/** * {@inheritDoc} * * <p> * If the set of trusted names is null or empty, or if no supported name types are configured to be * checked, then the evaluation is considered successful. * </p> * */ @SuppressWarnings("unchecked") public boolean evaluate(X509Credential credential, Set<String> trustedNames) throws SecurityException { if (!isNameCheckingActive()) { log.debug("No trusted name options are active, skipping name evaluation"); return true; } else if (trustedNames == null || trustedNames.isEmpty()) { log.debug("Supplied trusted names are null or empty, skipping name evaluation"); return true; } if (log.isDebugEnabled()) { log.debug("Checking trusted names against credential: {}", X509Util.getIdentifiersToken(credential, x500DNHandler)); log.debug("Trusted names being evaluated are: {}", trustedNames.toString()); } return processNameChecks(credential, trustedNames); }
/** * {@inheritDoc} * * <p> * If the set of trusted names is null or empty, or if no supported name types are configured to be * checked, then the evaluation is considered successful. * </p> * */ @SuppressWarnings("unchecked") public boolean evaluate(X509Credential credential, Set<String> trustedNames) throws SecurityException { if (!isNameCheckingActive()) { log.debug("No trusted name options are active, skipping name evaluation"); return true; } else if (trustedNames == null || trustedNames.isEmpty()) { log.debug("Supplied trusted names are null or empty, skipping name evaluation"); return true; } if (log.isDebugEnabled()) { log.debug("Checking trusted names against credential: {}", X509Util.getIdentifiersToken(credential, x500DNHandler)); log.debug("Trusted names being evaluated are: {}", trustedNames.toString()); } return processNameChecks(credential, trustedNames); }
X509Util.getIdentifiersToken(untrustedCredential, x500DNHandler)); logCertPathDebug(buildResult, untrustedCredential.getEntityCertificate()); log.debug("PKIX validation succeeded for untrusted credential: {}", X509Util.getIdentifiersToken(untrustedCredential, x500DNHandler)); if (log.isTraceEnabled()) { log.trace("PKIX path construction failed for untrusted credential: " + X509Util.getIdentifiersToken(untrustedCredential, x500DNHandler), e); } else { log.error("PKIX path construction failed for untrusted credential: " + X509Util.getIdentifiersToken(untrustedCredential, x500DNHandler) + ": " + e.getMessage());
X509Util.getIdentifiersToken(untrustedCredential, x500DNHandler)); logCertPathDebug(buildResult, untrustedCredential.getEntityCertificate()); log.debug("PKIX validation succeeded for untrusted credential: {}", X509Util.getIdentifiersToken(untrustedCredential, x500DNHandler)); if (log.isTraceEnabled()) { log.trace("PKIX path construction failed for untrusted credential: " + X509Util.getIdentifiersToken(untrustedCredential, x500DNHandler), e); } else { log.error("PKIX path construction failed for untrusted credential: " + X509Util.getIdentifiersToken(untrustedCredential, x500DNHandler) + ": " + e.getMessage());
if (log.isDebugEnabled()) { log.debug("Credential {} passed name check based on subject alt names.", X509Util.getIdentifiersToken(credential, x500DNHandler)); if (log.isDebugEnabled()) { log.debug("Credential {} passed name check based on subject common name.", X509Util.getIdentifiersToken(credential, x500DNHandler)); if (log.isDebugEnabled()) { log.debug("Credential {} passed name check based on subject DN.", X509Util.getIdentifiersToken(credential, x500DNHandler)); + X509Util.getIdentifiersToken(credential, x500DNHandler)); return false;
if (log.isDebugEnabled()) { log.debug("Credential {} passed name check based on subject alt names.", X509Util.getIdentifiersToken(credential, x500DNHandler)); if (log.isDebugEnabled()) { log.debug("Credential {} passed name check based on subject common name.", X509Util.getIdentifiersToken(credential, x500DNHandler)); if (log.isDebugEnabled()) { log.debug("Credential {} passed name check based on subject DN.", X509Util.getIdentifiersToken(credential, x500DNHandler)); + X509Util.getIdentifiersToken(credential, x500DNHandler)); return false;
X509Util.getIdentifiersToken(untrustedCredential, getX500DNHandler())); logCertPathDebug(buildResult, untrustedCredential.getEntityCertificate()); log.debug("PKIX validation succeeded for untrusted credential: {}", X509Util.getIdentifiersToken(untrustedCredential, getX500DNHandler())); if (log.isTraceEnabled()) { log.trace("PKIX path construction failed for untrusted credential: " + X509Util.getIdentifiersToken(untrustedCredential, getX500DNHandler()), e); } else { log.error("PKIX path construction failed for untrusted credential: " + X509Util.getIdentifiersToken(untrustedCredential, getX500DNHandler()) + ": " + e.getMessage());