net.shibboleth.idp.profile.spring.factory.StaticPKIXFactoryBean

All Implemented Interfaces:: Aware, BeanClassLoaderAware, BeanFactoryAware, DisposableBean, FactoryBean<PKIXX509CredentialTrustEngine>, InitializingBean

public class StaticPKIXFactoryBean
extends AbstractComponentAwareFactoryBean<PKIXX509CredentialTrustEngine>

File system specific bean for PKIXX509CredentialTrustEngine.

Since:: 3.3.0

Field Summary

Fields
Modifier and Type	Field	Description
`private List<Resource>`	`certificateResources`	Certificate resources.
`private boolean`	`checkNames`	Whether to enable name checking.
`private X509CredentialNameEvaluator`	`credentialNameEvaluator`	Custom instance of `X509CredentialNameEvaluator` to use.
`private List<Resource>`	`crlResources`	CRL resources.
`private org.slf4j.Logger`	`log`	log.
`private Set<String>`	`trustedNames`	Explicit subject name(s) to match.
`private PKIXTrustEvaluator`	`trustEvaluator`	Custom instance of `PKIXTrustEvaluator` to use.
`private Integer`	`verifyDepth`	Verification depth.

Fields inherited from class org.springframework.beans.factory.config.AbstractFactoryBean

logger

Fields inherited from interface org.springframework.beans.factory.FactoryBean

OBJECT_TYPE_ATTRIBUTE

Constructor Summary

Constructors

Constructor Description

StaticPKIXFactoryBean()
Constructor.

Method Summary

Modifier and Type	Method	Description
`protected PKIXX509CredentialTrustEngine`	`doCreateInstance()`
`protected List<X509Certificate>`	`getCertificates()`	Get the configured certificates.
`protected List<X509CRL>`	`getCRLs()`	Get the configured CRL list.
`Class<?>`	`getObjectType()`
`void`	`setCertificates(List<Resource> certs)`	Set the resources which we will convert into certificates.
`void`	`setCheckNames(boolean flag)`	Set whether the perform name checking in the PKIX layer.
`void`	`setCredentialNameEvaluator(X509CredentialNameEvaluator evaluator)`	Set the custom instance of `X509CredentialNameEvaluator` to use.
`void`	`setCRLs(List<Resource> crls)`	Set the resources which we will convert into CRLs.
`void`	`setTrustedNames(Collection<String> names)`	Set explicitly trusted names to match against credential.
`void`	`setTrustEvaluator(PKIXTrustEvaluator evaluator)`	Set the custom instance of `PKIXTrustEvaluator` to use.
`void`	`setVerifyDepth(int depth)`	Set the verify depth.
`protected void`	`validateConfiguration(PKIXTrustEvaluator pkixTrustEvaluator)`	Validate the configuration of the effective `PKIXTrustEvaluator`.

Methods inherited from class net.shibboleth.ext.spring.factory.AbstractComponentAwareFactoryBean

createInstance, destroyInstance

Methods inherited from class org.springframework.beans.factory.config.AbstractFactoryBean

afterPropertiesSet, destroy, getBeanFactory, getBeanTypeConverter, getEarlySingletonInterfaces, getObject, isSingleton, setBeanClassLoader, setBeanFactory, setSingleton

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details
- log
  
  @Nonnull private org.slf4j.Logger log
  
  log.
- certificateResources
  
  @Nullable private List<Resource> certificateResources
  
  Certificate resources.
- crlResources
  
  @Nullable private List<Resource> crlResources
  
  CRL resources.
- verifyDepth
  
  @Nullable private Integer verifyDepth
  
  Verification depth.
- trustedNames
  
  @Nullable private Set<String> trustedNames
  
  Explicit subject name(s) to match.
- checkNames
  
  private boolean checkNames
  
  Whether to enable name checking. If true a default implementation will be used. See also: credentialNameEvaluator.
- trustEvaluator
  
  private PKIXTrustEvaluator trustEvaluator
  
  Custom instance of PKIXTrustEvaluator to use.
- credentialNameEvaluator
  
  private X509CredentialNameEvaluator credentialNameEvaluator
  
  Custom instance of X509CredentialNameEvaluator to use. A non-null value overrides checkNames.
Constructor Details
- StaticPKIXFactoryBean
  
  public StaticPKIXFactoryBean()
  
  Constructor.
Method Details
- getObjectType
  
  public Class<?> getObjectType()
  
  Specified by:
  
  getObjectType in interface FactoryBean<PKIXX509CredentialTrustEngine>
  
  Specified by:
  
  getObjectType in class AbstractFactoryBean<PKIXX509CredentialTrustEngine>
- setCertificates
  
  public void setCertificates(@Nullable List<Resource> certs)
  
  Set the resources which we will convert into certificates.
  
  Parameters:
  
  certs - the resources
- setCRLs
  
  public void setCRLs(@Nullable List<Resource> crls)
  
  Set the resources which we will convert into CRLs.
  
  Parameters:
  
  crls - the resources
- setVerifyDepth
  
  public void setVerifyDepth(int depth)
  
  Set the verify depth.
  
  Parameters:
  
  depth - value to set
- setCheckNames
  
  public void setCheckNames(boolean flag)
  
  Set whether the perform name checking in the PKIX layer.
  Defaults to "true", should generally be disabled when used with an HTTP client that is already checking names.
  
  If true a default implementation will be used unless a specific name evaluator impl has been supplied. See also: setCredentialNameEvaluator(X509CredentialNameEvaluator).
  
  Parameters:
  
  flag - flag to set
  
  Since:
  
  3.4.0
- setTrustedNames
  
  public void setTrustedNames(@Nullable @NonnullElements Collection<String> names)
  
  Set explicitly trusted names to match against credential.
  
  Parameters:
  
  names - explicitly trusted names
  
  Since:
  
  3.4.0
- setTrustEvaluator
  
  public void setTrustEvaluator(@Nullable PKIXTrustEvaluator evaluator)
  
  Set the custom instance of PKIXTrustEvaluator to use.
  
  Parameters:
  
  evaluator - The trustEvaluator to set.
- setCredentialNameEvaluator
  
  public void setCredentialNameEvaluator(@Nullable X509CredentialNameEvaluator evaluator)
  
  Set the custom instance of X509CredentialNameEvaluator to use.
  A non-null value overrides setCheckNames(boolean).
  
  Parameters:
  
  evaluator - The credentialNameEvaluator to set.
- getCertificates
  
  @Nonnull @NonnullElements protected List<X509Certificate> getCertificates()
  
  Get the configured certificates.
  
  Returns:
  
  the certificates
- getCRLs
  
  @Nonnull @NonnullElements protected List<X509CRL> getCRLs()
  
  Get the configured CRL list.
  
  Returns:
  
  the crls
- doCreateInstance
  
  protected PKIXX509CredentialTrustEngine doCreateInstance() throws Exception
  
  Specified by:
  
  doCreateInstance in class AbstractComponentAwareFactoryBean<PKIXX509CredentialTrustEngine>
  
  Throws:
  
  Exception
- validateConfiguration
  
  protected void validateConfiguration(@Nonnull PKIXTrustEvaluator pkixTrustEvaluator) throws Exception
  
  Validate the configuration of the effective PKIXTrustEvaluator.
  
  Parameters:
  
  pkixTrustEvaluator - the instance whose configuration is to be evaluated
  
  Throws:
  
  Exception - if configuration issues are encountered

Class StaticPKIXFactoryBean

Field Summary

Fields inherited from class org.springframework.beans.factory.config.AbstractFactoryBean

Fields inherited from interface org.springframework.beans.factory.FactoryBean

Constructor Summary

Method Summary

Methods inherited from class net.shibboleth.ext.spring.factory.AbstractComponentAwareFactoryBean

Methods inherited from class org.springframework.beans.factory.config.AbstractFactoryBean

Methods inherited from class java.lang.Object

Field Details

log

certificateResources

crlResources

verifyDepth

trustedNames

checkNames

trustEvaluator

credentialNameEvaluator

Constructor Details

StaticPKIXFactoryBean

Method Details

getObjectType

setCertificates

setCRLs

setVerifyDepth

setCheckNames

setTrustedNames

setTrustEvaluator

setCredentialNameEvaluator

getCertificates

getCRLs

doCreateInstance

validateConfiguration