View Javadoc

1   /*
2    * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package edu.internet2.middleware.shibboleth.common.config.security;
18  
19  import java.util.Collections;
20  import java.util.List;
21  import java.util.Set;
22  
23  import org.opensaml.xml.security.x509.CertPathPKIXTrustEvaluator;
24  import org.opensaml.xml.security.x509.PKIXValidationInformation;
25  import org.opensaml.xml.security.x509.PKIXValidationOptions;
26  import org.opensaml.xml.security.x509.PKIXX509CredentialTrustEngine;
27  import org.opensaml.xml.security.x509.StaticPKIXValidationInformationResolver;
28  import org.springframework.beans.factory.config.AbstractFactoryBean;
29  
30  /**
31   * Spring factory bean used to create {@link PKIXX509CredentialTrustEngine}s based on a static 
32   * PKIXValidationInformation resolver.
33   */
34  public class StaticPKIXX509CredentialTrustEngineFactoryBean extends AbstractFactoryBean {
35      
36      /** List of PKIX validation info. */
37      private List<PKIXValidationInformation> pkixInfo;
38      
39      /** Set of trusted names. */
40      private Set<String> trustedNames;
41      
42      /** PKIX validation options. */
43      private PKIXValidationOptions pkixOptions;
44      
45      /**
46       * Get the PKIX validation options.
47       * 
48       * @return the set of validation options
49       */
50      public PKIXValidationOptions getPKIXValidationOptions() {
51          return pkixOptions;
52      }
53  
54      /**
55       * Set the PKIX validation options.
56       * 
57       * @param newOptions the new set of validation options
58       */
59      public void setPKIXValidationOptions(PKIXValidationOptions newOptions) {
60          pkixOptions = newOptions;
61      }
62  
63      /**
64       * Gets the list of PKIX validation info.
65       * 
66       * @return the list of PKIX validation info 
67       */
68      public List<PKIXValidationInformation> getPKIXInfo() {
69          return pkixInfo;
70      }
71  
72      /**
73       * Sets the list of PKIX validation info.
74       * 
75       * @param newPKIXInfo the new list of PKIX validation info
76       */
77      public void setPKIXInfo(List<PKIXValidationInformation> newPKIXInfo) {
78          pkixInfo = newPKIXInfo;
79      }
80      
81      /**
82       * Gets the set of trusted names.
83       * 
84       * @return the set of trusted names
85       */
86      public Set<String> getTrustedNames() {
87          return trustedNames;
88      }
89  
90      /**
91       * Sets the set of trusted names.
92       * 
93       * @param newTrustedNames the set of trusted names
94       */
95      public void setTrustedNames(Set<String> newTrustedNames) {
96          trustedNames = newTrustedNames;
97      }
98  
99      /** {@inheritDoc} */
100     public Class getObjectType() {
101         return PKIXX509CredentialTrustEngine.class;
102     }
103     
104     /** {@inheritDoc} */
105     protected Object createInstance() throws Exception {
106         Set<String> names = getTrustedNames();
107         if (names == null) {
108             names = Collections.emptySet();
109         }
110         StaticPKIXValidationInformationResolver pkixResolver = 
111             new StaticPKIXValidationInformationResolver(getPKIXInfo(), names);
112         
113         PKIXX509CredentialTrustEngine engine = new PKIXX509CredentialTrustEngine(pkixResolver);
114         
115         if (getPKIXValidationOptions() != null) {
116             ((CertPathPKIXTrustEvaluator)engine.getPKIXTrustEvaluator()).setPKIXValidationOptions(getPKIXValidationOptions());
117         }
118         
119         return engine;
120     }
121 }