View Javadoc

1   /*
2    * Licensed to the University Corporation for Advanced Internet Development, 
3    * Inc. (UCAID) under one or more contributor license agreements.  See the 
4    * NOTICE file distributed with this work for additional information regarding
5    * copyright ownership. The UCAID licenses this file to You under the Apache 
6    * License, Version 2.0 (the "License"); you may not use this file except in 
7    * compliance with the License.  You may obtain a copy of the License at
8    *
9    *    http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  
18  package edu.internet2.middleware.shibboleth.common.config.security;
19  
20  import javax.xml.namespace.QName;
21  
22  import org.opensaml.ws.security.provider.CertificateNameOptions;
23  import org.opensaml.xml.security.x509.X500DNHandler;
24  import org.opensaml.xml.security.x509.X509Util;
25  import org.opensaml.xml.util.DatatypeHelper;
26  import org.springframework.beans.factory.support.BeanDefinitionBuilder;
27  import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
28  import org.w3c.dom.Element;
29  
30  import edu.internet2.middleware.shibboleth.common.binding.security.ShibbolethClientCertAuthRule;
31  
32  /** Spring bean definition parser for {urn:mace:shibboleth:2.0:security}ClientCertificate elements. */
33  public class ClientCertAuthRuleBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {
34      
35      /** Schema type. */
36      public static final QName SCHEMA_TYPE = new QName(SecurityNamespaceHandler.NAMESPACE, "ClientCertAuth");
37  
38      /** {@inheritDoc} */
39      protected Class getBeanClass(Element element) {
40          return ShibbolethClientCertAuthRule.class;
41      }
42  
43      /** {@inheritDoc} */
44      protected void doParse(Element element, BeanDefinitionBuilder builder) {
45          builder.addConstructorArgReference(DatatypeHelper.safeTrimOrNullString(element.getAttributeNS(null,
46                  "trustEngineRef")));
47          
48          CertificateNameOptions nameOptions = new CertificateNameOptions();
49          nameOptions.setX500SubjectDNFormat(X500DNHandler.FORMAT_RFC2253);
50          nameOptions.setEvaluateSubjectDN(false);
51          nameOptions.setEvaluateSubjectCommonName(true);
52          nameOptions.getSubjectAltNames().add(X509Util.DNS_ALT_NAME);
53          nameOptions.getSubjectAltNames().add(X509Util.URI_ALT_NAME);
54          
55          builder.addConstructorArgValue(nameOptions);
56      }
57      
58      /** {@inheritDoc} */
59      protected boolean shouldGenerateId() {
60          return true;
61      }
62  }