1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package edu.internet2.middleware.shibboleth.common.config.security;
18
19 import java.util.ArrayList;
20 import java.util.List;
21
22 import org.opensaml.saml2.metadata.provider.MetadataProvider;
23 import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver;
24 import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
25 import org.opensaml.xml.security.keyinfo.KeyInfoProvider;
26 import org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider;
27 import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider;
28 import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider;
29 import org.opensaml.xml.security.x509.CertPathPKIXTrustEvaluator;
30 import org.opensaml.xml.security.x509.PKIXValidationOptions;
31 import org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine;
32 import org.springframework.beans.factory.config.AbstractFactoryBean;
33
34 import edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver;
35
36
37
38
39 public class MetadataPKIXSignatureTrustEngineFactoryBean extends AbstractFactoryBean {
40
41
42 private MetadataProvider metadataProvider;
43
44
45 private PKIXValidationOptions pkixOptions;
46
47
48
49
50
51
52 public PKIXValidationOptions getPKIXValidationOptions() {
53 return pkixOptions;
54 }
55
56
57
58
59
60
61 public void setPKIXValidationOptions(PKIXValidationOptions newOptions) {
62 pkixOptions = newOptions;
63 }
64
65
66
67
68
69
70 public MetadataProvider getMetadataProvider() {
71 return metadataProvider;
72 }
73
74
75
76
77
78
79 public void setMetadataProvider(MetadataProvider provider) {
80 metadataProvider = provider;
81 }
82
83
84 public Class getObjectType() {
85 return PKIXSignatureTrustEngine.class;
86 }
87
88
89 protected Object createInstance() throws Exception {
90 MetadataPKIXValidationInformationResolver pviResolver = new MetadataPKIXValidationInformationResolver(
91 getMetadataProvider());
92
93 List<KeyInfoProvider> keyInfoProviders = new ArrayList<KeyInfoProvider>();
94 keyInfoProviders.add(new DSAKeyValueProvider());
95 keyInfoProviders.add(new RSAKeyValueProvider());
96 keyInfoProviders.add(new InlineX509DataProvider());
97 KeyInfoCredentialResolver keyInfoCredResolver = new BasicProviderKeyInfoCredentialResolver(keyInfoProviders);
98
99 PKIXSignatureTrustEngine engine = new PKIXSignatureTrustEngine(pviResolver, keyInfoCredResolver);
100
101 if (getPKIXValidationOptions() != null) {
102 ((CertPathPKIXTrustEvaluator)engine.getPKIXTrustEvaluator()).setPKIXValidationOptions(getPKIXValidationOptions());
103 }
104
105 return engine;
106 }
107 }