1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package edu.internet2.middleware.shibboleth.common.config.security;
19
20 import org.opensaml.saml2.metadata.provider.MetadataProvider;
21 import org.opensaml.xml.security.x509.CertPathPKIXTrustEvaluator;
22 import org.opensaml.xml.security.x509.PKIXValidationOptions;
23 import org.opensaml.xml.security.x509.PKIXX509CredentialTrustEngine;
24 import org.springframework.beans.factory.config.AbstractFactoryBean;
25
26 import edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver;
27
28
29
30
31 public class MetadataPKIXX509CredentialTrustEngineFactoryBean extends AbstractFactoryBean {
32
33
34 private MetadataProvider metadataProvider;
35
36
37
38 private PKIXValidationOptions pkixOptions;
39
40
41
42
43
44
45 public PKIXValidationOptions getPKIXValidationOptions() {
46 return pkixOptions;
47 }
48
49
50
51
52
53
54 public void setPKIXValidationOptions(PKIXValidationOptions newOptions) {
55 pkixOptions = newOptions;
56 }
57
58
59
60
61
62
63 public MetadataProvider getMetadataProvider() {
64 return metadataProvider;
65 }
66
67
68
69
70
71
72 public void setMetadataProvider(MetadataProvider provider) {
73 metadataProvider = provider;
74 }
75
76
77 public Class getObjectType() {
78 return PKIXX509CredentialTrustEngine.class;
79 }
80
81
82 protected Object createInstance() throws Exception {
83 MetadataPKIXValidationInformationResolver pviResolver = new MetadataPKIXValidationInformationResolver(
84 getMetadataProvider());
85
86 PKIXX509CredentialTrustEngine engine = new PKIXX509CredentialTrustEngine(pviResolver);
87
88 if (getPKIXValidationOptions() != null) {
89 ((CertPathPKIXTrustEvaluator)engine.getPKIXTrustEvaluator()).setPKIXValidationOptions(getPKIXValidationOptions());
90 }
91
92 return engine;
93 }
94 }