2 * Copyright 2001-2009 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * MetadataCredentialCriteria.cpp
20 * Metadata-based CredentialCriteria subclass.
24 #include "saml2/metadata/MetadataCredentialContext.h"
25 #include "saml2/metadata/MetadataCredentialCriteria.h"
27 #include <xmltooling/security/Credential.h>
29 using namespace opensaml::saml2md;
30 using namespace xmltooling;
32 MetadataCredentialCriteria::MetadataCredentialCriteria(const RoleDescriptor& role) : m_role(role)
34 const EntityDescriptor* entity = dynamic_cast<const EntityDescriptor*>(role.getParent());
36 auto_ptr_char name(entity->getEntityID());
37 setPeerName(name.get());
41 bool MetadataCredentialCriteria::matches(const Credential& credential) const
43 const MetadataCredentialContext* context = dynamic_cast<const MetadataCredentialContext*>(credential.getCredentalContext());
45 // Check for a usage mismatch.
46 if ((getUsage() & (xmltooling::Credential::SIGNING_CREDENTIAL | xmltooling::Credential::TLS_CREDENTIAL)) &&
47 XMLString::equals(context->getKeyDescriptor().getUse(),KeyDescriptor::KEYTYPE_ENCRYPTION))
49 else if ((getUsage() & xmltooling::Credential::ENCRYPTION_CREDENTIAL) &&
50 XMLString::equals(context->getKeyDescriptor().getUse(),KeyDescriptor::KEYTYPE_SIGNING))
53 return CredentialCriteria::matches(credential);