1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.opensaml.xml.security.credential.criteria;
18
19 import java.security.cert.X509CertSelector;
20 import java.security.cert.X509Certificate;
21
22 import org.opensaml.xml.security.credential.Credential;
23 import org.opensaml.xml.security.x509.X509Credential;
24 import org.slf4j.Logger;
25 import org.slf4j.LoggerFactory;
26
27
28
29
30
31
32 public class EvaluableX509CertSelectorCredentialCriteria implements EvaluableCredentialCriteria {
33
34
35 private final Logger log = LoggerFactory.getLogger(EvaluableX509CertSelectorCredentialCriteria.class);
36
37
38 private X509CertSelector certSelector;
39
40
41
42
43
44
45 public EvaluableX509CertSelectorCredentialCriteria(X509CertSelector newSelector) {
46 if (newSelector == null) {
47 throw new IllegalArgumentException("X509 cert selector may not be null");
48 }
49 certSelector = newSelector;
50 }
51
52
53 public Boolean evaluate(Credential target) {
54 if (target == null) {
55 log.error("Credential target was null");
56 return null;
57 }
58 if (!(target instanceof X509Credential)) {
59 log.info("Credential is not an X509Credential, can not evaluate X509CertSelector criteria");
60 return Boolean.FALSE;
61 }
62 X509Credential x509Cred = (X509Credential) target;
63
64 X509Certificate entityCert = x509Cred.getEntityCertificate();
65 if (entityCert == null) {
66 log.info("X509Credential did not contain an entity certificate, can not evaluate X509CertSelector criteria");
67 return Boolean.FALSE;
68 }
69
70 Boolean result = certSelector.match(entityCert);
71 return result;
72 }
73
74 }