1 /*
2 * Copyright [2006] [University Corporation for Advanced Internet Development, Inc.]
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 package org.opensaml.xml.security.x509;
18
19 import org.opensaml.xml.security.SecurityException;
20
21 /**
22 * An interface for classes which evaluate an {@link X509Credential} against a set of trusted
23 * {@link PKIXValidationInformation}, using PKIX validation rules.
24 */
25 public interface PKIXTrustEvaluator {
26
27 /**
28 * Validate the specified credential against the specified set of trusted validation information.
29 *
30 * @param validationInfo the set of trusted validation information
31 * @param untrustedCredential the credential being evaluated
32 * @return true if the credential can be successfully evaluated, false otherwise
33 * @throws SecurityException thrown if there is an error evaluating the credential
34 */
35 public boolean validate(PKIXValidationInformation validationInfo, X509Credential untrustedCredential)
36 throws SecurityException;
37
38 /**
39 * Get the {@link PKIXValidationOptions} instance that is in use.
40 *
41 * @return the PKIXValidationOptions instance
42 */
43 public PKIXValidationOptions getPKIXValidationOptions();
44
45 }
46
47