1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package edu.internet2.middleware.shibboleth.common.config.security;
18
19 import java.util.ArrayList;
20 import java.util.Collections;
21 import java.util.List;
22 import java.util.Set;
23
24 import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver;
25 import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
26 import org.opensaml.xml.security.keyinfo.KeyInfoProvider;
27 import org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider;
28 import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider;
29 import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider;
30 import org.opensaml.xml.security.x509.CertPathPKIXTrustEvaluator;
31 import org.opensaml.xml.security.x509.PKIXValidationInformation;
32 import org.opensaml.xml.security.x509.PKIXValidationOptions;
33 import org.opensaml.xml.security.x509.StaticPKIXValidationInformationResolver;
34 import org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine;
35 import org.springframework.beans.factory.config.AbstractFactoryBean;
36
37
38
39
40
41 public class StaticPKIXSignatureTrustEngineFactoryBean extends AbstractFactoryBean {
42
43
44 private List<PKIXValidationInformation> pkixInfo;
45
46
47 private Set<String> trustedNames;
48
49
50 private PKIXValidationOptions pkixOptions;
51
52
53
54
55
56
57 public PKIXValidationOptions getPKIXValidationOptions() {
58 return pkixOptions;
59 }
60
61
62
63
64
65
66 public void setPKIXValidationOptions(PKIXValidationOptions newOptions) {
67 pkixOptions = newOptions;
68 }
69
70
71
72
73
74
75 public List<PKIXValidationInformation> getPKIXInfo() {
76 return pkixInfo;
77 }
78
79
80
81
82
83
84 public void setPKIXInfo(List<PKIXValidationInformation> newPKIXInfo) {
85 pkixInfo = newPKIXInfo;
86 }
87
88
89
90
91
92
93 public Set<String> getTrustedNames() {
94 return trustedNames;
95 }
96
97
98
99
100
101
102 public void setTrustedNames(Set<String> newTrustedNames) {
103 trustedNames = newTrustedNames;
104 }
105
106
107 public Class getObjectType() {
108 return PKIXSignatureTrustEngine.class;
109 }
110
111
112 protected Object createInstance() throws Exception {
113 Set<String> names = getTrustedNames();
114 if (names == null) {
115 names = Collections.emptySet();
116 }
117 StaticPKIXValidationInformationResolver pkixResolver =
118 new StaticPKIXValidationInformationResolver(getPKIXInfo(), names);
119
120 List<KeyInfoProvider> keyInfoProviders = new ArrayList<KeyInfoProvider>();
121 keyInfoProviders.add(new DSAKeyValueProvider());
122 keyInfoProviders.add(new RSAKeyValueProvider());
123 keyInfoProviders.add(new InlineX509DataProvider());
124 KeyInfoCredentialResolver keyInfoCredResolver = new BasicProviderKeyInfoCredentialResolver(keyInfoProviders);
125
126 PKIXSignatureTrustEngine engine = new PKIXSignatureTrustEngine(pkixResolver, keyInfoCredResolver);
127
128 if (getPKIXValidationOptions() != null) {
129 ((CertPathPKIXTrustEvaluator)engine.getPKIXTrustEvaluator()).setPKIXValidationOptions(getPKIXValidationOptions());
130 }
131
132 return engine;
133 }
134 }