net.geant.edugain.validation
Class Validator

java.lang.Object
  net.geant.edugain.validation.Validator

public class Validator
extends java.lang.Object

This class allows users to validate both SAML version 1.0, 1.1 and 2.0 primitives and eduGAIN PKI certificates. In fact, SAML documents validation implies the validation of their signatures and the associated certificates.

Version:

0.7

Author:

Jaime Perez

Field Summary

protected Configurator	cfg
protected java.util.ArrayList<java.lang.Class>	cid_handlers
protected java.lang.Class	forced_cid_handler
private org.apache.log4j.Logger	log
protected java.util.Properties	properties
protected java.security.KeyStore	truststore
protected java.util.ArrayList<java.lang.String>	validComponents

Constructor Summary

Validator()
Builds a new validator with default properties.

Validator(java.util.Properties props)
Builds a new validator with custom properties.

Validator(java.util.Properties props, java.util.ArrayList<java.lang.String> validComponents)
Builds a new Validator with custom properties and valid components.

Validator(java.lang.String propertiesPath, java.util.ArrayList<java.lang.String> validComponents)
Builds a new Validator with custom properties and valid components.

Method Summary

void	clearComponentIDHandler() Unsets the ComponentID handler so that every registered handler is used.
void	forceComponentIDHandler(java.lang.Class c) Forces using a ComponentID handler class specified.
boolean	isCIDHandlerRegistered(java.lang.Class c) Check if a handler is already registered.
void	registerCIDHandler(java.lang.Class c) Registers a new handler for component identifiers.
void	setKeyStore(java.security.KeyStore ts) Sets the truststore to use during validation.
void	setValidComponents(java.util.ArrayList<java.lang.String> list) Sets valid components to validate with.
ComponentID	validate(org.opensaml.SAMLSignedObject o) This method verifies the signature of an OpenSAML 1 object as well as its associated certificates.
ComponentID	validate(org.opensaml.SAMLSignedObject o, java.lang.String pattern) This method verifies the signature of an OpenSAML 1 object as well as its associated certificates.
ComponentID	validate(org.opensaml.common.SignableSAMLObject o) This method verifies the signature of an OpenSAML 2 object as well as its associated certificates.
ComponentID	validate(org.opensaml.common.SignableSAMLObject o, java.lang.String pattern) This method verifies the signature of an OpenSAML 2 object as well as its associated certificates.
ComponentID	validate(java.security.cert.X509Certificate cert) Checks the validity of the certificate and the identity it represents.
ComponentID	validate(java.security.cert.X509Certificate cert, java.lang.String pattern) This method checks if the certificate and its identity are valid.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

validComponents

protected java.util.ArrayList<java.lang.String> validComponents

truststore

protected java.security.KeyStore truststore

properties

protected java.util.Properties properties

cfg

protected Configurator cfg

cid_handlers

protected java.util.ArrayList<java.lang.Class> cid_handlers

forced_cid_handler

protected java.lang.Class forced_cid_handler

log

private org.apache.log4j.Logger log

Constructor Detail

Validator

public Validator(java.util.Properties props)
          throws ValidationException

Builds a new validator with custom properties.

Parameters:

props - Custom properties

Throws:

ValidationException - Thrown if an error occurs.

Validator

public Validator()
          throws ValidationException

Builds a new validator with default properties.

Throws:

ValidationException - Thrown if an error occurs.

Validator

public Validator(java.lang.String propertiesPath,
                 java.util.ArrayList<java.lang.String> validComponents)
          throws ValidationException

Builds a new Validator with custom properties and valid components.

Parameters:

propertiesPath - Path to properties file

validComponents - ArrayList that stores the component identifiers

Throws:

ValidationException - Thrown if an error occurs while loading properties file

Validator

public Validator(java.util.Properties props,
                 java.util.ArrayList<java.lang.String> validComponents)
          throws ValidationException

Builds a new Validator with custom properties and valid components.

Parameters:

props - Custom properties

validComponents - ArrayList with component identifiers

Throws:

ValidationException - Thrown if an error occurs.

Method Detail

setValidComponents

public void setValidComponents(java.util.ArrayList<java.lang.String> list)

Sets valid components to validate with. Use this if you want to use a custom dynamic list of valid components.

Parameters:

list - String array referring valid components

setKeyStore

public void setKeyStore(java.security.KeyStore ts)

Sets the truststore to use during validation.

Parameters:

ts - the truststore to use

forceComponentIDHandler

public void forceComponentIDHandler(java.lang.Class c)
                             throws ValidationException

Forces using a ComponentID handler class specified. It let's you use your own ComponentID implementation and still validate your objects.

Parameters:

c - your preferred ComponentID implementation

Throws:

ValidationException

clearComponentIDHandler

public void clearComponentIDHandler()

Unsets the ComponentID handler so that every registered handler is used.

registerCIDHandler

public void registerCIDHandler(java.lang.Class c)
                        throws ValidationException

Registers a new handler for component identifiers.

Parameters:

c - your preferred ComponentID implementation

Throws:

ValidationException - if handler is already registered

isCIDHandlerRegistered

public boolean isCIDHandlerRegistered(java.lang.Class c)

Check if a handler is already registered.

Parameters:

c - the handler to check

Returns:

boolean true if c is registered, false if not

validate

public ComponentID validate(java.security.cert.X509Certificate cert)
                     throws ValidationException

Checks the validity of the certificate and the identity it represents.

Parameters:

cert - The X509 certificate to be validated

Returns:

ComponentID The compontent identifier that matched a trusted eduGAIN component identifier

Throws:

ValidationException - Thrown if an error occurs while validation

validate

public ComponentID validate(java.security.cert.X509Certificate cert,
                            java.lang.String pattern)
                     throws ValidationException

This method checks if the certificate and its identity are valid.

Parameters:

cert - The X509 certificate to be validated

pattern - A regular expression that should be used to match component identifiers. Please note that if you give a null or empty value, then no component identifier will be verified.

Returns:

ComponentID The compontent identifier that matched a trusted eduGAIN component identifier

Throws:

ValidationException - Thrown if an error occurs while validation

validate

public ComponentID validate(org.opensaml.SAMLSignedObject o)
                     throws ValidationException

This method verifies the signature of an OpenSAML 1 object as well as its associated certificates.

Parameters:

o - The SAMLObject to be validated

Returns:

ComponentID The compontent identifier that matched a trusted eduGAIN component identifier

Throws:

ValidationException - Thrown if an error occurs while validation

validate

public ComponentID validate(org.opensaml.SAMLSignedObject o,
                            java.lang.String pattern)
                     throws ValidationException

This method verifies the signature of an OpenSAML 1 object as well as its associated certificates.

Parameters:

o - The SAMLObject to be validated

pattern - A regular expression that should be used to match component identifiers. Please note that if you give a null or empty value, then no component identifier will be verified.

Returns:

ComponentID The compontent identifier that matched a trusted eduGAIN component identifier

Throws:

ValidationException - Thrown if an error occurs while validation

validate

public ComponentID validate(org.opensaml.common.SignableSAMLObject o)
                     throws ValidationException

This method verifies the signature of an OpenSAML 2 object as well as its associated certificates.

Parameters:

o - The SAML object to be validated

Returns:

ComponentID The compontent identifier that matched a trusted eduGAIN component identifier

Throws:

ValidationException - Thrown if an error occurs while validation

validate

public ComponentID validate(org.opensaml.common.SignableSAMLObject o,
                            java.lang.String pattern)
                     throws ValidationException

This method verifies the signature of an OpenSAML 2 object as well as its associated certificates.

Parameters:

o - The SAMLObject to be validated

pattern - A regular expression that should be used to match component identifiers. Please note that if you give a null or empty value, then no component identifier will be verified.

Returns:

ComponentID The compontent identifier that matched a trusted eduGAIN component identifier

Throws:

ValidationException - Thrown if an error occurs while validation