View Javadoc

1   /*
2    * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.opensaml.ws.security.provider;
18  
19  import java.util.LinkedHashSet;
20  
21  import javax.security.auth.x500.X500Principal;
22  
23  import org.opensaml.xml.security.x509.InternalX500DNHandler;
24  import org.opensaml.xml.security.x509.X500DNHandler;
25  
26  /**
27   * Options for deriving message context issuer names from an X.509 certificate. Used by {@link ClientCertAuthRule}.
28   */
29  public class CertificateNameOptions implements Cloneable {
30  
31      /** Evaluate the certificate subject DN as a derived issuer entity ID. */
32      private boolean evaluateSubjectDN;
33  
34      /** Evaluate the certificate subject DN's common name (CN) as a derived issuer entity ID. */
35      private boolean evaluateSubjectCommonName;
36  
37      /** The set of types of subject alternative names evaluate as derived issuer entity ID names. */
38      private LinkedHashSet<Integer> subjectAltNames;
39  
40      /**
41       * Responsible for serializing X.500 names to strings from certificate-derived {@link X500Principal} instances.
42       */
43      private X500DNHandler x500DNHandler;
44  
45      /** The format specifier for serializaing X.500 subject names to strings. */
46      private String x500SubjectDNFormat;
47  
48      /** Constructor. */
49      public CertificateNameOptions() {
50          subjectAltNames = new LinkedHashSet<Integer>();
51          x500DNHandler = new InternalX500DNHandler();
52          x500SubjectDNFormat = X500DNHandler.FORMAT_RFC2253;
53      }
54  
55      /**
56       * Get whether to evaluate the certificate subject DN's common name (CN) as a derived issuer entity ID.
57       * 
58       * @return Returns the evaluateSubjectCommonName.
59       */
60      public boolean evaluateSubjectCommonName() {
61          return evaluateSubjectCommonName;
62      }
63      
64      /**
65       * Set whether to evaluate the certificate subject DN's common name (CN) as a derived issuer entity ID.
66       * 
67       * @param flag new new evaluateSubjectCommonName value.
68       */
69      public void setEvaluateSubjectCommonName(boolean flag) {
70          evaluateSubjectCommonName = flag;
71      }
72  
73      /**
74       * Get whether to evaluate the certificate subject DN as a derived issuer entity ID.
75       * 
76       * @return Returns the evaluateSubjectDN.
77       */
78      public boolean evaluateSubjectDN() {
79          return evaluateSubjectDN;
80      }
81  
82      /**
83       * Set whether to evaluate the certificate subject DN as a derived issuer entity ID.
84       * 
85       * @param flag the new evaluateSubjectDN value.
86       */
87      public void setEvaluateSubjectDN(boolean flag) {
88          evaluateSubjectDN = flag;
89      }
90      
91      /**
92       * Get the set of types of subject alternative names evaluate as derived issuer entity ID names.
93       * 
94       * @return Returns the subjectAltNames.
95       */
96      public LinkedHashSet<Integer> getSubjectAltNames() {
97          return subjectAltNames;
98      }
99  
100     /**
101      * Get the handler responsible for serializing X.500 names to strings from certificate-derived
102      * {@link X500Principal} instances.
103      * 
104      * @return Returns the x500DNHandler.
105      */
106     public X500DNHandler getX500DNHandler() {
107         return x500DNHandler;
108     }
109 
110     /**
111      * Set the handler responsible for serializing X.500 names to strings from certificate-derived
112      * {@link X500Principal} instances.
113      * 
114      * @param handler the new x500DNHandler value.
115      */
116     public void setX500DNHandler(X500DNHandler handler) {
117         if (handler == null) {
118             throw new IllegalArgumentException("X500DNHandler may not be null");
119         }
120         x500DNHandler = handler;
121     }
122     
123     /**
124      * Get the the format specifier for serializaing X.500 subject names to strings.
125      * 
126      * @return Returns the x500SubjectDNFormat.
127      */
128     public String getX500SubjectDNFormat() {
129         return x500SubjectDNFormat;
130     }
131 
132     /**
133      * Set the the format specifier for serializaing X.500 subject names to strings.
134      * 
135      * @param format the new x500SubjectDNFormat value.
136      */
137     public void setX500SubjectDNFormat(String format) {
138         x500SubjectDNFormat = format;
139     }
140     
141     /** {@inheritDoc} */
142     public CertificateNameOptions clone() {
143         CertificateNameOptions clonedOptions;
144         try {
145             clonedOptions = (CertificateNameOptions) super.clone();
146         } catch (CloneNotSupportedException e) {
147             // we know we're cloneable, so this will never happen
148             return null;
149         }
150 
151         clonedOptions.subjectAltNames = new LinkedHashSet<Integer>();
152         clonedOptions.subjectAltNames.addAll(this.subjectAltNames);
153 
154         clonedOptions.x500DNHandler = this.x500DNHandler.clone();
155 
156         return clonedOptions;
157     }
158 
159 }
160