View Javadoc

1   /*
2    * Licensed to the University Corporation for Advanced Internet Development, 
3    * Inc. (UCAID) under one or more contributor license agreements.  See the 
4    * NOTICE file distributed with this work for additional information regarding
5    * copyright ownership. The UCAID licenses this file to You under the Apache 
6    * License, Version 2.0 (the "License"); you may not use this file except in 
7    * compliance with the License.  You may obtain a copy of the License at
8    *
9    *    http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  
18  package edu.internet2.middleware.shibboleth.common.config.security;
19  
20  import java.util.Collections;
21  import java.util.List;
22  import java.util.Set;
23  
24  import org.opensaml.xml.security.x509.CertPathPKIXTrustEvaluator;
25  import org.opensaml.xml.security.x509.PKIXValidationInformation;
26  import org.opensaml.xml.security.x509.PKIXValidationOptions;
27  import org.opensaml.xml.security.x509.PKIXX509CredentialTrustEngine;
28  import org.opensaml.xml.security.x509.StaticPKIXValidationInformationResolver;
29  import org.springframework.beans.factory.config.AbstractFactoryBean;
30  
31  /**
32   * Spring factory bean used to create {@link PKIXX509CredentialTrustEngine}s based on a static 
33   * PKIXValidationInformation resolver.
34   */
35  public class StaticPKIXX509CredentialTrustEngineFactoryBean extends AbstractFactoryBean {
36      
37      /** List of PKIX validation info. */
38      private List<PKIXValidationInformation> pkixInfo;
39      
40      /** Set of trusted names. */
41      private Set<String> trustedNames;
42      
43      /** PKIX validation options. */
44      private PKIXValidationOptions pkixOptions;
45      
46      /**
47       * Get the PKIX validation options.
48       * 
49       * @return the set of validation options
50       */
51      public PKIXValidationOptions getPKIXValidationOptions() {
52          return pkixOptions;
53      }
54  
55      /**
56       * Set the PKIX validation options.
57       * 
58       * @param newOptions the new set of validation options
59       */
60      public void setPKIXValidationOptions(PKIXValidationOptions newOptions) {
61          pkixOptions = newOptions;
62      }
63  
64      /**
65       * Gets the list of PKIX validation info.
66       * 
67       * @return the list of PKIX validation info 
68       */
69      public List<PKIXValidationInformation> getPKIXInfo() {
70          return pkixInfo;
71      }
72  
73      /**
74       * Sets the list of PKIX validation info.
75       * 
76       * @param newPKIXInfo the new list of PKIX validation info
77       */
78      public void setPKIXInfo(List<PKIXValidationInformation> newPKIXInfo) {
79          pkixInfo = newPKIXInfo;
80      }
81      
82      /**
83       * Gets the set of trusted names.
84       * 
85       * @return the set of trusted names
86       */
87      public Set<String> getTrustedNames() {
88          return trustedNames;
89      }
90  
91      /**
92       * Sets the set of trusted names.
93       * 
94       * @param newTrustedNames the set of trusted names
95       */
96      public void setTrustedNames(Set<String> newTrustedNames) {
97          trustedNames = newTrustedNames;
98      }
99  
100     /** {@inheritDoc} */
101     public Class getObjectType() {
102         return PKIXX509CredentialTrustEngine.class;
103     }
104     
105     /** {@inheritDoc} */
106     protected Object createInstance() throws Exception {
107         Set<String> names = getTrustedNames();
108         if (names == null) {
109             names = Collections.emptySet();
110         }
111         StaticPKIXValidationInformationResolver pkixResolver = 
112             new StaticPKIXValidationInformationResolver(getPKIXInfo(), names);
113         
114         PKIXX509CredentialTrustEngine engine = new PKIXX509CredentialTrustEngine(pkixResolver);
115         
116         if (getPKIXValidationOptions() != null) {
117             ((CertPathPKIXTrustEvaluator)engine.getPKIXTrustEvaluator()).setPKIXValidationOptions(getPKIXValidationOptions());
118         }
119         
120         return engine;
121     }
122 }