in services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java [169:225]
private FedizContext getFedizContext(Idp idpConfig,
TrustedIdp trustedIdpConfig) throws ProcessingException {
ContextConfig config = new ContextConfig();
config.setName("whatever");
// Configure certificate store
String certificate = trustedIdpConfig.getCertificate();
boolean isCertificateLocation = !certificate.startsWith("-----BEGIN CERTIFICATE");
if (isCertificateLocation) {
CertificateStores certStores = new CertificateStores();
TrustManagersType tm0 = new TrustManagersType();
KeyStoreType ks0 = new KeyStoreType();
ks0.setType("PEM");
// ks0.setType("JKS");
// ks0.setPassword("changeit");
ks0.setFile(trustedIdpConfig.getCertificate());
tm0.setKeyStore(ks0);
certStores.getTrustManager().add(tm0);
config.setCertificateStores(certStores);
}
// Configure trusted IDP
TrustedIssuers trustedIssuers = new TrustedIssuers();
TrustedIssuerType ti0 = new TrustedIssuerType();
ti0.setCertificateValidation(ValidationType.PEER_TRUST);
ti0.setName(trustedIdpConfig.getName());
// ti0.setSubject(".*CN=www.sts.com.*");
trustedIssuers.getIssuer().add(ti0);
config.setTrustedIssuers(trustedIssuers);
FederationProtocolType protocol = new FederationProtocolType();
config.setProtocol(protocol);
AudienceUris audienceUris = new AudienceUris();
audienceUris.getAudienceItem().add(idpConfig.getRealm());
config.setAudienceUris(audienceUris);
FedizContext fedContext = new FedizContext(config);
if (!isCertificateLocation) {
X509Certificate cert;
try {
cert = CertsUtils.parseX509Certificate(trustedIdpConfig.getCertificate());
} catch (Exception ex) {
LOG.error("Failed to parse trusted certificate", ex);
throw new ProcessingException("Failed to parse trusted certificate");
}
CertificateStore cs = new CertificateStore(Collections.singletonList(cert).toArray(new X509Certificate[0]));
TrustManager tm = new TrustManager(cs);
fedContext.getCertificateStores().add(tm);
}
fedContext.init();
return fedContext;
}