2 * Copyright 2001-2007 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file saml/saml2/metadata/MetadataCredentialCriteria.h
20 * Metadata-based CredentialCriteria subclass.
23 #ifndef __saml_metacrit_h__
24 #define __saml_metacrit_h__
26 #include <saml/base.h>
27 #include <saml/saml2/metadata/MetadataCredentialContext.h>
28 #include <xmltooling/security/CredentialCriteria.h>
34 * Metadata-based CredentialCriteria subclass.
36 class SAML_API MetadataCredentialCriteria : public xmltooling::CredentialCriteria
42 * @param role source of metadata-supplied credentials
44 MetadataCredentialCriteria(const RoleDescriptor& role) : m_role(role) {
45 const EntityDescriptor* entity = dynamic_cast<const EntityDescriptor*>(role.getParent());
47 xmltooling::auto_ptr_char name(entity->getEntityID());
48 setPeerName(name.get());
52 virtual ~MetadataCredentialCriteria() {}
55 * Return the metadata role associated with the credentials.
57 * @return the associated metadata role
59 const RoleDescriptor& getRole() const {
63 bool matches(const xmltooling::Credential& credential) const {
64 const MetadataCredentialContext* context = dynamic_cast<const MetadataCredentialContext*>(credential.getCredentalContext());
66 // Check for a usage mismatch.
67 if ((getUsage() | (xmltooling::Credential::SIGNING_CREDENTIAL & xmltooling::Credential::TLS_CREDENTIAL)) &&
68 XMLString::equals(context->getKeyDescriptor().getUse(),KeyDescriptor::KEYTYPE_ENCRYPTION))
70 else if ((getUsage() | xmltooling::Credential::ENCRYPTION_CREDENTIAL) &&
71 XMLString::equals(context->getKeyDescriptor().getUse(),KeyDescriptor::KEYTYPE_SIGNING))
74 return CredentialCriteria::matches(credential);
78 const RoleDescriptor& m_role;
83 #endif /* __saml_metacrit_h__ */