/*******************************************************************************
 *******************************************************************************/
package at.gv.egiz.eaaf.modules.pvp2.impl.validation;

import java.util.ArrayList;
import java.util.List;

import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.security.MetadataCredentialResolver;
import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver;
import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
import org.opensaml.xml.security.keyinfo.KeyInfoProvider;
import org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider;
import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider;
import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider;
import org.opensaml.xml.signature.SignatureTrustEngine;
import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine;

public class TrustEngineFactory {

	public static SignatureTrustEngine getSignatureKnownKeysTrustEngine(MetadataProvider provider) {
		MetadataCredentialResolver resolver;

		resolver = new MetadataCredentialResolver(provider);

		List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>();
		keyInfoProvider.add(new DSAKeyValueProvider());
		keyInfoProvider.add(new RSAKeyValueProvider());
		keyInfoProvider.add(new InlineX509DataProvider());

		KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(
				keyInfoProvider);

		ExplicitKeySignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(
				resolver, keyInfoResolver);

		return engine;

	}

}