Examples of org.opensaml.xml.security.x509.PKIXValidationInformation

• org.opensaml.xml.security.x509.X509Credential
  Source of PKIX validation information such as trust anchors and CRLs.

        if (resolver == null) {
            throw new IllegalArgumentException("PKIX trust information resolver may not be null");
        }
        pkixResolver = resolver;

        pkixTrustEvaluator = new CertPathPKIXTrustEvaluator();
        credNameEvaluator = new BasicX509CredentialNameEvaluator();
    }

    /**
     * Constructor.
     */
    public InlineX509DataProvider() {
        x500DNHandler = new InternalX500DNHandler();
    }

    private String x500SubjectDNFormat;

    /** Constructor. */
    public CertificateNameOptions() {
        subjectAltNames = new LinkedHashSet<Integer>();
        x500DNHandler = new InternalX500DNHandler();
        x500SubjectDNFormat = X500DNHandler.FORMAT_RFC2253;
    }

    /**
     * Constructor.
     */
    public InlineX509DataProvider() {
        x500DNHandler = new InternalX500DNHandler();
    }

    /**
     * Constructor.
     */
    public InlineX509DataProvider() {
        x500DNHandler = new InternalX500DNHandler();
    }

    private String x500SubjectDNFormat;

    /** Constructor. */
    public CertificateNameOptions() {
        subjectAltNames = new LinkedHashSet<Integer>();
        x500DNHandler = new InternalX500DNHandler();
        x500SubjectDNFormat = X500DNHandler.FORMAT_RFC2253;
    }

        Collection<X509Certificate> anchors = new ArrayList<X509Certificate>();
        Collection<X509CRL> crls = new ArrayList<X509CRL>();
        populateMetadataAnchors(criteriaSet, anchors, crls);
        populateTrustedKeysAnchors(criteriaSet, anchors, crls);
        populateCRLs(criteriaSet, anchors, crls);
        PKIXValidationInformation info = new BasicPKIXValidationInformation(anchors, crls, getPKIXDepth());
        return new ArrayList<PKIXValidationInformation>(Arrays.asList(info));
    }

        if (!(untrustedCredential instanceof X509Credential)) {
            log.debug("Can not evaluate trust of non-X509Credential");
            return false;
        }
        X509Credential untrustedX509Credential = (X509Credential) untrustedCredential;

        Set<String> trustedNames = validationPair.getFirst();
        Iterable<PKIXValidationInformation> validationInfoSet = validationPair.getSecond();

        if (!checkNames(trustedNames, untrustedX509Credential)) {

  /**
   * Creates the X509Credential from the TrustStore certificate.
   */
  public static X509Credential loadCredentialFromTrustStore(String alias, KeyStore trustStore)
      throws RelyingPartyException {
    X509Credential credential = null;
    java.security.cert.X509Certificate cert = null;

    try {
      if (trustStore.containsAlias(alias)) {
        cert = (java.security.cert.X509Certificate) trustStore.getCertificate(alias);

  /**
   * Creates the certificate from the KeyInfo element.
   */
  public static X509Credential loadCredentialFromSignature(Signature signature)
      throws RelyingPartyException {
    X509Credential credential = null;
    KeyInfo kinfo = signature.getKeyInfo();
    List<X509Data> dataList = null;
    List<KeyValue> keyValueList = null;

    if (kinfo == null) {