Class StaticPKIXFactoryBean
- java.lang.Object
-
- org.springframework.beans.factory.config.AbstractFactoryBean<T>
-
- net.shibboleth.ext.spring.factory.AbstractComponentAwareFactoryBean<PKIXX509CredentialTrustEngine>
-
- net.shibboleth.idp.profile.spring.factory.StaticPKIXFactoryBean
-
- All Implemented Interfaces:
Aware,BeanClassLoaderAware,BeanFactoryAware,DisposableBean,FactoryBean<PKIXX509CredentialTrustEngine>,InitializingBean
public class StaticPKIXFactoryBean extends AbstractComponentAwareFactoryBean<PKIXX509CredentialTrustEngine>
File system specific bean for PKIXX509CredentialTrustEngine.- Since:
- 3.3.0
-
-
Field Summary
Fields Modifier and Type Field Description private List<Resource>certificateResourcesCertificate resources.private booleancheckNamesWhether to enable name checking.private X509CredentialNameEvaluatorcredentialNameEvaluatorCustom instance ofX509CredentialNameEvaluatorto use.private List<Resource>crlResourcesCRL resources.private org.slf4j.Loggerloglog.private Set<String>trustedNamesExplicit subject name(s) to match.private PKIXTrustEvaluatortrustEvaluatorCustom instance ofPKIXTrustEvaluatorto use.private IntegerverifyDepthVerification depth.-
Fields inherited from class org.springframework.beans.factory.config.AbstractFactoryBean
logger
-
Fields inherited from interface org.springframework.beans.factory.FactoryBean
OBJECT_TYPE_ATTRIBUTE
-
-
Constructor Summary
Constructors Constructor Description StaticPKIXFactoryBean()Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected PKIXX509CredentialTrustEnginedoCreateInstance()protected List<X509Certificate>getCertificates()Get the configured certificates.protected List<X509CRL>getCRLs()Get the configured CRL list.Class<?>getObjectType()voidsetCertificates(List<Resource> certs)Set the resources which we will convert into certificates.voidsetCheckNames(boolean flag)Set whether the perform name checking in the PKIX layer.voidsetCredentialNameEvaluator(X509CredentialNameEvaluator evaluator)Set the custom instance ofX509CredentialNameEvaluatorto use.voidsetCRLs(List<Resource> crls)Set the resources which we will convert into CRLs.voidsetTrustedNames(Collection<String> names)Set explicitly trusted names to match against credential.voidsetTrustEvaluator(PKIXTrustEvaluator evaluator)Set the custom instance ofPKIXTrustEvaluatorto use.voidsetVerifyDepth(int depth)Set the verify depth.protected voidvalidateConfiguration(PKIXTrustEvaluator pkixTrustEvaluator)Validate the configuration of the effectivePKIXTrustEvaluator.-
Methods inherited from class net.shibboleth.ext.spring.factory.AbstractComponentAwareFactoryBean
createInstance, destroyInstance
-
Methods inherited from class org.springframework.beans.factory.config.AbstractFactoryBean
afterPropertiesSet, destroy, getBeanFactory, getBeanTypeConverter, getEarlySingletonInterfaces, getObject, isSingleton, setBeanClassLoader, setBeanFactory, setSingleton
-
-
-
-
Field Detail
-
log
@Nonnull private org.slf4j.Logger log
log.
-
verifyDepth
@Nullable private Integer verifyDepth
Verification depth.
-
checkNames
private boolean checkNames
Whether to enable name checking. If true a default implementation will be used. See also:credentialNameEvaluator.
-
trustEvaluator
private PKIXTrustEvaluator trustEvaluator
Custom instance ofPKIXTrustEvaluatorto use.
-
credentialNameEvaluator
private X509CredentialNameEvaluator credentialNameEvaluator
Custom instance ofX509CredentialNameEvaluatorto use. A non-null value overridescheckNames.
-
-
Method Detail
-
getObjectType
public Class<?> getObjectType()
- Specified by:
getObjectTypein interfaceFactoryBean<PKIXX509CredentialTrustEngine>- Specified by:
getObjectTypein classAbstractFactoryBean<PKIXX509CredentialTrustEngine>
-
setCertificates
public void setCertificates(@Nullable List<Resource> certs)Set the resources which we will convert into certificates.- Parameters:
certs- the resources
-
setCRLs
public void setCRLs(@Nullable List<Resource> crls)Set the resources which we will convert into CRLs.- Parameters:
crls- the resources
-
setVerifyDepth
public void setVerifyDepth(int depth)
Set the verify depth.- Parameters:
depth- value to set
-
setCheckNames
public void setCheckNames(boolean flag)
Set whether the perform name checking in the PKIX layer.Defaults to "true", should generally be disabled when used with an HTTP client that is already checking names.
If true a default implementation will be used unless a specific name evaluator impl has been supplied. See also:
setCredentialNameEvaluator(X509CredentialNameEvaluator).- Parameters:
flag- flag to set- Since:
- 3.4.0
-
setTrustedNames
public void setTrustedNames(@Nullable @NonnullElements Collection<String> names)
Set explicitly trusted names to match against credential.- Parameters:
names- explicitly trusted names- Since:
- 3.4.0
-
setTrustEvaluator
public void setTrustEvaluator(@Nullable PKIXTrustEvaluator evaluator)Set the custom instance ofPKIXTrustEvaluatorto use.- Parameters:
evaluator- The trustEvaluator to set.
-
setCredentialNameEvaluator
public void setCredentialNameEvaluator(@Nullable X509CredentialNameEvaluator evaluator)Set the custom instance ofX509CredentialNameEvaluatorto use.A non-null value overrides
setCheckNames(boolean).- Parameters:
evaluator- The credentialNameEvaluator to set.
-
getCertificates
@Nonnull @NonnullElements protected List<X509Certificate> getCertificates()
Get the configured certificates.- Returns:
- the certificates
-
getCRLs
@Nonnull @NonnullElements protected List<X509CRL> getCRLs()
Get the configured CRL list.- Returns:
- the crls
-
doCreateInstance
protected PKIXX509CredentialTrustEngine doCreateInstance() throws Exception
- Specified by:
doCreateInstancein classAbstractComponentAwareFactoryBean<PKIXX509CredentialTrustEngine>- Throws:
Exception
-
validateConfiguration
protected void validateConfiguration(@Nonnull PKIXTrustEvaluator pkixTrustEvaluator) throws ExceptionValidate the configuration of the effectivePKIXTrustEvaluator.- Parameters:
pkixTrustEvaluator- the instance whose configuration is to be evaluated- Throws:
Exception- if configuration issues are encountered
-
-