1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package edu.internet2.middleware.shibboleth.common.config.security;
19
20 import java.util.Collections;
21 import java.util.List;
22 import java.util.Set;
23
24 import org.opensaml.xml.security.x509.CertPathPKIXTrustEvaluator;
25 import org.opensaml.xml.security.x509.PKIXValidationInformation;
26 import org.opensaml.xml.security.x509.PKIXValidationOptions;
27 import org.opensaml.xml.security.x509.PKIXX509CredentialTrustEngine;
28 import org.opensaml.xml.security.x509.StaticPKIXValidationInformationResolver;
29 import org.springframework.beans.factory.config.AbstractFactoryBean;
30
31
32
33
34
35 public class StaticPKIXX509CredentialTrustEngineFactoryBean extends AbstractFactoryBean {
36
37
38 private List<PKIXValidationInformation> pkixInfo;
39
40
41 private Set<String> trustedNames;
42
43
44 private PKIXValidationOptions pkixOptions;
45
46
47
48
49
50
51 public PKIXValidationOptions getPKIXValidationOptions() {
52 return pkixOptions;
53 }
54
55
56
57
58
59
60 public void setPKIXValidationOptions(PKIXValidationOptions newOptions) {
61 pkixOptions = newOptions;
62 }
63
64
65
66
67
68
69 public List<PKIXValidationInformation> getPKIXInfo() {
70 return pkixInfo;
71 }
72
73
74
75
76
77
78 public void setPKIXInfo(List<PKIXValidationInformation> newPKIXInfo) {
79 pkixInfo = newPKIXInfo;
80 }
81
82
83
84
85
86
87 public Set<String> getTrustedNames() {
88 return trustedNames;
89 }
90
91
92
93
94
95
96 public void setTrustedNames(Set<String> newTrustedNames) {
97 trustedNames = newTrustedNames;
98 }
99
100
101 public Class getObjectType() {
102 return PKIXX509CredentialTrustEngine.class;
103 }
104
105
106 protected Object createInstance() throws Exception {
107 Set<String> names = getTrustedNames();
108 if (names == null) {
109 names = Collections.emptySet();
110 }
111 StaticPKIXValidationInformationResolver pkixResolver =
112 new StaticPKIXValidationInformationResolver(getPKIXInfo(), names);
113
114 PKIXX509CredentialTrustEngine engine = new PKIXX509CredentialTrustEngine(pkixResolver);
115
116 if (getPKIXValidationOptions() != null) {
117 ((CertPathPKIXTrustEvaluator)engine.getPKIXTrustEvaluator()).setPKIXValidationOptions(getPKIXValidationOptions());
118 }
119
120 return engine;
121 }
122 }