1 /*
2 * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 package org.opensaml.ws.security.provider;
18
19 import java.util.LinkedHashSet;
20
21 import javax.security.auth.x500.X500Principal;
22
23 import org.opensaml.xml.security.x509.InternalX500DNHandler;
24 import org.opensaml.xml.security.x509.X500DNHandler;
25
26 /**
27 * Options for deriving message context issuer names from an X.509 certificate. Used by {@link ClientCertAuthRule}.
28 */
29 public class CertificateNameOptions implements Cloneable {
30
31 /** Evaluate the certificate subject DN as a derived issuer entity ID. */
32 private boolean evaluateSubjectDN;
33
34 /** Evaluate the certificate subject DN's common name (CN) as a derived issuer entity ID. */
35 private boolean evaluateSubjectCommonName;
36
37 /** The set of types of subject alternative names evaluate as derived issuer entity ID names. */
38 private LinkedHashSet<Integer> subjectAltNames;
39
40 /**
41 * Responsible for serializing X.500 names to strings from certificate-derived {@link X500Principal} instances.
42 */
43 private X500DNHandler x500DNHandler;
44
45 /** The format specifier for serializaing X.500 subject names to strings. */
46 private String x500SubjectDNFormat;
47
48 /** Constructor. */
49 public CertificateNameOptions() {
50 subjectAltNames = new LinkedHashSet<Integer>();
51 x500DNHandler = new InternalX500DNHandler();
52 x500SubjectDNFormat = X500DNHandler.FORMAT_RFC2253;
53 }
54
55 /**
56 * Get whether to evaluate the certificate subject DN's common name (CN) as a derived issuer entity ID.
57 *
58 * @return Returns the evaluateSubjectCommonName.
59 */
60 public boolean evaluateSubjectCommonName() {
61 return evaluateSubjectCommonName;
62 }
63
64 /**
65 * Set whether to evaluate the certificate subject DN's common name (CN) as a derived issuer entity ID.
66 *
67 * @param flag new new evaluateSubjectCommonName value.
68 */
69 public void setEvaluateSubjectCommonName(boolean flag) {
70 evaluateSubjectCommonName = flag;
71 }
72
73 /**
74 * Get whether to evaluate the certificate subject DN as a derived issuer entity ID.
75 *
76 * @return Returns the evaluateSubjectDN.
77 */
78 public boolean evaluateSubjectDN() {
79 return evaluateSubjectDN;
80 }
81
82 /**
83 * Set whether to evaluate the certificate subject DN as a derived issuer entity ID.
84 *
85 * @param flag the new evaluateSubjectDN value.
86 */
87 public void setEvaluateSubjectDN(boolean flag) {
88 evaluateSubjectDN = flag;
89 }
90
91 /**
92 * Get the set of types of subject alternative names evaluate as derived issuer entity ID names.
93 *
94 * @return Returns the subjectAltNames.
95 */
96 public LinkedHashSet<Integer> getSubjectAltNames() {
97 return subjectAltNames;
98 }
99
100 /**
101 * Get the handler responsible for serializing X.500 names to strings from certificate-derived
102 * {@link X500Principal} instances.
103 *
104 * @return Returns the x500DNHandler.
105 */
106 public X500DNHandler getX500DNHandler() {
107 return x500DNHandler;
108 }
109
110 /**
111 * Set the handler responsible for serializing X.500 names to strings from certificate-derived
112 * {@link X500Principal} instances.
113 *
114 * @param handler the new x500DNHandler value.
115 */
116 public void setX500DNHandler(X500DNHandler handler) {
117 if (handler == null) {
118 throw new IllegalArgumentException("X500DNHandler may not be null");
119 }
120 x500DNHandler = handler;
121 }
122
123 /**
124 * Get the the format specifier for serializaing X.500 subject names to strings.
125 *
126 * @return Returns the x500SubjectDNFormat.
127 */
128 public String getX500SubjectDNFormat() {
129 return x500SubjectDNFormat;
130 }
131
132 /**
133 * Set the the format specifier for serializaing X.500 subject names to strings.
134 *
135 * @param format the new x500SubjectDNFormat value.
136 */
137 public void setX500SubjectDNFormat(String format) {
138 x500SubjectDNFormat = format;
139 }
140
141 /** {@inheritDoc} */
142 public CertificateNameOptions clone() {
143 CertificateNameOptions clonedOptions;
144 try {
145 clonedOptions = (CertificateNameOptions) super.clone();
146 } catch (CloneNotSupportedException e) {
147 // we know we're cloneable, so this will never happen
148 return null;
149 }
150
151 clonedOptions.subjectAltNames = new LinkedHashSet<Integer>();
152 clonedOptions.subjectAltNames.addAll(this.subjectAltNames);
153
154 clonedOptions.x500DNHandler = this.x500DNHandler.clone();
155
156 return clonedOptions;
157 }
158
159 }
160