X509RSAOpenSSLBlacklistValidator (Shibboleth Metadata Aggregator

java.lang.Object
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
- - net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
  - - net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent
    - - net.shibboleth.metadata.validate.BaseValidator
      - net.shibboleth.metadata.validate.x509.AbstractX509Validator
        
        net.shibboleth.metadata.validate.x509.X509RSAOpenSSLBlacklistValidator

All Implemented Interfaces:

Validator<X509Certificate>, net.shibboleth.utilities.java.support.component.Component, net.shibboleth.utilities.java.support.component.DestructableComponent, net.shibboleth.utilities.java.support.component.IdentifiableComponent, net.shibboleth.utilities.java.support.component.IdentifiedComponent, net.shibboleth.utilities.java.support.component.InitializableComponent
```
@ThreadSafe
public class X509RSAOpenSSLBlacklistValidator
extends AbstractX509Validator
```
Validator class to check RSA moduli in X.509 certificates against a OpenSSL-format blacklist. Appropriate blacklists are available as part of the Debian 7.x openssl-blacklist and openssl-blacklist-extra packages.

Nested Class Summary
- Nested classes/interfaces inherited from interface net.shibboleth.metadata.validate.Validator
  Validator.Action

Field Summary

Fields
Modifier and Type	Field and Description
`private Set<String>`	`blacklistedValues` Set of digest values blacklisted by this validator.
`private Resource`	`blacklistResource` Resource that provides the blacklist.
`private int`	`keySize` Restrict checking to a given key size.
`private byte[]`	`openSSLprefix` Sequence of bytes put on the front of the string to be hashed.

Constructor Summary

Constructors
Constructor and Description

X509RSAOpenSSLBlacklistValidator()
Constructor.

Constructors
Constructor and Description
`X509RSAOpenSSLBlacklistValidator()` Constructor.

Method Summary

Methods
Modifier and Type	Method and Description
`protected void`	`doDestroy()`
`protected void`	`doInitialize()`
`void`	`doValidate(X509Certificate cert, Item<?> item, String stageId)` Apply the validator to the object in the given `Item` context.
`Resource`	`getBlacklistResource()` Gets the resource that provides the blacklist.
`int`	`getKeySize()` Gets the key size restriction for this blacklist.
`private String`	`openSSLDigest(BigInteger modulus)` Computes the OpenSSL digest value for the given modulus.
`void`	`setBlacklistResource(Resource resource)` Sets the resource that provides the blacklist.
`void`	`setKeySize(int size)` Sets a key size restriction for this blacklist.

Methods inherited from class net.shibboleth.metadata.validate.x509.AbstractX509Validator
validate

Methods inherited from class net.shibboleth.metadata.validate.BaseValidator
addError, addStatus, addWarning

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent
setId

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
getId

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.DestructableComponent
destroy, isDestroyed

Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiableComponent
setId

Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiedComponent
getId

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized

- Field Detail
  - openSSLprefix
```
private final byte[] openSSLprefix
```
    Sequence of bytes put on the front of the string to be hashed.
  - blacklistResource
```
private Resource blacklistResource
```
    Resource that provides the blacklist.
  - keySize
```
private int keySize
```
    Restrict checking to a given key size. Default: no restriction (0).
  - blacklistedValues
```
private final Set<String> blacklistedValues
```
    Set of digest values blacklisted by this validator.
- Constructor Detail
  - X509RSAOpenSSLBlacklistValidator
```
public X509RSAOpenSSLBlacklistValidator()
```
    Constructor.
- Method Detail
  - getBlacklistResource
```
@Nullable
public Resource getBlacklistResource()
```
    Gets the resource that provides the blacklist.
    
    Returns:
    resource that provides the blacklist
  - setBlacklistResource
```
public void setBlacklistResource(@Nonnull
                        Resource resource)
```
    Sets the resource that provides the blacklist.
    
    Parameters:
    resource - resource that provides the blacklist
  - setKeySize
```
public void setKeySize(int size)
```
    Sets a key size restriction for this blacklist.
    
    Parameters:
    size - restricted key size, or 0 for no restriction
  - getKeySize
```
public int getKeySize()
```
    Gets the key size restriction for this blacklist.
    
    Returns:
    restricted key size for this blacklist, or 0 if no restriction
  - openSSLDigest
```
@Nonnull
private String openSSLDigest(@Nonnull
                           BigInteger modulus)
                      throws StageProcessingException
```
    Computes the OpenSSL digest value for the given modulus.
    
    Parameters:
    modulus - RSA public modulus to be digested
    
    Returns:
    value to be compared against the blacklist
    
    Throws:
    
    StageProcessingException - if SHA1 digester can not be acquired, or for internal errors related to ByteArrayOutputStream
  - doValidate
```
public void doValidate(@Nonnull
              X509Certificate cert,
              @Nonnull
              Item<?> item,
              @Nonnull
              String stageId)
                throws StageProcessingException
```
    Apply the validator to the object in the given Item context. The validator influences future processing by adding item metadata to the Item.
    
    Specified by:
    
    doValidate in class AbstractX509Validator
    
    Parameters:
    cert - the certificate to be validated
    item - the Item context for the validation
    stageId - the identifier for the stage that is requesting the validation, for inclusion in status metadata
    
    Throws:
    
    StageProcessingException - if an error occurs during validation
  - doDestroy
```
protected void doDestroy()
```
    Overrides:
    
    doDestroy in class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
  - doInitialize
```
protected void doInitialize()
                     throws net.shibboleth.utilities.java.support.component.ComponentInitializationException
```
    Overrides:
    
    doInitialize in class net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
    
    Throws:
    
    net.shibboleth.utilities.java.support.component.ComponentInitializationException

Class X509RSAOpenSSLBlacklistValidator

Nested Class Summary

Nested classes/interfaces inherited from interface net.shibboleth.metadata.validate.Validator

Field Summary

Constructor Summary

Method Summary

Methods inherited from class net.shibboleth.metadata.validate.x509.AbstractX509Validator

Methods inherited from class net.shibboleth.metadata.validate.BaseValidator

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

Methods inherited from class java.lang.Object

Methods inherited from interface net.shibboleth.utilities.java.support.component.DestructableComponent

Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiableComponent

Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiedComponent

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

Field Detail

openSSLprefix

blacklistResource

keySize

blacklistedValues

Constructor Detail

X509RSAOpenSSLBlacklistValidator

Method Detail

getBlacklistResource

setBlacklistResource

setKeySize

getKeySize

openSSLDigest

doValidate

doDestroy

doInitialize