1 /*
2 * Copyright [2006] [University Corporation for Advanced Internet Development, Inc.]
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 package org.opensaml.xml.security.trust;
18
19 import java.security.Key;
20
21 import org.opensaml.xml.security.credential.Credential;
22 import org.slf4j.Logger;
23 import org.slf4j.LoggerFactory;
24
25 /**
26 * Auxillary trust evaluator for evaluating an untrusted key or credential against a trusted key or credential. Trust is
27 * established if the untrusted key (or public key or symmetric key from the untrusted credential) is matches one of the
28 * trusted keys supplied.
29 *
30 */
31 public class ExplicitKeyTrustEvaluator {
32
33 /** Class logger. */
34 private final Logger log = LoggerFactory.getLogger(ExplicitKeyTrustEvaluator.class);
35
36 /**
37 * Evaluate trust.
38 *
39 * @param untrustedKey the untrusted key to evaluate
40 * @param trustedKey basis for trust
41 * @return true if trust can be established, false otherwise
42 */
43 public boolean validate(Key untrustedKey, Key trustedKey) {
44 return untrustedKey.equals(trustedKey);
45 }
46
47 /**
48 * Evaluate trust.
49 *
50 * @param untrustedKey the untrusted key to evaluate
51 * @param trustedKeys basis for trust
52 * @return true if trust can be established, false otherwise
53 */
54 public boolean validate(Key untrustedKey, Iterable<Key> trustedKeys) {
55 for (Key trustedKey : trustedKeys) {
56 if (untrustedKey.equals(trustedKey)) {
57 return true;
58 }
59 }
60 return false;
61 }
62
63 /**
64 * Evaluate trust.
65 *
66 * @param untrustedCredential the untrusted credential to evaluate
67 * @param trustedCredential basis for trust
68 * @return true if trust can be established, false otherwise
69 */
70 public boolean validate(Credential untrustedCredential, Credential trustedCredential) {
71
72 Key untrustedKey = null;
73 Key trustedKey = null;
74 if (untrustedCredential.getPublicKey() != null) {
75 untrustedKey = untrustedCredential.getPublicKey();
76 trustedKey = trustedCredential.getPublicKey();
77 } else {
78 untrustedKey = untrustedCredential.getSecretKey();
79 trustedKey = trustedCredential.getSecretKey();
80 }
81 if (untrustedKey == null) {
82 log.debug("Untrusted credential contained no key, unable to evaluate");
83 return false;
84 } else if (trustedKey == null) {
85 log.debug("Trusted credential contained no key of the appropriate type, unable to evaluate");
86 return false;
87 }
88
89 if (validate(untrustedKey, trustedKey)) {
90 log.debug("Successfully validated untrusted credential against trusted key");
91 return true;
92 }
93
94 log.debug("Failed to validate untrusted credential against trusted key");
95 return false;
96 }
97
98 /**
99 * Evaluate trust.
100 *
101 * @param untrustedCredential the untrusted credential to evaluate
102 * @param trustedCredentials basis for trust
103 * @return true if trust can be established, false otherwise
104 */
105 public boolean validate(Credential untrustedCredential, Iterable<Credential> trustedCredentials) {
106
107 for (Credential trustedCredential : trustedCredentials) {
108 if (validate(untrustedCredential, trustedCredential)) {
109 return true;
110 }
111 }
112 return false;
113 }
114
115 }