View Javadoc

1   /*
2    * Licensed to the University Corporation for Advanced Internet Development, 
3    * Inc. (UCAID) under one or more contributor license agreements.  See the 
4    * NOTICE file distributed with this work for additional information regarding
5    * copyright ownership. The UCAID licenses this file to You under the Apache 
6    * License, Version 2.0 (the "License"); you may not use this file except in 
7    * compliance with the License.  You may obtain a copy of the License at
8    *
9    *    http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  
18  package edu.internet2.middleware.shibboleth.common.config.security;
19  
20  import org.opensaml.saml2.metadata.provider.MetadataProvider;
21  import org.opensaml.xml.security.x509.CertPathPKIXTrustEvaluator;
22  import org.opensaml.xml.security.x509.PKIXValidationOptions;
23  import org.opensaml.xml.security.x509.PKIXX509CredentialTrustEngine;
24  import org.springframework.beans.factory.config.AbstractFactoryBean;
25  
26  import edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver;
27  
28  /**
29   * Spring factory bean used to created {@link PKIXX509CredentialTrustEngine}s based on a metadata provider.
30   */
31  public class MetadataPKIXX509CredentialTrustEngineFactoryBean extends AbstractFactoryBean {
32  
33      /** Metadata provider used to look up key information for peer entities. */
34      private MetadataProvider metadataProvider;
35      
36      
37      /** PKIX validation options. */
38      private PKIXValidationOptions pkixOptions;
39      
40      /**
41       * Get the PKIX validation options.
42       * 
43       * @return the set of validation options
44       */
45      public PKIXValidationOptions getPKIXValidationOptions() {
46          return pkixOptions;
47      }
48  
49      /**
50       * Set the PKIX validation options.
51       * 
52       * @param newOptions the new set of validation options
53       */
54      public void setPKIXValidationOptions(PKIXValidationOptions newOptions) {
55          pkixOptions = newOptions;
56      }
57  
58      /**
59       * Gets the metadata provider used to look up key information for peer entities.
60       * 
61       * @return metadata provider used to look up key information for peer entities
62       */
63      public MetadataProvider getMetadataProvider() {
64          return metadataProvider;
65      }
66  
67      /**
68       * Sets the metadata provider used to look up key information for peer entities.
69       * 
70       * @param provider metadata provider used to look up key information for peer entities
71       */
72      public void setMetadataProvider(MetadataProvider provider) {
73          metadataProvider = provider;
74      }
75  
76      /** {@inheritDoc} */
77      public Class getObjectType() {
78          return PKIXX509CredentialTrustEngine.class;
79      }
80  
81      /** {@inheritDoc} */
82      protected Object createInstance() throws Exception {
83          MetadataPKIXValidationInformationResolver pviResolver = new MetadataPKIXValidationInformationResolver(
84                  getMetadataProvider());
85          
86          PKIXX509CredentialTrustEngine engine = new PKIXX509CredentialTrustEngine(pviResolver);
87          
88          if (getPKIXValidationOptions() != null) {
89              ((CertPathPKIXTrustEvaluator)engine.getPKIXTrustEvaluator()).setPKIXValidationOptions(getPKIXValidationOptions());
90          }
91          
92          return engine;
93      }
94  }