1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package edu.internet2.middleware.shibboleth.common.config.security;
19
20 import java.util.ArrayList;
21 import java.util.List;
22
23 import org.opensaml.saml2.metadata.provider.MetadataProvider;
24 import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver;
25 import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
26 import org.opensaml.xml.security.keyinfo.KeyInfoProvider;
27 import org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider;
28 import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider;
29 import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider;
30 import org.opensaml.xml.security.x509.CertPathPKIXTrustEvaluator;
31 import org.opensaml.xml.security.x509.PKIXValidationOptions;
32 import org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine;
33 import org.springframework.beans.factory.config.AbstractFactoryBean;
34
35 import edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver;
36
37
38
39
40 public class MetadataPKIXSignatureTrustEngineFactoryBean extends AbstractFactoryBean {
41
42
43 private MetadataProvider metadataProvider;
44
45
46 private PKIXValidationOptions pkixOptions;
47
48
49
50
51
52
53 public PKIXValidationOptions getPKIXValidationOptions() {
54 return pkixOptions;
55 }
56
57
58
59
60
61
62 public void setPKIXValidationOptions(PKIXValidationOptions newOptions) {
63 pkixOptions = newOptions;
64 }
65
66
67
68
69
70
71 public MetadataProvider getMetadataProvider() {
72 return metadataProvider;
73 }
74
75
76
77
78
79
80 public void setMetadataProvider(MetadataProvider provider) {
81 metadataProvider = provider;
82 }
83
84
85 public Class getObjectType() {
86 return PKIXSignatureTrustEngine.class;
87 }
88
89
90 protected Object createInstance() throws Exception {
91 MetadataPKIXValidationInformationResolver pviResolver = new MetadataPKIXValidationInformationResolver(
92 getMetadataProvider());
93
94 List<KeyInfoProvider> keyInfoProviders = new ArrayList<KeyInfoProvider>();
95 keyInfoProviders.add(new DSAKeyValueProvider());
96 keyInfoProviders.add(new RSAKeyValueProvider());
97 keyInfoProviders.add(new InlineX509DataProvider());
98 KeyInfoCredentialResolver keyInfoCredResolver = new BasicProviderKeyInfoCredentialResolver(keyInfoProviders);
99
100 PKIXSignatureTrustEngine engine = new PKIXSignatureTrustEngine(pviResolver, keyInfoCredResolver);
101
102 if (getPKIXValidationOptions() != null) {
103 ((CertPathPKIXTrustEvaluator)engine.getPKIXTrustEvaluator()).setPKIXValidationOptions(getPKIXValidationOptions());
104 }
105
106 return engine;
107 }
108 }