View Javadoc

1   /*
2    * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package edu.internet2.middleware.shibboleth.common.config.security;
18  
19  import org.opensaml.saml2.metadata.provider.MetadataProvider;
20  import org.opensaml.xml.security.x509.CertPathPKIXTrustEvaluator;
21  import org.opensaml.xml.security.x509.PKIXValidationOptions;
22  import org.opensaml.xml.security.x509.PKIXX509CredentialTrustEngine;
23  import org.springframework.beans.factory.config.AbstractFactoryBean;
24  
25  import edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver;
26  
27  /**
28   * Spring factory bean used to created {@link PKIXX509CredentialTrustEngine}s based on a metadata provider.
29   */
30  public class MetadataPKIXX509CredentialTrustEngineFactoryBean extends AbstractFactoryBean {
31  
32      /** Metadata provider used to look up key information for peer entities. */
33      private MetadataProvider metadataProvider;
34      
35      
36      /** PKIX validation options. */
37      private PKIXValidationOptions pkixOptions;
38      
39      /**
40       * Get the PKIX validation options.
41       * 
42       * @return the set of validation options
43       */
44      public PKIXValidationOptions getPKIXValidationOptions() {
45          return pkixOptions;
46      }
47  
48      /**
49       * Set the PKIX validation options.
50       * 
51       * @param newOptions the new set of validation options
52       */
53      public void setPKIXValidationOptions(PKIXValidationOptions newOptions) {
54          pkixOptions = newOptions;
55      }
56  
57      /**
58       * Gets the metadata provider used to look up key information for peer entities.
59       * 
60       * @return metadata provider used to look up key information for peer entities
61       */
62      public MetadataProvider getMetadataProvider() {
63          return metadataProvider;
64      }
65  
66      /**
67       * Sets the metadata provider used to look up key information for peer entities.
68       * 
69       * @param provider metadata provider used to look up key information for peer entities
70       */
71      public void setMetadataProvider(MetadataProvider provider) {
72          metadataProvider = provider;
73      }
74  
75      /** {@inheritDoc} */
76      public Class getObjectType() {
77          return PKIXX509CredentialTrustEngine.class;
78      }
79  
80      /** {@inheritDoc} */
81      protected Object createInstance() throws Exception {
82          MetadataPKIXValidationInformationResolver pviResolver = new MetadataPKIXValidationInformationResolver(
83                  getMetadataProvider());
84          
85          PKIXX509CredentialTrustEngine engine = new PKIXX509CredentialTrustEngine(pviResolver);
86          
87          if (getPKIXValidationOptions() != null) {
88              ((CertPathPKIXTrustEvaluator)engine.getPKIXTrustEvaluator()).setPKIXValidationOptions(getPKIXValidationOptions());
89          }
90          
91          return engine;
92      }
93  }