extends Object
implements Validator
    This class verifies trust in a credential used to verify a signature, which is extracted from the Credential passed to the validate method.

    • Constructor Detail

      • SignatureTrustValidator

        public SignatureTrustValidator()

    • Method Detail

      • validate

        public Credential validate​(Credential credential,
                           RequestData data)
                    throws WSSecurityException
        Validate the credential argument. It must contain a non-null X509Certificate chain or a PublicKey. A Crypto implementation is also required to be set. This implementation first attempts to verify trust on the certificate (chain). If this is not successful, then it will attempt to verify trust on the Public Key.
        Specified by:
        validate in interface Validator
        Parameters:
        credential - the Credential to be validated
        data - the RequestData associated with the request
        Returns:
        a validated Credential
        Throws:
        WSSecurityException - on a failed validation

      • verifyTrustInCerts

        protected void verifyTrustInCerts​(X509Certificate[] certificates,
                                  Crypto crypto,
                                  RequestData data,
                                  boolean enableRevocation)
                           throws WSSecurityException
        Evaluate whether the given certificate chain should be trusted.
        Parameters:
        certificates - the certificate chain that should be validated against the keystore
        crypto - A Crypto instance
        data - A RequestData instance
        enableRevocation - Whether revocation is enabled or not
        Throws:
        WSSecurityException - if the certificate chain is not trusted