/**
* Based on the settings in the extended metadata either creates a PKIX trust engine with trusted
* keys specified in the extended metadata as anchors or (by default) an explicit trust engine
* using data from the metadata or from the values overridden in the ExtendedMetadata. The trust
* engine is used to verify SSL connections.
*
* @param samlContext context to populate
*/
protected void populateSSLTrustEngine(SAMLMessageContext samlContext) {
TrustEngine<X509Credential> engine;
if ("pkix".equalsIgnoreCase(samlContext.getLocalExtendedMetadata().getSslSecurityProfile())) {
engine = new PKIXX509CredentialTrustEngine(pkixResolver);
} else {
engine = new ExplicitX509CertificateTrustEngine(metadataResolver);
}
samlContext.setLocalSSLTrustEngine(engine);
}
