View Javadoc

1   /*
2    * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package edu.internet2.middleware.shibboleth.common.config.security;
18  
19  import java.util.ArrayList;
20  import java.util.List;
21  
22  import org.opensaml.saml2.metadata.provider.MetadataProvider;
23  import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver;
24  import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
25  import org.opensaml.xml.security.keyinfo.KeyInfoProvider;
26  import org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider;
27  import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider;
28  import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider;
29  import org.opensaml.xml.security.x509.CertPathPKIXTrustEvaluator;
30  import org.opensaml.xml.security.x509.PKIXValidationOptions;
31  import org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine;
32  import org.springframework.beans.factory.config.AbstractFactoryBean;
33  
34  import edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver;
35  
36  /**
37   * Spring factory bean used to created {@link PKIXSignatureTrustEngine}s based on a metadata provider.
38   */
39  public class MetadataPKIXSignatureTrustEngineFactoryBean extends AbstractFactoryBean {
40  
41      /** Metadata provider used to look up PKIX information for peer entities. */
42      private MetadataProvider metadataProvider;
43      
44      /** PKIX validation options. */
45      private PKIXValidationOptions pkixOptions;
46      
47      /**
48       * Get the PKIX validation options.
49       * 
50       * @return the set of validation options
51       */
52      public PKIXValidationOptions getPKIXValidationOptions() {
53          return pkixOptions;
54      }
55  
56      /**
57       * Set the PKIX validation options.
58       * 
59       * @param newOptions the new set of validation options
60       */
61      public void setPKIXValidationOptions(PKIXValidationOptions newOptions) {
62          pkixOptions = newOptions;
63      }
64  
65      /**
66       * Gets the metadata provider used to look up PKIX information for peer entities.
67       * 
68       * @return metadata provider used to look up PKIX information for peer entities
69       */
70      public MetadataProvider getMetadataProvider() {
71          return metadataProvider;
72      }
73  
74      /**
75       * Sets the metadata provider used to look up PKIX information for peer entities.
76       * 
77       * @param provider metadata provider used to look up PKIX information for peer entities
78       */
79      public void setMetadataProvider(MetadataProvider provider) {
80          metadataProvider = provider;
81      }
82  
83      /** {@inheritDoc} */
84      public Class getObjectType() {
85          return PKIXSignatureTrustEngine.class;
86      }
87  
88      /** {@inheritDoc} */
89      protected Object createInstance() throws Exception {
90          MetadataPKIXValidationInformationResolver pviResolver = new MetadataPKIXValidationInformationResolver(
91                  getMetadataProvider());
92  
93          List<KeyInfoProvider> keyInfoProviders = new ArrayList<KeyInfoProvider>();
94          keyInfoProviders.add(new DSAKeyValueProvider());
95          keyInfoProviders.add(new RSAKeyValueProvider());
96          keyInfoProviders.add(new InlineX509DataProvider());
97          KeyInfoCredentialResolver keyInfoCredResolver = new BasicProviderKeyInfoCredentialResolver(keyInfoProviders);
98  
99          PKIXSignatureTrustEngine engine = new PKIXSignatureTrustEngine(pviResolver, keyInfoCredResolver);
100         
101         if (getPKIXValidationOptions() != null) {
102             ((CertPathPKIXTrustEvaluator)engine.getPKIXTrustEvaluator()).setPKIXValidationOptions(getPKIXValidationOptions());
103         }
104         
105         return engine;
106     }
107 }