View Javadoc

1   /*
2    * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package edu.internet2.middleware.shibboleth.common.config.security;
18  
19  import java.util.ArrayList;
20  import java.util.Collections;
21  import java.util.List;
22  import java.util.Set;
23  
24  import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver;
25  import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
26  import org.opensaml.xml.security.keyinfo.KeyInfoProvider;
27  import org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider;
28  import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider;
29  import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider;
30  import org.opensaml.xml.security.x509.CertPathPKIXTrustEvaluator;
31  import org.opensaml.xml.security.x509.PKIXValidationInformation;
32  import org.opensaml.xml.security.x509.PKIXValidationOptions;
33  import org.opensaml.xml.security.x509.StaticPKIXValidationInformationResolver;
34  import org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine;
35  import org.springframework.beans.factory.config.AbstractFactoryBean;
36  
37  /**
38   * Spring factory bean used to create {@link PKIXSignatureTrustEngine}s based on a static 
39   * PKIXValidationInformation resolver.
40   */
41  public class StaticPKIXSignatureTrustEngineFactoryBean extends AbstractFactoryBean {
42      
43      /** List of PKIX validation info. */
44      private List<PKIXValidationInformation> pkixInfo;
45      
46      /** Set of trusted names. */
47      private Set<String> trustedNames;
48      
49      /** PKIX validation options. */
50      private PKIXValidationOptions pkixOptions;
51      
52      /**
53       * Get the PKIX validation options.
54       * 
55       * @return the set of validation options
56       */
57      public PKIXValidationOptions getPKIXValidationOptions() {
58          return pkixOptions;
59      }
60  
61      /**
62       * Set the PKIX validation options.
63       * 
64       * @param newOptions the new set of validation options
65       */
66      public void setPKIXValidationOptions(PKIXValidationOptions newOptions) {
67          pkixOptions = newOptions;
68      }
69  
70      /**
71       * Gets the list of PKIX validation info.
72       * 
73       * @return the list of PKIX validation info 
74       */
75      public List<PKIXValidationInformation> getPKIXInfo() {
76          return pkixInfo;
77      }
78  
79      /**
80       * Sets the list of PKIX validation info.
81       * 
82       * @param newPKIXInfo the new list of PKIX validation info
83       */
84      public void setPKIXInfo(List<PKIXValidationInformation> newPKIXInfo) {
85          pkixInfo = newPKIXInfo;
86      }
87  
88      /**
89       * Gets the set of trusted names.
90       * 
91       * @return the set of trusted names
92       */
93      public Set<String> getTrustedNames() {
94          return trustedNames;
95      }
96  
97      /**
98       * Sets the set of trusted names.
99       * 
100      * @param newTrustedNames the set of trusted names
101      */
102     public void setTrustedNames(Set<String> newTrustedNames) {
103         trustedNames = newTrustedNames;
104     }
105 
106     /** {@inheritDoc} */
107     public Class getObjectType() {
108         return PKIXSignatureTrustEngine.class;
109     }
110     
111     /** {@inheritDoc} */
112     protected Object createInstance() throws Exception {
113         Set<String> names = getTrustedNames();
114         if (names == null) {
115             names = Collections.emptySet();
116         }
117         StaticPKIXValidationInformationResolver pkixResolver = 
118             new StaticPKIXValidationInformationResolver(getPKIXInfo(), names);
119         
120         List<KeyInfoProvider> keyInfoProviders = new ArrayList<KeyInfoProvider>();
121         keyInfoProviders.add(new DSAKeyValueProvider());
122         keyInfoProviders.add(new RSAKeyValueProvider());
123         keyInfoProviders.add(new InlineX509DataProvider());
124         KeyInfoCredentialResolver keyInfoCredResolver = new BasicProviderKeyInfoCredentialResolver(keyInfoProviders);
125         
126         PKIXSignatureTrustEngine engine = new PKIXSignatureTrustEngine(pkixResolver, keyInfoCredResolver);
127         
128         if (getPKIXValidationOptions() != null) {
129             ((CertPathPKIXTrustEvaluator)engine.getPKIXTrustEvaluator()).setPKIXValidationOptions(getPKIXValidationOptions());
130         }
131         
132         return engine;
133     }
134 }