summaryrefslogtreecommitdiff
path: root/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation
diff options
context:
space:
mode:
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation')
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/SignatureTrustEngineDecorator.java41
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java15
2 files changed, 47 insertions, 9 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/SignatureTrustEngineDecorator.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/SignatureTrustEngineDecorator.java
new file mode 100644
index 00000000..66393bb4
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/SignatureTrustEngineDecorator.java
@@ -0,0 +1,41 @@
+package at.gv.egiz.eaaf.modules.pvp2.impl.validation;
+
+import org.opensaml.security.SecurityException;
+import org.opensaml.security.credential.Credential;
+import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver;
+import org.opensaml.xmlsec.signature.Signature;
+import org.opensaml.xmlsec.signature.support.SignatureTrustEngine;
+
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
+
+@AllArgsConstructor
+public class SignatureTrustEngineDecorator implements SignatureTrustEngine {
+
+ private SignatureTrustEngine trustEngine;
+
+ @Getter
+ private IPvp2MetadataProvider metadataProvider;
+
+ @Override
+ public boolean validate(Signature token, CriteriaSet trustBasisCriteria) throws SecurityException {
+ return trustEngine.validate(token, trustBasisCriteria);
+
+ }
+
+ @Override
+ public boolean validate(byte[] signature, byte[] content, String algorithmUri,
+ CriteriaSet trustBasisCriteria, Credential candidateCredential) throws SecurityException {
+ return trustEngine.validate(signature, content, algorithmUri, trustBasisCriteria, candidateCredential);
+
+ }
+
+ @Override
+ public KeyInfoCredentialResolver getKeyInfoResolver() {
+ return trustEngine.getKeyInfoResolver();
+
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java
index f0758706..fe941f74 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java
@@ -22,9 +22,6 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.validation;
import java.util.ArrayList;
import java.util.List;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException;
-
import org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver;
import org.opensaml.saml.security.impl.MetadataCredentialResolver;
import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver;
@@ -33,9 +30,10 @@ import org.opensaml.xmlsec.keyinfo.impl.KeyInfoProvider;
import org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider;
import org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider;
import org.opensaml.xmlsec.keyinfo.impl.provider.RSAKeyValueProvider;
-import org.opensaml.xmlsec.signature.support.SignatureTrustEngine;
import org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException;
import lombok.extern.slf4j.Slf4j;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
@@ -50,7 +48,7 @@ public class TrustEngineFactory {
* @throws Pvp2InternalErrorException In case of a TrustEngine initialization
* error
*/
- public static SignatureTrustEngine getSignatureKnownKeysTrustEngine(
+ public static SignatureTrustEngineDecorator getSignatureKnownKeysTrustEngine(
final IPvp2MetadataProvider mdResolver) throws Pvp2InternalErrorException {
try {
final List<KeyInfoProvider> keyInfoProvider = new ArrayList<>();
@@ -70,10 +68,9 @@ public class TrustEngineFactory {
resolver.setKeyInfoCredentialResolver(keyInfoCredentialResolver);
resolver.initialize();
- final ExplicitKeySignatureTrustEngine engine =
- new ExplicitKeySignatureTrustEngine(resolver, keyInfoCredentialResolver);
-
- return engine;
+ return new SignatureTrustEngineDecorator(
+ new ExplicitKeySignatureTrustEngine(resolver, keyInfoCredentialResolver),
+ mdResolver);
} catch (final ComponentInitializationException e) {
log.warn("Initialization of SignatureTrustEngine FAILED.", e);
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 02:05:23 +0000