Class SignatureTrustValidator

  • All Implemented Interfaces:
    Direct Known Subclasses:

    public class SignatureTrustValidator
    extends Object
    implements Validator
    This class verifies trust in a credential used to verify a signature, which is extracted from the Credential passed to the validate method.
    • Constructor Detail

      • SignatureTrustValidator

        public SignatureTrustValidator()
    • Method Detail

      • validate

        public Credential validate​(Credential credential,
                                   RequestData data)
                            throws WSSecurityException
        Validate the credential argument. It must contain a non-null X509Certificate chain or a PublicKey. A Crypto implementation is also required to be set. This implementation first attempts to verify trust on the certificate (chain). If this is not successful, then it will attempt to verify trust on the Public Key.
        Specified by:
        validate in interface Validator
        credential - the Credential to be validated
        data - the RequestData associated with the request
        a validated Credential
        WSSecurityException - on a failed validation
      • verifyTrustInCerts

        protected void verifyTrustInCerts​(X509Certificate[] certificates,
                                          Crypto crypto,
                                          RequestData data,
                                          boolean enableRevocation)
                                   throws WSSecurityException
        Evaluate whether the given certificate chain should be trusted.
        certificates - the certificate chain that should be validated against the keystore
        crypto - A Crypto instance
        data - A RequestData instance
        enableRevocation - Whether revocation is enabled or not
        WSSecurityException - if the certificate chain is not trusted