View Javadoc

1   /*
2    * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package edu.internet2.middleware.shibboleth.common.config.security;
18  
19  import java.util.ArrayList;
20  import java.util.Collections;
21  import java.util.List;
22  import java.util.Set;
23  
24  import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver;
25  import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
26  import org.opensaml.xml.security.keyinfo.KeyInfoProvider;
27  import org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider;
28  import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider;
29  import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider;
30  import org.opensaml.xml.security.x509.PKIXValidationInformation;
31  import org.opensaml.xml.security.x509.StaticPKIXValidationInformationResolver;
32  import org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine;
33  import org.springframework.beans.factory.config.AbstractFactoryBean;
34  
35  /**
36   * Spring factory bean used to create {@link PKIXSignatureTrustEngine}s based on a static 
37   * PKIXValidationInformation resolver.
38   */
39  public class StaticPKIXSignatureTrustEngineFactoryBean extends AbstractFactoryBean {
40      
41      /** List of PKIX validation info. */
42      private List<PKIXValidationInformation> pkixInfo;
43      
44      /** Set of trusted names. */
45      private Set<String> trustedNames;
46  
47      /**
48       * Gets the list of PKIX validation info.
49       * 
50       * @return the list of PKIX validation info 
51       */
52      public List<PKIXValidationInformation> getPKIXInfo() {
53          return pkixInfo;
54      }
55  
56      /**
57       * Sets the list of PKIX validation info.
58       * 
59       * @param newPKIXInfo the new list of PKIX validation info
60       */
61      public void setPKIXInfo(List<PKIXValidationInformation> newPKIXInfo) {
62          pkixInfo = newPKIXInfo;
63      }
64  
65      /**
66       * Gets the set of trusted names.
67       * 
68       * @return the set of trusted names
69       */
70      public Set<String> getTrustedNames() {
71          return trustedNames;
72      }
73  
74      /**
75       * Sets the set of trusted names.
76       * 
77       * @param newTrustedNames the set of trusted names
78       */
79      public void setTrustedNames(Set<String> newTrustedNames) {
80          trustedNames = newTrustedNames;
81      }
82  
83      /** {@inheritDoc} */
84      public Class getObjectType() {
85          return PKIXSignatureTrustEngine.class;
86      }
87      
88      /** {@inheritDoc} */
89      protected Object createInstance() throws Exception {
90          Set<String> names = getTrustedNames();
91          if (names == null) {
92              names = Collections.emptySet();
93          }
94          StaticPKIXValidationInformationResolver pkixResolver = 
95              new StaticPKIXValidationInformationResolver(getPKIXInfo(), names);
96          
97          List<KeyInfoProvider> keyInfoProviders = new ArrayList<KeyInfoProvider>();
98          keyInfoProviders.add(new DSAKeyValueProvider());
99          keyInfoProviders.add(new RSAKeyValueProvider());
100         keyInfoProviders.add(new InlineX509DataProvider());
101         KeyInfoCredentialResolver keyInfoCredResolver = new BasicProviderKeyInfoCredentialResolver(keyInfoProviders);
102         
103         return new PKIXSignatureTrustEngine(pkixResolver, keyInfoCredResolver);
104     }
105 }