1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package edu.internet2.middleware.shibboleth.common.config.security;
19
20 import java.util.ArrayList;
21 import java.util.Collections;
22 import java.util.List;
23 import java.util.Set;
24
25 import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver;
26 import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
27 import org.opensaml.xml.security.keyinfo.KeyInfoProvider;
28 import org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider;
29 import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider;
30 import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider;
31 import org.opensaml.xml.security.x509.CertPathPKIXTrustEvaluator;
32 import org.opensaml.xml.security.x509.PKIXValidationInformation;
33 import org.opensaml.xml.security.x509.PKIXValidationOptions;
34 import org.opensaml.xml.security.x509.StaticPKIXValidationInformationResolver;
35 import org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine;
36 import org.springframework.beans.factory.config.AbstractFactoryBean;
37
38
39
40
41
42 public class StaticPKIXSignatureTrustEngineFactoryBean extends AbstractFactoryBean {
43
44
45 private List<PKIXValidationInformation> pkixInfo;
46
47
48 private Set<String> trustedNames;
49
50
51 private PKIXValidationOptions pkixOptions;
52
53
54
55
56
57
58 public PKIXValidationOptions getPKIXValidationOptions() {
59 return pkixOptions;
60 }
61
62
63
64
65
66
67 public void setPKIXValidationOptions(PKIXValidationOptions newOptions) {
68 pkixOptions = newOptions;
69 }
70
71
72
73
74
75
76 public List<PKIXValidationInformation> getPKIXInfo() {
77 return pkixInfo;
78 }
79
80
81
82
83
84
85 public void setPKIXInfo(List<PKIXValidationInformation> newPKIXInfo) {
86 pkixInfo = newPKIXInfo;
87 }
88
89
90
91
92
93
94 public Set<String> getTrustedNames() {
95 return trustedNames;
96 }
97
98
99
100
101
102
103 public void setTrustedNames(Set<String> newTrustedNames) {
104 trustedNames = newTrustedNames;
105 }
106
107
108 public Class getObjectType() {
109 return PKIXSignatureTrustEngine.class;
110 }
111
112
113 protected Object createInstance() throws Exception {
114 Set<String> names = getTrustedNames();
115 if (names == null) {
116 names = Collections.emptySet();
117 }
118 StaticPKIXValidationInformationResolver pkixResolver =
119 new StaticPKIXValidationInformationResolver(getPKIXInfo(), names);
120
121 List<KeyInfoProvider> keyInfoProviders = new ArrayList<KeyInfoProvider>();
122 keyInfoProviders.add(new DSAKeyValueProvider());
123 keyInfoProviders.add(new RSAKeyValueProvider());
124 keyInfoProviders.add(new InlineX509DataProvider());
125 KeyInfoCredentialResolver keyInfoCredResolver = new BasicProviderKeyInfoCredentialResolver(keyInfoProviders);
126
127 PKIXSignatureTrustEngine engine = new PKIXSignatureTrustEngine(pkixResolver, keyInfoCredResolver);
128
129 if (getPKIXValidationOptions() != null) {
130 ((CertPathPKIXTrustEvaluator)engine.getPKIXTrustEvaluator()).setPKIXValidationOptions(getPKIXValidationOptions());
131 }
132
133 return engine;
134 }
135 }