/** {@inheritDoc} */ protected boolean evaluateTrust(Credential untrustedCredential, Pair<Set<String>, Iterable<PKIXValidationInformation>> validationPair) throws SecurityException { if (!(untrustedCredential instanceof X509Credential)) { log.debug("Can not evaluate trust of non-X509Credential"); return false; } X509Credential untrustedX509Credential = (X509Credential) untrustedCredential; Set<String> trustedNames = validationPair.getFirst(); Iterable<PKIXValidationInformation> validationInfoSet = validationPair.getSecond(); if (!checkNames(trustedNames, untrustedX509Credential)) { log.debug("Evaluation of credential against trusted names failed. Aborting PKIX validation"); return false; } for (PKIXValidationInformation validationInfo : validationInfoSet) { try { if (pkixTrustEvaluator.validate(validationInfo, untrustedX509Credential)) { log.debug("Signature trust established via PKIX validation of signing credential"); return true; } } catch (SecurityException e) { // log the operational error, but allow other validation info sets to be tried log.debug("Error performing PKIX validation on untrusted credential", e); } } log.debug("Signature trust could not be established via PKIX validation of signing credential"); return false; }
/** {@inheritDoc} */ protected boolean evaluateTrust(Credential untrustedCredential, Pair<Set<String>, Iterable<PKIXValidationInformation>> validationPair) throws SecurityException { if (!(untrustedCredential instanceof X509Credential)) { log.debug("Can not evaluate trust of non-X509Credential"); return false; } X509Credential untrustedX509Credential = (X509Credential) untrustedCredential; Set<String> trustedNames = validationPair.getFirst(); Iterable<PKIXValidationInformation> validationInfoSet = validationPair.getSecond(); if (!checkNames(trustedNames, untrustedX509Credential)) { log.debug("Evaluation of credential against trusted names failed. Aborting PKIX validation"); return false; } for (PKIXValidationInformation validationInfo : validationInfoSet) { try { if (pkixTrustEvaluator.validate(validationInfo, untrustedX509Credential)) { log.debug("Signature trust established via PKIX validation of signing credential"); return true; } } catch (SecurityException e) { // log the operational error, but allow other validation info sets to be tried log.debug("Error performing PKIX validation on untrusted credential", e); } } log.debug("Signature trust could not be established via PKIX validation of signing credential"); return false; }