diff options
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation')
2 files changed, 47 insertions, 9 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/SignatureTrustEngineDecorator.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/SignatureTrustEngineDecorator.java new file mode 100644 index 00000000..66393bb4 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/SignatureTrustEngineDecorator.java @@ -0,0 +1,41 @@ +package at.gv.egiz.eaaf.modules.pvp2.impl.validation; + +import org.opensaml.security.SecurityException; +import org.opensaml.security.credential.Credential; +import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver; +import org.opensaml.xmlsec.signature.Signature; +import org.opensaml.xmlsec.signature.support.SignatureTrustEngine; + +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import lombok.AllArgsConstructor; +import lombok.Getter; +import net.shibboleth.utilities.java.support.resolver.CriteriaSet; + +@AllArgsConstructor +public class SignatureTrustEngineDecorator implements SignatureTrustEngine { + + private SignatureTrustEngine trustEngine; + + @Getter + private IPvp2MetadataProvider metadataProvider; + + @Override + public boolean validate(Signature token, CriteriaSet trustBasisCriteria) throws SecurityException { + return trustEngine.validate(token, trustBasisCriteria); + + } + + @Override + public boolean validate(byte[] signature, byte[] content, String algorithmUri, + CriteriaSet trustBasisCriteria, Credential candidateCredential) throws SecurityException { + return trustEngine.validate(signature, content, algorithmUri, trustBasisCriteria, candidateCredential); + + } + + @Override + public KeyInfoCredentialResolver getKeyInfoResolver() { + return trustEngine.getKeyInfoResolver(); + + } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java index f0758706..fe941f74 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java @@ -22,9 +22,6 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.validation; import java.util.ArrayList; import java.util.List; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException; - import org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver; import org.opensaml.saml.security.impl.MetadataCredentialResolver; import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver; @@ -33,9 +30,10 @@ import org.opensaml.xmlsec.keyinfo.impl.KeyInfoProvider; import org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider; import org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider; import org.opensaml.xmlsec.keyinfo.impl.provider.RSAKeyValueProvider; -import org.opensaml.xmlsec.signature.support.SignatureTrustEngine; import org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException; import lombok.extern.slf4j.Slf4j; import net.shibboleth.utilities.java.support.component.ComponentInitializationException; @@ -50,7 +48,7 @@ public class TrustEngineFactory { * @throws Pvp2InternalErrorException In case of a TrustEngine initialization * error */ - public static SignatureTrustEngine getSignatureKnownKeysTrustEngine( + public static SignatureTrustEngineDecorator getSignatureKnownKeysTrustEngine( final IPvp2MetadataProvider mdResolver) throws Pvp2InternalErrorException { try { final List<KeyInfoProvider> keyInfoProvider = new ArrayList<>(); @@ -70,10 +68,9 @@ public class TrustEngineFactory { resolver.setKeyInfoCredentialResolver(keyInfoCredentialResolver); resolver.initialize(); - final ExplicitKeySignatureTrustEngine engine = - new ExplicitKeySignatureTrustEngine(resolver, keyInfoCredentialResolver); - - return engine; + return new SignatureTrustEngineDecorator( + new ExplicitKeySignatureTrustEngine(resolver, keyInfoCredentialResolver), + mdResolver); } catch (final ComponentInitializationException e) { log.warn("Initialization of SignatureTrustEngine FAILED.", e); |