1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package edu.internet2.middleware.shibboleth.common.config.security;
18
19 import javax.xml.namespace.QName;
20
21 import org.opensaml.ws.security.provider.CertificateNameOptions;
22 import org.opensaml.xml.security.x509.X500DNHandler;
23 import org.opensaml.xml.security.x509.X509Util;
24 import org.opensaml.xml.util.DatatypeHelper;
25 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
26 import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
27 import org.w3c.dom.Element;
28
29 import edu.internet2.middleware.shibboleth.common.binding.security.ShibbolethClientCertAuthRule;
30
31
32 public class ClientCertAuthRuleBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {
33
34
35 public static final QName SCHEMA_TYPE = new QName(SecurityNamespaceHandler.NAMESPACE, "ClientCertAuth");
36
37
38 protected Class getBeanClass(Element element) {
39 return ShibbolethClientCertAuthRule.class;
40 }
41
42
43 protected void doParse(Element element, BeanDefinitionBuilder builder) {
44 builder.addConstructorArgReference(DatatypeHelper.safeTrimOrNullString(element.getAttributeNS(null,
45 "trustEngineRef")));
46
47 CertificateNameOptions nameOptions = new CertificateNameOptions();
48 nameOptions.setX500SubjectDNFormat(X500DNHandler.FORMAT_RFC2253);
49 nameOptions.setEvaluateSubjectDN(false);
50 nameOptions.setEvaluateSubjectCommonName(true);
51 nameOptions.getSubjectAltNames().add(X509Util.DNS_ALT_NAME);
52 nameOptions.getSubjectAltNames().add(X509Util.URI_ALT_NAME);
53
54 builder.addConstructorArgValue(nameOptions);
55 }
56
57
58 protected boolean shouldGenerateId() {
59 return true;
60 }
61 }