1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package edu.internet2.middleware.shibboleth.common.config.security;
19
20 import java.security.PrivateKey;
21 import java.security.cert.X509CRL;
22 import java.security.cert.X509Certificate;
23 import java.util.ArrayList;
24 import java.util.List;
25
26 import org.opensaml.xml.security.SecurityException;
27 import org.opensaml.xml.security.SecurityHelper;
28 import org.opensaml.xml.security.x509.BasicX509Credential;
29 import org.opensaml.xml.security.x509.X509Credential;
30 import org.slf4j.Logger;
31 import org.slf4j.LoggerFactory;
32
33
34
35
36 public class X509CredentialFactoryBean extends AbstractCredentialFactoryBean {
37
38
39 private final Logger log = LoggerFactory.getLogger(X509CredentialFactoryBean.class);
40
41
42 private PrivateKey privateKey;
43
44
45 private X509Certificate entityCertificate;
46
47
48 private List<X509Certificate> certificates;
49
50
51 private List<X509CRL> x509crls;
52
53
54 protected Object createInstance() throws Exception {
55 BasicX509Credential credential = new BasicX509Credential();
56
57 credential.setUsageType(getUsageType());
58
59 credential.setEntityId(getEntityID());
60
61 if(getKeyNames() != null){
62 credential.getKeyNames().addAll(getKeyNames());
63 }
64
65 if(certificates != null){
66 credential.setEntityCertificateChain(new ArrayList<X509Certificate>(certificates));
67 if (entityCertificate != null) {
68 credential.setEntityCertificate(entityCertificate);
69 } else {
70 credential.setEntityCertificate(certificates.get(0));
71 }
72 }
73
74 if(x509crls != null){
75 credential.setCRLs(new ArrayList<X509CRL>(x509crls));
76 }
77
78 credential.setPrivateKey(privateKey);
79
80 credential.setPublicKey(credential.getEntityCertificate().getPublicKey());
81
82
83 if (credential.getPublicKey() != null && credential.getPrivateKey() != null) {
84 boolean matched = false;
85 try {
86 matched = SecurityHelper.matchKeyPair(credential.getPublicKey(), credential.getPrivateKey());
87 } catch (SecurityException e) {
88 log.warn("Could not perform sanity check against credential public and private key: {}",
89 e.getMessage());
90 }
91 if (!matched) {
92 log.error("Mismatch detected between credential's public and private key");
93 throw new SecurityException("Mismatch between credential public and private key");
94 }
95 }
96
97 return credential;
98 }
99
100
101 public Class getObjectType() {
102 return X509Credential.class;
103 }
104
105
106
107
108
109
110 public X509Certificate getEntityCertificate() {
111 return entityCertificate;
112 }
113
114
115
116
117
118
119 public List<X509Certificate> getCertificates() {
120 return certificates;
121 }
122
123
124
125
126
127
128 public List<X509CRL> getCrls() {
129 return x509crls;
130 }
131
132
133
134
135
136
137
138 public PrivateKey getPrivateKey() {
139 return privateKey;
140 }
141
142
143
144
145
146
147 public void setEntityCertificate(X509Certificate newCert) {
148 entityCertificate = newCert;
149 }
150
151
152
153
154
155
156 public void setCertificates(List<X509Certificate> certs) {
157 certificates = certs;
158 }
159
160
161
162
163
164
165 public void setCrls(List<X509CRL> crls) {
166 this.x509crls = crls;
167 }
168
169
170
171
172
173
174 public void setPrivateKey(PrivateKey key) {
175 privateKey = key;
176 }
177
178 }