1 package edu.internet2.middleware.shibboleth.common.binding.security;
2
3 import java.util.Set;
4
5 import org.opensaml.common.binding.security.SAMLMDClientCertAuthRule;
6 import org.opensaml.ws.security.provider.CertificateNameOptions;
7 import org.opensaml.xml.security.trust.TrustEngine;
8 import org.opensaml.xml.security.x509.X500DNHandler;
9 import org.opensaml.xml.security.x509.X509Credential;
10 import org.opensaml.xml.security.x509.X509Util;
11
12
13
14
15
16 public class ShibbolethClientCertAuthRule extends SAMLMDClientCertAuthRule {
17
18
19
20
21
22
23
24 public ShibbolethClientCertAuthRule(TrustEngine<X509Credential> engine, CertificateNameOptions nameOptions) {
25 super(engine, nameOptions);
26 }
27
28
29
30
31
32
33
34 public ShibbolethClientCertAuthRule(TrustEngine<X509Credential> engine) {
35 super(engine, new CertificateNameOptions());
36
37 CertificateNameOptions nameOptions = getCertificateNameOptions();
38
39
40 nameOptions.setX500SubjectDNFormat(X500DNHandler.FORMAT_RFC2253);
41 nameOptions.setEvaluateSubjectDN(true);
42 nameOptions.setEvaluateSubjectCommonName(true);
43 Set<Integer> altNameTypes = nameOptions.getSubjectAltNames();
44 altNameTypes.add(X509Util.DNS_ALT_NAME);
45 altNameTypes.add(X509Util.URI_ALT_NAME);
46 }
47
48 }