1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package edu.internet2.middleware.shibboleth.common.config.security;
18
19 import java.util.Collections;
20 import java.util.List;
21 import java.util.Set;
22
23 import org.opensaml.xml.security.x509.CertPathPKIXTrustEvaluator;
24 import org.opensaml.xml.security.x509.PKIXValidationInformation;
25 import org.opensaml.xml.security.x509.PKIXValidationOptions;
26 import org.opensaml.xml.security.x509.PKIXX509CredentialTrustEngine;
27 import org.opensaml.xml.security.x509.StaticPKIXValidationInformationResolver;
28 import org.springframework.beans.factory.config.AbstractFactoryBean;
29
30
31
32
33
34 public class StaticPKIXX509CredentialTrustEngineFactoryBean extends AbstractFactoryBean {
35
36
37 private List<PKIXValidationInformation> pkixInfo;
38
39
40 private Set<String> trustedNames;
41
42
43 private PKIXValidationOptions pkixOptions;
44
45
46
47
48
49
50 public PKIXValidationOptions getPKIXValidationOptions() {
51 return pkixOptions;
52 }
53
54
55
56
57
58
59 public void setPKIXValidationOptions(PKIXValidationOptions newOptions) {
60 pkixOptions = newOptions;
61 }
62
63
64
65
66
67
68 public List<PKIXValidationInformation> getPKIXInfo() {
69 return pkixInfo;
70 }
71
72
73
74
75
76
77 public void setPKIXInfo(List<PKIXValidationInformation> newPKIXInfo) {
78 pkixInfo = newPKIXInfo;
79 }
80
81
82
83
84
85
86 public Set<String> getTrustedNames() {
87 return trustedNames;
88 }
89
90
91
92
93
94
95 public void setTrustedNames(Set<String> newTrustedNames) {
96 trustedNames = newTrustedNames;
97 }
98
99
100 public Class getObjectType() {
101 return PKIXX509CredentialTrustEngine.class;
102 }
103
104
105 protected Object createInstance() throws Exception {
106 Set<String> names = getTrustedNames();
107 if (names == null) {
108 names = Collections.emptySet();
109 }
110 StaticPKIXValidationInformationResolver pkixResolver =
111 new StaticPKIXValidationInformationResolver(getPKIXInfo(), names);
112
113 PKIXX509CredentialTrustEngine engine = new PKIXX509CredentialTrustEngine(pkixResolver);
114
115 if (getPKIXValidationOptions() != null) {
116 ((CertPathPKIXTrustEvaluator)engine.getPKIXTrustEvaluator()).setPKIXValidationOptions(getPKIXValidationOptions());
117 }
118
119 return engine;
120 }
121 }