1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package edu.internet2.middleware.shibboleth.common.config.security;
19
20 import javax.xml.namespace.QName;
21
22 import org.opensaml.ws.security.provider.CertificateNameOptions;
23 import org.opensaml.xml.security.x509.X500DNHandler;
24 import org.opensaml.xml.security.x509.X509Util;
25 import org.opensaml.xml.util.DatatypeHelper;
26 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
27 import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
28 import org.w3c.dom.Element;
29
30 import edu.internet2.middleware.shibboleth.common.binding.security.ShibbolethClientCertAuthRule;
31
32
33 public class ClientCertAuthRuleBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {
34
35
36 public static final QName SCHEMA_TYPE = new QName(SecurityNamespaceHandler.NAMESPACE, "ClientCertAuth");
37
38
39 protected Class getBeanClass(Element element) {
40 return ShibbolethClientCertAuthRule.class;
41 }
42
43
44 protected void doParse(Element element, BeanDefinitionBuilder builder) {
45 builder.addConstructorArgReference(DatatypeHelper.safeTrimOrNullString(element.getAttributeNS(null,
46 "trustEngineRef")));
47
48 CertificateNameOptions nameOptions = new CertificateNameOptions();
49 nameOptions.setX500SubjectDNFormat(X500DNHandler.FORMAT_RFC2253);
50 nameOptions.setEvaluateSubjectDN(false);
51 nameOptions.setEvaluateSubjectCommonName(true);
52 nameOptions.getSubjectAltNames().add(X509Util.DNS_ALT_NAME);
53 nameOptions.getSubjectAltNames().add(X509Util.URI_ALT_NAME);
54
55 builder.addConstructorArgValue(nameOptions);
56 }
57
58
59 protected boolean shouldGenerateId() {
60 return true;
61 }
62 }