Messed up cast.
[java-idp.git] / src / edu / internet2 / middleware / shibboleth / common / provider / ShibbolethTrust.java
index 4056fa4..f0175e2 100644 (file)
@@ -50,6 +50,7 @@ import org.apache.xml.security.keys.content.KeyName;
 import org.apache.xml.security.keys.content.X509Data;
 import org.apache.xml.security.keys.content.x509.XMLX509CRL;
 import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
+import org.apache.xmlbeans.XmlException;
 import org.bouncycastle.asn1.ASN1InputStream;
 import org.bouncycastle.asn1.DERObject;
 import org.bouncycastle.asn1.DERObjectIdentifier;
@@ -58,7 +59,10 @@ import org.bouncycastle.asn1.DERSet;
 import org.bouncycastle.asn1.DERString;
 import org.opensaml.SAMLException;
 import org.opensaml.SAMLSignedObject;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
 
+import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
 import edu.internet2.middleware.shibboleth.common.Trust;
 import edu.internet2.middleware.shibboleth.metadata.EntitiesDescriptor;
 import edu.internet2.middleware.shibboleth.metadata.EntityDescriptor;
@@ -67,6 +71,7 @@ import edu.internet2.middleware.shibboleth.metadata.ExtendedEntityDescriptor;
 import edu.internet2.middleware.shibboleth.metadata.KeyAuthority;
 import edu.internet2.middleware.shibboleth.metadata.KeyDescriptor;
 import edu.internet2.middleware.shibboleth.metadata.RoleDescriptor;
+import edu.internet2.middleware.shibboleth.serviceprovider.PluggableConfigurationComponent;
 
 /**
  * <code>Trust</code> implementation that does PKIX validation against key authorities included in shibboleth-specific
@@ -74,7 +79,7 @@ import edu.internet2.middleware.shibboleth.metadata.RoleDescriptor;
  * 
  * @author Walter Hoehn
  */
-public class ShibbolethTrust extends BasicTrust implements Trust {
+public class ShibbolethTrust extends BasicTrust implements Trust, PluggableConfigurationComponent {
 
        private static Logger log = Logger.getLogger(ShibbolethTrust.class.getName());
        private static final String CN_OID = "2.5.4.3";
@@ -362,6 +367,30 @@ public class ShibbolethTrust extends BasicTrust implements Trust {
                return false;
        }
 
+       public static String[] getCredentialNames(X509Certificate certificate) {
+               ArrayList names = new ArrayList();
+               names.add(certificate.getSubjectX500Principal().getName(X500Principal.RFC2253));
+               try {
+                       Collection altNames = certificate.getSubjectAlternativeNames();
+                       if (altNames != null) {
+                               for (Iterator nameIterator = altNames.iterator(); nameIterator.hasNext();) {
+                                       List altName = (List) nameIterator.next();
+                                       if (altName.get(0).equals(new Integer(2))) { // 2 is DNS
+                                               names.add(altName.get(1));
+                                       }
+                                       else if (altName.get(0).equals(new Integer(6))) { // 6 is URI
+                                               names.add(altName.get(1));
+                                       }
+                               }
+                       }
+               } catch (CertificateParsingException e1) {
+                       log.error("Encountered an problem trying to extract Subject Alternate "
+                                       + "Name from supplied certificate: " + e1);
+               }
+               names.add(getHostNameFromDN(certificate.getSubjectX500Principal()));
+               return (String[]) names.toArray(new String[1]);
+       }
+       
        private static boolean matchProviderId(X509Certificate certificate, String id) {
 
                // Try matching against URI Subject Alt Names
@@ -371,7 +400,7 @@ public class ShibbolethTrust extends BasicTrust implements Trust {
                                for (Iterator nameIterator = altNames.iterator(); nameIterator.hasNext();) {
                                        List altName = (List) nameIterator.next();
                                        if (altName.get(0).equals(new Integer(6))) { // 6 is URI
-                                               if (altName.get(0).equals(id)) {
+                                               if (altName.get(1).equals(id)) {
                                                        log.debug("Entity ID matched against SubjectAltName.");
                                                        return true;
                                                }
@@ -442,4 +471,12 @@ public class ShibbolethTrust extends BasicTrust implements Trust {
                }
        }
 
+       public void initialize(Node dom) throws XmlException, ShibbolethConfigurationException {
+               
+       }
+
+       public void initialize(Element dom) throws SAMLException, XmlException, ShibbolethConfigurationException {
+               
+       }
+
 }
\ No newline at end of file