1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package edu.internet2.middleware.shibboleth.common.config.security;
18
19 import java.util.ArrayList;
20 import java.util.Collections;
21 import java.util.List;
22 import java.util.Set;
23
24 import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver;
25 import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
26 import org.opensaml.xml.security.keyinfo.KeyInfoProvider;
27 import org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider;
28 import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider;
29 import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider;
30 import org.opensaml.xml.security.x509.PKIXValidationInformation;
31 import org.opensaml.xml.security.x509.StaticPKIXValidationInformationResolver;
32 import org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine;
33 import org.springframework.beans.factory.config.AbstractFactoryBean;
34
35
36
37
38
39 public class StaticPKIXSignatureTrustEngineFactoryBean extends AbstractFactoryBean {
40
41
42 private List<PKIXValidationInformation> pkixInfo;
43
44
45 private Set<String> trustedNames;
46
47
48
49
50
51
52 public List<PKIXValidationInformation> getPKIXInfo() {
53 return pkixInfo;
54 }
55
56
57
58
59
60
61 public void setPKIXInfo(List<PKIXValidationInformation> newPKIXInfo) {
62 pkixInfo = newPKIXInfo;
63 }
64
65
66
67
68
69
70 public Set<String> getTrustedNames() {
71 return trustedNames;
72 }
73
74
75
76
77
78
79 public void setTrustedNames(Set<String> newTrustedNames) {
80 trustedNames = newTrustedNames;
81 }
82
83
84 public Class getObjectType() {
85 return PKIXSignatureTrustEngine.class;
86 }
87
88
89 protected Object createInstance() throws Exception {
90 Set<String> names = getTrustedNames();
91 if (names == null) {
92 names = Collections.emptySet();
93 }
94 StaticPKIXValidationInformationResolver pkixResolver =
95 new StaticPKIXValidationInformationResolver(getPKIXInfo(), names);
96
97 List<KeyInfoProvider> keyInfoProviders = new ArrayList<KeyInfoProvider>();
98 keyInfoProviders.add(new DSAKeyValueProvider());
99 keyInfoProviders.add(new RSAKeyValueProvider());
100 keyInfoProviders.add(new InlineX509DataProvider());
101 KeyInfoCredentialResolver keyInfoCredResolver = new BasicProviderKeyInfoCredentialResolver(keyInfoProviders);
102
103 return new PKIXSignatureTrustEngine(pkixResolver, keyInfoCredResolver);
104 }
105 }