org.opensaml.spring.trust.StaticPKIXFactoryBean

All Implemented Interfaces:: Aware, BeanClassLoaderAware, BeanFactoryAware, DisposableBean, FactoryBean<PKIXX509CredentialTrustEngine>, InitializingBean

public class StaticPKIXFactoryBean extends AbstractComponentAwareFactoryBean<PKIXX509CredentialTrustEngine>

File system specific bean for PKIXX509CredentialTrustEngine.

Since:: 3.3.0

Field Summary

Fields

Modifier and Type

Field

Description

private List<Resource>

certificateResources

Certificate resources.

private boolean

checkNames

Whether to enable name checking.

private X509CredentialNameEvaluator

credentialNameEvaluator

Custom instance of X509CredentialNameEvaluator to use.

private List<Resource>

crlResources

CRL resources.

private org.slf4j.Logger

log

log.

private Set<String>

trustedNames

Explicit subject name(s) to match.

private PKIXTrustEvaluator

trustEvaluator

Custom instance of PKIXTrustEvaluator to use.

private Integer

verifyDepth

Verification depth.

Fields inherited from interface org.springframework.beans.factory.FactoryBean
OBJECT_TYPE_ATTRIBUTE
Constructor Summary

Constructors

Constructor

Description

StaticPKIXFactoryBean()

Constructor.
Method Summary

Modifier and Type

Method

Description

protected PKIXX509CredentialTrustEngine

doCreateInstance()

protected List<X509Certificate>

getCertificates()

Get the configured certificates.

protected List<X509CRL>

getCRLs()

Get the configured CRL list.

Class<?>

getObjectType()

void

setCertificates(List<Resource> certs)

Set the resources which we will convert into certificates.

void

setCheckNames(boolean flag)

Set whether the perform name checking in the PKIX layer.

void

setCredentialNameEvaluator(X509CredentialNameEvaluator evaluator)

Set the custom instance of X509CredentialNameEvaluator to use.

void

setCRLs(List<Resource> crls)

Set the resources which we will convert into CRLs.

void

setTrustedNames(Collection<String> names)

Set explicitly trusted names to match against credential.

void

setTrustEvaluator(PKIXTrustEvaluator evaluator)

Set the custom instance of PKIXTrustEvaluator to use.

void

setVerifyDepth(Integer depth)

Set the verify depth.

protected void

validateConfiguration(PKIXTrustEvaluator pkixTrustEvaluator)

Validate the configuration of the effective PKIXTrustEvaluator.

Methods inherited from class net.shibboleth.shared.spring.factory.AbstractComponentAwareFactoryBean
createInstance, destroyInstance, setThrowIfNull

Methods inherited from class net.shibboleth.shared.spring.factory.AbstractFactoryBean
afterPropertiesSet, destroy, getBeanFactory, getBeanTypeConverter, getEarlySingletonInterfaces, getObject, isSingleton, setBeanClassLoader, setBeanFactory, setSingleton

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details
- log
  
  @Nonnull private org.slf4j.Logger log
  
  log.
- certificateResources
  
  @Nullable private List<Resource> certificateResources
  
  Certificate resources.
- crlResources
  
  @Nullable private List<Resource> crlResources
  
  CRL resources.
- verifyDepth
  
  @Nullable private Integer verifyDepth
  
  Verification depth.
- trustedNames
  
  @Nullable private Set<String> trustedNames
  
  Explicit subject name(s) to match.
- checkNames
  
  private boolean checkNames
  
  Whether to enable name checking. If true a default implementation will be used. See also: credentialNameEvaluator.
- trustEvaluator
  
  @Nullable private PKIXTrustEvaluator trustEvaluator
  
  Custom instance of PKIXTrustEvaluator to use.
- credentialNameEvaluator
  
  @Nullable private X509CredentialNameEvaluator credentialNameEvaluator
  
  Custom instance of X509CredentialNameEvaluator to use. A non-null value overrides checkNames.
Constructor Details
- StaticPKIXFactoryBean
  
  public StaticPKIXFactoryBean()
  
  Constructor.
Method Details
- getObjectType
  
  @Nonnull public Class<?> getObjectType()
  
  Specified by:
  
  getObjectType in interface FactoryBean<PKIXX509CredentialTrustEngine>
  
  Specified by:
  
  getObjectType in class AbstractFactoryBean<PKIXX509CredentialTrustEngine>
- setCertificates
  
  public void setCertificates(@Nullable List<Resource> certs)
  
  Set the resources which we will convert into certificates.
  
  Parameters:
  
  certs - the resources
- setCRLs
  
  public void setCRLs(@Nullable List<Resource> crls)
  
  Set the resources which we will convert into CRLs.
  
  Parameters:
  
  crls - the resources
- setVerifyDepth
  
  public void setVerifyDepth(@Nullable Integer depth)
  
  Set the verify depth.
  
  Parameters:
  
  depth - value to set
- setCheckNames
  
  public void setCheckNames(boolean flag)
  
  Set whether the perform name checking in the PKIX layer.
  Defaults to "true", should generally be disabled when used with an HTTP client that is already checking names.
  
  If true a default implementation will be used unless a specific name evaluator impl has been supplied. See also: setCredentialNameEvaluator(X509CredentialNameEvaluator).
  
  Parameters:
  
  flag - flag to set
  
  Since:
  
  3.4.0
- setTrustedNames
  
  public void setTrustedNames(@Nullable Collection<String> names)
  
  Set explicitly trusted names to match against credential.
  
  Parameters:
  
  names - explicitly trusted names
  
  Since:
  
  3.4.0
- setTrustEvaluator
  
  public void setTrustEvaluator(@Nullable PKIXTrustEvaluator evaluator)
  
  Set the custom instance of PKIXTrustEvaluator to use.
  
  Parameters:
  
  evaluator - PKIXTrustEvaluator to set
- setCredentialNameEvaluator
  
  public void setCredentialNameEvaluator(@Nullable X509CredentialNameEvaluator evaluator)
  
  Set the custom instance of X509CredentialNameEvaluator to use.
  A non-null value overrides setCheckNames(boolean).
  
  Parameters:
  
  evaluator - X509CredentialNameEvaluator to set
- getCertificates
  
  @Nonnull @Unmodifiable @NotLive protected List<X509Certificate> getCertificates()
  
  Get the configured certificates.
  
  Returns:
  
  the certificates
- getCRLs
  
  @Nonnull @Unmodifiable @NotLive protected List<X509CRL> getCRLs()
  
  Get the configured CRL list.
  
  Returns:
  
  the crls
- doCreateInstance
  
  @Nonnull protected PKIXX509CredentialTrustEngine doCreateInstance() throws Exception
  
  Specified by:
  
  doCreateInstance in class AbstractComponentAwareFactoryBean<PKIXX509CredentialTrustEngine>
  
  Throws:
  
  Exception
- validateConfiguration
  
  protected void validateConfiguration(@Nonnull PKIXTrustEvaluator pkixTrustEvaluator) throws Exception
  
  Validate the configuration of the effective PKIXTrustEvaluator.
  
  Parameters:
  
  pkixTrustEvaluator - the instance whose configuration is to be evaluated
  
  Throws:
  
  Exception - if configuration issues are encountered

Class StaticPKIXFactoryBean

Field Summary

Fields inherited from interface org.springframework.beans.factory.FactoryBean

Constructor Summary

Method Summary

Methods inherited from class net.shibboleth.shared.spring.factory.AbstractComponentAwareFactoryBean

Methods inherited from class net.shibboleth.shared.spring.factory.AbstractFactoryBean

Methods inherited from class java.lang.Object

Field Details

log

certificateResources

crlResources

verifyDepth

trustedNames

checkNames

trustEvaluator

credentialNameEvaluator

Constructor Details

StaticPKIXFactoryBean

Method Details

getObjectType

setCertificates

setCRLs

setVerifyDepth

setCheckNames

setTrustedNames

setTrustEvaluator

setCredentialNameEvaluator

getCertificates

getCRLs

doCreateInstance

validateConfiguration