View Javadoc

1   /*
2    * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package edu.internet2.middleware.shibboleth.common.config.security;
18  
19  import java.security.PrivateKey;
20  import java.security.cert.X509CRL;
21  import java.security.cert.X509Certificate;
22  import java.util.ArrayList;
23  import java.util.List;
24  
25  import org.opensaml.xml.security.SecurityException;
26  import org.opensaml.xml.security.SecurityHelper;
27  import org.opensaml.xml.security.x509.BasicX509Credential;
28  import org.opensaml.xml.security.x509.X509Credential;
29  import org.slf4j.Logger;
30  import org.slf4j.LoggerFactory;
31  
32  /**
33   * Factory bean for building {@link X509Credential}s.
34   */
35  public class X509CredentialFactoryBean extends AbstractCredentialFactoryBean {
36      
37      /** Class logger. */
38      private final Logger log = LoggerFactory.getLogger(X509CredentialFactoryBean.class);
39  
40      /** Private key respresented by this credential. */
41      private PrivateKey privateKey;
42      
43      /** The end-entity certificate. */
44      private X509Certificate entityCertificate;
45  
46      /** Certificate respresented by this credential. */
47      private List<X509Certificate> certificates;
48  
49      /** CRL respresented by this credential. */
50      private List<X509CRL> x509crls;
51  
52      /** {@inheritDoc} */
53      protected Object createInstance() throws Exception {
54          BasicX509Credential credential = new BasicX509Credential();
55          
56          credential.setUsageType(getUsageType());
57          
58          credential.setEntityId(getEntityID());
59          
60          if(getKeyNames() != null){
61              credential.getKeyNames().addAll(getKeyNames());
62          }
63          
64          if(certificates != null){
65              credential.setEntityCertificateChain(new ArrayList<X509Certificate>(certificates));
66              if (entityCertificate != null) {
67                  credential.setEntityCertificate(entityCertificate);
68              } else {
69                  credential.setEntityCertificate(certificates.get(0));
70              }
71          }
72          
73          if(x509crls != null){
74              credential.setCRLs(new ArrayList<X509CRL>(x509crls));
75          }
76          
77          credential.setPrivateKey(privateKey);
78          //TODO may adjust BasicX509Credential to make this unnecessary
79          credential.setPublicKey(credential.getEntityCertificate().getPublicKey());
80          
81          // Sanity check that public and private key match
82          if (credential.getPublicKey() != null && credential.getPrivateKey() != null) {
83              boolean matched = false;
84              try {
85                  matched = SecurityHelper.matchKeyPair(credential.getPublicKey(), credential.getPrivateKey());
86              } catch (SecurityException e) {
87                  log.warn("Could not perform sanity check against credential public and private key: {}",
88                          e.getMessage());
89              }
90              if (!matched) {
91                  log.error("Mismatch detected between credential's public and private key");
92                  throw new SecurityException("Mismatch between credential public and private key");
93              }
94          } 
95          
96          return credential;
97      }
98      
99      /** {@inheritDoc} */
100     public Class getObjectType() {
101         return X509Credential.class;
102     }
103 
104     /**
105      * Gets the end-entity cerificate respresented by this credential.
106      * 
107      * @return entity certificate respresented by this credential
108      */
109     public X509Certificate getEntityCertificate() {
110         return entityCertificate;
111     }
112     
113     /**
114      * Gets the cerificates respresented by this credential.
115      * 
116      * @return cerificates respresented by this credential
117      */
118     public List<X509Certificate> getCertificates() {
119         return certificates;
120     }
121     
122     /**
123      * Gets the CRLs respresented by this credential.
124      * 
125      * @return CRLs respresented by this credential
126      */
127     public List<X509CRL> getCrls() {
128         return x509crls;
129     }
130 
131 
132     /**
133      * Gets the private key respresented by this credential.
134      * 
135      * @return private key respresented by this credential
136      */
137     public PrivateKey getPrivateKey() {
138         return privateKey;
139     }
140 
141     /**
142      * Sets the end-entity cerificate respresented by this credential.
143      * 
144      * @param newCert the new entity certificate respresented by this credential
145      */
146     public void setEntityCertificate(X509Certificate newCert) {
147         entityCertificate = newCert;
148     }
149     
150     /**
151      * Sets the cerificates respresented by this credential.
152      * 
153      * @param certs cerificates respresented by this credential
154      */
155     public void setCertificates(List<X509Certificate> certs) {
156         certificates = certs;
157     }
158 
159     /**
160      * Sets the CRLs respresented by this credential.
161      * 
162      * @param crls CRLs respresented by this credential
163      */
164     public void setCrls(List<X509CRL> crls) {
165         this.x509crls = crls;
166     }
167 
168     /**
169      * Sets the private key respresented by this credential.
170      * 
171      * @param key private key respresented by this credential
172      */
173     public void setPrivateKey(PrivateKey key) {
174         privateKey = key;
175     }
176     
177 }