View Javadoc

1   /*
2    * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package edu.internet2.middleware.shibboleth.common.config.security;
18  
19  import javax.xml.namespace.QName;
20  
21  import org.opensaml.ws.security.provider.CertificateNameOptions;
22  import org.opensaml.xml.security.x509.X500DNHandler;
23  import org.opensaml.xml.security.x509.X509Util;
24  import org.opensaml.xml.util.DatatypeHelper;
25  import org.springframework.beans.factory.support.BeanDefinitionBuilder;
26  import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
27  import org.w3c.dom.Element;
28  
29  import edu.internet2.middleware.shibboleth.common.binding.security.ShibbolethClientCertAuthRule;
30  
31  /** Spring bean definition parser for {urn:mace:shibboleth:2.0:security}ClientCertificate elements. */
32  public class ClientCertAuthRuleBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {
33      
34      /** Schema type. */
35      public static final QName SCHEMA_TYPE = new QName(SecurityNamespaceHandler.NAMESPACE, "ClientCertAuth");
36  
37      /** {@inheritDoc} */
38      protected Class getBeanClass(Element element) {
39          return ShibbolethClientCertAuthRule.class;
40      }
41  
42      /** {@inheritDoc} */
43      protected void doParse(Element element, BeanDefinitionBuilder builder) {
44          builder.addConstructorArgReference(DatatypeHelper.safeTrimOrNullString(element.getAttributeNS(null,
45                  "trustEngineRef")));
46          
47          CertificateNameOptions nameOptions = new CertificateNameOptions();
48          nameOptions.setX500SubjectDNFormat(X500DNHandler.FORMAT_RFC2253);
49          nameOptions.setEvaluateSubjectDN(false);
50          nameOptions.setEvaluateSubjectCommonName(true);
51          nameOptions.getSubjectAltNames().add(X509Util.DNS_ALT_NAME);
52          nameOptions.getSubjectAltNames().add(X509Util.URI_ALT_NAME);
53          
54          builder.addConstructorArgValue(nameOptions);
55      }
56      
57      /** {@inheritDoc} */
58      protected boolean shouldGenerateId() {
59          return true;
60      }
61  }