1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.opensaml.xml.security.credential.criteria;
18
19 import java.security.cert.X509Certificate;
20
21 import javax.security.auth.x500.X500Principal;
22
23 import org.opensaml.xml.security.credential.Credential;
24 import org.opensaml.xml.security.x509.X509Credential;
25 import org.opensaml.xml.security.x509.X509SubjectNameCriteria;
26 import org.slf4j.Logger;
27 import org.slf4j.LoggerFactory;
28
29
30
31
32
33 public class EvaluableX509SubjectNameCredentialCriteria implements EvaluableCredentialCriteria {
34
35
36 private final Logger log = LoggerFactory.getLogger(EvaluableX509SubjectNameCredentialCriteria.class);
37
38
39 private X500Principal subjectName;
40
41
42
43
44
45
46 public EvaluableX509SubjectNameCredentialCriteria(X509SubjectNameCriteria criteria) {
47 if (criteria == null) {
48 throw new NullPointerException("Criteria instance may not be null");
49 }
50 subjectName = criteria.getSubjectName();
51 }
52
53
54
55
56
57
58 public EvaluableX509SubjectNameCredentialCriteria(X500Principal newSubjectName) {
59 if (newSubjectName == null) {
60 throw new IllegalArgumentException("Subject name may not be null");
61 }
62 subjectName = newSubjectName;
63 }
64
65
66 public Boolean evaluate(Credential target) {
67 if (target == null) {
68 log.error("Credential target was null");
69 return null;
70 }
71 if (!(target instanceof X509Credential)) {
72 log.info("Credential is not an X509Credential, does not satisfy subject name criteria");
73 return Boolean.FALSE;
74 }
75 X509Credential x509Cred = (X509Credential) target;
76
77 X509Certificate entityCert = x509Cred.getEntityCertificate();
78 if (entityCert == null) {
79 log.info("X509Credential did not contain an entity certificate, does not satisfy criteria");
80 return Boolean.FALSE;
81 }
82
83 Boolean result = entityCert.getSubjectX500Principal().equals(subjectName);
84 return result;
85 }
86
87 }