/** * Resolve and return a set of trusted validation information. * * @param trustBasisCriteria criteria used to describe and/or resolve the information which serves as the basis for * trust evaluation * @return a pair consisting of an optional set of trusted names, and an iterable of trusted * PKIXValidationInformation * @throws SecurityException thrown if there is an error resolving the information from the trusted resolver */ protected Pair<Set<String>, Iterable<PKIXValidationInformation>> resolveValidationInfo( CriteriaSet trustBasisCriteria) throws SecurityException { Set<String> trustedNames = null; if (pkixResolver.supportsTrustedNameResolution()) { trustedNames = pkixResolver.resolveTrustedNames(trustBasisCriteria); } else { log.debug("PKIX resolver does not support resolution of trusted names, skipping name checking"); } Iterable<PKIXValidationInformation> validationInfoSet = pkixResolver.resolve(trustBasisCriteria); Pair<Set<String>, Iterable<PKIXValidationInformation>> validationPair = new Pair<Set<String>, Iterable<PKIXValidationInformation>>(trustedNames, validationInfoSet); return validationPair; }
/** * Resolve and return a set of trusted validation information. * * @param trustBasisCriteria criteria used to describe and/or resolve the information which serves as the basis for * trust evaluation * @return a pair consisting of an optional set of trusted names, and an iterable of trusted * PKIXValidationInformation * @throws SecurityException thrown if there is an error resolving the information from the trusted resolver */ protected Pair<Set<String>, Iterable<PKIXValidationInformation>> resolveValidationInfo( CriteriaSet trustBasisCriteria) throws SecurityException { Set<String> trustedNames = null; if (pkixResolver.supportsTrustedNameResolution()) { trustedNames = pkixResolver.resolveTrustedNames(trustBasisCriteria); } else { log.debug("PKIX resolver does not support resolution of trusted names, skipping name checking"); } Iterable<PKIXValidationInformation> validationInfoSet = pkixResolver.resolve(trustBasisCriteria); Pair<Set<String>, Iterable<PKIXValidationInformation>> validationPair = new Pair<Set<String>, Iterable<PKIXValidationInformation>>(trustedNames, validationInfoSet); return validationPair; }
/** {@inheritDoc} */ public boolean validate(X509Credential untrustedCredential, CriteriaSet trustBasisCriteria) throws SecurityException { log.debug("Attempting PKIX validation of untrusted credential"); if (untrustedCredential == null) { log.error("X.509 credential was null, unable to perform validation"); return false; } if (untrustedCredential.getEntityCertificate() == null) { log.error("Untrusted X.509 credential's entity certificate was null, unable to perform validation"); return false; } Set<String> trustedNames = null; if (pkixResolver.supportsTrustedNameResolution()) { trustedNames = pkixResolver.resolveTrustedNames(trustBasisCriteria); } else { log.debug("PKIX resolver does not support resolution of trusted names, skipping name checking"); } return validate(untrustedCredential, trustedNames, pkixResolver.resolve(trustBasisCriteria)); }
/** {@inheritDoc} */ public boolean validate(X509Credential untrustedCredential, CriteriaSet trustBasisCriteria) throws SecurityException { log.debug("Attempting PKIX validation of untrusted credential"); if (untrustedCredential == null) { log.error("X.509 credential was null, unable to perform validation"); return false; } if (untrustedCredential.getEntityCertificate() == null) { log.error("Untrusted X.509 credential's entity certificate was null, unable to perform validation"); return false; } Set<String> trustedNames = null; if (pkixResolver.supportsTrustedNameResolution()) { trustedNames = pkixResolver.resolveTrustedNames(trustBasisCriteria); } else { log.debug("PKIX resolver does not support resolution of trusted names, skipping name checking"); } return validate(untrustedCredential, trustedNames, pkixResolver.resolve(trustBasisCriteria)); }