2 * ITrust.java [Sorry but Trust.java is a very popular class name]
4 * Trust provider plugins obtain keys and certificates from the configuration
5 * file and then provide the logic to validate signatures.
7 * Corresponds to ITrust interface of the C++ code.
9 * A pluggable trust element in a Shibboleth configuration
10 * file builds or gains access to a collection of keys and/or
11 * certificates (that contain keys). Each key/certificate is
12 * associated with one or more subject names that represent
13 * Shibboleth services at a particular institution (Entity).
15 * The function of Trust is to determine the Subject name
16 * from the SAMLAssertion, look up the key/certificate for
17 * that Subject, apply a wildcard where appropriate, and then
18 * ask OpenSAML to ask XML Security to validate the assertion
21 * Notably implemented by XMLTrustImpl.
23 * --------------------
24 * Copyright 2002, 2004
25 * University Corporation for Advanced Internet Development, Inc.
27 * [Thats all we have to say to protect ourselves]
28 * Your permission to use this code is governed by "The Shibboleth License".
29 * A copy may be found at http://shibboleth.internet2.edu/license.html
30 * [Nothing in copyright law requires license text in every file.]
32 package edu.internet2.middleware.shibboleth.target;
34 import java.util.Iterator;
36 import org.opensaml.SAMLObject;
38 import edu.internet2.middleware.shibboleth.metadata.EntityLocator;
39 import edu.internet2.middleware.shibboleth.metadata.ProviderRole;
42 * @author Howard Gilbert
44 public interface ITrust {
47 * Validate a signed SAML object using configuration data
49 * @param revocations Revocation Providers from the <Application>
50 * @param role The Role [HS, SHAR] from the Entity
51 * @param token The signed SAML object
52 * @param locator ApplicationInfo[.getEntityDescriptor(String id), was IMetadata]
53 * @return true if the object validates
63 * Note: Java attach() has no implementations or uses at this point