1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package edu.internet2.middleware.shibboleth.common.config.security;
18
19 import java.security.PrivateKey;
20 import java.security.cert.X509CRL;
21 import java.security.cert.X509Certificate;
22 import java.util.ArrayList;
23 import java.util.List;
24
25 import org.opensaml.xml.security.SecurityException;
26 import org.opensaml.xml.security.SecurityHelper;
27 import org.opensaml.xml.security.x509.BasicX509Credential;
28 import org.opensaml.xml.security.x509.X509Credential;
29 import org.slf4j.Logger;
30 import org.slf4j.LoggerFactory;
31
32
33
34
35 public class X509CredentialFactoryBean extends AbstractCredentialFactoryBean {
36
37
38 private final Logger log = LoggerFactory.getLogger(X509CredentialFactoryBean.class);
39
40
41 private PrivateKey privateKey;
42
43
44 private X509Certificate entityCertificate;
45
46
47 private List<X509Certificate> certificates;
48
49
50 private List<X509CRL> x509crls;
51
52
53 protected Object createInstance() throws Exception {
54 BasicX509Credential credential = new BasicX509Credential();
55
56 credential.setUsageType(getUsageType());
57
58 credential.setEntityId(getEntityID());
59
60 if(getKeyNames() != null){
61 credential.getKeyNames().addAll(getKeyNames());
62 }
63
64 if(certificates != null){
65 credential.setEntityCertificateChain(new ArrayList<X509Certificate>(certificates));
66 if (entityCertificate != null) {
67 credential.setEntityCertificate(entityCertificate);
68 } else {
69 credential.setEntityCertificate(certificates.get(0));
70 }
71 }
72
73 if(x509crls != null){
74 credential.setCRLs(new ArrayList<X509CRL>(x509crls));
75 }
76
77 credential.setPrivateKey(privateKey);
78
79 credential.setPublicKey(credential.getEntityCertificate().getPublicKey());
80
81
82 if (credential.getPublicKey() != null && credential.getPrivateKey() != null) {
83 boolean matched = false;
84 try {
85 matched = SecurityHelper.matchKeyPair(credential.getPublicKey(), credential.getPrivateKey());
86 } catch (SecurityException e) {
87 log.warn("Could not perform sanity check against credential public and private key: {}",
88 e.getMessage());
89 }
90 if (!matched) {
91 log.error("Mismatch detected between credential's public and private key");
92 throw new SecurityException("Mismatch between credential public and private key");
93 }
94 }
95
96 return credential;
97 }
98
99
100 public Class getObjectType() {
101 return X509Credential.class;
102 }
103
104
105
106
107
108
109 public X509Certificate getEntityCertificate() {
110 return entityCertificate;
111 }
112
113
114
115
116
117
118 public List<X509Certificate> getCertificates() {
119 return certificates;
120 }
121
122
123
124
125
126
127 public List<X509CRL> getCrls() {
128 return x509crls;
129 }
130
131
132
133
134
135
136
137 public PrivateKey getPrivateKey() {
138 return privateKey;
139 }
140
141
142
143
144
145
146 public void setEntityCertificate(X509Certificate newCert) {
147 entityCertificate = newCert;
148 }
149
150
151
152
153
154
155 public void setCertificates(List<X509Certificate> certs) {
156 certificates = certs;
157 }
158
159
160
161
162
163
164 public void setCrls(List<X509CRL> crls) {
165 this.x509crls = crls;
166 }
167
168
169
170
171
172
173 public void setPrivateKey(PrivateKey key) {
174 privateKey = key;
175 }
176
177 }