Class StaticPKIXFactoryBean
- java.lang.Object
-
- org.springframework.beans.factory.config.AbstractFactoryBean<T>
-
- net.shibboleth.ext.spring.factory.AbstractComponentAwareFactoryBean<PKIXX509CredentialTrustEngine>
-
- net.shibboleth.idp.profile.spring.factory.StaticPKIXFactoryBean
-
- All Implemented Interfaces:
Aware
,BeanClassLoaderAware
,BeanFactoryAware
,DisposableBean
,FactoryBean<PKIXX509CredentialTrustEngine>
,InitializingBean
public class StaticPKIXFactoryBean extends AbstractComponentAwareFactoryBean<PKIXX509CredentialTrustEngine>
File system specific bean for PKIXX509CredentialTrustEngine.- Since:
- 3.3.0
-
-
Field Summary
Fields Modifier and Type Field Description private List<Resource>
certificateResources
Certificate resources.private boolean
checkNames
Whether to enable name checking.private X509CredentialNameEvaluator
credentialNameEvaluator
Custom instance ofX509CredentialNameEvaluator
to use.private List<Resource>
crlResources
CRL resources.private org.slf4j.Logger
log
log.private Set<String>
trustedNames
Explicit subject name(s) to match.private PKIXTrustEvaluator
trustEvaluator
Custom instance ofPKIXTrustEvaluator
to use.private Integer
verifyDepth
Verification depth.-
Fields inherited from class org.springframework.beans.factory.config.AbstractFactoryBean
logger
-
Fields inherited from interface org.springframework.beans.factory.FactoryBean
OBJECT_TYPE_ATTRIBUTE
-
-
Constructor Summary
Constructors Constructor Description StaticPKIXFactoryBean()
Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected PKIXX509CredentialTrustEngine
doCreateInstance()
protected List<X509Certificate>
getCertificates()
Get the configured certificates.protected List<X509CRL>
getCRLs()
Get the configured CRL list.Class<?>
getObjectType()
void
setCertificates(List<Resource> certs)
Set the resources which we will convert into certificates.void
setCheckNames(boolean flag)
Set whether the perform name checking in the PKIX layer.void
setCredentialNameEvaluator(X509CredentialNameEvaluator evaluator)
Set the custom instance ofX509CredentialNameEvaluator
to use.void
setCRLs(List<Resource> crls)
Set the resources which we will convert into CRLs.void
setTrustedNames(Collection<String> names)
Set explicitly trusted names to match against credential.void
setTrustEvaluator(PKIXTrustEvaluator evaluator)
Set the custom instance ofPKIXTrustEvaluator
to use.void
setVerifyDepth(int depth)
Set the verify depth.protected void
validateConfiguration(PKIXTrustEvaluator pkixTrustEvaluator)
Validate the configuration of the effectivePKIXTrustEvaluator
.-
Methods inherited from class net.shibboleth.ext.spring.factory.AbstractComponentAwareFactoryBean
createInstance, destroyInstance
-
Methods inherited from class org.springframework.beans.factory.config.AbstractFactoryBean
afterPropertiesSet, destroy, getBeanFactory, getBeanTypeConverter, getEarlySingletonInterfaces, getObject, isSingleton, setBeanClassLoader, setBeanFactory, setSingleton
-
-
-
-
Field Detail
-
log
@Nonnull private org.slf4j.Logger log
log.
-
verifyDepth
@Nullable private Integer verifyDepth
Verification depth.
-
checkNames
private boolean checkNames
Whether to enable name checking. If true a default implementation will be used. See also:credentialNameEvaluator
.
-
trustEvaluator
private PKIXTrustEvaluator trustEvaluator
Custom instance ofPKIXTrustEvaluator
to use.
-
credentialNameEvaluator
private X509CredentialNameEvaluator credentialNameEvaluator
Custom instance ofX509CredentialNameEvaluator
to use. A non-null value overridescheckNames
.
-
-
Method Detail
-
getObjectType
public Class<?> getObjectType()
- Specified by:
getObjectType
in interfaceFactoryBean<PKIXX509CredentialTrustEngine>
- Specified by:
getObjectType
in classAbstractFactoryBean<PKIXX509CredentialTrustEngine>
-
setCertificates
public void setCertificates(@Nullable List<Resource> certs)
Set the resources which we will convert into certificates.- Parameters:
certs
- the resources
-
setCRLs
public void setCRLs(@Nullable List<Resource> crls)
Set the resources which we will convert into CRLs.- Parameters:
crls
- the resources
-
setVerifyDepth
public void setVerifyDepth(int depth)
Set the verify depth.- Parameters:
depth
- value to set
-
setCheckNames
public void setCheckNames(boolean flag)
Set whether the perform name checking in the PKIX layer.Defaults to "true", should generally be disabled when used with an HTTP client that is already checking names.
If true a default implementation will be used unless a specific name evaluator impl has been supplied. See also:
setCredentialNameEvaluator(X509CredentialNameEvaluator)
.- Parameters:
flag
- flag to set- Since:
- 3.4.0
-
setTrustedNames
public void setTrustedNames(@Nullable @NonnullElements Collection<String> names)
Set explicitly trusted names to match against credential.- Parameters:
names
- explicitly trusted names- Since:
- 3.4.0
-
setTrustEvaluator
public void setTrustEvaluator(@Nullable PKIXTrustEvaluator evaluator)
Set the custom instance ofPKIXTrustEvaluator
to use.- Parameters:
evaluator
- The trustEvaluator to set.
-
setCredentialNameEvaluator
public void setCredentialNameEvaluator(@Nullable X509CredentialNameEvaluator evaluator)
Set the custom instance ofX509CredentialNameEvaluator
to use.A non-null value overrides
setCheckNames(boolean)
.- Parameters:
evaluator
- The credentialNameEvaluator to set.
-
getCertificates
@Nonnull @NonnullElements protected List<X509Certificate> getCertificates()
Get the configured certificates.- Returns:
- the certificates
-
getCRLs
@Nonnull @NonnullElements protected List<X509CRL> getCRLs()
Get the configured CRL list.- Returns:
- the crls
-
doCreateInstance
protected PKIXX509CredentialTrustEngine doCreateInstance() throws Exception
- Specified by:
doCreateInstance
in classAbstractComponentAwareFactoryBean<PKIXX509CredentialTrustEngine>
- Throws:
Exception
-
validateConfiguration
protected void validateConfiguration(@Nonnull PKIXTrustEvaluator pkixTrustEvaluator) throws Exception
Validate the configuration of the effectivePKIXTrustEvaluator
.- Parameters:
pkixTrustEvaluator
- the instance whose configuration is to be evaluated- Throws:
Exception
- if configuration issues are encountered
-
-