View Javadoc

1   /*
2    * Licensed to the University Corporation for Advanced Internet Development, 
3    * Inc. (UCAID) under one or more contributor license agreements.  See the 
4    * NOTICE file distributed with this work for additional information regarding
5    * copyright ownership. The UCAID licenses this file to You under the Apache 
6    * License, Version 2.0 (the "License"); you may not use this file except in 
7    * compliance with the License.  You may obtain a copy of the License at
8    *
9    *    http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  
18  package edu.internet2.middleware.shibboleth.common.config.security;
19  
20  import java.util.ArrayList;
21  import java.util.Collections;
22  import java.util.List;
23  import java.util.Set;
24  
25  import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver;
26  import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
27  import org.opensaml.xml.security.keyinfo.KeyInfoProvider;
28  import org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider;
29  import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider;
30  import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider;
31  import org.opensaml.xml.security.x509.CertPathPKIXTrustEvaluator;
32  import org.opensaml.xml.security.x509.PKIXValidationInformation;
33  import org.opensaml.xml.security.x509.PKIXValidationOptions;
34  import org.opensaml.xml.security.x509.StaticPKIXValidationInformationResolver;
35  import org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine;
36  import org.springframework.beans.factory.config.AbstractFactoryBean;
37  
38  /**
39   * Spring factory bean used to create {@link PKIXSignatureTrustEngine}s based on a static 
40   * PKIXValidationInformation resolver.
41   */
42  public class StaticPKIXSignatureTrustEngineFactoryBean extends AbstractFactoryBean {
43      
44      /** List of PKIX validation info. */
45      private List<PKIXValidationInformation> pkixInfo;
46      
47      /** Set of trusted names. */
48      private Set<String> trustedNames;
49      
50      /** PKIX validation options. */
51      private PKIXValidationOptions pkixOptions;
52      
53      /**
54       * Get the PKIX validation options.
55       * 
56       * @return the set of validation options
57       */
58      public PKIXValidationOptions getPKIXValidationOptions() {
59          return pkixOptions;
60      }
61  
62      /**
63       * Set the PKIX validation options.
64       * 
65       * @param newOptions the new set of validation options
66       */
67      public void setPKIXValidationOptions(PKIXValidationOptions newOptions) {
68          pkixOptions = newOptions;
69      }
70  
71      /**
72       * Gets the list of PKIX validation info.
73       * 
74       * @return the list of PKIX validation info 
75       */
76      public List<PKIXValidationInformation> getPKIXInfo() {
77          return pkixInfo;
78      }
79  
80      /**
81       * Sets the list of PKIX validation info.
82       * 
83       * @param newPKIXInfo the new list of PKIX validation info
84       */
85      public void setPKIXInfo(List<PKIXValidationInformation> newPKIXInfo) {
86          pkixInfo = newPKIXInfo;
87      }
88  
89      /**
90       * Gets the set of trusted names.
91       * 
92       * @return the set of trusted names
93       */
94      public Set<String> getTrustedNames() {
95          return trustedNames;
96      }
97  
98      /**
99       * Sets the set of trusted names.
100      * 
101      * @param newTrustedNames the set of trusted names
102      */
103     public void setTrustedNames(Set<String> newTrustedNames) {
104         trustedNames = newTrustedNames;
105     }
106 
107     /** {@inheritDoc} */
108     public Class getObjectType() {
109         return PKIXSignatureTrustEngine.class;
110     }
111     
112     /** {@inheritDoc} */
113     protected Object createInstance() throws Exception {
114         Set<String> names = getTrustedNames();
115         if (names == null) {
116             names = Collections.emptySet();
117         }
118         StaticPKIXValidationInformationResolver pkixResolver = 
119             new StaticPKIXValidationInformationResolver(getPKIXInfo(), names);
120         
121         List<KeyInfoProvider> keyInfoProviders = new ArrayList<KeyInfoProvider>();
122         keyInfoProviders.add(new DSAKeyValueProvider());
123         keyInfoProviders.add(new RSAKeyValueProvider());
124         keyInfoProviders.add(new InlineX509DataProvider());
125         KeyInfoCredentialResolver keyInfoCredResolver = new BasicProviderKeyInfoCredentialResolver(keyInfoProviders);
126         
127         PKIXSignatureTrustEngine engine = new PKIXSignatureTrustEngine(pkixResolver, keyInfoCredResolver);
128         
129         if (getPKIXValidationOptions() != null) {
130             ((CertPathPKIXTrustEvaluator)engine.getPKIXTrustEvaluator()).setPKIXValidationOptions(getPKIXValidationOptions());
131         }
132         
133         return engine;
134     }
135 }