1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package edu.internet2.middleware.shibboleth.common.config.security;
18
19 import org.opensaml.saml2.metadata.provider.MetadataProvider;
20 import org.opensaml.xml.security.x509.CertPathPKIXTrustEvaluator;
21 import org.opensaml.xml.security.x509.PKIXValidationOptions;
22 import org.opensaml.xml.security.x509.PKIXX509CredentialTrustEngine;
23 import org.springframework.beans.factory.config.AbstractFactoryBean;
24
25 import edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver;
26
27
28
29
30 public class MetadataPKIXX509CredentialTrustEngineFactoryBean extends AbstractFactoryBean {
31
32
33 private MetadataProvider metadataProvider;
34
35
36
37 private PKIXValidationOptions pkixOptions;
38
39
40
41
42
43
44 public PKIXValidationOptions getPKIXValidationOptions() {
45 return pkixOptions;
46 }
47
48
49
50
51
52
53 public void setPKIXValidationOptions(PKIXValidationOptions newOptions) {
54 pkixOptions = newOptions;
55 }
56
57
58
59
60
61
62 public MetadataProvider getMetadataProvider() {
63 return metadataProvider;
64 }
65
66
67
68
69
70
71 public void setMetadataProvider(MetadataProvider provider) {
72 metadataProvider = provider;
73 }
74
75
76 public Class getObjectType() {
77 return PKIXX509CredentialTrustEngine.class;
78 }
79
80
81 protected Object createInstance() throws Exception {
82 MetadataPKIXValidationInformationResolver pviResolver = new MetadataPKIXValidationInformationResolver(
83 getMetadataProvider());
84
85 PKIXX509CredentialTrustEngine engine = new PKIXX509CredentialTrustEngine(pviResolver);
86
87 if (getPKIXValidationOptions() != null) {
88 ((CertPathPKIXTrustEvaluator)engine.getPKIXTrustEvaluator()).setPKIXValidationOptions(getPKIXValidationOptions());
89 }
90
91 return engine;
92 }
93 }