View Javadoc

1   /*
2    * Licensed to the University Corporation for Advanced Internet Development, 
3    * Inc. (UCAID) under one or more contributor license agreements.  See the 
4    * NOTICE file distributed with this work for additional information regarding
5    * copyright ownership. The UCAID licenses this file to You under the Apache 
6    * License, Version 2.0 (the "License"); you may not use this file except in 
7    * compliance with the License.  You may obtain a copy of the License at
8    *
9    *    http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  
18  package edu.internet2.middleware.shibboleth.common.config.security;
19  
20  import java.util.ArrayList;
21  import java.util.List;
22  
23  import org.opensaml.saml2.metadata.provider.MetadataProvider;
24  import org.opensaml.security.MetadataCredentialResolver;
25  import org.opensaml.security.MetadataCredentialResolverFactory;
26  import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver;
27  import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
28  import org.opensaml.xml.security.keyinfo.KeyInfoProvider;
29  import org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider;
30  import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider;
31  import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider;
32  import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine;
33  import org.springframework.beans.factory.config.AbstractFactoryBean;
34  
35  /**
36   * Spring factory bean used to created {@link ExplicitKeySignatureTrustEngine}s based on a metadata provider.
37   */
38  public class MetadataExplicitKeySignatureTrustEngineFactoryBean extends AbstractFactoryBean {
39      
40      /** Metadata provider used to look up key information for peer entities. */
41      private MetadataProvider metadataProvider;
42  
43      /**
44       * Gets the metadata provider used to look up key information for peer entities.
45       * 
46       * @return metadata provider used to look up key information for peer entities
47       */
48      public MetadataProvider getMetadataProvider() {
49          return metadataProvider;
50      }
51  
52      /**
53       * Sets the metadata provider used to look up key information for peer entities.
54       * 
55       * @param provider metadata provider used to look up key information for peer entities
56       */
57      public void setMetadataProvider(MetadataProvider provider) {
58          metadataProvider = provider;
59      }
60  
61      /** {@inheritDoc} */
62      public Class getObjectType() {
63          return ExplicitKeySignatureTrustEngine.class;
64      }
65      
66      /** {@inheritDoc} */
67      protected Object createInstance() throws Exception {
68          MetadataCredentialResolverFactory mcrFactory = MetadataCredentialResolverFactory.getFactory();
69          MetadataCredentialResolver credResolver = mcrFactory.getInstance(getMetadataProvider());
70          
71          List<KeyInfoProvider> keyInfoProviders = new ArrayList<KeyInfoProvider>();
72          keyInfoProviders.add(new DSAKeyValueProvider());
73          keyInfoProviders.add(new RSAKeyValueProvider());
74          keyInfoProviders.add(new InlineX509DataProvider());
75          KeyInfoCredentialResolver keyInfoCredResolver = new BasicProviderKeyInfoCredentialResolver(keyInfoProviders);
76          
77          return new ExplicitKeySignatureTrustEngine(credResolver, keyInfoCredResolver);
78      }
79  }