org.opensaml.ws.security.provider
Class ClientCertAuthRuleFactory

java.lang.Object
  extended by org.opensaml.ws.security.provider.BaseTrustEngineRuleFactory<X509Credential,javax.servlet.ServletRequest>
      extended by org.opensaml.ws.security.provider.ClientCertAuthRuleFactory
All Implemented Interfaces:
SecurityPolicyRuleFactory<javax.servlet.ServletRequest>
Direct Known Subclasses:
SAMLMDClientCertAuthRuleFactory

public class ClientCertAuthRuleFactory
extends BaseTrustEngineRuleFactory<X509Credential,javax.servlet.ServletRequest>

Factory for policy rules which check if the client cert used to authenticate the request is valid and trusted.


Nested Class Summary
 class ClientCertAuthRuleFactory.CertificateNameOptions
          Options for deriving issuer names from an X.509 certificate.
 
Constructor Summary
ClientCertAuthRuleFactory()
          Constructor.
 
Method Summary
 SecurityPolicyRule<javax.servlet.ServletRequest> createRuleInstance()
          Creates an instance of a policy rule.
 boolean evaluateSubjectCommonName()
          Get the option to evaluate the entity certificate subject common name (CN) as a derived issuer entity ID.
 boolean evaluateSubjectDN()
          Get the option to evaluate the entity certificate subject DN as a derived issuer entity ID.
protected  ClientCertAuthRuleFactory.CertificateNameOptions getCertificateNameOptions()
          Get the current certificate name options.
 java.util.LinkedHashSet<java.lang.Integer> getSubjectAltNames()
          The set of types of subject alternative names to evaluate as derived issuer entity ID's.
 X500DNHandler getX500DNHandler()
          Get the handler which process X.500 distinguished names.
 java.lang.String getX500SubjectDNFormat()
          Get the output format specifier for X.500 subject names.
protected  ClientCertAuthRuleFactory.CertificateNameOptions newCertificateNameOptions()
          Get a new instance to hold options.
 void setEvaluateSubjectCommonName(boolean newValue)
          Set the option to evaluate the entity certificate subject common name (CN) as a derived issuer entity ID.
 void setEvaluateSubjectDN(boolean newValue)
          Set the option to evaluate the entity certificate subject DN as a derived issuer entity ID.
 void setX500DNHandler(X500DNHandler handler)
          Set the handler which process X.500 distinguished names.
 void setX500SubjectDNFormat(java.lang.String format)
          Set the output format specifier for X.500 subject names.
 
Methods inherited from class org.opensaml.ws.security.provider.BaseTrustEngineRuleFactory
getTrustEngine, setTrustEngine
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

ClientCertAuthRuleFactory

public ClientCertAuthRuleFactory()
Constructor.

Method Detail

newCertificateNameOptions

protected ClientCertAuthRuleFactory.CertificateNameOptions newCertificateNameOptions()
Get a new instance to hold options. Used by the this class constructor. Subclasses MUST override to produce an instance of the appropriate subclass of ClientCertAuthRuleFactory.CertificateNameOptions if they extend this options class to hold subclass-specific options.

Returns:
a new instance of factory/generator options

getCertificateNameOptions

protected ClientCertAuthRuleFactory.CertificateNameOptions getCertificateNameOptions()
Get the current certificate name options.

Returns:
cloned instance of the current name options

createRuleInstance

public SecurityPolicyRule<javax.servlet.ServletRequest> createRuleInstance()
Creates an instance of a policy rule.

Specified by:
createRuleInstance in interface SecurityPolicyRuleFactory<javax.servlet.ServletRequest>
Specified by:
createRuleInstance in class BaseTrustEngineRuleFactory<X509Credential,javax.servlet.ServletRequest>
Returns:
an instance of a policy rule

evaluateSubjectCommonName

public boolean evaluateSubjectCommonName()
Get the option to evaluate the entity certificate subject common name (CN) as a derived issuer entity ID.

Returns:
the option value

setEvaluateSubjectCommonName

public void setEvaluateSubjectCommonName(boolean newValue)
Set the option to evaluate the entity certificate subject common name (CN) as a derived issuer entity ID.

Parameters:
newValue - the new option value

evaluateSubjectDN

public boolean evaluateSubjectDN()
Get the option to evaluate the entity certificate subject DN as a derived issuer entity ID.

Returns:
the option value

setEvaluateSubjectDN

public void setEvaluateSubjectDN(boolean newValue)
Set the option to evaluate the entity certificate subject DN as a derived issuer entity ID.

Parameters:
newValue - the new option value

getSubjectAltNames

public java.util.LinkedHashSet<java.lang.Integer> getSubjectAltNames()
The set of types of subject alternative names to evaluate as derived issuer entity ID's. Name types are represented using the constant OID tag name values defined in X509Util. Note: A LinkedHashSet is used to provide predictable ordering on iteration; consequently, the order of evaluation of the name types as derived issuer names will be the same as insertion order into set.

Returns:
the modifiable set of alt name identifiers

getX500DNHandler

public X500DNHandler getX500DNHandler()
Get the handler which process X.500 distinguished names. Defaults to InternalX500DNHandler.

Returns:
returns the X500DNHandler instance

setX500DNHandler

public void setX500DNHandler(X500DNHandler handler)
Set the handler which process X.500 distinguished names. Defaults to InternalX500DNHandler.

Parameters:
handler - the new X500DNHandler instance

getX500SubjectDNFormat

public java.lang.String getX500SubjectDNFormat()
Get the output format specifier for X.500 subject names. Defaults to RFC2253 format. The meaning of this format specifier value is dependent upon the implementation of X500DNHandler which is used.

Returns:
returns the format specifier

setX500SubjectDNFormat

public void setX500SubjectDNFormat(java.lang.String format)
Set the output format specifier for X.500 subject names. Defaults to RFC2253 format. The meaning of this format specifier value is dependent upon the implementation of X500DNHandler which is used.

Parameters:
format - the new X500DNHandler instance